I've worked on audio for museum exhibits and am currently doing work for an audio tour that will be presented at a prestigious museum in Washington, D.C. There are a few firms involved in this kind of work and the equipment is expensive because it is made in small quantities and is extremely rugged. For the portable audio tour devices, there are industrial-grade, sophisticated charging racks and the individual audio devices have buttons and features so that visitors can see the exhibits in any order and learn more about individual stops (think "hyperlink").
Using consumer-grade CD players, MP3 players, and headphones for a museum exhibit is like replacing a pay phone outside of a convenience store with a $10 phone from Walmart. If it was possible to put on an exhibit with $50 worth of equipment per person, then the big companies like Acoustiguide, Antenna Audio, and Tour-Mate would be driven out of business by cheap competitors.
Why do people assume that anything expensive must be overpriced? Sometimes things are expensive to buy because they are expensive to make. And often they are still as cheap as they can be for their intended use. Police departments and rescue squads pay a lot of money for Motorola and Icom walkie-talkies and in-vehicle radios, but it doesn't mean that equipping police cars and ambulances with $40 Cobra CB radios and giving cops $50/pair Uniden FRS/GMRS walkie talkies would be a clever move.
but there is no call to perpetrate a personal attack by calling him a "fucking idiot" - it doesn't make your position any stronger or your argument any more convincing.
He wasn't interested in an intelligent debate. He simply said that global warming is "something that does not exist." No sources. No links. No rationale. I'm frustrated by people who won't even read the news stories on major scientific studies and simply pretend that global warming doesn't exist.
He is just aghast that you are comparing something that does not exist to violence against another human being.
Global warming exists. Reputable scientists know it. If you disagree, then you're a fucking idiot. And killing off the human race is worse than raping someone.
should users with pirated copies of Windows be allowed to download security updates?
My answer: No.
Your answer is not smart.
If you want to deny SW pirates access to new versions of Windows Media Player, Windows Movie Maker, or drivers for their video card, that's fine. But denying them security updates is harming people and businesses who did nothing wrong. Why should my domain be blasted with traffic from infected PCs running pirate copies of Windows XP? Why should my ISP have to bear the burden of traffic from those infected PCs? Why should someone playing a multiplayer FPS game get fragged because network congestion from infected PCs is causing packet loss and latency? Why should some guy who buys a new laptop at Best Buy find it infected within one minute of connecting to the net because there are countless infected machines looking for some particular flaw that his yet-to-be-patched PC has?
What you're advocating is analogous to companies refusing to fix natural gas leaks because the consumer is behind on his gas bill. Explain that to the neighbors when his house blows up and takes out their homes, cars, or family members.
Your "security through OS diversity" suggestion shows your lack of understanding of computer security. It is just a thinly veiled version of "security through obscurity." If your ISP has boxes running Windows Server 2003, FreeBSD, RedHat Linux, Suse Linux, and Windows Server 2000, a flaw in any of those could, depending on network configuration, cripple the network or render services unavailable. Every one of those boxes could be a hole through which an intruder could enter. Keeping all of those OSs up-to-date is a major chore that is likely to be neglected at times.
The degree was issued by BJU, therefore it's possessive.
If you have a degree from there, then they give degrees to illiterates! Here's what you wrote:
I have a BSc in Theological Determinism from Bob Jone's University.
What the hell is posssessive in that sentence? Tell me! The way that you've written that sentence, the University is owned by someone named "Bob Jone". If you wanted to say that the University was owned by "Bob Jones", then you should have written "Bob Jones' University", but that's not the name of the school is it? Your sentence says that the degree is "from" the university, not that it belongs to the university.
Are you saying that the university owns your degree? That Bob Jones owns the university? That Bob Jone owns the university? Just what's possessive in your mind?
Subset, superset. Thanks for playing though
Atmosphere is not a "subset" or "superset" of climate. Atmosphere is the collection of gases surrounding a planet while climate describes conditions like temperature, wind, and precipitation (no, I don't care that wind involves air -- it doesn't make one a subset or superset of the other). Temperature is a subset of climate. Rain is a subset of climate. Atmosphere is not.
Because there is no evidence of man-made atmospheric changes contributing to anything.
Here is an article from the BBC News about a scientific study that gives strong evidence of man-made greenhouse gases contributing to global warming. So you can stop with your bullshit claims about there being "no evidence." That link proves that you are either ignorant or a liar.
