Forgot your password?
typodupeerror
Security IT

Invisible Malware Install 65MB Large 381

Posted by Zonk
from the it-came-from-marketing dept.
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
This discussion has been archived. No new comments can be posted.

Invisible Malware Install 65MB Large

Comments Filter:
  • by Avyakata (825132) on Saturday March 05, 2005 @04:58PM (#11854913) Homepage Journal
    I wonder if it comes with 24-hour tech support?
    • Symbiotic viruses (Score:5, Insightful)

      by goombah99 (560566) on Saturday March 05, 2005 @07:58PM (#11855994)
      The course of virulent biological viruses tends to be the early ones are bad and tend to kill their hosts quickly. Over time they adapt to become less deadly to the host. A good example of the is the Bubonic Plague which is believes to have mellowed itself since the black plague. Stealthy viruses like AIDS are a good example of why longevity of the host helps in some modes of transmission.

      Infact some models have shown its even in a species interest to play host to a disease causing entity that is more lethal to a competitor or predator. E.g. mice that carry diseases fatal to predetors.

      In rare cases tolerance gives way ot full symbiosis where each helps the other. Perhaps a bacteria that helps deal with some more dread disease or an enteric digestive aid. Something that fixes nitrogen in your roots.

      So anyhow maybe the course of virsuses are indeed ones that tune up your system, protect you from other viruses and make sure your computer is working optimally. Perhaps they will get out of your way when you are actually using it and just steal cylces and bandwidth when you wont miss it.

      In that case 24 hour tech support is indeed on the way.

      • Re:Symbiotic viruses (Score:3, Informative)

        by BrokenHalo (565198)
        Your point is accurate, but I'm afraid your first example is less so: bubonic plague is not a virus, it is (believed to be) a bacteriological infection of Yersinia pestis.
  • Aaagh! (Score:5, Funny)

    by NoMoreNicksLeft (516230) <john...oyler@@@comcast...net> on Saturday March 05, 2005 @05:00PM (#11854923) Journal
    It's bad enough installing spyware, but now they have to go and install Microsoft software!?!?!?!

    You slimy bastards!

  • by kkassing (862493) on Saturday March 05, 2005 @05:01PM (#11854926)
    I hope they're using bittorrent...
    • by traskjd (580657) on Saturday March 05, 2005 @05:14PM (#11855027) Homepage
      Keeping in mind that the article is trying to do two things:

      1. Point out that spyware is getting worse

      2. Show that the .net framework is huge

      The latter point is simply trying to get people (especially anti-Microsoft people) fired up over nothing. The .net framework is ~23MB, and the service pack is ~10MB. There aren't any "optional extras" to the .net framework as such however they could be talking about components that AREN'T part of the .net framework. You get the framework in several flavours and the standard install is the largest. I'm willing to bet that the total size is how much harddisk space is actually consumed after install - and not the volume downloaded. I'm sure you could say that the Java Runtime is 100MB - it doesn't mean you download 100MB however.

      Call me cynical (been on slashdot for many a year now) but parts of this article seem designed to enduce high emotion with a slashdot type crowd.

      - JD
      • Ok, so this invisible spyware installs ONLY 23MB. I'm really relieved!
      • by Omega1045 (584264) on Saturday March 05, 2005 @07:29PM (#11855834)
        I would not say that the .Net framework is huge in comparison to, say, Java. The Java 1.4.2 runtime (no SDK) core is 15 MB. The core .NET 1.1 runtime my company distribute with our software (the clients know they are getting it) is 19 MB.
      • It's a difference in semantics. You are saying that the Installer is 23MB, while the article is saying the hard drive had 65 Megs less on it afterwards, which makes sense as the installer program would be uncompressed and likely not even automatically deleted from the hard drive after the install completes, using up disk space. In fact the article even states that the download is 23 megs.

        But the slashdot post was worded poorly, IMO. Install is often mistaken for Installer. I read it that way at first
  • ... that it's not Microsoft-sponsored? They have done just about everything else to push .NET down our throats...
    • by k4_pacific (736911) <k4_pacific AT yahoo DOT com> on Saturday March 05, 2005 @05:08PM (#11854985) Homepage Journal
      Maybe it would get wider acceptance if MS named it differently. I first heard about it a few years back, and wanting to know more, I typed .NET into Google. I got back every www.*.net website on the web, but little about Microsoft. I knew C# had something to do with this, so I typed that in. Google dropped the # and returned every page with the letter C. Then I heard about ASP.NET, and decided to look that up on Google. I got back every www.*.net/*.asp page in the world, again no useful info. Finally, I gave up and installed Linux instead. I heard that mono got me .NET on Linux, and so I looked up mono. I learned alot about being careful about who I kiss, but little else.
    • by Anonymous Coward
      The problem is that MS have never forced the .NET framework down anyone's throats:
      • It's an optional install from the XP SP1 and SP2 CDs
      • It isn't included with any version of XP Home.
      • It isn't listed as a critical update on Windows Update
      Taking those major flaws of your arguement into account, and how Microsoft have behaved in the past with products, how you'd consider that they're 'forcing .NET down our throats' is beyond human comprehension...
  • by nhnfreespirit (809462) on Saturday March 05, 2005 @05:02PM (#11854932) Journal
    And the makers will of course claim that they are providing a valuable public service by keeping peoples pc's updated! Bvah!

