Spikes Detected In Autorun Malware

msm1267 writes "Researchers recently have seen a major increase in the volume of autorun malware in some countries, thanks to a couple of new worms infecting those older machines. The two new worms, Worm.JS.AutoRun and Worm.Java.AutoRun, both take advantage of the autorun functionality to spread, and the JavaScript worm has other methods of propagation, as well. Researchers at Kaspersky Lab say that the volume of autorun worms has remained relatively constant over the last few months, but there was a major spike in those numbers in April and May, thanks to the distribution of the two new pieces of malware."

Re:Windows Right?

Yes. Whenever windows sees new data from any source, it immediately executes it... for security reasons ya know.

Re:Windows Right?

Yes. Whenever windows sees new data from any source, it immediately executes it... for security reasons ya know.

The worm didn't cause so much stupidity. It only brought our attention to it.

Quick get Clapper to deny it under oath

Well they were likely behind STUXNET, and they did promote the threats of Stuxnet to get funding for themselves.

Windows users are chumps.

[bmo]

Because they keep being screwed by things like this all the time and there is no rioting band of geeks with pitchforks and shovels and rakes (and implements of destruction /Guthrie) demanding that this be removed from Windows.

>autorun.inf

The most dangerous thing to ever come out of a computer company. That this feature made it past review demonstrates the utter disregard for the most basic security at all, especially since boot sector worms had been around for years in DOS and Win3.1 before Win95 ever graced us with its presence. Since Windows 95, it's been trivial to write auto executing code because Microsoft deliberately yanks down the pants and underwear of the end user and says "Go to it!"

The fact that autorun still exists in modern versions of Windows is even more telling. "Backwards compatability" is more important than keeping users safe. Yes, I know that it's turned off by default since Vista, but the option to turn it on should never be there in the first place. Autorun in The Year of Our Lord and Savior Jesus Christ Twenty-Thousand-And-Thirteen is beyond the pale.

--
BMO

Re:Windows users are chumps.

[JDG1980]

>autorun.inf
The most dangerous thing to ever come out of a computer company. That this feature made it past review demonstrates the utter disregard for the most basic security at all, especially since boot sector worms had been around for years in DOS and Win3.1 before Win95 ever graced us with its presence. Since Windows 95, it's been trivial to write auto executing code because Microsoft deliberately yanks down the pants and underwear of the end user and says "Go to it!"

You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs. (Floppy disks didn't do this, if only because the OS could not reliably detect when a disk was inserted in the drive.) Remember, at that time, CD-R drives were not mainstream computing devices; they were still very expensive and rare. (According to Wikipedia, the first CD-R drive under $1000 was not released until September 1995.) When Windows 95 was released, the idea was that only pressed CDs would autorun, and presumably MS thought that the vendors could be trusted not to ship malware. (The Sony rootkit scandal proved that was a mistake, but no one anticipated something like it at the time.) And let's be honest, in 1995, IT security wasn't really on the radar for home users.

The real problem came with Windows XP. By this time, recordable CDs (and, later, DVDs) were commonplace. But Microsoft's biggest mistake was reusing their autorun code for other forms of removable media – such as thumb drives. Again, when thumb drives were first released, they were pretty expensive (I remember paying $100 for a 1GB thumb drive about a decade ago), so the best explanation is that Microsoft didn't think it likely someone would put malicious software onto a thumb drive and just leave it laying around or give it away – at the time, that would have been a rather costly strategy.

Over time, as thumb drives became dirt-cheap, it was clear that allowing INF-based autorun on rewritable removable media was a bad idea. It probably shouldn't have taken Microsoft until 2009 to get rid of this. But the decisions made earlier in the process were not as clear-cut as you're making them out to be.

Re:Windows users are chumps.

Yes, I know that it's turned off by default since Vista, but the option to turn it on should never be there in the first place.

Yeah because users love not having any choice, that's why Linux is completely closed source.

Re: Windows users are chumps.

Nix isn't immune against malicious wares either. The only folks who believe it is are, either, misinformed or blatantly incompetent.

Ease of use for end-users was how MS moved to become the dominant player. Any platform is subject to malicious intent and the propogation of said software. I appreciate nix but end-users still find it a struggle. Microsoft, at least, provides native management tools for hardening security, which is another reason its platforms remain the leader in the markets. You can't knock something for being susceptible to becoming vulnerable when its exposure is due to its wide adoption, that was spurred by bringing to the table the stuff competitive platforms continually lack. Nix has come a long way but it is still too fragmented to bring together the same level of native management tools that Microsoft's platform has to offer.

Re:Windows users are chumps.

Twenty thousand and thirteen?

You're from the year 20,013?

Idiot.

Re:Windows users are chumps.

Yeah and apparently there's a chump born every minute. Maybe Gates is the PT Barnum of our times.

Course people like Barnum saw lots of suckers out there and rejoiced instead of seeing it as a sign of the sad world in which we live and questioning how it might be meaningfully improved. Amazing what greed does.

Re:Windows users are chumps.

This is all just my opinion, my perspective. I don't find you persuasive even though what you say makes sense. If you care to read it, I can tell you why.

Autorun reflects a basic underlying philosophy behind Windows design, historical and current. The user is a moron with no ability to take even the simplest steps reliably, so let's reinforce and legitimize that notion by trying to make it more of an appliance and less like a general-purpose computer. That's what having things start up automatically and unnecessarily (without even asking) is all about. I don't think they took a look at it any more deeply than that. So they didn't notice the ways that it was exploitable and were very slow (2009?!) to make even a small change to it.

I think that's long after evidence it was being exploited, much longer if you already understood the concent from boot-sector viruses. That's not the way things have to be, that's a perspective, a worldview and a corporate culture. In my opinion the sociopaths who run these things don't care about the impact to users, not when sales are steady.

Especially with the kind of resources and talent at their disposal, no spin you can apply to the situation will make Microsoft look very good.

You're an apologist for Microsoft's shoddy design decisions. I assume you're an amateur one and not a professional. Maybe you just want to show off how even and fair-minded you pride yourself for being. I don't particularly care why you're doing this but I admit it's mildly fascinating. In this one instance you're not so fair-minded as you think because you're ignoring the bottom line. Your "gee willickers Batman, they tried their best!" doesn't repay the lost time, money, and resources this kind of Windows malware has cost businesses and users everywhere over the years. It doesn't refund their frustration either. And all of that was preventable. That's the part you're failing to address.

Re:Windows users are chumps.

[anagama]

You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs

I don't think it would have taken any hindsight at all -- floppy based viruses predated CD-ROMs by a long time. If a virus could spread by floppy, why not a CDR?

Re:Windows users are chumps.

[bmo]

>The real problem came with Windows XP. By this time, recordable CDs (and, later, DVDs) were commonplace

No, CD-Rs were commonplace by the time Windows 98 came out. I think there were more burned copies of Windows 98 than there were official pressed ones at that time. The first "under $1000" CD-R drive was in 1995, and 3 years to "affordability by ordinary people" in electronics had become the norm even then.

Autorun from 1998 onward revived the spread of malware by removable media. Nobody was doing bootsector viruses on floppies anymore in 1998 because the number of people booting their machines with an OS floppy was minuscule. Autorun malware took the place of bootsector malware. It was so commonplace that it was recommended by everyone who knew anything about preventing the propagation of malware by pirated software that autorun be turned off.

In 1998.

