Invisible Malware Install 65MB Large 381
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
Better Browser (Score:3, Insightful)
Re:Aaagh! (Score:3, Insightful)
Ok, but... (Score:4, Insightful)
Or is this the child of something that must be user-run first?
Re:Public service (Score:1, Insightful)
Just think... (Score:5, Insightful)
Re:a lot of space (Score:0, Insightful)
File Name: dotnetfx.exe
Download Size: 23698 KB
Date Published: 3/30/2004
Version: 1.1
Plus without letting us know if this is a patched or unpatched problem, it's a worthless story.
Re:Are we sure... (completely offtopic) (Score:5, Insightful)
Re:a lot of space (Score:3, Insightful)
Ever notice how small most
Back in the day, we had to distribute Paradox runtimes with our applications, and it was a whopping 2MB file. But that also meant Paradox applications were absolutely tiny, which made it easy to deploy updates and stuff. This can translate to a lot of savings for enterprises running on Paradox.
Re:65 MB without the user knowing? (Score:5, Insightful)
1. Point out that spyware is getting worse
2. Show that the
The latter point is simply trying to get people (especially anti-Microsoft people) fired up over nothing. The
Call me cynical (been on slashdot for many a year now) but parts of this article seem designed to enduce high emotion with a slashdot type crowd.
- JD
Re:a lot of space (Score:1, Insightful)
It's certainly delaying the deployment of the library though. Most
It's like, sure download my cool new utility - it's only 230k... oh, but please download this 23 meg dependency file to get it to run.
We used to do the same with the VBRUN dll's too. All those little utilities you downloaded off of tucows.com needed you to have that library file, which you usually had to download separately.
Re:Marc Lucovsky! (Score:1, Insightful)
Re:Are we sure... (completely offtopic) (Score:3, Insightful)
Re:does anyone understand the original story? (Score:4, Insightful)
My take was that he works in an office with a quantity of computers Q where Q is large and that the bandwidth reports showed a huge spike in traffic. 65Mb * Q = gigabytes of data, easily possible if you have 30-50 machines inhouse and they all picked up the malware.
Re:awesome (Score:2, Insightful)
The only thing I'm trying to accomplish today is to make a single slashdot moderator recognize that his life is without any meaning, and that it is completely irrelevant if he mods me -1 insightful of +1 troll. Get over it. Grab a tit or write a device driver. Do something useful with our life. Don't waste it with drivel on slashdot. Anyone who has modpoints right now and is able to ignore this post can gain something precious. Even if you don't have modpoints, just imagine you had some, and then imagine you ignore this posting and live a happy live. It's so easy. (Oh boy, I'm only trying to help)
Re:whoever wrote this article (Score:2, Insightful)
1. Managed environment (like Sun JRE or MS CRT) has nothing to do with access security in your system. If you think Java programs can do you no harm you're in big trouble - standalone Java programs have as much access to your system as any other programs you may run (it's browser applets that live in sandboxes and more or less safe).
Managed code programs written by novice programmers are presumably harder to be break themselves than say C programs written by same-level programmers. But it doesn't do anything to prevent them being malicious by design.
2. All firewall does is it closes external network ports you might have left open, optionally it can replace part of your operating system's network functionality in a hope it's own code has less bugs than one of your OS. That's why to some point personal firewall is something shouldn't have existed should everything were done right. Firewall should not prevent you from browsing any sites, downloading and installing any programs - from your side it must be transparent.
Resume: Nothing will stop you from shooting yourself in the foot if you really want to.
> I'm sure I'm not the only
I hope not, these were "News for nerds" some day.
Re:A Different Worm (Score:3, Insightful)
Now, for most GNU/Linux distros, there is a centralized packaging system which, by virtue of being centralized, cannot be added to by someone without root access. Therefore, a newbie GNU/Linux user (assuming he hasn't been convinced by Lindows or some other stupid company to run as root all the time) will know at least that in order to install software he wants, he must be root.
