Somebody Tried To Convince a Raspberry Pi Exec To Install Malware On Its Devices (softpedia.com)

← Back to Stories (view on slashdot.org)

Somebody Tried To Convince a Raspberry Pi Exec To Install Malware On Its Devices (softpedia.com)

Posted by Soulskill on Friday December 25, 2015 @07:29AM from the makes-you-wonder-what-companies-say-yes dept.

An anonymous reader writes: Liz Upton, Director of Communications for the Raspberry Pi Foundation, has just published an email where someone was asking how much would it cost them for the Foundation to install malware on its devices in the form of a .EXE file. The email sender was asking for a PPI [price per install] quote.

119 comments

Min score:

Reason:

Sort:

Okay... by pushing-robot · 2015-12-25 07:32 · Score: 1

That's just stupid on so many layers.

--
How can I believe you when you tell me what I don't want to hear?
1. Re: Okay... by Anonymous Coward · 2015-12-25 08:01 · Score: 1, Insightful
  
  Is it? Newer Linux distros typically come with systemd, which many users consider to be malware because it's unwanted and can have a very negative impact. So it's not like Linux is any better in reality, I'm sad to say.
2. Re: Okay... by Anonymous Coward · 2015-12-25 08:34 · Score: 0
  
  put distro wthout systemd? Systemd != linux.(btw, using it, while not too happy with it, its not as half bad as many say it is, at least for an advanced user)
3. Re: Okay... by Anonymous Coward · 2015-12-25 11:59 · Score: 0, Insightful
  
  All of the major Linux distros use systemd. The only ones that don't are niche distros (which include Slackware and Gentoo). The only way to truly escape systemd while sticking with open source software is to go *BSD.
4. Re: Okay... by Anonymous Coward · 2015-12-25 13:30 · Score: 1
  
  Not really stupid.
  They asked because they know that, in the majority of people, everyone has a price.
  Greed is a powerful motivator. It is pretty much why we are where we are today. Why we can't trust anything, or anyone, to do the right thing.
  It's why I have to lock down any device I attach to my network. Isolate it, prevent it from probing or calling home.
  Greed.
  It's the reason this country exists today and will ultimately be the cause of its downfall.
5. Re: Okay... by Anonymous Coward · 2015-12-25 14:07 · Score: 0
  
  This is actually bollocks. The executable (which of course won't run on an ARM linux distro) would have sent the user to some actual malware page that would install god knows what spyware and shit. SystemD gets a lot of flack but is just a way to startup the system and manage services etc, comparing the two makes as much sense as your parents comparing Microsoft Windows and PHP.
6. Re: Okay... by NotInfinitumLabs · 2015-12-25 14:27 · Score: 5, Insightful
  
  Is it? Newer Linux distros typically come with systemd, which many users consider to be malware because it's unwanted and can have a very negative impact. So it's not like Linux is any better in reality, I'm sad to say.
  Holy shit, why can't people shut up about systemd? You people seem to bring it up at EVERY single opportunity, even if it's REMOTELY related.
7. Re: Okay... by slazzy · 2015-12-25 14:39 · Score: 0, Troll
  
  I just had a gigantic poop on the toilet and it reminded me of systemd.
  
  --
  Website Just Down For Me? Find out
8. Re: Okay... by SharpFang · 2015-12-25 14:40 · Score: 1
  
  Layer 1: RPi runs Linux. Good luck with the exe.
  Layer 2. RPi comes without any internal storage to install this on. They'd need to include it in SD images
  Layer 3. RPi is a tinkerer's machine, the malware wouldn't survive a day.
  Layer 4: "The exe creates a desktop shortcut to our website" - you need .exe for that?
  Layer 5: even if it does - most RPis are run headless. And many of these with screens run without network ...there are more if you think about it.
  
  --
  45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
9. Re: Okay... by gweihir · 2015-12-25 14:49 · Score: 1, Offtopic
  
  Seriously, that is just uninformed bullshit. You can, for example, install a current Debian without systemd being active without too much trouble. In fact, for every server where you need reliability and security, it is a really good idea to do so as systemd sabotages both due to bad software engineering on all levels. Sure, if you want all trace of it to be gone, you may have to do without some not very good software like Gnome, but that is not really an issue.Gnome (and KDE) are pretty much redundant and catering to those with weak skills anyways.
  I can only conclude that you are one of the utterly dishonrorable proaganda-shills for systemd and mean to push the idea that you cannot escape getting fucked by it, so you better bend over and take it. Not so.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
10. Re: Okay... by i.r.id10t · 2015-12-25 15:41 · Score: 1
  