So what you end up with is 100% political efforts like Kyoto which requires that "bad" countries decrease CO2 emissions and requires that "good" countries increase them.
More bullshit. The Kyoto treaty did not require any country to increase CO2 emissions. That's just complete and utter fabrication.
I'd rather pay more for banana's and CDs to stop Martian invasion, Godzilla attacks, and hangnails. As long as you are paying to affect something that has nothing to do with anything....
Since you've already proven yourself woefully ignorant about the entire subject, your opinion about the topic is worthless. Do us all a favor: Stay home on election day and study rather than going out to vote. We'll all be better off if you do.
This is a classic fallacy of appealing to authority.
No, it is not an appealy to authority. It's based on the knowledge of the scientists, not their authority. That's like saying that the peer review process is flawed because it appeals to authority.
Maybe some more of those research dollars should be devoted to understanding why the warming is occuring and developing ways to cope with a warmer earth, rather than redundantly measuring the temperature via every possible method and then shouting: "GLOBAL WARMING!!!! GLOBAL WARMING!!!!"
Similar in concept to women learning to cope with rape rather than shouting about it, right? Rather than trying to "cope" with global warming, why not try to exert some control over man-made atmospheric changes that have a strong likelihood of contributing to it? What's the worst thing that happens? We reduce pollution and it doesn't solve the global warming problem? That seems a lot more desirable than assuming that pollution is not the cause of global warming, in which case being wrong could mean an ecological disaster.
Who the hell cares if we have to pay a few cents more for a banana or stack of CD-ROMs due to costs associated with reducing the emission of greenhouse gases (in manufacturing and/or transportation)? It beats the hell out of mass extinctions and ecological disaster.
there is no evidence yet for man-made global warming.
Yes there is and stating otherwise won't change it any more and throwing a temper tantrum will. There is a tremendous amount of evidence of man-made global warming. Your political bias may make you unwilling to read the evidence, but man-made global warming is a fact accepted by the vast majority of respected scientists.
You can't prove that you aren't a child molestor, so should we suggest that you may be?
If you're going to accuse me of being a child molester, you had better have proof that I am.
Now look at what I wrote ("you may be") and look at what you wrote ("accuse me of").
You made the claim that it couldn't possibly be a trojan
Untrue. I said that it was extremely unlikely, not impossible.
It's not up to me to show they didn't. You're claiming they did, you show they did.
I can't show that they did, nor can I prove that New York Times reporters would have known about, or mentioned, a terrorist attack against the Statue of Liberty, but I feel pretty confident that none happened if it's not mentioned in the New York Times.
Do you have any support for this claim? Any at all?
Yes, many years of experience in the business world, publishing experience, and common sense.
It is entirely about you claiming there is no reason to suspect the existence of malware in the patch, providing no evidence to support the assertion, and trying to make others feel stupid for believing otherwise.
1. There is no reason to suspect it. He did nothing to warrant your suspicion.
2. I did provide evidence - just not proof.
3. I was not trying to make you feel stupid. I was trying to make others believe you are stupid. Yeah, I know that it's not a nice thing to do, but I think that you did your share of that, too.
Which is sort of my point. You can't prove it's not
You can't prove that you aren't a child molestor, so should we suggest that you may be? That's the problem with the prove-a-negative game: You can make up any kind of unsubstantiated suspicion and then argue that it's valid becaue no one can prove that it's wrong.
That doesn't mean people have looked for a problem and not found one.
Some of the people were running ZoneAlarm. Some were running BlackIce. Some were running anti-virus software. While they may not consciously have been looking for a problem, they probably would have been notified of one nonetheless. Besides, you will not convince me that thousands of people tried it and none of them were looking for malware. That's absurd considering the amount of scrutiny that most freely available software receives.
And making no mention of the legitimacy of the patch. They don't indicate whether they or anybody else has tested the patch. Only that it exists and where to find it. Again, a lack of evidence either way.
If they publish a link to it and it turns out to have malware, then they get sued for negligence. Therefore, logic dictates that they would have checked that before publishing the story.
And because I don't implicity trust him does not mean I implicity trust Microsoft.
Then just what do you do? Run an unpatched Windows 98SE system? If so, doesn't that mean that you trust Microsoft, since they supplied the OS?
