Malware Found On Brand-New Windows Netbook 250
An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."
Ha ha. (Score:5, Insightful)
Pffft (Score:3, Insightful)
Right..... (Score:5, Insightful)
To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan
And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.
Who watches the... (Score:5, Insightful)
Press Release: Stunt number 43242 (Score:4, Insightful)
"OMG Virus! Buy our product!"
All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.
But not with a thumb drive! (Score:3, Insightful)
they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.
Just be sure to scan the thumb drive so you're not infecting it!
Re:Or... (Score:5, Insightful)
Re:Right..... (Score:5, Insightful)
The only reason it's always that way is due to the fact it would be almost useless for an attacker to target linux ......
It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.
Personally I'm looking forward to a world that is 30% OSX, 30% Linux, and 30% Windows. Not only will there be more software available for the OS of my choice, but also it will be harder for malware to spread. Look, in this case if the manufacturers hadn't been using Windows to download the drivers in the factory, the virus wouldn't have spread to the new computer. Monoculture is bad for many reasons.
Re:Press Release: Stunt number 43242 (Score:4, Insightful)
As I don't use Windows, AV company security blogs tells me a lot about the security scene after I filter the PR.
Also Kaspersky never says ''buy our product'', they don't need such stupid stunts. A person who buys one of those cheapo TW netbooks won't likely afford their product either. They say ''a security product'' without mentioning any brand while they have right to advertise their own.
Once upon a time, computer vendors (including Taiwanese) were decent enough to run a god damn antivirus (standard was 3 of them) before shipping the computer. I guess they are targeting old timers reminding them it is not the case anymore.
Re:Right..... (Score:2, Insightful)
It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.
Start with IIS 6 and that isn't really true anymore. It is widely accepted by those without a bias that IIS 6 is as good as equivalent Apache releases (when properly configured, of course).
Do you really think having to write software on 3 different systems will result in less malware? Do you think companies will double the development staff to accommodate the differences in systems? I think a 33/33/33 split would make software companies have to support more variances, but probably not do any as well as they do now. And yes, if you get that split, and the split is equally distributed among the different levels of technical ability, you would start to see malware for Linux and OSX; do you really think a Windows user that has just "clicks thru" wouldn't do the same on Linux (or type sudo first or whatever the equivalent is on OSX)?
manual driver installs? (Score:1, Insightful)
False sense of security (Score:5, Insightful)
Re:They really hand-install drivers? (Score:3, Insightful)
You're right about using drive images. However, when I was responsible for rolling out lease-return machines, we were re-imaging the systems from install CDs, rather than using "hard drive arrays." It's far easier to pop an auto-installing CD into the tray than it is to remove the hard drive, install it in an array, re-image it, then re-install it back into the PC.
It's not a very painful process -- about all you had to do was click "Ok" after the imaging CD booted and asked you if you were sure you wanted to re-image the machine.
Then again, IBM has always had some pretty slick install/imaging utilities for their machines.
Re:Right..... (Score:5, Insightful)
> Do you really think having to write software on 3 different
> systems will result in less malware?
Do you really thing that monocrop agriculture could destroy an entire civilization? Oh wait...
And when NASA attempted to build the ultimate fail-safe computer system for the Shuttle do you really think they wasted their money having 1 of the 5 CPUs built, designed, and programmed by an entirely separate organization than the primary contractor and prohibiting the two design groups from communicating with one another? Oh wait...
sPh
Re:Moot issue? (Score:1, Insightful)
Not necessarily. WOW itself takes up less than 12 GB on my system. I can easily get a USB jumpdrive larger than that, or even a HDD.
Beyond that, people do visit Blizzard's website to access their account, for various reasons.
Re:Remind me again (Score:2, Insightful)
Why on earth would that be a function of the usb drive and not the something running on the machine -- unless your intention is to 'backup' your friends machines or something -- in other words why wouldn't you implement that as a script on the machine that runs when a specific usb devices are connected to the machine?