  Layer 1 has been done. THe "install now" icon on a live CD, the Store in Ubuntu, etc. Heck, just mkdir /etc/skel/Desktop and put the file there and call it a day....
  Layer 2 would be sticky, but yes, include it on their images. Quote the $BAD_COMPANY $10 to cover the cost of a SD card to include with the board on sale and $2 or more of profit.
  Layer 3 is the Truth and where it would stop even if it were included on a free SD card. Heck if I buy a new Dell laptop the first thing I do is image the hard drive, then wipe and reinstall from the provided disk and get rid of all the add-on crap - what MS includes is enough, I don't need trial versions of various things on there as well...
  Layer 4 running linux even a shell script is executable - you'll have to pardon the marketing intern that wrote the email ... after all, they are in marketing, how much technical knowledge do you expect them to have?
  Layer 5 - headless, yes, my Pi runs headless doing DHCP and DNS duty for my home network. As do several others that I know of. The majority of the ones I've seen in the wild though have been used to run changing adverts/displays on TVs mounted in various places... and they are all on a network to enable updates via screenly or similar service. In short, a Pi has many more uses when connected to a network... not that they aren't useful with only 127,0.0.1 ...
  
  --
  Don't blame me, I voted for Kodos
11. Re: Okay... by Anonymous Coward · 2015-12-25 17:37 · Score: 1
  
  Diff AC here.
  I think you're full of shit when you claim that:
  
  You can, for example, install a current Debian without systemd being active without too much trouble.
  I tried installing Debian Jessie recently. I wanted to do just what you claim is easy: not use systemd at all.
  Now maybe I just overlooked it, but at no time during the installation process do I recall an option being presented to me to not install systemd.
  Now if by "without too much trouble" you mean having to do some research, then run some potentially-risky commands, and otherwise modify the system after doing an installation of Debian that includes systemd by default, then you've already entered the "too much trouble" zone.
12. Re: Okay... by Lost+Race · 2015-12-25 18:11 · Score: 4, Insightful
  
  Since you brought it up....
  Complaints about systemd are like complaints about the TSA -- richly deserved, but kind of pointless, because that shit is just not going away (until it gets superceded by something even worse).
13. Re: Okay... by Anonymous Coward · 2015-12-25 19:14 · Score: 0
  
  There are several distros that don't use systemd. Perhaps the most widely spread are Puppy and PCLinuxOS, both of which are aimed at novice to medium users.
  http://www.gabordemooij.com/index.php?p=/escape_from_systemd
14. Re: Okay... by Skylinux · 2015-12-25 22:41 · Score: 2, Informative
  
  Just making sure you don't forget how bad that shit is. Works OK'ish when everything works but damn what a pain in the ass to debug when a service fails to start ..... for some reason.
  All our servers have switched to BSD. Should have done this a lot sooner since BSD just makes sense when you have worked with a various Linux distros over the years .... LSB was a good idea but no one gave a fuck.
  
  --
  Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
15. Re: Okay... by gweihir · 2015-12-26 02:35 · Score: 2
  
  Well, if googelig "jessie without systemd" and then reading about 10 lines in the debian wiki is too much effort for you, then you are right that it is "too difficult". On any competence level above "incometent" this should however be acceptable, and it requires neither dangerous commands, nor even looking at any non-Debian documentation.
  Sure, that the installed does not offer it is a valid concern and I have criticized that in the past rather strongly. However claiming that it is hard or risky to get Debian to run without systemd is just opening up oneself to ridicule, because it is not. Now, if you want to remove udev to have no trace from the systemd-complex left, that would be somewhat difficult, but getting rid of systemd itself is not.
  Make no misrtake, I am very much opposed to the default an the missing alternative in the installer, as I think systemd is not ready for prime-time, not universal enough to be the default and has some rather questionable software engineering decision it it. But attacking it with wrong claims is not going to work well.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
16. Re: Okay... by Anonymous Coward · 2015-12-26 04:54 · Score: 0
  
  How in any way is Slackware a 'niche' distro? Slackware is very user friendly if you can be bothered to read the well maintained documentation and very stable. Installation is a piece of cake and package management using slackbuilds is a joy.
17. Re:Okay... by Anonymous Coward · 2015-12-26 04:56 · Score: 0
  
  Yes, it is. Also it seems trolling(installing .exe on linux system) or just very stupid advertisement for raspberry.
  PS I've got opensource oriented Beagle instead.
18. Re: Okay... by RockDoctor · 2015-12-26 16:19 · Score: 1
  
  Works OK'ish when everything works but damn what a pain in the ass to debug when a service fails to start
  
  So, totally different to GRUB?
  Says I, about to have to go into the depths of GRUB.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
19. Re: Okay... by Anonymous Coward · 2015-12-26 20:12 · Score: 0
  
  Debugging why a service failed to start is even easier with systemd than before as systemctl status -l gives you the last few lines of that service's log. If you need the rest of the log it's a few keystrokes away.
  It's not fucking rocket surgery. All this anti systemd whining is from people either too stupid to RTFM or losers crying because somebody moved their cheese.
20. Re: Okay... by Anonymous Coward · 2015-12-27 05:47 · Score: 0
  