Speaking of convenience, if a software install CDROM (you know, an official one) had an autorun.inf that didn't check to see if the software was already installed, the installer would start. If you merely wanted to pick a file off the CD, you had to cancel the install and open Explorer, rather than simply pop the disk in and browse the drive. This was even before the popularity of burned disks.

While you can say this was the publisher's fault, it illustrates the dubious value of autorun even as an installation "feature"

It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4. That shouldn't have happened, and autorun should now not even exist.

--
BMO

Re: Windows users are chumps.

Nix isn't immune against malicious wares either. The only folks who believe it is are, either, misinformed or blatantly incompetent.

Can you link to any currently active examples?

Re: Windows users are chumps.

[bmo]

He doesn't have any.

I'll agree with him that *nix isn't immune, but most *nix malware has to do with Layer 8 vulnerabilities than anything else.

And there isn't any anti-malware for stupid except education.

That said, I can attest to the fact that Bagle runs just fine in Wine and is well behaved. But stuff like that is really rare.

--
BMO

Re:Windows users are chumps.

[Zontar+The+Mindless]

Autorun in The Year of Our Lord and Savior Jesus Christ Twenty-Thousand-And-Thirteen is beyond the pale.

I knew it'd be a long time before we had any chance of getting rid of Windows, but---18,000 years?

How very completely and utterly depressing.

Re:Windows users are chumps.

[peppepz]

I challenge what Wikipedia says; I was there in 1995, and for new computers that shipped with Windows '95 having a CD-ROM drive was the norm and not the exception. Installing Windows '95 from floppy disks required a very tall pile of them, and I know few people who can recount the experience of installing the OS out of them. CD burners were much rarer, but using burnt CDs coming from a third party was commonplace.

Re:Windows users are chumps.

[Zontar+The+Mindless]

1. Floppy disk viruses were already commonplace, even without autorun.

2. I burned my first CD in 1997, using my Win95C desktop's built-in burner.

It took Microsoft better than a decade to put 1 and 2 together (to get 4, mind you--and they managed to be that close only because everybody was shouting the correct answer at them).

You seem to think this is acceptable. I do not.

Re:Windows users are chumps.

CD burners were about one thousand dollars in 1995.

Most computers had a CD reader in 1995.

At least I am not so old as to no longer be able to remember this stuff.

Re:Windows users are chumps.

[bmo]

I was saddened and embarrassed by my mis-type, but upon reading your post, I'm gonna stand by it.

Yes, it would be depressing indeed. But not unexpected. :-D

--
BMO

Re:Windows users are chumps.

You're a fucking moron, mkay? Kthxbye.

Re:Windows users are chumps.

[Zontar+The+Mindless]

Awwww, I'm sorry your faith in the infallibility of BMO has been shaken.

'Tis human to make the occasional slip-up, and divine to make allowances for them, or to point such things out in a civilised manner.

Cretin.

Re:Windows users are chumps.

You should be more embarrassed by the fact your a Linux zealot who likes trolling on-line.

Re:Windows users are chumps.

You should be more embarrassed by the fact you'd fail an 8th-grade English class.

Re:Windows users are chumps.

[Zontar+The+Mindless]

It made me laugh on a rainy Sunday morning. Cheers.

Re:Windows users are chumps.

[dbIII]

No we are not. Some of us knew it was a fucking stupid idea when it was introduced in 1995. Anybody that listened to the antivirus companies grumbling about it for instance. Then the fools went and repeated the stupidity with the first version of Active-X years later - and it was so widely seen as a stupid idea that a librarian warned me about the consequences and was 100% correct.

Re:Windows users are chumps.

It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4

Because every single hardware device that people purchased came with the instructions : "Put the CD in the drive and the installer with run automatically"
Its a good automation type feature for people who had no idea what an "installer" was. Besides, I think if MS intentionally removed a feature that a company relied on to sell a product you'd see a ton of lawsuits.

But then again nobody claimed said anti-ms trolls like you had any sense to begin with. So.. troll away...

Re:Windows users are chumps.

[BlindRobin]

Not really hindsight. I remember having this argument when Windows 95 came out and while many of us simply found it an annoying behaviour the potential for abuse and misuse was very obvious at the time.

Re: Windows users are chumps.

Yes, All the hundreds of thousands of rooted unix servers that are hosting malware ..

Linux + Security vulnerabilities is a regullar occurence.. given all the millions android phones being sold currently can be rooted with kernel vulnerabilities. I thought open sores ppl wanted to keep reducing vulnerabilities, why do linux devs keep adding them in every single version?

Re:Windows users are chumps.

You're indulging in some 20/20 hindsight here.

No, he's not. (I think it's the second most annoying security hole, the first one being "hiding file extensions.txt .exe")

Good security practice: Show the full filename of every file. Require a positive action to run anything from SETUP.EXE to pwnme.sh

What MS implemented in Win95: Hide the file extension because Mac people didn't want to see the inelegant .doc in "a file name with an extension.doc" and "insert anything from a floppy drive to a burned CD-ROM and the computer plays it for you like a record."

I might let it slide for Win3.1, but since Win95 there has been no excuse for either of those misfeatures to continue to exist. They are the first things disabled by any IT professional or any semi-competent home user, and if it weren't for the fact that MS telemetry is the second thing disabled by any IT professional or present-day semi-competent home user, MS's user stats would bear that out.

Re:Windows users are chumps.

Cost. To make CDs in 1993/1994 (when Windows 95 was being coded) required very expensive CDR equipment. Hell, even CD-ROMs were not cheap back then. So basically no one had CDRs.

Re:Windows users are chumps.

The parent talks about CD-R drives, that is, CD-Recordable drives. Yes in 1995 you would get a CD-ROM drive, for reading discs, with anything but the cheapest computers, but if you wanted to burn CD's, you would usually have to get not just an expensive CD-R drive, but also an expensive SCSI interface card to plug it into. And it would write at 1x speed, and even then still produce coasters every so often.

Re:Windows users are chumps.

[flyingfsck]

Me fail English? That's unpossible!

Re: Windows users are chumps.

He doesn't have any.

You are kidding right? Or do you seriously believe that there are no compromised Linux servers out there(and please don't stop the moment you see the word Apache, it's more.. and this is just one of multiple examples if you really are interested)? If so you are less informed than some of the Windows users being ridiculed here.

Re:Windows users are chumps.

Jesus Christ, Zontar. Why don't you suck BMO's dick while you're at it?

Re:Windows users are chumps.

[Runaway1956]

And, we are right back to the point made in an earlier post. People who don't even know what an installer is, should not be installing stuff. In the long run, the clueless computer owner who wanted to install something, and didn't know how, would have saved money by going to his local computer guy, and HAVE THE SOFTWARE INSTALLED.

BMO was modded a troll above - but he makes a very valid point. Microsoft's strategy of permitting any type of autorun was flawed. Computing should have remained something of a mystery, and local witch doctors should have presided over the installation of software. Given time, more witch doctors should have been trained. Given enough time, home users should have become qualified witch doctors in their own right. Becoming a witch doctor should have required a few semesters of genuine "Computer Science" classes (as opposed to Microsoft-centric "keyboarding" classes and other such nonsense). The mistake was to hand over all the magic talismans to every untrained fool who imagined himself to be smarter than the witch doctors.

Re:Windows users are chumps.

[Runaway1956]

In my own experience, I'm pretty sure it was 98 before I found a CD writer that I could afford. It may have been 99, I'm not quite certain. I remember the day I walked into a store outside of Los Angeles on Interstate 10. I just can't precisely place the date.