Sure it does. I look for motivation, methods, history, etc. If you want to release a Trojan, you don't do it by targeting a tiny segment of the population who use an outdated, unpopular operating system. Also, what could he hope to gain? Credit card numbers? I'd much rather get those from someone who has a system running XP (newer computer probably means a bigger bank account -- on average). Would he put up a link to an e-mail address for himself? Would he create an elaborate website explaining a limited-appeal product? Of course not. He'd be much better off embedding something in a filesharing app, a "warez" download site, etc.
You also mentioned a Google search which turned up nothing conclusive, to which I did not respond because it doesn't prove anything except that there's no page in Google's listing saying it's not legitimate which only means that either nobody knows, or nobody has said so.
Again, it's the old proving a negative. Suppose a Google search had turned up a page that said that it was malware-free. Would you have trusted that? If hundreds, or thousands, of people fail to find a problem, it's evidence that no problem exists.
Where exactly is the flaw in my logic?
One place is where you fail to address the issue of a major computer publication providing a link to it. The other: See above.
So go ahead and dismiss them. I'll be a little more careful with my systems.
So you'll only install patches provided by Microsoft, a company which has already proven itself willing to install spyware and software which transmits private information without permission. (e.g., Windows Media Player, Windows Update). Only a company with a financial interest in selling your private data will get your trust. Interesting.
Your tone and phrasing both indicated that someone would be foolish to believe otherwise.
Yes, it would be foolish to believe otherwise, but that's because of the preponderance of evidence, not just because there is a disclaimer.
To top it off, you said, "You need to take the aluminum foil off of your head." I was merely pointing out that the concerns were valid and ought not be dismissed so readily.
Of course they should be dismissed readily:
1. Win98SE is only on a small percentage of computers. 2. Most people don't update their systems -- even with the convenient Start menu item that's already there. 3. Those who would seek out a third-party service pack are, on average, more technologically savvy and thus more likely to have firewalls, the ability to analyze what was changed, etc. 4. The machines are, on average, underpowered and less likely to have a broadband connections. 5. The disclaimers. 6. The time spent documenting the patch on the website. 7. The slick web site with the link to an e-mail address for the author.
If you wanted to mine credit card information, for instance, would you distribute Trojan horse software to the small number of people who are running old machines with Windows 98SE or would you go after people with Windows XP and/or Mac OS X? If you wanted your Trojan to be used for DDoS attacks, would you put it into a handful of Win98Se machines that probably run with dial-up, or would you put it in something that people with Win2K/XP would install? If you wanted lots of people to install a trojan, would you put it into something like a filesharing program, a hacked copy of Office XP, Photoshop, etc., or would you put the Trojan into something that only ran on the relatively unpopular Windows 98SE? If you wanted to avoid going to jail, would you release your Trojan via a slick website with a link to your e-mail address or would you release it anonymously on Usenet, through IRC, or via a proxied upload to an underground web site?
If this is an attempt to get people to install malicious software, it's the most idiotic attempt I've ever heard of.
If I was some überhäcker who was bent on world domination through some nefarious trojan horse in the guise of a service pack, I would most certainly tell people to backup data before installng it.
Yeah, world domination by providing Trojan-infested service packs that only work on a small minority of, on average, grossly underpowered machines, the majority of which are used for such important tasks as e-mailing pictures of the new baby and exchanging recipes. Stick to being a nerd on Slashdot. You're really not cut out for this James Bond villain thing.
Hmmm... I'm not so sure about that one. Even if they have the ability (old Windows 98SE machines sitting around?), I'm willing to bet they didn't bother to check out the file. This article isn't a review, it's a report.
If they print a news article and provide a link to software, they are exposing themselves to a lawsuit if the software is malicious (regardless of disclaimers in the article). All anyone would have to do is say "these guys are the published experts so I trusted them." I seriously doubt that they simply printed the review without even checking out the file.
You made the claim that the patch must be legitimate because these claims appeared on his website and I showed how that is not necessarily true.
That is a mistrepresentation of what I said. I gave that as evidence supporting the notion that the patch was legitimate, not proof-positive that it was. I also pointed out that there were no reports on the net of problems and that the reputable publication that ran the story would probably have checked out that software before posting the story and links to the software. The disclaimers on the website were just one piece of the evidence.
To lend an air of legitimacy to his claims knowing no one will really backup their system. Or the trojan could be delayed by so long that by the time it activates the backups will be useless anyway.{snip} Well, literally, the disclaimer is saying he doesn't guarantee it not to screw up your system. It's reverse-reverse psychology: If I say it will definately work, no one will believe me, so I'll say it may not work and then they will think it will.