  Why though? What's the point when the old way still works better. Hint: it's not progress if the old way is more efficient.
21. Re: Okay... by Anonymous Coward · 2015-12-27 20:15 · Score: 0
  
  Slackware is a "niche " version? Really? The oldest still active Linux distro, which spawned dozens of others, "niche"?
22. Re: Okay... by Anonymous Coward · 2015-12-28 05:27 · Score: 0
  
  Well, it helps that the creator of slackware is such and understanding, helpful, and not at all douchy guy.
23. Re: Okay... by allo · 2015-12-30 03:40 · Score: 1
  
  Its not called Linux, its Systemd/Linux or like i prefer Systemd+Linux.
Do it. by Jethro · 2015-12-25 07:34 · Score: 3, Insightful

Hey, free money. Not like the PI has any permanent storage so they'd just have to stick the file on some chip somewhere, where it can't really be accessed. Not that an .exe would even be executable.
Better yet - ship every Raspberry PI with an SD card labelled "Malware - Please execute immediately."

--

In the land of the blind, the one-eyed man is kinky.
1. Re: Do it. by Jethro · 2015-12-25 07:50 · Score: 2
  
  Shhhh! Don't ruin this! I want a free SD card!
  
  --
  
  In the land of the blind, the one-eyed man is kinky.
2. Re: Do it. by messymerry · 2015-12-25 07:59 · Score: 1
  
  Whatr u gonna do w a 256k SD card???
  
  --
  Dear Microlimp: I give you 2 valid product keys for win7 and you reject both of them. Piss off you wankers!!!
3. Re: Do it. by Anonymous Coward · 2015-12-25 08:18 · Score: 1
  
  I don't think you know what RAM actually is.
4. Re: Do it. by Anonymous Coward · 2015-12-25 09:22 · Score: 0
  
  The Target credit card trojan was stored in RAM. RAM malware is a thing.
  Do YOU know what RAM is?
5. Re: Do it. by Jethro · 2015-12-25 09:27 · Score: 3, Funny
  
  I figure Raspberry charges them $20 per unit and gives us a free nice SD card. Now do you guys want to please stop ruining this with facts???
  
  --
  
  In the land of the blind, the one-eyed man is kinky.
6. Re: Do it. by Anonymous Coward · 2015-12-25 09:30 · Score: 0
  
  The MALE counterpoint of EWE?
7. Re: Do it. by Anonymous Coward · 2015-12-25 09:36 · Score: 0
  
  You're a funny guy.
8. Re:Do it. by meadow · 2015-12-25 09:51 · Score: 1
  
  Why does she say it was malware? Perhaps that is the business model of the company and they just want to have their app/site or a link to it included on users desktops? If that alone makes it malware, then - excuse me - but just about every major company in Silicon Valley are huge malware distributors because that's all they do: Cram unwanted apps/sites down people's throats.
  
  I would even venture to guess that what this one company is doing is probably highly innocuous compared with the evil shit being incessantly perpetrated by SV companies.
9. Re:Do it. by Jethro · 2015-12-25 09:57 · Score: 1
  
  "Bloatware" would probably have been a better term to use.
  
  --
  
  In the land of the blind, the one-eyed man is kinky.
10. Re: Do it. by Anonymous Coward · 2015-12-25 11:00 · Score: 0
  
  But looks aren't everything.
11. Re: Do it. by Anonymous Coward · 2015-12-25 11:31 · Score: 0
  
  Don't call me guy, dude.
12. Re:Do it. by Anonymous Coward · 2015-12-25 13:52 · Score: 0
  
  Should say "Malware - Please (summarily) execute immediately."
13. Re: Do it. by Anonymous Coward · 2015-12-25 19:23 · Score: 0
  
  > The Target credit card trojan was stored in RAM. RAM malware is a thing.
  Have you heard of the term 'volatile'? It may well be that malware can be loaded from disk (or CD, USB, or network) into RAM but it will only live there while the computer is switched on. Raspberry are not delivered powered up by a battery.
  It has been a long time since I worked on a computer with non-volatile memory, the last one had 32K words of Core memory.
14. Re: Do it. by leslieh1 · 2015-12-26 07:06 · Score: 1
  
  Don't call me dude, pal.
15. Re: Do it. by Anonymous Coward · 2015-12-27 05:56 · Score: 0
  
  Don't call me pal, buddy!
16. Re: Do it. by Anonymous Coward · 2015-12-28 05:41 · Score: 0
  
  Don't call me buddy, friend
.EXE file? by Anonymous Coward · 2015-12-25 07:36 · Score: 0

Kind of like distributing a .deb for your Windows 10 machine, isn't it?
1. Re:.EXE file? by Anonymous Coward · 2015-12-25 07:43 · Score: 0
  
  I would charge 10 million dollars for the first deb, and 41/100 of a cent for each additional distribution.
2. Re:.EXE file? by cshark · 2015-12-25 07:44 · Score: 0
  
  Not really.
  Windows has yet to introduce a halfway workable package manager.
  Sad, considering their resources, but that's a ten page rant for another holiday weekend.
  Anyway, it's more like a compiled binary with executable permissions.
  Could be anything.
  