    nhnFreespirit
  • Better Browser (Score:3, Insightful)

    by OverlordQ (264228) on Saturday March 05, 2005 @05:02PM (#11854934) Journal
    Sounds like somebody needs a better browser.
  • Ok, but... (Score:4, Insightful)

    by AndyBassTbn (789174) on Saturday March 05, 2005 @05:03PM (#11854942) Homepage
    Any word on which browsers are vulnerable? Is this the sort of thing to be, once again, filed under "Switch to FireFox"? The author leaves a lot of unanswered questions.

    Or is this the child of something that must be user-run first?
    • Re:Ok, but... (Score:2, Interesting)

      by WalterGR (106787)

      Excellent question. Is this a browser vulnerability? Or is the installer in question the one you get by going to the BroadcastPC download page [broadcastpc.tv] and clicking the big "Download BroadcastPC" link?

      While it seems that the installer downloads the .net Framework redistributable without informing the user, I see nothing to suggest that *BroadcastPC* is installed without the user being aware.

      • Probably installed by eDonKazaa 3.0 with new uB3R-chat IM and P0rNgatherer Plus which everyone downloads anyway, even though they know it will render their system useless. Actually, that doesn't sound too different than what people do now.
  • Mono (Score:5, Funny)

    by _ZorKa_ (86716) on Saturday March 05, 2005 @05:04PM (#11854951) Homepage
    They could have at least installed the open source version of .Net, aka Mono. What were they thinking!
  • by prichardson (603676) on Saturday March 05, 2005 @05:04PM (#11854954) Journal
    I'm still waiting for the worm that will monitor someone's usage habits so it can stealthily download and install Linux.

    I bet some people started working on it, but got into a religious argument over what distro to use and gave up.

    I could also see a worm that would harvest someone's credit card number and use it to order a Mac Mini.
  • awesome (Score:5, Funny)

    by Anonymous Coward on Saturday March 05, 2005 @05:04PM (#11854956)

    It's like apt-get for Windows, except you don't even have to ask for the software. Further proof Linux isn't ready for the desktop, I guess.

    • Re:awesome (Score:4, Interesting)

      by spektr (466069) on Saturday March 05, 2005 @05:43PM (#11855233)
      OMG, y0 n00b, just include affiliates.microsoft.com in sources.list and do aptitude update && yes y to hell with it|aptitude distupgrade.
      • Re:awesome (Score:2, Insightful)

        by spektr (466069)
        Heh, "Troll", nice. I guess the gentoo user was offended, because I didn't do an "emerge crap" and used too few USE flags. Give mod points to a gentoo user and you increase the stupidity level of earth by 0.01%. In the meanwhile he does a stage 1 compile and gains a speed increase of 0.005%. After that he mods a second time, and I'm at -2, Troll. He races away on his ricer and earth loses again.

        The only thing I'm trying to accomplish today is to make a single slashdot moderator recognize that his life is w
  • NewDotNet (Score:5, Interesting)

    by Zorilla (791636) on Saturday March 05, 2005 @05:04PM (#11854958)
    This reminds me of a couple years ago when many piece of software came bundled with spyware called NewDotNet that claimed to be "needed for next generation internet applications" - just around the same time MS started pushing .NET

    I remember uninstalling it from a bunch of machines because people asked, "Do I need this?" Yes....
    • Re:NewDotNet (Score:3, Informative)

      by BCW2 (168187)
      You might be true;y disgusted to know how many machines are still coming in with it on them today. At least half the ones I clean up every week have NewDotNet on them. You would think some would learn over the years, but it sure doesn't seem that way.
    • Re:NewDotNet (Score:3, Informative)

      by ceejayoz (567949)
      NewDotNet enabled non-ICANN domain names like .xxx, .family, etc.

      http://new.net/ [new.net]

      You can take your tinfoil hat off, now.
      • Non-standard DNS resolving with the help of special software on the client side. Yeah, that sounds like a good business plan. Run a web site on a .family or .poop fake TLD you need special software for and you'll get a huge customer base doing that!

