Forgot your password?
typodupeerror
Security Programming IT Technology

Interview With an Adware Author 453

Posted by kdawson
from the warming-up-for-the-botnet-era dept.
rye writes in to recommend a Sherri Davidoff interview with Matt Knox, a talented Ruby instructor and coder, who talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for surreptitiously installing adware on millions of computers.) "So we've progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that's encrypted — really more just obfuscated — to an executable that doesn't even run as an executable. It runs merely as a series of threads. ... There was one further step that we were going to take but didn't end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. ... It amounted to a distributed code war on a 4-10 million-node network."
This discussion has been archived. No new comments can be posted.

Interview With an Adware Author

Comments Filter:
  • by jellomizer (103300) on Tuesday January 13, 2009 @05:32PM (#26439665)

    That the people who makes IT Guys lives difficult and annoying are indeed IT guys.

  • by Anonymous Coward on Tuesday January 13, 2009 @05:35PM (#26439721)

    Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

  • by elrous0 (869638) * on Tuesday January 13, 2009 @05:35PM (#26439725)
    Some serial killer goes and and murders dozens of innocent people; and we reward him with veneration, books written about him, endless press coverage, etc. Scumbags don't deserve our respect, our veneration, or polite treatment.
  • by fph il quozientatore (971015) on Tuesday January 13, 2009 @05:36PM (#26439743) Homepage

    [Sometimes we forget t]hat the people who makes IT Guys lives difficult and annoying are indeed IT guys.

    Or lawyers.

  • by sanosuke001 (640243) on Tuesday January 13, 2009 @05:38PM (#26439767)
    Can't be much of a stretch... he plays the same bumbling, over-the-top idiot in every movie he is in.
  • Chilling (Score:5, Insightful)

    by bbbaldie (935205) on Tuesday January 13, 2009 @05:41PM (#26439813) Homepage
    I am now more convinced than ever that it is impossible to secure Windows.
  • by snl2587 (1177409) on Tuesday January 13, 2009 @05:42PM (#26439817)

    Difficult? Maybe, but for freelancers who collect a check every time they "fix" an infected computer (read: fiddle around for a while and ultimately end up reinstalling Windows), these crapware authors are the reason they can stay in business.

  • Re:Chilling (Score:3, Insightful)

    by blueg3 (192743) on Tuesday January 13, 2009 @05:42PM (#26439821)

    Hey, *someone's* got to apply all those malware techniques to a money-making venture.

  • Re:Chilling (Score:5, Insightful)

    by El Lobo (994537) on Tuesday January 13, 2009 @05:48PM (#26439907)
    The same guy says in another interview in CNET that it would be pretty easy to find ways to implement the same in OSX (where they are actually experimenting) and in many Linux distros, but nobody pays a shit for that. They can get a lot of cash for pressing their brains to find exploits for hundred of millions of computers than what they would get to find exploits for some thousands in more exotic OSs. Easy like that. A so complex thing like a OS with millions of lines of code will necessarily ALWAYS have a couple of thousand possible holes, be it BeOS, MistOs, NetBSD os whatever. You only need the will (or the cash).
  • by dave562 (969951) on Tuesday January 13, 2009 @05:50PM (#26439933) Journal

    There seems to be a big stretch between a serial killer and some guy writing malicious code. My primary interest in computers initially involved all sorts of fraud and outright criminality. I now work in IT and have a completely legit lifestyle. Anyone who has any real competency or natural inclination to understand computers will mess with them and figure out how to make them do things outside of the "normal" range.

    The article talks about exploiting some incompatabilities between the Win32 and WinNT APIs. If there weren't guys like the subject of the interview, those incompatabilities would remain hidden. It takes mischevious people to come along and exploit the holes so that they get patched. By its very nature, software gets better when people push the boundries and tweak it. The person who writes code that leads to improvements in the most widely used operating system is not the same as the person who kills a bunch of people.

    If anything, Microsoft made the mistake of making the computer too friendly. They released technologies that gave people too many options. In any sort of free environment, there will be people who abuse the freedoms that they are presented with. Malware authors are those kinds of people. It is easy to blame Microsoft for looking into the future and envisioning a world where web browsers are the central application on the computer. They rushed blindly into it and unleased things like ActiveX on the world. At the core, their intention was right.. they wanted to make it easy to execute code in a distributed environment like the internet. Yet the implementation sucked and it seems like they didn't pay any attention to security.