Your idea just sounds like you're seeing nails because of the hammer in your hand...
Lets hear them, please.
Re:Remind me again (Score:5, Insightful)
No, AutoRun should not exist. You can't create a warning that scares people into clicking "no". If you try that, the first thing the customers do is call your support line asking why their copy of [Insert expensive software package here] contains a virus when it is really just set to automatically run their installer. Then, the only valid use of AutoRun becomes a black mark for software vendors and they stop using it, making it a completely useless technology.
The only possible way to make AutoRun be usable without being a gaping security hole is to require that all AutoRun software be signed using a signing key distributed by the OS vendor. Unfortunately, that could be a slippery slope to requiring all apps be signed (at significant cost), which would be a giant step backwards for small software vendors, open source, etc. Such a security measure would also have to have been done from the very beginning to avoid the problem of existing apps causing panic attacks in end users.
The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.
Buy our shit, seriously! (Score:5, Insightful)
Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!
I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.
What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!
Re:False sense of security (Score:5, Insightful)
The main difference is the vast difference in security practices between the two platforms. The only reason malware on ipods and photo frames is dangerous is because windows by default thinks that it's clever to auto-execute code off of external devices.
Re:False sense of security (Score:1, Insightful)
Huh? He's given two. Or do you mean a reference to the suppression of the geek skepticism reflex?
You are pretending to be dumb. But, in case you aren't: Yes. The parent post grouped Linux in with picture frames in terms of vulnerability but didn't give a reference specific to Linux. That's like saying that your favorite operating system sucks and giving examples of two *other* shitty operating systems as evidence. Actually, that's not like what he did. That is what he did.
Re:Ha ha. (Score:4, Insightful)
Yeah, because if they weren't pre-installed, the OS DVD would be so much safer...
Right...
If the manufacturer is compromised, you're boned either way.
Comment removed (Score:3, Insightful)
Re:Remind me again (Score:3, Insightful)
Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
Yeah, AutoRun and not showing the file extensions by the default are two of the most stupid ideas Microsoft ever had, and they have a _lot_ of stupid ideas. Maybe they did listen to complaints, but it took them 15 years to do something about it. Both those features started with Windows 95.
Personally, I'd prefer to do business with a company that doesn't take 15 years to fix its mistakes.
What ought to happen (Score:4, Insightful)
Recall Alert
U.S. Consumer Product Safety Commission
Office of Information and Public Affairs
Washington, DC 20207
May 23, 2009
Alert #09-993
M&A Companion Touch
The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.
Name of Product: "Companion Touch" notebook computer
Units: About 9,000
Distributor: M&A
Hazard: The laptop computer may have pre-installed hostile software (a "virus" or "worm") which could result in the unauthorized transmission of private user data, including bank account numbers and passwords, to a remote site.
Incidents/Injuries: None reported.
Remedy: Immediately stop using the device and return it to the point of sale for replacement. If bank account or credit card information has at any time been stored on the device, contact your bank and credit card providers to check for fraud and identity theft.
If computer security is to be taken seriously, such actions are essential.
Re:False sense of security (Score:3, Insightful)
And then it would be "News for nerds," instead of, "Microsoft bashing session for nerds."
Re:Pffft (Score:3, Insightful)
The first thing I did with my laptop was to reinstall Vista with the DVD that came with it. Is there a way to get malware from there or the driver disk?
Replace "Vista" with Ubuntu/Red Hat/SuSE/Debian and you should be fine :P
More seriously, why hasn't Microsoft made a package manager+repositories yet? It is absurd that people and companies have to verify that drivers and (basic) applications are clean. The problem is a problem that already has a proven solution: signed packages from a large repository. Signed to guard against tampering after the repository. Large, so that any foul play is discovered quickly. Heck, I'm sure that you could port apt+dpkg or rpm to windows and be down with it :)