  --
  This signature has Super Cow Powers
3. Re:.EXE file? by Anonymous Coward · 2015-12-25 07:47 · Score: 2, Interesting
  
  Windows 10 core running on Raspberry Pi is freely available from Microsoft.
  How many people have actually installed it is a different issue entirely.
4. Re:.EXE file? by carbuck · 2015-12-25 07:49 · Score: 2
  
  I thought it was common knowledge by now, but even the 2nd link states "Raspberry Pi devices can run Windows as well, not just Linux variants." So it's kind of like distributing a .exe for your Windows 10 machine..
5. Re:.EXE file? by Anonymous Coward · 2015-12-25 08:17 · Score: 0
  
  You forgot your boot note: "For very, *very* small values of Windows 10." It's basically useless PR-stunt.
6. Re: .EXE file? by Anonymous Coward · 2015-12-25 08:44 · Score: 5, Funny
  
  Windows has a perfectly fine package manager. When you want to install a package you simply double click setup.exe and hit enter until the window disappears. Uninstalls are easy to, you just reinstall Windows and install every package except for the one you don't want.
7. Re: .EXE file? by Anonymous Coward · 2015-12-25 08:49 · Score: 0
  
  But is it free software, or is it still freedom disrespecting software?
8. Re: .EXE file? by Anonymous Coward · 2015-12-25 12:56 · Score: 0
  
  They can run custom ARM IoT builds of Windows. I wouldn't expect them to support generic exe files, they'd need to be Universal Windows Apps which are sandboxed. Similar to how the Surface ARM tablet didn't support generic exe files.
9. Re: .EXE file? by Billly+Gates · 2015-12-25 14:05 · Score: 0
  
  Oh?
  Powershell not only has caught up these days to shells
  
  --
  http://saveie6.com/
10. Re: .EXE file? by AndroidCat · 2015-12-25 18:05 · Score: 1
  
  If it had been a .com file, at least it would have been small.
  
  --
  One line blog. I hear that they're called Twitters now.
11. Re: .EXE file? by Anonymous Coward · 2015-12-25 19:28 · Score: 0
  
  > But is it free software,
  To get it to do anything useful _requires_ a full Windows 10 PC.
12. Re:.EXE file? by Anonymous Coward · 2015-12-25 19:32 · Score: 0
  
  > Raspberry Pi devices can run Windows as well, not just Linux variants.
  Raspberry Pi can run some Linux variants, plus BSD and RiscOS.
  The 'Windows 10 for Raspberry Pi' is not the Windows you are thinking of. It has no OS GUI, on booting it will run the one UWP app that has been specified in the boot sequence. To even change the app that it will run requires another computer.
Was the price too low? by Anonymous Coward · 2015-12-25 07:43 · Score: 0

Was the price too low?
Check deeper in the binary blob that is the broadcom processor and find out.
Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 07:44 · Score: 3, Insightful

So after reading the email, I would have to say this headline is sensationalist, and overall bad reporting. So much so that im actually making this post, which i have never done on /.
Nowhere are they asking them to install malware, or install it without the consumers consent. Essentially what they are asking is that their application be packaged with with the pi, and the user be asked to install the software. Basically the same thing most "freeware" on the internet does. He you want our app? What about this one and this one and this one to.
Ive dealt with representatives from foreign companies before, and their command of the English language is about as excellent as google translate will allow. You have to use your brain a little when reading them, but its usually fairly easy to understand and don't leap to conclusions to create headlines like this.
1. Re:Sensationalist Headline, bad reporting by JaredOfEuropa · 2015-12-25 07:49 · Score: 1
  
  Linda, is that you?
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
2. Re:Sensationalist Headline, bad reporting by hawguy · 2015-12-25 08:04 · Score: 1
  
  So after reading the email, I would have to say this headline is sensationalist, and overall bad reporting. So much so that im actually making this post, which i have never done on /.
  Nowhere are they asking them to install malware, or install it without the consumers consent. Essentially what they are asking is that their application be packaged with with the pi, and the user be asked to install the software. Basically the same thing most "freeware" on the internet does. He you want our app? What about this one and this one and this one to.
  Ive dealt with representatives from foreign companies before, and their command of the English language is about as excellent as google translate will allow. You have to use your brain a little when reading them, but its usually fairly easy to understand and don't leap to conclusions to create headlines like this.
  That was my thought too -- this appears to be just like the bloatware that comes with every new PC (and phone). Annoying for sure, but it's a stretch to call it Malware unless the software does something more nefarious than installing a desktop shortcut.
3. Re:Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 08:08 · Score: 0
  
  As another Anonymous Coward, that's what I was thinking. Making it an ".exe" is probably just something that got lost in translation.
4. Re:Sensationalist Headline, bad reporting by penguinoid · 2015-12-25 08:35 · Score: 1
  
  That's called Crapware. It's not necessarily nefarious, just unwanted and unnecessary. If the developers are paying people to pre-install it, it's almost certainly crapware at the least or maybe even adware or other malware.
  