        Just what is running on most websites that use those, anyway, I wonder?
        • Yeah, dumb idea for the buyers, but great idea for NewDotNet to make some easy cash.
        • Re:NewDotNet (Score:3, Interesting)

          by rs79 (71822)
          "Just what is running on most websites that use those, anyway, I wonder?"

          Do you always criticize things you don't know anything about? Although I can't say new.net was a shining example of alt.tld-ness.

          But, to answer your question, no spam, for one thing. No malware, no viruses. Just people cooperating. And yes there is content that you can't see using the legacy root.

          With djbdns and Bind-PE/Treewalk offering alt.dns optins there's now enough people using them that I'm seriously thinking about rejecting
  • by alanbs (784491) on Saturday March 05, 2005 @05:06PM (#11854970)
    I remember the good old days when we would statically compile in our 100 Mb of needed libraries when propagating some malware. Technology just bites you in the ass sometimes.
  • Just think... (Score:5, Insightful)

    by jd (1658) <imipak@nOSPam.yahoo.com> on Saturday March 05, 2005 @05:09PM (#11854992) Homepage Journal
    What happens when Longhorn-specific malware packages decide to upgrade those Win95/98 boxes still out there...
  • Good! (Score:5, Interesting)

    by mwa (26272) on Saturday March 05, 2005 @05:09PM (#11854994)
    Now I know how to install it without clicking "I agree". So we'll be seeing some benchmark results on .NET real soon now, right?
    • Not necessarily (Score:4, Interesting)

      by jesterzog (189797) on Saturday March 05, 2005 @05:51PM (#11855282) Homepage Journal

      Now I know how to install it without clicking "I agree". So we'll be seeing some benchmark results on .NET real soon now, right?

      Just make sure you read every line of the agreement for whatever application installs the spyware. If they're being cautious, they probably have a line similar to "We might install the .NET framework on your behalf, and therefore you must read and agree with all of the Microsoft .NET framework terms of service outlined at [url]", right next to the statement about how they're going to install spyware on your PC.

      This isn't to say that any of it would necessarily hold up if tested in court, and it doesn't mean that Microsoft wouldn't have "issues" with the spyware distributor for bypassing the display of their license to the user installing the software. But if you're the sort of person who cares about clicking 'I agree' at all, then you should probably consider this, too.

  • omfg (Score:2, Offtopic)

    by ewe2 (47163)
    even on broadband, how could you *not* notice this?!
    • Re:omfg (Score:2, Interesting)

      by mike5904 (831108)
      Well, to be honest I'm not sure I would. I actually downloaded the .NET SDK the other day, and although it did make my web browsing a little (not unusably) slower, it only took about 3 minutes. Also, a lot of people this is targeting probably are used to having a bunch of malware on their computers, so the disk activity from the installer or the slowdown of their internet connection might seem normal to them. If the viru^H^H^H^Hmalware authors really wanted to be covert about it, they could just have it
  • Great news! (Score:2, Funny)

    by phatbuddy (648676)
    I'm glad the adware developers have started to use managed code. Wouldn't want their software to be able to do anything "unsafe" on my system. Thanks, guys!
  • Marc Lucovsky! (Score:5, Informative)

    by Jacco de Leeuw (4646) on Saturday March 05, 2005 @05:16PM (#11855041) Homepage
    Hey, at least somebody has been listening to Marc Lucovsky [slashdot.org]!

    Consider the .NET framework for a second. Suppose you wrote something innocent like a screen saver, written in C# based on the .NET framework. How would you as an ISV "ship your software"? You can't. Not unless you sign up to ship Microsoft's software as well. You see, the .NET Framework isn't widely deployed. It is present on a small fraction of machines in the world. Microsoft built the software, tested it, released it to manufacturing. They "shipped it", but it will take years for it to be deployed widely enough for you, the ISV to be able to take advantage of it. If you want to use .NET, you need to ship Microsoft's software for them.

    Who said Microsoft does not know how to ship software anymore?! Let the trojan authors take care of that!

  • Analogies (Score:2, Funny)

    by northcat (827059)
    This is like a fat dude with a bucher's kife sneaking up on a sheep from the front. And hoping the sheep won't notice.
  • 65MB is nothing! (Score:5, Interesting)

    by kaleco (801384) <.moc.tenretnitb. .ta. .2llahsram.gierg.> on Saturday March 05, 2005 @05:30PM (#11855141)
    BT Internet recently doubled the downstream rate on most of their broadband accounts, and after looking at the spyware penetration on some friends' Windows machines, 65MB malware seems completely plausible.
  • What is it that .NET gives the malware authors in terms of abilities that they can't have without it? In other words, why do they need to bother with .NET?

    • What is it that .NET gives the malware authors in terms of abilities that they can't have without it?