Then you must be scared shitless when you read the reverse-reverse psychology on Microsoft's licenses and web site. With all of the disclaimers and warnings about backing up your system that you find there, they must be installing something that will make you go blind, cause cancer, and post your Social Security number on the big screen in Times Square.
I'm not claiming it is or isn't malware, but the evidence you've provided is hardly compelling that it isn't.
So all you want me to do is prove a negative? Gee, that sounds really reasonable.
In order to attempt to appear legitimate. I've seen simlar "no warranty" warnings in no-cd cracks and the like.
I just knew that argument would come. Do the "no-CD" cracks install malware? No. If they do, they get pulled. The guys hosting those files get paid for click-through ads, so they pull anything which is discovered to be spyware, malware, etc.
Because they don't realise that it is, and believe that it's legitimate.
So you don't think that Information Week: Security Pipeline has the technical expertise and/or journalistic integrity to check out the file before writing an article about it?
Now you're just being silly - he's hardly likely to put up a webpage about it, and a lack of others doing so just means that no-one has figured it out yet.
You're being silly. You actually believe that, with all of the people running ZoneAlarm, BlackIce, Ethereal, etc., that NONE of them would have found anything (assuming that there is something to be found)?
Now, I don't suppose that there is anything sinister about this, but really - to the best of my knowledge, he's just some random guy on the internet. Why should I trust him?
Why should you trust Microsoft? They can track your CD and DVD listening/viewing habits thanks to "upgrades" to Windows Media Player. Why should you trust Real Networks? Realplayer has spyware in it. Microsoft and many other commercial entities have all released software which has security holes and which surreptitiously sends your personal information across the Internet. You need to consider motivation: Commercial entities can make money with spyware. Record companies love statistics on how popular their CDs are, for example. Information about what sites you visit is valuable to a marketing person. Some "random guy on the Internet" doesn't really stand to profit from the installation of spyware on the small percentage of machines which still run Windows 98SE.
I highly recommend that you should backup your system before installing the pack.
and
This software is provided "as-is," without any express or implied warranty. In no event shall the provider be held liable for any damages arising from the use of this software.
If he was trying to get you to download and install a Trojan horse, why would he tell you to backup your system? Why would he have a disclaimer with dire warnings about 'no warranty' and "damages" rather than a statement that the software is "r33ly L33t" and that you need it now? Why would Information Week provide a link to it if it was a Trojan horse? There's 96 hits on Google when you look up "Alper Coskun" (with quotes) and "98SE" -- none of which mentions his sinister plot to get your oh-so-valuable data that you keep on an ancient Windows 98 PC. You figured out his clever ruse!
You need to take the aluminum foil off of your head.
I don't know about you, but I'll rather be keeping my win98 systems safely protected behind nat and a strict firewall than trusting some stranger offering me unofficial service packs.
Will NAT and a firewall give you the ability to support more than 512 MB of RAM in 98SE? Will they give you improved swap file usage? Will it give you better WDM and USB support? Will the NAT and firewall provide you with general "USB 1.x Mass Storage Device" support? In fact, are you sure that there are no remotely exploitable bugs, that the OS isn't leaking your personal information, etc.?
But, I guess if you gave a rat's ass about security, functionality, or reliability, you wouldn't still be using Windows 98SE, would you?
Just as a minor point, the bandwidth used by rejecting spam during the SMTP handshake or part-way through the header is pretty minimal.
I agree with you -- I run and host my own domain. Nonetheless, when you look at an ISP being bombarded by spam from multiple sources, some of which are trying to pump through thousands of messages, or you consider someone running a domain on a low-speed DSL connection, the bandwidth isn't free. Neither is the storage for logging (though I admit that it's cheap).
I guess I look at it as an aggregate cost. Add up all of the spam going through a given pipe and it's usually significant -- even with rejected connections.
Slashdot Mirror
I've worked on audio for museum exhibits and am currently doing work for an audio tour that will be presented at a prestigious museum in Washington, D.C. There are a few firms involved in this kind of work and the equipment is expensive because it is made in small quantities and is extremely rugged. For the portable audio tour devices, there are industrial-grade, sophisticated charging racks and the individual audio devices have buttons and features so that visitors can see the exhibits in any order and learn more about individual stops (think "hyperlink").