  --
  Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
5. Re:Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 08:42 · Score: 0
  
  Essentially what they are asking is that their application be packaged with with the pi, and the user be asked to install the software. Basically the same thing most "freeware" on the internet does.
  The majority consensus shows that this kind of behavior is malware. Someone sending you a trojan and asking you politely to install it does not make it any less a trojan.
6. Re:Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 09:10 · Score: 0
  
  There was no 'convincing' in the email either.
  How random spam gets turned into news is beyond me... must be a slow news day or something.
7. Re:Sensationalist Headline, bad reporting by Xenna · 2015-12-25 09:18 · Score: 4, Informative
  
  Note that Liz Upton, the addressee, used the phrase malware herself. That's where the sensationalism started. Just blindly converting it into a Slashdot headline, that's the bad reporting part.
  Whatever happened to common sense...?
8. Re:Sensationalist Headline, bad reporting by Mr+Z · 2015-12-25 09:24 · Score: 2
  
  Without seeing the linked site, it's hard to say what exactly the EXE was meant to accomplish. If it's some sleazoid V14GRA site, or Scan Your PC Now for Viruses site, it's pretty easy to call it malware.
  Some relevant information was redacted, unfortunately.
  
  --
  Program Intellivision!
9. Re:Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 09:28 · Score: 1
  
  Hang on a sec. A poorly written email asking to install an .exe into your customer's systems? Yeah I'd assume it's malware also, especially with no source available.
  Which makes one wonder, how does Dell, etc. vet the crapware they put on their Windows systems? Do they insist on seeing the source?
10. Re:Sensationalist Headline, bad reporting by Vokkyt · 2015-12-25 09:41 · Score: 4, Insightful
  
  Though this may be me projecting my own prejudices with bundled software, nearly a decade of working in tech support has loosened my definition of malware to include basically any software put on the user's computer without the user's informed consent. Many bundled packages and suites behave in the exact same manner as actual malware and are just as difficult to remove, if not more so in some situations as anti-malware/AV software will not see this software as "malicious" and will not remove it automatically. Given that one of the foci of RaspberryPi's is to provide a cheap computer option for whatever needs, it simply would provide a misleading option to users like the bundled junk that often comes on cheap Windows based laptops.
  I am not purporting that this is what was meant by Ms. Upton, but it's not hard to see how she and basically most people could see the proposed software as "malware" to be bundled.
11. Re:Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 11:07 · Score: 0
  
  LMAO. You mean headlines about "malware" are just sensationalistic FUD, and people live in cloud fantasy land when it comes to the software they do and don't trust for seemingly arbitrary reasons?
12. Re: Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 11:22 · Score: 0
  
  exactly. some cruicial info is missing, somewhere. Does anyone know the content of the .exe? Is the person associated with malware?
  Almost sounds like Liz doesnt know what malware means, unless something didnt get reported. But hey, this is slashdot. I sure as fuck aint gonna read the source. Sheeit.
13. Re: Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 13:31 · Score: 0
  
  Why distribute an .exe I n that case? A URL short cut could be deployed without any local payload. The act of suggesting that active content be deployed to be run by the user suggests to me they want to do more than open a URL.
14. Re:Sensationalist Headline, bad reporting by AmiMoJo · 2015-12-25 16:11 · Score: 1
  
  It's suspicious but not definitively malware. They say they want to put a shortcut on the desktop, that's all. We don't know if it does anything else, or if the linked site is full if malware. It could be entirely innocent, so I don't think malware is correct at this stage.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
15. Re:Sensationalist Headline, bad reporting by Razed+By+TV · 2015-12-25 16:26 · Score: 1
  
  It's hard to conclude that this is not malware based off the email when you don't know who the company is or what they wanted to install.
  There is so much of this crap that requires malware tools to uninstall that comes bundled with other software. Toolbars, download assistants, things that make you an unknowing host in what is basically a torrent network.
  
  You don't need to include a third party exe in your installer just to throw a desktop shortcut to thirdpartycompany.com. I think it is a little naive to assume that the third party must have honest intentions and that this is due to a language barrier.
16. Re:Sensationalist Headline, bad reporting by Anonymous Coward · 2015-12-25 17:00 · Score: 0
  
  Many bundled packages and suites behave in the exact same manner as actual malware and are just as difficult to remove
  That's what Windows 10 is all about, no?
Sure by kimvette · 2015-12-25 07:50 · Score: 3, Interesting