As for CD readers, I had one on a 386 SX, a couple of years before Win95 was released. That was just a bit of luck - I found it at an estate sale, and the ladies didn't know the value of the thing. They gave me the whole computer, and a couple boxes of floppies and a small box of CD's for fifty bucks. Helluva bargain . . . .

Re:Windows users are chumps.

[Runaway1956]

Hey now - you stress the "librarian" thing as if you expect librarians to be clueless. Not fair, I say. In my experience, about half of today's librarians are pretty savvy. Someone has to be administrator on library systems, after all, and in small towns, that will almost invariably be the librarian. Those little old frumpy ladies are generally pretty intelligent, and they don't make the same stupid mistakes repeatedly. Sure, some of them never really get the hang of it, but even those ladies can generally follow directions when given a rigid guideline to follow.

Maybe I read your post incorrectly, maybe not. I just want to give librarians their due!

Re:Windows users are chumps.

[dbIII]

Hey now - you stress the "librarian" thing as if you expect librarians to be clueless

You are getting it backwards. It's to point out that somebody in a different field could see the looming disaster while many in IT were thinking a stupid idea may just work out if it's MS doing it. I seem to remember discussions here where fanboys insisted the malware swamp we are now living in that mostly came from that was just bad SF.

Re: Windows users are chumps.

Yes, All the hundreds of thousands of rooted unix servers that are hosting malware ..

Linux + Security vulnerabilities is a regullar occurence.. given all the millions android phones being sold currently can be rooted with kernel vulnerabilities. I thought open sores ppl wanted to keep reducing vulnerabilities, why do linux devs keep adding them in every single version?

I agree, this is an issue that should be taken seriously.

Re:Windows users are chumps.

Awwww, I'm sorry your faith in the infallibility of BMO has been shaken.

'Tis human to make the occasional slip-up, and divine to make allowances for them, or to point such things out in a civilised manner.

Cretin.

Tis more divine to know one is human and use the fucking Preview button and the 10 seconds it takes to proofread.

Try applying your own advice to yourself before you tell others how to think. Dipshit.

Re:Windows users are chumps.

[yahwotqa]

Projecting your latent homosexual tendencies? I see nothing more than two random like-minded users on the internet sharing a chuckle.

Re:Windows users are chumps.

[bmo]

That doesn't excuse Windows 98SE and all succeeding versions of Windows up until Vista in 2009 having autorun turned on, or existing at all.

--
BMO

Re:Windows users are chumps.

[drinkypoo]

It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4. That shouldn't have happened, and autorun should now not even exist.

There is nothing wrong with autorun. There is everything wrong with it being fully automatic. A prompt is what you want. Also, a simple setting to disable it.

Re:Windows users are chumps.

I see nothing more than two random like-minded users on the internet sharing a chuckle.

You obviously don't know BMO very well. Consider yourself lucky.

Re:Windows users are chumps.

[Billly+Gates]

No it is not ... unless you run unpatched pirated XP sp 2 from 2004 with updates turned off due to a failed Windows genuine advantage tool.

Windows Vista fixed this and MS patched this for XP in 2009. IT is fud. The problem is according to the article third world countries all run the pirated version of Windows and even though MS relented with update it is so so out of date that even WIndows Update wont work in a sp2 system. I tried it in a VM. You need to manually run fixits from microsoft.com before it can even execute. Non techie users do not know what that is.

Hell in China 35% of all users still run IE 6 for that reason.

Old Linux from 2001 had a big vulnerability if you want to bash where you had to be root to use Netscape and dial out with a modem?? Seriously

Re:Windows users are chumps.

"When Windows 95 was released, the idea was that only pressed CDs would autorun, and presumably MS thought that the vendors could be trusted not to ship malware", as JDG1980 points out.

If you could press your own CD at the time, you would buy a several thousand dollar machine and give away a $10-20 CD... to POSSIBLY infect someone.

Re:Windows users are chumps.

In the long run, the clueless computer owner who wanted to install something, and didn't know how, would have saved money by going to his local computer guy, and HAVE THE SOFTWARE INSTALLED.

Except, almost nothing in life ever works that way. "In the long run" is only understood properly when you're at the end of the long run. If you can create an entire predictive economic model that correctly models daily commerce and predicts trends you might have a shot. So far... nobody has created this. Its easy to sit and say how "obvious" certain decisions should have been.

Product A says "Put CD in drive and device will work automatically" .. Product B says "Call a technician or bring your PC in before using this product". I wonder which one is going to sell well.

The mistake was to hand over all the magic talismans to every untrained fool who imagined himself to be smarter than the witch doctors.

As is already known, Microsoft is not in the business of advancing any technology frontier or educating people about computers. They simply want to make money by encouraging a larger and larger segment of businesses and individual customer to rely on their products. Autorun made perfect business sense. But they missed the boat there. What should ideally have happened is the devices themselves should contain the drivers .. so the devices enumerates itself as a tiny storage device and the OS just copies over the driver files. That would have eliminated the need for CDROMs altogether. But then again.. its easy to make such "obvious" recommendations now.

The reason all your darling operating systems can arbitrarily make major design changes is because nobody in the world cares when then do that and there is very little business backlash/lawsuits.

Re:Windows users are chumps.

And Billy G of all people should have known about that fallacy by 1993/1994.

Remember when he said "640k ought to be enough for anybody" ??
Yeah...technology will never progress in a significant manner. Apparently he still thinks that way!

Re: Windows users are chumps.

[smash]

Can you link to any currently active examples?

Sure, we can do that.

Re:Windows users are chumps.

[yuhong]

But they still could not automatically infect other CD-Rs as far as I know. Someone would have to deliberately put it on there.

Re:Windows users are chumps.

(According to Wikipedia, the first CD-R drive under $1000 was not released until September 1995.)

Which is where whoever wrote that section in Wikipedia has written a load of bollocks. That statement is completely false. On PC game "The 7th Guest" popularised CD-ROM's on PC's and that came out in 1993.

Re:Windows users are chumps.

[hairyfeet]

Uhhh...dude? Yeah hate to break the news to ya but that was actually removed by a patch YEARS AGO and the only ones getting hit by this? Pirates and those that still think that 30 day trial of Norton they got with the system in 2005 actually does anything.

Here is the FACTS from the guy that builds and fixes these things, straight from the trenches...FACT: WinXP was/is the most pirated OS ON THE PLANET by a HUGE margin and thanks to WGA guess what ALL the pirates disable? Windows Updates. And I say is because I have run into machines not 6 months old running "XP Pro Razr1911 edition" put on by low rent fly by night shops and those selling PCs in flea markets and on CL. There is so many dual cores from 05-09 that don't have drivers for Win 7 I doubt this is gonna change for a while. If it gives anybody comfort pirated Win 7 is on the rise, of course those also have updates disabled so they'll be infected soon enough.

FACT: Autorun was disabled several years ago and if an XP system is fully patched? Then autorun doesn't work. Of course Vista, 7 and 8 doesn't have this at all but because many of the OEMs didn't put out drivers for any system older than 09 and most shops aren't gonna bother hunting for a driver, especially when MSFT charges over a hundred bucks for a copy of Win 7? Again they use Razr1911 XP that has all the drivers integrated. There is even an "XP Black Edition" that mimics the UI of WinVista/7 so the average clueless buyer won't even know.