  • Re:Chilling (Score:3, Insightful)

    by nwssa (993577) on Tuesday January 13, 2009 @05:51PM (#26439943)
    there isn't much stopping anyone from implementing this on Linux except the payoff is a fraction. Do you go to work for 1/20th of your hourly wage?
  • by Anonymous Coward on Tuesday January 13, 2009 @05:56PM (#26440017)

    he wrote adware.

    let me repeat that. he wrote adware.

    yes, he is a complete jerk. he worked for a corporation that did evil things. think Godwin's Law. he doesn't deserve a free pass just because you admire his methods.

  • by Anonymous Coward on Tuesday January 13, 2009 @06:03PM (#26440091)

    Damn right, dave. However, it's hard to deny that someone who writes malicious code that directly targets (ignorant) consumers may very well be treading on morally bankrupt territory.

  • by FrostDust (1009075) on Tuesday January 13, 2009 @06:07PM (#26440159)
    Theoretically, I'm not opposed to ad-supported programs. If someone is willing to put up with an advertisement in order to use a program for free, go ahead and let them. It's worked for television, radios, and web sites for quite a while (Tivos and Ad-Block aside).

    The problem, obviously, is when uninstalling the adware becomes a major hassle. For example, the author described in the interview how you would have to download a special uninstaller from the net, fill out a survey, and allow them to keep a registry key installed permanently. That is bullshit. Uninstalling shouldn't force any remains of the program to be left behind, period. Yes, in this situation it prevents unintentional (or intentional) reinstalls, but that wouldn't be an issue if adware didn't rely on drive-by downloads and was more upfront in what was being installed with the main program.

    To maintain some sense of legitimacy, uninstalling shouldn't be more complicated than a few clicks from using the Add/Remove Programs dialog, and not leave behind any of the program's code.
  • by Shados (741919) on Tuesday January 13, 2009 @06:07PM (#26440163)

    Over a third of the API is already depreciated (as far as I can tell), and there is an ever-shifting set of best practices standards. I can only imagine the hell a proper programmer endures in developing truly complex applications for .NET -- all I was doing was a few WMI calls and a database interface and I still crashed the kernel many times trying to figure out what to trap -- in many cases, error handling is mostly about creating a catch-all and then trying to break your code to see what is generated and then guessing what to trap accordingly.

    Wow there cowboy... only a very small part of the API is deprecated, the best practices changed a bit once, and only had additions as new features popped, but didn't change much in years... if you crashed the -kernel-, you were using legacy APIs through .NET, not .NET itself, and error handling is very well documented for the most part, and doing a catch all is a (no offense, since .NET is obviously not your primary dev environment) noob way of doing things and is heavily warned against since version 1.

    Maybe you fell in the ONE edgecase where it doesn't work well, but 95%+ (probably more) of it works flawlessly, is clearly documented and predictable...even if you go really deep. It becomes a bit more messy when you're interacting with separate products that just happen to have APIs coded in .NET (especially if its not the only language, and thus is probably coded by programmers who have no clue wtf they're doing), and its poorly done... Happens a lot. An example is the SSIS API (thats by Microsoft too), which is in .NET, but was clearly written by C++ gurus...so its a total fucking mess.

  • Sadly, no. (Score:5, Insightful)

    by lucas_picador (862520) on Tuesday January 13, 2009 @06:08PM (#26440167)

    From the article:

    In their licensing terms, the EULA people agree to, they would say "in addition, we get to install any other software we feel like putting on." Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say "Hey! I've got 4 million machines. Do you want to pay 20 cents a machine? I'll put you on all of them." At the time there was basically no law around this. EULAs were recognized as contracts and all, so that's pretty much how distribution happened.

    Um, no. Unconscionability is a pretty ancient principle of contract law. People joke about signing away their first-born child in an unread EULA, but they understand that it's a joke: that term would never be enforced by a court, because allowing contracts of adhesion (like EULAs) signed by non-lawyers in casual circumstances to extract those kinds of concessions from the parties would result in the complete breakdown of society.

    So when this guy (and his bosses) talk about how there was "no law around this", they're not fooling anyone, least of all themselves. If I buy a bus ticket and on the back there's some fine print stating that by riding the bus I've agreed to let the driver break into my house and take anything he wants, guess where the bus driver ends up if he tried to exercise his contractual "rights"? In prison. Which is where this guy belongs.

  • by Hatta (162192) on Tuesday January 13, 2009 @06:10PM (#26440203) Journal

    If you've watched enough Ben Stiller movies to have an opinion on which is the "best", not only do I not trust your opinion, I fear for the health and welfare of you and those around you.