Sure - install it on a Linux system and include in the documentation:
"Hey! We helped subsidize the cost of your device by including malware on it. If you really, really want to run it, you can install wine but without installing that framework or some sort of Windows emulator it will not run so we felt it is a safe choice to include on the system. It is located in /tmp and will be cleaned up by a cron job after a week, and it isn't marked as executable so even if it were a Linux executable it would not run without your adjusting permissions anyhow, but we urge you out of principle to do an 'rm /tmp/scumbag-sucker-malware.exe' at your first opportunity."
Offer it at a discounted price, and the malware-free version at the usual price. As a bonus dox the malware provider. ;)

--
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
1. Re: Sure by Anonymous Coward · 2015-12-25 07:57 · Score: 0, Troll
  
  Most modern Linux distros come with unwanted software which can easily cause severe problems, including boot failures. It's called systemd.
  I had to switch to OpenBSD to rid my computer of systemd, which I consider to be a form of malware.
2. Re: Sure by kimvette · 2015-12-25 08:52 · Score: 2, Insightful
  
  I hate SystemD because it is unnecessarily complex, becomes a single point of failure for many subsystems, logs to a binary file by default (dafuq?), and is contrary to the *nix mantra of one tool, one purpose. It is essentially a solution looking for a problem.
  However, to be fair, I still have yet to see it be the cause of a boot failure.
  
  --
  The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
3. Re: Sure by eneville · 2015-12-25 09:08 · Score: 0
  
  OpenBSD isn't a replacement for Linux. Those using ZFS may find life difficult getting those file systems mounted. You could just remove it manually instead, would probably save a great deal of time/energy spent building things from ports.
  
  --
  Why UNIX?
4. Re: Sure by Anonymous Coward · 2015-12-25 09:26 · Score: 0
  
  And the systemd chicken-farkers have arrived to save us all. Praise Jebus.
5. Re: Sure by MichaelSmith · 2015-12-25 09:37 · Score: 0
  
  Linux seems to be going this way. There is a simple trick you can do with syslogd on NetBSD: put an executable behind a pipe in the configuration file and it will pipe all the log data through that executable. Yesterday I spent several hours wading through the documentation for rsyslogd on debian and had to conclude that it just doesn't do that.
  We seem to be moving to an architecture which does less with more.
  
  --
  http://michaelsmith.id.au
6. Re: Sure by Anonymous Coward · 2015-12-25 12:37 · Score: 0
  
  I feel the same way. Also, about IP Tables and it's retarded parents and children.
  I wish that Linux had some real network security folks contributing to it's leadership - so we could finally kill off that piece of shit code and replace it with something reasonable, like pf.
7. Re: Sure by Billly+Gates · 2015-12-25 14:08 · Score: 1
  
  Go to the win32 world and try to package and administer an SCCM environment with system center 2012 and you will be crying for SystemD back?!
  SystemD will be an excersize in simplicity in comparison
  
  --
  http://saveie6.com/
8. Re: Sure by Anonymous Coward · 2015-12-25 23:34 · Score: 0
  
  Look, I hate systemd as much as the next guy. But calling it malware is only makes you look uninformed and simple in the head.
9. Re: Sure by Anonymous Coward · 2015-12-25 23:39 · Score: 0
  
  iptables HAS been killed off. Keep up.
10. Re: Sure by kimvette · 2015-12-26 01:53 · Score: 1
  
  udev != SystemD.
  
  --
  The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
11. Re: Sure by kimvette · 2015-12-26 01:56 · Score: 1
  
  Yep.
  It isn't malware at all and calling it as such is just silly.
  It's just a bad idea to put everything into one component. We may as well run something like Windows with its configuration database (regedit) and crappy logging system - which is fine (if time consuming to review) when it works, but when it breaks, it's a royal PITA to repair, hence Microsoft Tech Support's "Reformat & Reinstall" answer to all Windows problems.
  
  --
  The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
12. Re: Sure by Zero__Kelvin · 2015-12-26 05:40 · Score: 1
  
  Mentioning the registry in the same discussion as systemd just shows that you don't understand at least one of those two things at all. 3rd part applications can (and do) change the Windows registry. That is where the clusterfuck comes from with the registry.
  
  "It's just a bad idea to put everything into one component. "
  You seem to be mistakenly thinking that systemd violates the "don't put all your eggs in one basket rule". The problem is that if you break a single egg you have broken the system, so spreading your eggs in different baskets just means you have more baskets to protect and manage, with no actual benefit from egg dispersion. Keeping "all your eggs in one basket" is an advantage as it allows you to focus on securing and protecting a single basket, and focus all your efforts on robustness of a single system, rather than several systems.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
13. Re: Sure by Anonymous Coward · 2015-12-26 20:20 · Score: 0
  
  Oh fuck off. Systemd has been around for years now. Build a bridge and pissing well get over it.
14. Re: Sure by Anonymous Coward · 2015-12-28 07:57 · Score: 0
  
  udev != SystemD.
  It is now, since they killed off the non-systemd udev.
nothing unusual here by Anonymous Coward · 2015-12-25 07:54 · Score: 0