So if you want to bitch about this? Bitch at the pirates and the fly by night guys using pirated software, because I can tell you that there isn't a legit XP box that has autorun on, not unless the user went in and disabled the updates several years back and if they did that? Well its hard to feel sorry for them, hell you disable security updates on ANY OS and your ass is gonna be swinging in the breeze, see MacDefender or the KDELook bug for just two examples.

Re:Windows users are chumps.

[hairyfeet]

Actually they kept in XP for so long (I believe it was right after SP3 or right before they put out a patch that killed it) was because of corporate dongles, a lot of companies used dongles in the early days of XP and by having autorun on the dongle they could just plug in the dongle and it would run the check and fire up the software it was connected to so it WAS a handy feature to have.

I don't know how many 4 port USB cards I had to install back then because of all the damned dongles that the high end software companies used, for awhile it was dongle madness. Of course that was before flash sticks became cheap as dirt so tying multi thousand dollar software to a USB dongle was actually a pretty decent anti piracy method.

Re:Windows users are chumps.

[hairyfeet]

Because most malware writers didn't have 15k+ to spend on a CD press? Dude I got one of the very first DVD burners in my state, know how much that bitch cost? $600 and media was over $4 a pop for that sucker. CD burners were likewise crazy priced and the media was expensive as hell so it really wasn't a big threat vector, at the time you could buy floppies for 8c a pop and CDR was $2, an RW was closer to $5.

I swear, these kids...they have NO clue how expensive shit was back then! I bet my fellow greybeards can back me up, when Win95 came out I had a MASSIVE 100MB HDD and that bitch cost a damned pretty penny, nobody even thought about slapping a burner in because the cost was so insane. hell how many floppies did Win95 come on again? I can't recall but it was a shitload. My first flash stick was based on CF and cost a whopping $200 for a 64Mb capacity so the risk of Joe Average having one? Really wasn't there.

Re:Windows users are chumps.

[hairyfeet]

It is obvious that you never worked corporate or had to deal with multi-thousand dollar software because then you'd know, it was corporate and dongles that kept the feature for so long.

Was it a great idea in hindsight? Nope but like ActiveX once a corp has spent several million dollars investing in a technology you had BETTER give their ass plenty of time to switch to something else before you break it or that is your ass, and that was the problem that MSFT faced with autorun. I was getting corporate CDs and flash sticks as late as Dec 2010 that had autorun set up to load their little presentation or whatever so it was just hard as hell to get the corps off of it. Hell look at how damned many users of IE 6 are left and that is all thanks to corporate intranet IE 6 only ActiveX crap, so you can see that corporate does NOT turn on a dime.

Re:Windows users are chumps.

[hairyfeet]

So you are basically saying that only the ones that meet your criteria should be allowed to have a PC? Nice to know elitist douchebaggery isn't dead. One of the reasons I gave up on Linux was their forums were fricking filled with those that were like "If they don't feel comfortable around editing in a CLI then maybe they should have a PC at all?" kind of elitist douchebaggery.

Autorun made it easier for companies to deploy their software, made it easier to install drivers, if it wasn't for assholes ruining it frankly it was a nice little feature to have. A lot of the reason MSFT had to stick with it was the antitrust made the idea of keeping everything in a single repo unworkable, see how you had them threatened with lawsuits when they first offered Windows Defender and even had a couple of fucking spyware companies sue because MSFT was actually "blocking their software" from infecting machines!

But the fact that you are basically proposing a fucking guild system so that only the "blessed" can install just shows how damned elitist you are, no different than how RMS addresses everyone as "hackers" because the thought that normal people may be using PCs? Doesn't really cross his mind.

Re:Windows users are chumps.

[hairyfeet]

BULLSHIT, flag on the field for bullshit, and the fact you got modded up just shows how damned many puppies we have here now!

In 95 you got a CDROM alright but you sure as fuck wasn't getting any burners which were north of a grand, were slow as hell, and were unreliable as hell to boot. You also weren't getting any third party burnt CDs because those damned things were close to $5 a pop and one out of every 3 or 4 would turn out to be a coaster. I should know as my shop had one of the first CD Burners and later the first DVD Burners and we were having to charge $10 a disc just because of how much the damned thing cost, it was NOT in any way affordable nor commonplace!

Re:Windows users are chumps.

[hairyfeet]

You know why they didn't show the full filename? Because people would rename and wipe out the damned extension and fuck shit up, THAT'S why. God I don't know how many "guess the ext" games I had to play when some place would tell everyone to turn on full filenames without warning them NOT to fuck with the dot three, man that was a PITA.

Re: Windows users are chumps.

[hairyfeet]

I can 1 million Android malware infections by the end of this year and since Linux claim Android is Linux you have to claim the malware as well, if that isn't good enough here you go and its not a fluke by any means.

Anybody believes that "If I use X then I am immune" is employing "magical thinking" and is full of shit as ALL modern OSes are some of the most complex systems ever created and where there is complexity? There is vulnerability.

Re:Windows users are chumps.

[Runaway1956]

Yo, fellow douchebaggery guy!

If you'll read again, I didn't say they can't have a PC. I said something to the effect that "they should have sought professional help". Do you notice the subtle difference, now that I bring it to your attention?

"But the fact that you are basically proposing a fucking guild system so that only the "blessed" can install"

It would have been little different from the world we have today. The elite are the guys who make a living fixing all the stupid shit, as opposed to my vision, where the elite would have installed stuff, thereby avoiding most of the need for fixing stupid shit. Again - there's a subtle difference. I don't want the subtlety to escape you!

And, also, I added in to my post that the common user, with a little effort, could join the ranks of my elite.

"Becoming a witch doctor should have required a few semesters of genuine "Computer Science""

I realize that suggesting that kids take computer classes in high school that aren't MS-centric would be yet another fine subtlety. But, there you have it.

I do get tired of people - especially smart people - making excuses for Microsoft all the time. Again, and again, and again, they make strategic mistakes, but otherwise rational men and women jump to their defense. I might understand that crap from the uninitiates who have never experienced anything other than Windows. But, I've read enough of YOUR experience and knowledge to see that you really do know better.

In short, you're teetering closer to that demarcation line that separates rational people from shills.

Re:Windows users are chumps.

[peppepz]

And what did I say? CD-ROM drives were common, burners not so. About the affordability and ubiquity of burnt CDs, I should know too, as I was in high school in those years, piracy was rampant, and burnt CDs were the only kind of CD that a lot of people had at home, for $10 was still quite less than the $100 a pressed CD used to cost here.

Of course, I do not accept, condone or encourage piracy.

Re:Windows users are chumps.

[fluffy99]

You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs

I don't think it would have taken any hindsight at all -- floppy based viruses predated CD-ROMs by a long time. If a virus could spread by floppy, why not a CDR?

Autorun.inf features also work just fine and dandy when placed in a folder or a network share. Autorun.inf can do more than just run a specific file, it can alter the right-click options, invoke some dlls, change the icon, etc.

Re:Windows users are chumps.

[hairyfeet]

Yeah professional help...a fucking guild. Again elitist shit to keep the "peons" away from your precious shit. We've heard it all before, if your type had your way it would be like 1975 where only programmers need apply...please go away, the world needs less of you.

Re:Windows users are chumps.