Using consumer-grade CD players, MP3 players, and headphones for a museum exhibit is like replacing a pay phone outside of a convenience store with a $10 phone from Walmart. If it was possible to put on an exhibit with $50 worth of equipment per person, then the big companies like Acoustiguide, Antenna Audio, and Tour-Mate would be driven out of business by cheap competitors.
Why do people assume that anything expensive must be overpriced? Sometimes things are expensive to buy because they are expensive to make. And often they are still as cheap as they can be for their intended use. Police departments and rescue squads pay a lot of money for Motorola and Icom walkie-talkies and in-vehicle radios, but it doesn't mean that equipping police cars and ambulances with $40 Cobra CB radios and giving cops $50/pair Uniden FRS/GMRS walkie talkies would be a clever move.
Don't laugh, I work with the guy. His wife agreed to let him get the Segway he wanted in exchange for his letting her get the boobjob she wanted.
And while he's out riding his Segway, the pool boy is riding his wife.
but there is no call to perpetrate a personal attack by calling him a "fucking idiot" - it doesn't make your position any stronger or your argument any more convincing.
He wasn't interested in an intelligent debate. He simply said that global warming is "something that does not exist." No sources. No links. No rationale. I'm frustrated by people who won't even read the news stories on major scientific studies and simply pretend that global warming doesn't exist.
I confirm what the other AC says, you're trivialising one of the worst attacks a human can inflict on another.
You can't "confirm" anything. You can just share the same twisted opinion that raping someone is worse than making the Earth uninhabitable.
What is it with Slashbots, that you chose to compare everything from global warming to SCO lawsuits with rape?
I am not a "Slashbot." Unlike you, I am an intelligent human being.
He is just aghast that you are comparing something that does not exist to violence against another human being.
Global warming exists. Reputable scientists know it. If you disagree, then you're a fucking idiot. And killing off the human race is worse than raping someone.
should users with pirated copies of Windows be allowed to download security updates?
My answer: No.
Your answer is not smart.
If you want to deny SW pirates access to new versions of Windows Media Player, Windows Movie Maker, or drivers for their video card, that's fine. But denying them security updates is harming people and businesses who did nothing wrong. Why should my domain be blasted with traffic from infected PCs running pirate copies of Windows XP? Why should my ISP have to bear the burden of traffic from those infected PCs? Why should someone playing a multiplayer FPS game get fragged because network congestion from infected PCs is causing packet loss and latency? Why should some guy who buys a new laptop at Best Buy find it infected within one minute of connecting to the net because there are countless infected machines looking for some particular flaw that his yet-to-be-patched PC has?
What you're advocating is analogous to companies refusing to fix natural gas leaks because the consumer is behind on his gas bill. Explain that to the neighbors when his house blows up and takes out their homes, cars, or family members.
Your "security through OS diversity" suggestion shows your lack of understanding of computer security. It is just a thinly veiled version of "security through obscurity." If your ISP has boxes running Windows Server 2003, FreeBSD, RedHat Linux, Suse Linux, and Windows Server 2000, a flaw in any of those could, depending on network configuration, cripple the network or render services unavailable. Every one of those boxes could be a hole through which an intruder could enter. Keeping all of those OSs up-to-date is a major chore that is likely to be neglected at times.
The degree was issued by BJU, therefore it's possessive.
If you have a degree from there, then they give degrees to illiterates! Here's what you wrote:
I have a BSc in Theological Determinism from Bob Jone's University.
What the hell is posssessive in that sentence? Tell me! The way that you've written that sentence, the University is owned by someone named "Bob Jone". If you wanted to say that the University was owned by "Bob Jones", then you should have written "Bob Jones' University", but that's not the name of the school is it? Your sentence says that the degree is "from" the university, not that it belongs to the university.
Are you saying that the university owns your degree? That Bob Jones owns the university? That Bob Jone owns the university? Just what's possessive in your mind?
Subset, superset. Thanks for playing though
Atmosphere is not a "subset" or "superset" of climate. Atmosphere is the collection of gases surrounding a planet while climate describes conditions like temperature, wind, and precipitation (no, I don't care that wind involves air -- it doesn't make one a subset or superset of the other). Temperature is a subset of climate. Rain is a subset of climate. Atmosphere is not.
That's got to be one of the most obnoxious and gratuitous analogies I've seen here in a while.
No, it's a damned good analogy and if you don't see that, then you don't understand the magnitude of the problem with global warming.
