Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Resource For Identifying Legit Applications?

Posted by kdawson on from the x-ray-goggles dept.

bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"

12 of 255 comments (clear)

  1. "to big to download" by Sir_Lewk · · Score: 4, Insightful

    downloading malware detection applications (and updates) is too heavy consider.

    Any yet they find the time to download all of that malware...

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    1. Re:"to big to download" by Monkeedude1212 · · Score: 4, Insightful

      Exactly. If you have the time to download an application you have time to download malware detection.

      And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

      It honestly sounds like either you or the person you're helping simply don't want to put in the effort in -actually- testing the machine for malware.

  2. Assume malware by c++0xFF · · Score: 5, Insightful

    If you've never heard of an application, assume that it's untrusted malware.

    Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

    1. Re:Assume malware by tepples · · Score: 4, Interesting

      If you've never heard of an application, assume that it's untrusted malware.

      Then how should a micro-ISV or a free software developer earn users' trust?

    2. Re:Assume malware by fuzzyfuzzyfungus · · Score: 4, Insightful

      There are certainly costs to the strategy; but it is still a decent heuristic for somebody in the demographic we are talking about(ie. clueless, no broadband, probably no backups, or even system restore media).

      New entrants will naturally attract the attention of the sort of savvy tech enthusiasts who follow news outlets and whatnot, and are arguably in a far superior position to evaluate for utility and nonmalice. Once they've rendered their verdict, the noobs can follow the received wisdom, or have it done for them.

      "If you've never heard of an application, assume that it's untrusted malware." would make a shitty universal rule; but it is mostly a good idea in this context. Some people are better cut out to deal with technical risk than others. People with disposable VM appliances can do whatever they want. Noobs with dialup who will end up losing months of work, a week's use of their computer, and several hundred in Geek Squad fees if they do the wrong thing should probably stick to the beaten path.

  3. Re:What is your OS? by Kitkoan · · Score: 5, Funny

    Seen as "somewhat computer illiterate," read as "Windows."

    I know a lot of OSX users that fit that description.

    --
    Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
  4. Look at it this way by Anonymous Coward · · Score: 4, Funny

    If it is malware, it's probably more secure against attack than Adobe Reader is.

  5. Er by Quiet_Desperation · · Score: 5, Informative

    Did you try Googling it *without* the word malware?

    http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1

  6. Re:Does the vendor make md5 or sha1 hashes availab by Anonymous Coward · · Score: 5, Funny

    Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!

    I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!

    Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.

    What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...

    oh dear, it appears my monocle has come off again! Ho ho!

  7. Re:Does the vendor make md5 or sha1 hashes availab by Dr_Barnowl · · Score: 4, Insightful

    Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

    In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

  8. beware! by TheSHAD0W · · Score: 5, Informative

    BitTornado, an application I administer, was once available via ZDNet, a site which distributed freeware and shareware apps much like Download.com. At some point someone began offering download mirrors for BitTornado and other apps, with installers that were modified and apparently contaminated with malware. I complained twice; the second time, they nastily asked whether I wanted them to remove BitTornado from their site. I told them yes.

    Just because software is available via some popular gateway, you can't be 100% certain what you download will be perfect and free from malware.

  9. Great tool for identifying legit applications by MobyDisk · · Score: 4, Funny

    Just download http:///www.amilegit.com.ru/legit_app_detector__win32_trojanfree!!!!.exe and it will scan the app and tell you if it is legitimate.