[hairyfeet]

And what does that have to do with the fact that malware wasn't coming on CDs? The CDs you were getting in the late 90s were made by REAL pirates, the guys who could hand you a UHARCed "rip game" that could squeeze a 3 CD game down to a 200Mb installer file, guys whose Windows discs were frankly better than the ones MSFT was selling because it would already have the most popular software and drivers baked in, those guys weren't passing malware.

CD driven malware didn't blow the hell up until around 03,04 when the OEMs started adding CD burners to everything, THAT was when that blew up. And the reason why was obvious, you get grandma infected by a "free screensaver" and then make sure everything grandma burns to hand to the family has the bug on it. Its no different than how I have to wipe every single flash stick i get because brand new flash sticks often have malware on them, pirates ain't doing that shit, malware guys do it because they know if they can come up with an enticing name (I've seen "Free movies" "free music 4 life" and "You are our big winner!" just to name a few) even without autorun some dumbass will likely run it.

Re:Windows users are chumps.

... in The Year of Our Lord and Savior Jesus Christ Twenty-Thousand-And-Thirteen ...

Holy-moley! You must be traveling with The Doctor! I'm only in the year of our Lord and Savior Jesus Christ Two Thousand Thirteen.

Re:Windows users are chumps.

[yahwotqa]

Some of his rants are far out there, but lot of his comments hit the (often painful due to its closeness to truth) spot.

Re:Windows users are chumps.

[Zontar+The+Mindless]

I can't and won't attempt to speak for BMO, but if you've really got the time to follow me around trying to discern my personal preferences from my Slashdot posts, then you undoubtedly know that I'm male, hetero, and lived for the past several years with a woman whom I plan to marry later this year.

As for BMO, yeah, I'm currently a fan of his, and what of it?

Hmm

[MobSwatter]

NSA did a predictive sales analysis for the XBone and decided to take matters into their own hands...

I don't think you ought to run Windows...

[knorthern+knight]

...and you won't autorun a virus.

Re:I don't think you ought to run Windows...

I know right! DAE thing windows is for lusers? I'm sure _this_ year will FINALLY be the year of the linux desktop!!!

Re:I don't think you ought to run Windows...

[Runaway1956]

If we manage yet another year without being the most pwned OS in the world, we'll still be doing better than Windows. And, just for the sake of argument, Android is more of a fork of Linux, than it is Linux. "Linux Based" does not equate to Linux. I'll note that Cyanogen Mod makes Android systems pretty damned secure!

Re:I don't think you ought to run Windows...

[yuhong]

Note that Linux desktop was not free of stupid features either:
http://www.geekzone.co.nz/foobar/6229

Re:I don't think you ought to run Windows...

[VGPowerlord]

You are aware that this is the exact sort of situation that Stallman's differentiation between Linux and GNU/Linux fixes? Except to make things more confusing, you've replaced "Linux" with "Linux Based" and "GNU/Linux" with "Linux."

Re:I don't think you ought to run Windows...

[Runaway1956]

Yeah, you're right and all - but I have my prejudices. Stallman's alright and all, but I don't like "Gnu/Linux". If he weren't such an arrogant old twit, he would have settled for "Linux/Gnu", and been happy with secondary placement. But, noooooo! Stallman wants primary recognition, for having done all the EASY stuff!

Alright, so almost no one agrees with me. It's still my opinion, and I'm entitled to my prejudices.

Re:WHICH AV SELLER IS PUTTING THIS OUT ??

"Which AV seller ..." It's Kapersky you dickfuck. It's right there in the fuckin summary. Jeez.

Re:Windows Right?

[JDG1980]

Yes. Whenever windows sees new data from any source, it immediately executes it... for security reasons ya know.

Not really. That security hole was patched over four years ago. What does happen is that when removable media is installed, the user is prompted for what to do; this can include opening the folder to view the files, or running a setup file if one is present. Yes, if someone *chooses* to run the setup.exe file and it's infected, then they can get a virus or trojan. But that's part of the cost of having an open platform without executable signing. The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

[maseo126]

I just spit cereal all over my arm laughing! Bahahawaha!

Re:Windows Right?

[noh8rz10]

The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.

apple has successfully closed holes for this sort of stuff through gatekeeper and mac app store. gatekeeper has three settings, and at its most restricitve setting you can only run programs that have been registered wtih apple. medium setting throws a stern warning, and low setting is off.

the mac app store takes it one step further by porting the security of ios app store to mac.

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

I just spit cereal all over my arm laughing! Bahahawaha!

You, sir, have a sense of humor. Unlike the dickfucks who keep modding up bullshit like the 9x10^99th iteration of "sharks with lasers on their heads" because they're so terribly desperate to feel like they're part of a shared culture.

Incoming patch

[gmuslera]

Just after NSA deploy its own exploit

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

OMG! Sharks with lasers on their heads?! That's some funny shit, man. Did you come up with that one yourself?

Re:Windows Right?

i remember some kind of story about a box, a special box, something about it held the evil of the world, it belonged to someone who's name started with the letter P. Hmmm, what was that name, oh, that's right, it was Pandora's box, and it wasn't supposed to be opened, oops, it was opened, and now what was in it can't be put back in the box. oh well.

maybe microsoft found pandoras source code

Android Malware exploits this, too

[tlhIngan]

A little while ago, there was some Android malware on Google Play that had this as a side effect.

It not only infected your phone, but then installed an autorun script on SD cards so the next time you plugged your phone into your PC, it would infect Windows as well.

You can bet such things will continue... or if it was the cause of some of the spikes, as well.

Re:Android Malware exploits this, too

sounds like android is just a pass-through carrier... like any linux mail server could be... windows is the target, where those who wrote the malware know that it will lead to infection

Time to move along

[symbolset]

No doubt we'll see more of this type of article for the next year as the drive to bury XP intensifies. It's not going to yield the results they expect, but hey.

Re:Time to move along

As well as continuing to use XP will not yield the results a user expects...

What I expect? Within months of XP going end of life on updates, it will because pretty much unusable in any type of network connected scenario... It will be the biggest target on the block

Re:Time to move along

[symbolset]

The assumption of this astroturfing program - in case you didn't get my unstated implication - is that the continuing focus on the unsuitability, instability and insecurity of XP will not drive people off of XP and onto... non-Microsoft systems - especially Apple, Linux and Android platforms. This is Microsoft's standard hubris, thinking that noone who has ever tried Windows could possibly ever leave. I think this assumption is invalid - so by all means keep up the good work.

Re:Windows Right?

[davester666]

You would think more people would listen after 20+ years.

Re:Windows Right?

[FrangoAssado]

The terms "closed platform" and "walled garden" have a very specific meaning, and it doesn't apply to Windows. From Wikipedia (my emphasis):

A closed platform, walled garden or closed ecosystem is a software system where the carrier or service provider has control over applications, content, and media and restricts convenient access to non-approved applications or content. This is in contrast to an open platform, where consumers have unrestricted access to applications and content.

It's obvious that Microsoft has absolutely no control over what software can be run on Windows. Compare that to Apple's iPad, where you can't install anything that's not approved by Apple (unless you jailbreak it first). That makes iOS a "walled garden".

Now, maybe we agree that it was foolish for Microsoft to enable any kind of "autorun" feature. The point is that in an "open platform" (that is, one where the user has complete control over what can be run on it), the user must also have enough power to do dumb things like running an unknown program from a pendrive that was just plugged in. How easy it should be for the user to do that is another discussion.

In related news...

I tried to follow a perp earlier, but he'd gone and stuck a banana in my patrol car's tailpipe, and it stalled out.