Because there is no evidence of man-made atmospheric changes contributing to anything.
Here is an article from the BBC News about a scientific study that gives strong evidence of man-made greenhouse gases contributing to global warming. So you can stop with your bullshit claims about there being "no evidence." That link proves that you are either ignorant or a liar.
So what you end up with is 100% political efforts like Kyoto which requires that "bad" countries decrease CO2 emissions and requires that "good" countries increase them.
More bullshit. The Kyoto treaty did not require any country to increase CO2 emissions. That's just complete and utter fabrication.
I'd rather pay more for banana's and CDs to stop Martian invasion, Godzilla attacks, and hangnails. As long as you are paying to affect something that has nothing to do with anything....
Since you've already proven yourself woefully ignorant about the entire subject, your opinion about the topic is worthless. Do us all a favor: Stay home on election day and study rather than going out to vote. We'll all be better off if you do.
I have a BSc in Theological Determinism from Bob Jone's University.
You don't even know the name of the University! What a bozo! Do you think it is owned by "Bob Jone"? HAHAHA
Oh, and BTW, Mars has a climate entirely made up of CO2.
And you don't even know the difference between climate and atmosphere. Yeah, you're a real scientific genius.
This is a classic fallacy of appealing to authority.
No, it is not an appealy to authority. It's based on the knowledge of the scientists, not their authority. That's like saying that the peer review process is flawed because it appeals to authority.
Maybe some more of those research dollars should be devoted to understanding why the warming is occuring and developing ways to cope with a warmer earth, rather than redundantly measuring the temperature via every possible method and then shouting: "GLOBAL WARMING!!!! GLOBAL WARMING!!!!"
Similar in concept to women learning to cope with rape rather than shouting about it, right? Rather than trying to "cope" with global warming, why not try to exert some control over man-made atmospheric changes that have a strong likelihood of contributing to it? What's the worst thing that happens? We reduce pollution and it doesn't solve the global warming problem? That seems a lot more desirable than assuming that pollution is not the cause of global warming, in which case being wrong could mean an ecological disaster.
Who the hell cares if we have to pay a few cents more for a banana or stack of CD-ROMs due to costs associated with reducing the emission of greenhouse gases (in manufacturing and/or transportation)? It beats the hell out of mass extinctions and ecological disaster.
there is no evidence yet for man-made global warming.
Yes there is and stating otherwise won't change it any more and throwing a temper tantrum will. There is a tremendous amount of evidence of man-made global warming. Your political bias may make you unwilling to read the evidence, but man-made global warming is a fact accepted by the vast majority of respected scientists.
You can't prove that you aren't a child molestor, so should we suggest that you may be?
If you're going to accuse me of being a child molester, you had better have proof that I am.
Now look at what I wrote ("you may be") and look at what you wrote ("accuse me of").
You made the claim that it couldn't possibly be a trojan
Untrue. I said that it was extremely unlikely, not impossible.
It's not up to me to show they didn't. You're claiming they did, you show they did.
I can't show that they did, nor can I prove that New York Times reporters would have known about, or mentioned, a terrorist attack against the Statue of Liberty, but I feel pretty confident that none happened if it's not mentioned in the New York Times.
Do you have any support for this claim? Any at all?
Yes, many years of experience in the business world, publishing experience, and common sense.
It is entirely about you claiming there is no reason to suspect the existence of malware in the patch, providing no evidence to support the assertion, and trying to make others feel stupid for believing otherwise.
1. There is no reason to suspect it. He did nothing to warrant your suspicion.
2. I did provide evidence - just not proof.
3. I was not trying to make you feel stupid. I was trying to make others believe you are stupid. Yeah, I know that it's not a nice thing to do, but I think that you did your share of that, too.
Which is sort of my point. You can't prove it's not
You can't prove that you aren't a child molestor, so should we suggest that you may be? That's the problem with the prove-a-negative game: You can make up any kind of unsubstantiated suspicion and then argue that it's valid becaue no one can prove that it's wrong.
That doesn't mean people have looked for a problem and not found one.
Some of the people were running ZoneAlarm. Some were running BlackIce. Some were running anti-virus software. While they may not consciously have been looking for a problem, they probably would have been notified of one nonetheless. Besides, you will not convince me that thousands of people tried it and none of them were looking for malware. That's absurd considering the amount of scrutiny that most freely available software receives.