Successful hardware builder gets approached to pre-install crapware. Nothing unusual about that, unless you consider a marketing/sales drone not knowing that the Raspberry Pi does not run Windows exceptional. I don't think it is.
1. Re:nothing unusual here by Anonymous Coward · 2015-12-25 08:47 · Score: 0
  
  > consider a marketing/sales drone not knowing that the Raspberry Pi does not run Windows
  You are the drone, because Win10 Core is made freely available by M$ for all RaPi users. Silence is golden...
2. Re:nothing unusual here by Anonymous Coward · 2015-12-25 19:38 · Score: 0
  
  > You are the drone, because Win10 Core is made freely available by M$ for all RaPi users
  No. Wrong. Only for RPi 2. Win10 Core will not run on RPi 1A or B, nor on Zero.
  An Windows 10 for RPi is not the Windows you are thinking of.
3. Re:nothing unusual here by Anonymous Coward · 2015-12-25 23:43 · Score: 0
  
  Windows 10 Core is not what people generally mean when they say "running windows". It's certainly not the kind of platform a crapware vendor is interested in.
Google? by Anonymous Coward · 2015-12-25 08:21 · Score: 0

So, Google wants Android pre-installed?
Short On Facts by Frosty+Piss · 2015-12-25 08:35 · Score: 1

That's just stupid on so many layers.
And that's where the problem with the story is: Who, especially a "black hat" would make such an approach or advise their "marketing" team to do so? I find it difficult to believe.
Not saying it didn't happen, but I think it's suspect. It's possible that it's a "false flag". Or perhaps it's completely made up by someone at RaspberryPi? Why would they censor the name of the offending company? Wouldn't they want people to know who's doing this sort of thing?
Too many questions to buy this completely.

--
If you want news from today, you have to come back tomorrow.
1. Re:Short On Facts by luvirini · 2015-12-25 08:53 · Score: 2
  
  Given that at least Lenovo installed such on new computers a while back I would not be surprised if many producers of computers did not get a lot of such proposals,
2. Re:Short On Facts by leftover · 2015-12-25 14:27 · Score: 2
  
  As someone who has followed RasPi since the beginning, I trust Liz Upton. She has always provided plain, unadorned truth to the best of her knowledge.
  If she says someone wanted to pay them to put shit in the ice cream, I believe her. That the approach was so bold suggests to me this was not an isolated event. What we old grumpy technologists need to do is hunt these creeps down and make sure no computer is ever loyal to them again.
  
  --
  Bent, folded, spindled, and mutilated.
3. Re:Short On Facts by ArmoredDragon · 2015-12-25 17:19 · Score: 1
  
  Not saying it didn't happen, but I think it's suspect. It's possible that it's a "false flag"
  No, this is somewhat typical in Eastern countries, i.e. professional malware software companies pay system integrators to install crap on their systems. This letter itself looks like it was written by somebody from China (most of the spammers there learn English in chat sessions, i.e. selling gold in World of Warcraft, so they pick up a lot of the crap habits that people have in those places, hence this letter is full of shit speak, i.e. instead of "you" they say "u", or other things like often saying hehe or haha when something isn't at all funny; note the "Hah." at the end of the paragraph.)
  Anyways if you've ever heard of those incidents where anything from flash drives, phones, laptops, etc, have come with malware out of the factory, it's usually because some spammer paid off somebody with the ability to add it to the master images, and that person pockets the money.
4. Re:Short On Facts by Anonymous Coward · 2015-12-25 18:25 · Score: 0
  
  And that's where the problem with the story is: Who, especially a "black hat" would make such an approach or advise their "marketing" team to do so? I find it difficult to believe.
  What problem? You really think this is made up?
  Who would send such an email?
  Simple. A spammer.
  Get included in a list of computer manufacturers.
  Get list broadcast to world and dog.
  Get spammed.
  This is HOW SPAM WORKS.
  The same email probably went to tens of thousands of computer makers.The Pi people are the only ones to mention it.
  
  Not saying it didn't happen,
  Yes you are.
  
  but I think it's suspect.
  Why?
  Email received, seen as dodgy, mentioned.
  Done. Finished.. Over.
  
  It's possible that it's a "false flag".
  Oh.. you mean like when anybody who has ever run a website selling anything gets an offer to sell wholesale to someone in Africa with payment by cheque or western union?
  Half a decade after the site was taken down!
  It is a spam mail. Yes, companies get them too.
  
  Or perhaps it's completely made up by someone at RaspberryPi?
  To what end? So an incredibly successful single board computer which is next to impossible to keep in stock every time a new or updated version appears is in the news? Straight after the Pi zero was released?
  So they can say they don't include spy ware in the distros they distribute? Even though nobody accused them of doing so?
  So you can be confused and uncertain in public?
  So you can troll and look a pillock?
  