Seriously, who the fuck is still running Windows, and still uses autorun? Whenever I help any of my less computer-savy friends with their computers, (those who refuse, or sadly for them, can't use Linux) with their Windows computers, I usually just back everything up using Linux, and do a clean reinstall. It's no longer worth my time to try to unfuck a Windows install, any version.

One time, I got so sick of this idiot who kept asking me to fix his laptop, that when he did it for the third or fourth time, (third or fourth virus or deleted critical system file...) that I backed up his machine's disk, installed Fedora 11. He'd simply said "please just fix it," but hadn't specifically authorized this... I interpreted his request for me to fix it as a tacit request to install Linux. When I was done, and he saw what I did, he threw the laptop. He literally picked it up, ripped the power cord out, and threw it.

But hey, I never had to unfuck his stupid XP install again, or listen to him bitch about how fucked up his computer was.

I bumped into him again and saw on his shiny new(er) laptop over his shoulder that he was using Ubuntu. There was no point to this story, but I thought it was funny and ironic.

Re:Windows Right?

[AmiMoJo]

Gatekeeper sounds a lot like UAC on Windows. It differentiates between signed and unsigned apps. Much like the Mac App Store we now have the Windows App Store or whatever they call it.

Unfortunately most users are not happy with those restrictions. They want to be able to buy software and install it, e.g. games. I keep saying it: if you are dumb enough to click though all the dire warnings and install some unknown application you were not expecting to install then there really is no help for you, other than a crippled PC. Buy a tablet or etch-a-sketch instead, or perhaps a Chromebook.

Re:Windows Right?

This is the first time that I have seen a description of Windows as "an open platform" and that it is not a "walled garden".
This is absolutely a mind-blowing statement.

You're confusing the term "open platform" with "open source."

Re:Windows Right?

> Not really. That security hole was patched over four years ago

Really wasn't a security hole, it was a feature that could be disabled by changing a registry key since 1995.

It was a default configuration issue.

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

[beelsebob]

I hate to tell you, but many of us have a more refined sense of humor than "zomg, he said dickfuck lawlawlawlawlawl" ;)

Re:Windows Right?

[Runaway1956]

"The only way to eliminate this risk would be to force the user into a walled garden."

Yes, of course you are correct. It would be totally unfeasible just to disable autorun. I mean, I can't do that on Debian, or BSD, or Red Hat, or much of anything. And, it certainly can't be done on Windows. I wonder what would happen though, if autorun were just disabled? You know - a guy puts a removable media into his machine, and NOTHING HAPPENS!! How would the average person react to that? Would NO ONE open a file browser, and navigate to that media, and select that file he was interested in? NO ONE AT ALL?

Then, having selected the file, would NO ONE ever bother to scan the file with a virus detecting tool? Would NO ONE open the file in a text editor, to see what it really is, as opposed to what it claims to be?

"The only way to eliminate this risk would be to force the user into a walled garden."

Sorry, Pal, but millions of Windows users with a clue can prove you wrong. And, millions more Linux and BSD users can prove you wrong again. The fact that most people have poorly configured systems does NOT make a case for a walled garden. Your walled garden is but one possible approach to solving the problem of poorly configured systems. That approach seems to work for some people. Another approach is to treat all removable media with suspicion, and just don't permit it to run anything on your system.

One doesn't even require a modern machine, or a modern operating system to configure the system properly.

I've never actually looked - can autorun just be uninstalled on a Windows system? I know that a lot of stuff can be. I excised huge pieces of Windows XP using Nlite.

Re:Windows Right?

[jones_supa]

This is the first time that I have seen a description of Windows as "an open platform" and that it is not a "walled garden". This is absolutely a mind-blowing statement. Windows is a closed platform. Windows is a walled "garden". Its problems are totally of Microsoft's own creation. They knew better but choose to ignore the security hole they created. They have chosen to let the security hole remain.

In one sense it is an open platform because it allows any software or hardware developer to release their stuff to the system without Microsoft's consent.

(BTW it seems that Slashdot's quote feature eats the original line breaks as can be seen above)

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

[jones_supa]

He didn't claim so.

Re:Windows Right?

Windows is not a walled garden.

Re: Signed apps

[King_TJ]

One thing we've recently seen in my workplace is a Trojan horse virus embedded in a fake Flash player update which carries a valid Adobe signature.

So even allowing only signed apps to install is no guarantee of security.

The main difference with something like UAC versus Apple's Gatekeeper is that Apple made the effort to sell as many programs as possible in their own online store for the Mac, and Microsoft didn't really have an equivalent. So Apple was in a position to put something in place allowing only those store purchased items to be installed by end users (while admins of a box could still have less restrictive settings and load whatever they wished). This allows configuring a system with everything a user needs up front, but still giving the user freedom to buy and load a wide selection of programs after the fact, while ensuring they all come from a known, safe source.

Re:Windows Right?

Buy a tablet or etch-a-sketch instead, or perhaps a Chromebook.

What's the difference? Except maybe for etch-a-sketch being more usable as an actual computer...

as an actual hacker i have to say this

THE ONLY reaosn this is done is from some rich govt wanting to spy on people
THEY aint rich? IF they was it would be done to newer machines and people with money....

SEE why attacking old old old windows xp isnt gonna get ya very rich or far.....
cheap buggers like myself know this and dont care

Re:Windows Right?

[jittles]

The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.

apple has successfully closed holes for this sort of stuff through gatekeeper and mac app store. gatekeeper has three settings, and at its most restricitve setting you can only run programs that have been registered wtih apple. medium setting throws a stern warning, and low setting is off. the mac app store takes it one step further by porting the security of ios app store to mac.

You've been drinking too much of the Kool-Aid man. I use Macs almost exclusively right now but even I know that I have to be careful what I execute on my Mac. Sure I could turn on Gatekeeper and only run software that has been blessed by his Holiness, but then I would not be able to run all sorts of software I need for work. But you know what, you can crank up the UAC permissions on Windows Vista+ and get the same results. Plus OP specifically indicated that a walled garden like the Gatekeeper crap you just spouted as being unacceptable to him and to many others.

Re:Windows Right?

[symbolset]

It's obvious that Microsoft has absolutely no control over what software can be run on Windows.

Unless that software is Lotus, Borland, Novell, or one of the hundreds of other software packages that Windows has prevented from running well to give Microsoft's apps an unfair advantage.

Autorun malware only runs on Windows ..

[dgharmon]

"Once the worm is on a new [Microsoft Windows] PC, it extracts a DLL from its code and then copies itself to the temporary user folder. It also copies the Java executable from %ProgramFiles% to the same folder" link

Re:Windows Right?

[noh8rz10]

I don't think gatekeeper means what you think it means. It's not a walled garden. It's not uac. It's a sensible anti malware tool. What, do you root for the bad guys now?

Fixed This A Decade Ago

ShellHWDetection
Provides notifications for AutoPlay hardware events.
Startup type: Disabled

Re:Windows Right?

The people from 20 years ago ARE listening, it's all the new ID10Ts coming online that don't know any better. And since the # of new idiots being produced is greater than the number of people becoming former-idiots, the trend towards complete stupidity continues.

Re: Signed apps

You know, Microsoft started out having programs available from Microsoft. Then they got hit with an antitrust suit. Didn't end too well for them either. Can this please happen to every corporation who is guilty instead of just 1?

autorun?