And making no mention of the legitimacy of the patch. They don't indicate whether they or anybody else has tested the patch. Only that it exists and where to find it. Again, a lack of evidence either way.
If they publish a link to it and it turns out to have malware, then they get sued for negligence. Therefore, logic dictates that they would have checked that before publishing the story.
And because I don't implicity trust him does not mean I implicity trust Microsoft.
Then just what do you do? Run an unpatched Windows 98SE system? If so, doesn't that mean that you trust Microsoft, since they supplied the OS?
Wow, it doesn't take much to earn your trust.
Sure it does. I look for motivation, methods, history, etc. If you want to release a Trojan, you don't do it by targeting a tiny segment of the population who use an outdated, unpopular operating system. Also, what could he hope to gain? Credit card numbers? I'd much rather get those from someone who has a system running XP (newer computer probably means a bigger bank account -- on average). Would he put up a link to an e-mail address for himself? Would he create an elaborate website explaining a limited-appeal product? Of course not. He'd be much better off embedding something in a filesharing app, a "warez" download site, etc.
You also mentioned a Google search which turned up nothing conclusive, to which I did not respond because it doesn't prove anything except that there's no page in Google's listing saying it's not legitimate which only means that either nobody knows, or nobody has said so.
Again, it's the old proving a negative. Suppose a Google search had turned up a page that said that it was malware-free. Would you have trusted that? If hundreds, or thousands, of people fail to find a problem, it's evidence that no problem exists.
Where exactly is the flaw in my logic?
One place is where you fail to address the issue of a major computer publication providing a link to it. The other: See above.
So go ahead and dismiss them. I'll be a little more careful with my systems.
So you'll only install patches provided by Microsoft, a company which has already proven itself willing to install spyware and software which transmits private information without permission. (e.g., Windows Media Player, Windows Update). Only a company with a financial interest in selling your private data will get your trust. Interesting.
Your tone and phrasing both indicated that someone would be foolish to believe otherwise.
Yes, it would be foolish to believe otherwise, but that's because of the preponderance of evidence, not just because there is a disclaimer.
To top it off, you said, "You need to take the aluminum foil off of your head." I was merely pointing out that the concerns were valid and ought not be dismissed so readily.
Of course they should be dismissed readily:
1. Win98SE is only on a small percentage of computers.
2. Most people don't update their systems -- even with the convenient Start menu item that's already there.
3. Those who would seek out a third-party service pack are, on average, more technologically savvy and thus more likely to have firewalls, the ability to analyze what was changed, etc.
4. The machines are, on average, underpowered and less likely to have a broadband connections.
5. The disclaimers.
6. The time spent documenting the patch on the website.
7. The slick web site with the link to an e-mail address for the author.
If you wanted to mine credit card information, for instance, would you distribute Trojan horse software to the small number of people who are running old machines with Windows 98SE or would you go after people with Windows XP and/or Mac OS X? If you wanted your Trojan to be used for DDoS attacks, would you put it into a handful of Win98Se machines that probably run with dial-up, or would you put it in something that people with Win2K/XP would install? If you wanted lots of people to install a trojan, would you put it into something like a filesharing program, a hacked copy of Office XP, Photoshop, etc., or would you put the Trojan into something that only ran on the relatively unpopular Windows 98SE? If you wanted to avoid going to jail, would you release your Trojan via a slick website with a link to your e-mail address or would you release it anonymously on Usenet, through IRC, or via a proxied upload to an underground web site?
If this is an attempt to get people to install malicious software, it's the most idiotic attempt I've ever heard of.
If I was some überhäcker who was bent on world domination through some nefarious trojan horse in the guise of a service pack, I would most certainly tell people to backup data before installng it.
Yeah, world domination by providing Trojan-infested service packs that only work on a small minority of, on average, grossly underpowered machines, the majority of which are used for such important tasks as e-mailing pictures of the new baby and exchanging recipes. Stick to being a nerd on Slashdot. You're really not cut out for this James Bond villain thing.
Hmmm... I'm not so sure about that one. Even if they have the ability (old Windows 98SE machines sitting around?), I'm willing to bet they didn't bother to check out the file. This article isn't a review, it's a report.
If they print a news article and provide a link to software, they are exposing themselves to a lawsuit if the software is malicious (regardless of disclaimers in the article). All anyone would have to do is say "these guys are the published experts so I trusted them." I seriously doubt that they simply printed the review without even checking out the file.