  Why would they censor the name of the offending company?
  Because companies SUE!.
  In whiny forum warrior land, you can say what the hell you like. I mean.. look at the bollox you came up with all by your self, and nobody cares enough to challenge you , let alone sue you. Because you do not matter.
  When you are a company, even a non profit one.. People see money. Suddenly, claiming defamation is a far more profitable prospect.
  
  Wouldn't they want people to know who's doing this sort of thing?
  Yes. But then you would find it hard to believe, so they didn't bother telling you.
  
  Too many questions to buy this completely.
  Too much stupid to take seriously.
5. Re: Short On Facts by Anonymous Coward · 2015-12-27 05:50 · Score: 0
  
  It'd be easier to hunt them down if your so called trustworthy friend Upton would tell us. No she decided to keep that a secret. So much for trust right?
6. Re: Short On Facts by Anonymous Coward · 2015-12-27 05:55 · Score: 0
  
  So a spammer sent emails to 10s of thousands of people about adding malware to products and only ras pi has gone public?
  You are pitiful. You make up excuses for these people and try to justify them.
  I call it how it is. I call a spade a spade. I have no stock in any of this.
Meh! by Anonymous Coward · 2015-12-25 09:34 · Score: 0

It is just the usual spam that turns up from time to time. More likely a phishing/fishing exercise to see if the email address is valid before sending more.
I have received these and others over the past few months.
Is it the same Liz Upton by Anonymous Coward · 2015-12-25 10:54 · Score: 1

who's married to the Pi hardware designer, and who made tasteless and morbid jokes on her Twitter stream about Steve Jobs' and him dying from pancreatic cancer?
1. Re:Is it the same Liz Upton by Anonymous Coward · 2015-12-25 23:52 · Score: 0
  
  Dunno... who the fuck cares if she did?
2. Re:Is it the same Liz Upton by Cederic · 2015-12-26 01:02 · Score: 1
  
  I didn't see those, could you share? It's cold and wet here, could do with a laugh.
What is this, the FBI/CIA? by fustakrakich · 2015-12-25 11:28 · Score: 1

Why the redaction? Sounds bogus

--
“He’s not deformed, he’s just drunk!”
The Pi is already dependent on malware by Anonymous Coward · 2015-12-25 12:57 · Score: 0

It's got a non-free bootloader which we have zero control over and is against the users interest. There are more freedom friendly boards out there including the original Cubbie Board and Banana
Calm down, calm down by arglebargle_xiv · 2015-12-25 13:38 · Score: 3, Insightful

It's just a generic form-letter email that would have been sent to an auto-generated list of any number of systems integrators and anyone else that might possibly respond. That's how the bloatware that gets included in Windows PCs ends up on there, it could be describing SymantecNortonLenovoToshibaHuluNetflixCyberlinkDellSkype7ZipAccuweatherRealTek SuperEssentialClickOnMe.
In any case there's already a malware-installer "EXE file that installs a desktop shortcut, that when clicked redirects users to a specific website" for the Raspberry Pi.
1. Re:Calm down, calm down by Anonymous Coward · 2015-12-25 15:06 · Score: 0
  
  You really confuse a PC maker putting an anti-virus software trial, or some dumb demo game for a fee on their laptop with someone randomly accepting this offer?
2. Re:Calm down, calm down by Anonymous Coward · 2015-12-28 05:36 · Score: 0
  
  How in the hell do you think the Roxio suite (and Adobe) managed to get installed on every Dell for over a decade?
3. Re:Calm down, calm down by Anonymous Coward · 2015-12-30 09:10 · Score: 0
  
  You ALL are very NAIVE. Wasn't there a CYBERWAR? Remember the War to End All Wars? News! We lost! This is the War to End All Computing, we ll be losing. Some people DO NOT WANT computers to be isolated and independent AT ALL because it grants power to the user and those people cannot CORROBORATE or VERIFY if it is you who fulfills their paranoia.
Mind boggling! by Anonymous Coward · 2015-12-25 14:19 · Score: 0

OMG! Are there people alive that are this stupid? Oh, right. Most government officials...
An exe? Yeah that'll work. by AndroidCat · 2015-12-25 18:17 · Score: 1

-rwxrw-rw- 1 pi pi 582 Apr 23 1999 Carved Stone.bmp
drwxr-xr-x 2 pi pi 4096 Mar 9 2015 Desktop
drwxrwxrwx 3 pi pi 4096 Sep 4 11:51 Devel
-rwxr--r-- 1 pi pi 49 May 15 2015 golog
drwxr-xr-x 3 pi pi 4096 Nov 8 22:40 indiecity
drwxr-xr-x 4 504 staff 4096 Feb 11 2013 mcpi
drwxrwxr-x 2 pi pi 4096 Mar 10 2013 python_games
-rw-r--r-- 1 root root 254 Mar 15 2014 test.js
drwxr-xr-x 3 pi pi 4096 Mar 9 2015 tmp
-rw-r--r-- 1 pi pi 5 Dec 26 01:10 totally_lame_malmare.exe

--
One line blog. I hear that they're called Twitters now.