[smash]

Seriously? Who hasn't disabled autorun? I remember thinking autorun was a bad idea in 1995 when Windows first included it, and have disabled it on the corporate network for at least... 8 years?

Re:autorun?

[fluffy99]

Seriously? Who hasn't disabled autorun? I remember thinking autorun was a bad idea in 1995 when Windows first included it, and have disabled it on the corporate network for at least... 8 years?

90% of home users? Of course there was also the fiasco that the autorun disable setting still doesn't work t work correctly, requiring a patch and additional registry setting or two to truly kill it.

Re:autorun?

[smash]

All MS operating systems since vista prompt before autorunning.

Re:autorun?

[fluffy99]

All MS operating systems since vista prompt before autorunning.

XP ha 'autorun'. Vista and later call it 'autoplay', which by default prompts before automatically executing a program.

Autoplay is still not impervious to attack and ignorant users. AutoPlay still looks for, reads and invokes some commands from the autorun.inf file regardless of the autoplay dialog box selection (depending on device/drive type it still reads the icon and label keywords). If the system hasn't been patched, it is vulnerable to the attack used by Conficker. The autoplay behavior is slightly different for folders or network locations, and things can change depending on how a USB drive presents itself to the OS. Plus, you're counting on users who haven't checked "always do this action" in the autoplay dialog box because they want their games to just work without having to manually run them each time.

Consider that NSA, DOD, and DISA security guidelines require additional registry changes to Vista and Win7 machines to completely neuter autorun/autoplay functionality. It's not as wide-open vulnerable as XP was, but it is still broken and has vulnerabilities.

Re:autorun?

[fluffy99]

This article covers some of the technical issues and attack vectors still present in AutoPlay (of which autorun functionality is now a subset).
https://media.blackhat.com/bh-dc-11/Larimer/BlackHat_DC_2011_Larimer_Vulnerabiliters%20w-removeable%20storage-Slides.pdf

Re:Windows Right?

[VGPowerlord]

I've never actually looked - can autorun just be uninstalled on a Windows system?

Uninstalled, probably not. But it can be disabled... and that feature has been in Windows for at least 10 years.

For that matter, Windows Vista and newer don't autorun directly*... they instead bring up a number of options when removable media is inserted, with the top one being the autorun program if one exists.

*Although I seem to remember some atrocity of a flash drive protocol named U3 that did some trickery to autorun its launchpad software, but that may have been back on WinXP.

Re: Signed apps

Sounds like you have quite a bit of people using porn / torrents in your workplace...

That is the only place I've seen the fake flash player ads.. the are quite common there... The new one is fake chrome update ads.. Probably firefox as well...

Re:Windows Right?

[fluffy99]

Not really. That security hole was patched over four years ago. What does happen is that when removable media is installed, the user is prompted for what to do; this can include opening the folder to view the files, or running a setup file if one is present.

You should read that article more closely. That fixed a bug where the setting to disable autoruns did not work properyl. It still ran if an autorun file was located on the network or some USB devices as I recall, and even more amusingly you needed to set a registry key to enable the patch to work. The default for XP and 2003 is still to run the autoruns unless specifically disabled by group policy or local settings. Win7 does prompt as you describe.

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

He didn't claim so.

It's okay. When you don't like what someone says, why let obvious facts get in the way?

Third world users need alternatives.

One aspect of the auto-run problem is that XP is still pervasive operating system for a lot of low-resource countries in the developing world. Users in these countries are more likely to own a flash drive than a computer. They then visit multiple computers in cyber cafes, campus labs, etc and spread malware inadvertently. I personally battled "flash viruses" that in East Africa in 2009 as a lab admin and Haiti in 2011. It felt difficult to lock down the auto-run capability on that XP; I recall different opinions from security software companies and Microsoft on what a true lock down of this capability was. Im my opinion, here are some ways to make this trend go away.

* Help these countries bury XP and even Windows. This means providing better alternatives to the Microsoft charity licenses for XP and the dominant pirate market for XP by having more Linux friendly initiatives at a high government ministry level. Red Hat, Canonical send goons!

* Free anti-virus providers need to all make this auto-run vulnerability an audit failure with a clear path to correcting it. Because if you become a computer owner in a low-resource country, you are likely to only use free-ware ant-virus.

Re: WHICH AV SELLER IS PUTTING THIS OUT ??

I hate to tell you, but many of us have a more refined sense of humor than "zomg, he said dickfuck lawlawlawlawlawl" ;)

Awww ... that part about being so terribly desperate to feel like part of a shared culture, did that strike a nerve? Because as a non-AC pointed out already, I never claimed that saying "dickfuck" was the definition of a sense of humor. I merely told Donnie Freyer that *he* had a sense of humor, a completely different claim. But of course you knew that. You just had to lash out because you feel uncomfortable when someone openly says that unmet needs for acceptance and love and a real social life are the only reason why anyone still mods up repetitive memes that weren't that funny to begin with. So they can feel like part of the group and reinforce each other as members of such.

This compensation process is like a bunch of cockroaches - turn on a light and they scatter. You just felt uncomfortable and upset when I shined a light on it by pointing out how silly it is. We understand. Believe me, everyone reading this knows why you're being hostile and refuting claims I never made. Irrational motives lead to irrational behavior, you see.

It'll be okay. If it makes you feel better, people who make a BIG FUCKING DEAL out of spectator sports (instead of just enjoying a game) are doing the same thing. They just *think* in their minds that they're any better than D&D nerds. It's just that their empty, meaningless, shallow group experience has better marketing than most others. That's all.

man file

[tepples]

I don't know how many "guess the ext" games I had to play when some place would tell everyone to turn on full filenames without warning them NOT to fuck with the dot three

Three measures help make loss of extension metadata more difficult.

The first part is to warn the user when changing the extension. Windows has been doing this half since I started using Windows in 1999.

The second part is not to include the extension in the automatically selected text when the user renames a file. Windows 7 gets this right, and Windows Vista may have, though I don't have any Vista PCs on hand with which to confirm this.

Finally, the operating system should allow application installers to register patterns that the file manager uses when identifying a file's content type by its contents. For example, "<!DOCTYPE HTML" or "<html" would suggest HTML, regular expression "GIF8[79]a" would suggest GIF, "\xFF\xD8" would suggest JPEG, "\x89PNG\r\n\x1A\n" would suggest PNG, "NES\x1A" would suggest NES game, etc. To my knowledge, Windows has not yet adopted a counterpart to UNIX file(1).

Re:man file

[hairyfeet]

Uhhh...dude? Your memory is SERIOUSLY off, Windows didn't start warning about the dot 3 from release until Vista, I think they MAY have added it to XP in SP2 but since I haven't been on XP since 05 I can't comment on that one but Win98SE (what you would be running in 99 unless you had a corporate supplier as WinNT was never sold to the public) would happily let you trash the dot 3, and so would WinME and like I said I'm pretty sure XP would before SP2 but I'm not gonna make a VM and dig out an old XP RTM disc just to find out.

g++ != easy stuff

[tepples]

Stallman wants primary recognition, for having done all the EASY stuff!

So you think Emacs, g++, and glibc are "easy stuff"? Kernel may be hard, but templates in C++ are undecidable .

iTunes is garbage, for example

[tepples]

Seriously, who the fuck is still running Windows

People who need to run iTunes or any other application listed as "garbage" in Wine's AppDB.

and still uses autorun?