You made the claim that the patch must be legitimate because these claims appeared on his website and I showed how that is not necessarily true.
That is a mistrepresentation of what I said. I gave that as evidence supporting the notion that the patch was legitimate, not proof-positive that it was. I also pointed out that there were no reports on the net of problems and that the reputable publication that ran the story would probably have checked out that software before posting the story and links to the software. The disclaimers on the website were just one piece of the evidence.
To lend an air of legitimacy to his claims knowing no one will really backup their system. Or the trojan could be delayed by so long that by the time it activates the backups will be useless anyway.{snip} Well, literally, the disclaimer is saying he doesn't guarantee it not to screw up your system. It's reverse-reverse psychology: If I say it will definately work, no one will believe me, so I'll say it may not work and then they will think it will.
Then you must be scared shitless when you read the reverse-reverse psychology on Microsoft's licenses and web site. With all of the disclaimers and warnings about backing up your system that you find there, they must be installing something that will make you go blind, cause cancer, and post your Social Security number on the big screen in Times Square.
I'm not claiming it is or isn't malware, but the evidence you've provided is hardly compelling that it isn't.
So all you want me to do is prove a negative? Gee, that sounds really reasonable.
In order to attempt to appear legitimate. I've seen simlar "no warranty" warnings in no-cd cracks and the like.
I just knew that argument would come. Do the "no-CD" cracks install malware? No. If they do, they get pulled. The guys hosting those files get paid for click-through ads, so they pull anything which is discovered to be spyware, malware, etc.
Because they don't realise that it is, and believe that it's legitimate.
So you don't think that Information Week: Security Pipeline has the technical expertise and/or journalistic integrity to check out the file before writing an article about it?
Now you're just being silly - he's hardly likely to put up a webpage about it, and a lack of others doing so just means that no-one has figured it out yet.
You're being silly. You actually believe that, with all of the people running ZoneAlarm, BlackIce, Ethereal, etc., that NONE of them would have found anything (assuming that there is something to be found)?
Now, I don't suppose that there is anything sinister about this, but really - to the best of my knowledge, he's just some random guy on the internet. Why should I trust him?
Why should you trust Microsoft? They can track your CD and DVD listening/viewing habits thanks to "upgrades" to Windows Media Player. Why should you trust Real Networks? Realplayer has spyware in it. Microsoft and many other commercial entities have all released software which has security holes and which surreptitiously sends your personal information across the Internet. You need to consider motivation: Commercial entities can make money with spyware. Record companies love statistics on how popular their CDs are, for example. Information about what sites you visit is valuable to a marketing person. Some "random guy on the Internet" doesn't really stand to profit from the installation of spyware on the small percentage of machines which still run Windows 98SE.
The guy's web page says:andIf he was trying to get you to download and install a Trojan horse, why would he tell you to backup your system? Why would he have a disclaimer with dire warnings about 'no warranty' and "damages" rather than a statement that the software is "r33ly L33t" and that you need it now? Why would Information Week provide a link to it if it was a Trojan horse? There's 96 hits on Google when you look up "Alper Coskun" (with quotes) and "98SE" -- none of which mentions his sinister plot to get your oh-so-valuable data that you keep on an ancient Windows 98 PC. You figured out his clever ruse!
You need to take the aluminum foil off of your head.
I don't know about you, but I'll rather be keeping my win98 systems safely protected behind nat and a strict firewall than trusting some stranger offering me unofficial service packs.
Will NAT and a firewall give you the ability to support more than 512 MB of RAM in 98SE? Will they give you improved swap file usage? Will it give you better WDM and USB support? Will the NAT and firewall provide you with general "USB 1.x Mass Storage Device" support? In fact, are you sure that there are no remotely exploitable bugs, that the OS isn't leaking your personal information, etc.?
But, I guess if you gave a rat's ass about security, functionality, or reliability, you wouldn't still be using Windows 98SE, would you?
Just as a minor point, the bandwidth used by rejecting spam during the SMTP handshake or part-way through the header is pretty minimal.
I agree with you -- I run and host my own domain. Nonetheless, when you look at an ISP being bombarded by spam from multiple sources, some of which are trying to pump through thousands of messages, or you consider someone running a domain on a low-speed DSL connection, the bandwidth isn't free. Neither is the storage for logging (though I admit that it's cheap).
I guess I look at it as an aggregate cost. Add up all of the spam going through a given pipe and it's usually significant -- even with rejected connections.