So when he downloads Bonzi Buddy for GNU/Linux, do you think he'll think it odd if he needs to su before he can install the conveniently packaged rpm or deb? Hardly. He'll just click through the EULA without reading it, just as he does with Windows, provide his root password, and bume, he's owned.
As a result, unless he's using GNU/Linux in a corporate environment where he doesn't have the root password (and in many companies -- for example mine -- that use Windows, it's standard for people not to have Admin rights to their own computers either) he's going to be vulnerable to the same sorts of social attacks as he would on Windows.
Furthermore, he will be vulnerable on pretty much any platform with as simple a security model as GNU/Linux, OS X, and even Windows (ie, admin/user two-tier security levels). Because he'll just be coerced by the pretty purple ape and/or animated cursor to provide his root password. Voila!
The truth is, there are two reasons there's not much malware for non-Windows systems. One is because of market share, and the other is because the users of minority operating systems tend to be a little more technically savvy than the soccer moms and nascar dads that make up the Windows world. This is even true for Mac users, simply because you are more aware of your computer when most of the world's software isn't compatible with it.
I mean, the thing to recognize here is that security isn't just having secure programs, but also having a security minded admin. My impression of most GNU/Linux users today is that they aren't all that security minded, but because most people aren't leveling attacks at them, it doesn't much matter. If on top of that you had a whole legion of computer illiterate folks clicking on the pretty GNU/Linux widgets, well... let's just say it doesn't bode well.
For me, I'll never have any of this crap because I'm committed to software freedom, and no malware author is going to provide the source code of his program under a license I'm comfortable with.
When Windows users say, "There aren't as many viruses/worms/exploits for GNU/Linux/BSD/MacOS X because there are more Windows machines," flame the shit out of them, because they're ignorant as all get out about the architectural differences between these systems.
But when we're talking about trojans, I'm afraid GNU/Linux, on its own, will not save you.
Symbiotic viruses (Score:5, Insightful)
Infact some models have shown its even in a species interest to play host to a disease causing entity that is more lethal to a competitor or predator. E.g. mice that carry diseases fatal to predetors.
In rare cases tolerance gives way ot full symbiosis where each helps the other. Perhaps a bacteria that helps deal with some more dread disease or an enteric digestive aid. Something that fixes nitrogen in your roots.
So anyhow maybe the course of virsuses are indeed ones that tune up your system, protect you from other viruses and make sure your computer is working optimally. Perhaps they will get out of your way when you are actually using it and just steal cylces and bandwidth when you wont miss it.
In that case 24 hour tech support is indeed on the way.
Re:A simple solution (Score:3, Insightful)
Ill give you that. MSDN rocks if you need general API's or ABI's. Instead, we good documentation for DOS commands and techniques to manipulate files through the command line.
For example, I'd like to run a shell script (using bash for Windows and Linux), autodetect OS, and then execute a routine script. With Linux, I can, on user login, eject the CDROM, play a movie, reformat a hard drive and repartition it, have it blink red lights.. all sorts of things.. ok, maybe you need a driver for the red light thing.
On Windows, you cant eject a drive easily through commandprompt, reformat the drive (using the newer tools, no commandline access at all), or other interesting things.
Or even better yet, whats all the possible switches for Win98 FORMAT ? Yeah, it leaves out on the range of 5-6 different switches.
Why exactly did MS port SFU to Windows? Cause Windows doesnt provide command (or easy to remote) line tools to common jobs.
Re:This just in! (Score:4, Insightful)
p
Re:Aaagh! (Score:2, Insightful)
Re:65 MB without the user knowing? (Score:3, Insightful)
That bit's a joke, right? The editors RTFA before posting?
slaps incredibly misleading title on top
The title is submitted along with the summary by the user. It may be that the editor has changed it, of course, but there's a good chance that it is as the submitter intended it to be.
Re:How is this happening? (Score:3, Insightful)
I thought windows was supposed to be LOWER TCO?
smash.
I think the point is... (Score:1, Insightful)
I have no problem with something popping up on my computer and saying "oh, to do 'X' you need the