You got me there. Windows for the past six years has defaulted to using autorun only for optical discs, and with the proliferation of USB flash drives and high-speed Internet access in urban areas, only farmers use optical discs.

Not available on mobile

[tepples]

They want to be able to buy software and install it, e.g. games.

What keeps professional developers of Windows applications from porting their applications to use the framework formerly known as Metro and sell games through the Windows Store? "They work only with Windows 8 and Windows RT, and most users have Windows 7." In that case, what keeps professional developers of Windows games from offering their games through GOG and Steam?

Buy a tablet or etch-a-sketch instead, or perhaps a Chromebook.

The content owner has not made this comment available on mobile
Add to playlist to watch it later on a PC

Recurring fee per platform

[tepples]

I don't think gatekeeper means what you think it means. It's not a walled garden. It's not uac. It's a sensible anti malware tool.

So where should a developer of applications distributed as free software or otherwise without charge come up with the $99 per platform per year to register with Gatekeeper and other platforms' counterparts?

Re:Recurring fee per platform

[noh8rz10]

well there's only one gatekeeper platform. and if you are making iphone apps then you already pay $99 for a dev account so gatekeeper is included. and $99 isnt' that much considering how muhc time you're investing. so i think it is ok.

Re:Recurring fee per platform

[tepples]

well there's only one gatekeeper platform.

You are correct that there's only one that calls it by the trademark "Gatekeeper". But Windows desktop has Authenticode to suppress deletion of files that are "not commonly downloaded", the Modern UI framework of Windows 8 and Windows RT has its own dev account, Windows Phone has its, Xbox Live Indie Games has its, and iOS has its. Each needs its own $99 per year certificate.

if you are making iphone apps then you already pay $99 for a dev account so gatekeeper is included.

For one thing, I thought one needed specifically an OS X dev account, which is an additional $99 per year. For another, I was under the impression that not all developers of OS X applications also developed applications for iOS.

and $99 isnt' that much considering how muhc time you're investing.

That depends on your country's exchange rate with USD and whether you're getting paid for your work. If you're not getting paid, your time is worth $0. And when you fail to renew the developer account at the end of the year, does your application fail to start?

Re:Recurring fee per platform

[noh8rz10]

and $99 isnt' that much considering how muhc time you're investing.

That depends on your country's exchange rate with USD and whether you're getting paid for your work. If you're not getting paid, your time is worth $0.

wrong! my time is extraordinarily valuable. 18 hours of awake time in the day, 10 hours working, 2 hours commuting, 4 hours dealing with kids, 2 hours for me. very precious, and whatever i dedicate them to is a huge investment. if I invest 100 of these precious hours in a software project, i won't blink at $99, especially since it gives me tools to be more productive.

true about overseas though, i don't have an answer for that one.

Pandora runs Linux

[tepples]

maybe microsoft found pandoras source code

Anyone can. The Pandora handheld computer runs a GPLv2 licensed Linux operating system.

Applications that misuse an API

[tepples]

Unless that software is Lotus, Borland, Novell, or one of the hundreds of other software packages that Windows has prevented from running well

True, upgrading from Windows 98 to Windows 8 will break some (not all) applications. Microsoft can't do much about applications that use an API contrary to specification. Once each new version of MS-DOS or Windows came out, most of the important software patches to which you refer were swiftly updated.

Desktop apps yes, Modern apps no, drivers no

[tepples]

In one sense it is an open platform because it allows any software or hardware developer to release their stuff to the system without Microsoft's consent.

"Hardware"? Hardly. Device drivers for x86-64 need to be digitally signed with a kernel-mode code signing certificate issued by a Microsoft-trusted commercial CA to a registered business entity, and these certificates expire. Keeping up with renewing a certificate per platform per year can pose a substantial expense to hobbyist hardware tinkerers. And even pure software developers run into problems. While Windows for x86 and x86-64 is an open platform with respect to desktop applications, it isn't so open for applications that use Windows 8's Modern UI or applications for Windows RT, which must go through either the Windows Store or a sideloading CAL for enterprise line-of-business applications that's even more expensive than the iOS enterprise developer program.

View files on this drive.exe

[tepples]

Windows Vista and newer don't autorun directly*... they instead bring up a number of options when removable media is inserted, with the top one being the autorun program if one exists.

Then let's call our fake antivirus installer "View files on this drive" or something to that effect.

No visible notification of mount

[tepples]

And, it certainly can't be done on Windows.

The people least aware of the risks of general-purpose computing are also the people least likely to change defaults.

Would NO ONE open a file browser, and navigate to that media, and select that file he was interested in? NO ONE AT ALL?

If the user receives no visible notification that the operating system has made a particular device available for viewing in the file manager, then the user is not likely to check in the file manager and is instead likely to think the operating system is broken. It'd be better to automatically open the file manager when a volume is mounted, but of course, the file manager would have to not have some sort of critical "bannerbomb" bug that allows an application's icon to trigger code execution.

Would NO ONE open the file in a text editor, to see what it really is, as opposed to what it claims to be?

Correct. Virtually no one would go that far, especially given how long it takes Windows Notepad to open a 100 MB file. The millions of clueful users of Windows are outweighed by hundreds of millions with less clue.

Your walled garden is but one possible approach to solving the problem of poorly configured systems.

It also happens to be the most profitable among such approaches, especially to the operating system publisher. The major game consoles and iOS bear this out.

Re:Windows Right?

[Eythian]

Would NO ONE open a file browser, and navigate to that media, and select that file he was interested in? NO ONE AT ALL?

Saying "NO ONE" in capitals so often doesn't really matter, because you're presenting a false dichotomy. It does matter if you go from 90% of people able to install something to only 25% of people. These numbers are totally made up, but I bet they're not totally off-base.

Now, you're right to say that there are other solutions to just making a walled garden. Ubuntu uses another method: installing from CDs is something that's pretty much never done, it has a software centre, so it has little need for autorun. But simply turning off the autorun option across the board is blind and foolish. You need to replace it with something so that the millions of Windows users without a clue can still get things done. Otherwise all they have is a large paperweight.

Re:Windows Right?

[jittles]

I don't think gatekeeper means what you think it means. It's not a walled garden. It's not uac. It's a sensible anti malware tool. What, do you root for the bad guys now?

You're right Gatekeeper is not what I was talking about. But you knew what I was talking about and you are just trolling. I am referring to the setting that, enabled by default in 10.8 and beyond, does not let you install anything but from the Apple App Store. And the tool called GateKeeper on MacOS has a Windows equivalent that warns you when you are installing something that seems to be dangerous. But it is not any better than any antivirus software out there. There was that Mac OS vulnerability within the last year where a virus would get installed by visiting a website. Apple added the signature to Gatekeeper to try and clean up infections. The author changed the signature and Gatekeeper no longer blocked it. Of course, Apple fixed the original vulnerability and you had to actively run something to get the virus at that point, but it still ran despite Gatekeeper.

Re:Windows Right?

[noh8rz10]

I am referring to the setting that, enabled by default in 10.8 and beyond, does not let you install anything but from the Apple App Store.

this statement is false. it does not exist. stop trying to spread lies and hate.

And the tool called GateKeeper on MacOS has a Windows equivalent that warns you when you are installing something that seems to be dangerous.

it warns you if your software doesn't have a developer signature, which goes through apple and requires the developers to sign up for free. also, on the strict and medium setting it doesn't warn you, it prevents you from doing it.

i am a tard herp derp derp oops I farted

finally, you're starting to say true statements!