      You could ask the same question of any .NET project. You could also answer that question (and many similar ones) with "nothing, just use Win32 and ANSI C".

      Personally, after my most recent project at work has required me to get nice and comfy with .NET, I still don't see the point. Okay, the STL seems like a useful improvement (perhaps around version 5 or 6 they'll have the worst of the bugs out), but
  • Can the .NET framework still be installed even if you're not running as Administrator?
    • Re:zerg (Score:4, Interesting)

      by defishguy (649645) on Saturday March 05, 2005 @05:37PM (#11855184) Journal
      The long and short of it is probably yes. The Windows Installer runs in the system context and not the user context when the client is a part of an AD domain.

      Running the Windows Installer in the system context is the only way that the directory can manage software on the client.

      Kudos to MS for another brilliant design!
      • Re:zerg (Score:4, Informative)

        by badriram (699489) on Saturday March 05, 2005 @09:58PM (#11856632)
        Look at what the ACs pointed out... An admin still needs to start the process... however in AD with a Computer install, software is installed in the system context because no admin in logged in. And considering that an admin assigns the software to be installed i do not think that is security issue in the design.

        Any normal user account in windows cannot write into the Windows folder where .Net resides, and therefore a normal user will be not be able install .Net unless they increase their previledges...
  • ...a few years ago. I wrote a small, insignificant article back then on virusses and the ever increasing computer power (both speed-wise as size-wise) at our disposal. I figured that, taken these two facts, it would not take too long for someone to use that power to 'bootstrap' virusses that were immensely powerful. Call it 'cluster-virusses'. Noone would notice a virus of say 1 Mb in size, and in this virus one could install numerous other small virusses that each did it's own devastating task.
    The fact tha
  • Oops... (Score:5, Funny)

    by David Horn (772985) <{gro.remagtekcop} {ta} {divad}> on Saturday March 05, 2005 @05:39PM (#11855197) Homepage
    You appear to be using Linux. Please wait while we download and install Windows XP.

    Progress 1% (2/690MB downloaded)
  • by Net Spinner (732666) on Saturday March 05, 2005 @05:40PM (#11855207)
    Security is one of the core goals of .NET.

    That's why 9 out of 10 Malware authors now choose .NET as their preferred language of choice.

    A testamonial:
    "I finally switched after being pwned by other Malware authors. All my other hack buddies laughed at me!" said 1337HaxX0r, author of AllYURComp.exe, "But now that I'm using .NET, my malicious software is sure to be undeniably secure! Thanks Microsoft!"
    • Well, then 9 out of 10 malware authors don't know what the hell they are doing since .NET *IS NOT* a language.

      If they can't even understand THAT, I'm not at all worried about their craplets.
  • by idlake (850372) on Saturday March 05, 2005 @05:47PM (#11855260)
    The .NET download is just part of Windows now; sooner or later, you will need it, whether you want it or not. 65M is not all that large compared to other runtimes and libraries (C/C++ is much larger).

    The real problem here is that somehow these machines installed malware. The problem could be that they are running IE, it could be that the malware is exploiting a bug, etc.

    There is a simple solution: run Linux instead. That will protect you from both malware and .NET.
  • This guy starts out talking about something happening at his office: reports had come back to me at my workplace that someone, somewhere was downloading gigabytes of data onto their PCs. He then jumps to some event that he says was happening half way across the globe. OK, obviously I don't like spyware either, but what was the point of the story? What in the world did the events happening to Eric L Howes have to do with this guy's claim that at his office he saw someone, somewhere was downloading gigabyt
  • I'm waiting for the OS X release.
  • Need one of those for when people get accused of piracy and downloading infringing items.

    Between these things, and open wifi, its going to be hard to prove intent.
  • sure left some questions unanswered.

    1.
    In what way does the malware use the VM? Can it collect data from within the VM (thus making it a security hole in .NET), or does it run as a normal process and use the VM for displaying data?

    2.
    Is this possible to happen behind a firewall, of say, SP2? I've heard of malware that slips through it, though I haven't encountered it (I run slack 10 :)). But I'm concerned since my family runs windows, and I'll be the one to clean it. I'm sure I'm not the only /.'er who feel
    • I didn't write this article, however you might need to learn some things:

      1. Managed environment (like Sun JRE or MS CRT) has nothing to do with access security in your system. If you think Java programs can do you no harm you're in big trouble - standalone Java programs have as much access to your system as any other programs you may run (it's browser applets that live in sandboxes and more or less safe).

      Managed code programs written by novice programmers are presumably harder to be break themselves than
  • ...of this malware will be much smaller as it doesn't have to download the whole .NET package and the Servicepack ontop of it.

For every bloke who makes his mark, there's half a dozen waiting to rub it out. -- Andy Capp

Working...