  • Yes, he is a jerk (Score:5, Insightful)

    by sirwired (27582) on Tuesday January 13, 2009 @06:11PM (#26440219)

    To get that oh-so-useful uninstaller you had to go to a website, answer a survey, and only then could you download it. If they genuinely wanted to make it easy, they would have put it in Add/Remove Programs, and stuck their survey in there.

    I don't know about you, but after getting sketchy software on my machine, the LAST thing I want to do is go to some random website and download even MORE crap. I wouldn't trust that download one bit.

    And the bit about "it was also designed to be very difficult for other adware to kick off" is complete hand-waving B.S. It was designed to be very difficult for anti-virus packages and anti-spyware packages too. In fact, anti-malware packages were probably the primary target of the persistence code.

    And their distributors were complete scum that Direct Revenue did very little to police. Yeah, they suspended any that were complained about (if the hapless users even had any clue how they got the software), but those rogue distributors would just sign up under a new name.

    I can't believe he thought this job was a "net positive" simply because he wiped out the other guys' malware more than he installed. That just means he is a very sneaky coder... That's like a embezzeling salesman saying he was a "net positive" because he generated more profits than he stole. It may be true, but it doesn't make him any less of a scumbag.

    SirWired

  • by girlintraining (1395911) on Tuesday January 13, 2009 @06:11PM (#26440229)

    Some serial killer goes and and murders dozens of innocent people; and we reward him with veneration, books written about him, endless press coverage, etc. Scumbags don't deserve our respect, our veneration, or polite treatment.

    We're not here to discuss his moral infirmities. We're here to discuss effective ways of countering the threat the aforementioned poses. It is logical to begin by questioning those we've found engaged in such behaviors as to their motivations, goals, and methods. However, if you do not wish to dissect the frog due to moral outrage, I can give you some music to listen to but you will not pass the course.

  • by lxs (131946) on Tuesday January 13, 2009 @06:14PM (#26440263)

    Scumbags don't deserve our respect, our veneration, or polite treatment.

    True, but they are interesting to watch from a distance.

  • so let's educate some of you:

    we capture someone like frank abagnale [wikipedia.org], and we go all sharia law on him, as a lot of you propose, and leave him as a bloody stump

    then what?

    well, there are other frank abagnales out there. how do we detect them and capture them? well, the frank abagnale you just beat to a pulp: he would have made a good tool to do that, ya think?

    luckily, in real life, this is exactly what the feds and the banks did. in real life, you capture and use highly intelligent crooks to... drum roll please... capture more highly intelligent crooks. get it?

    law enforcement is hard grinding work, it doesn't happen like "death wish" or "dirty harry". i know in some of your justice league of america fantasy lives, delivering justice with a fist and a gun is the way to go. but we'd like to talk about reality, ok?

    so to review:

    1. we can have justice your way, and beat adware authors to a pulp, or
    2. we can have smart justice, and listen carefully to mr. adware author's words, and use those words to catch more adware authors

    get it? see the difference? do you want to pursue justice? or do you want to beat people up?

    these are mutually exclusive activities, despite your dimwitted fantasy lives

    now go crawl back under your rocks mouth breathers. nobody who is actually going to catch and punish cybercriminals in this world is going to think like you do

    even the most vile amoral serial killer is useful to keep alive and listen to. simply for matters of brain analysis and psychological study. or, we could put a bullet in his head, scrambling the abnormal brains, and having nothing useful to catch more vile amoral serial killers

    dumb violent justice leaves a dumb violent society that knows nothing about the smart and truly vicious criminals in their midst

    smart justice is about studying smart criminals, and using them against each other

  • by 0racle (667029) on Tuesday January 13, 2009 @06:23PM (#26440371)

    There seems to be a big stretch between a serial killer and some guy writing malicious code

    "Not for the purpose of the point that was being made, "scum should be treated as such." It doesn't matter what they did to be labeled scum.

    If anything, Microsoft made the mistake of making the computer too friendly. They released technologies that gave people too many options

    So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief. Windows has many problems, but all the fault for exploiting it is on the malware authors.

  • by ewhac (5844) on Tuesday January 13, 2009 @06:24PM (#26440389) Homepage Journal
    My initial gut reaction was to denounce this guy as a $SCOUNDREL (substitute your preferred profane term). But a little voice told me to go read the article, and now I'm not as sure as I was previously.

    Just for fun, consider the following actions a Unitary Programmer might do to your machine. Where would you rate them on the $SCOUNDREL scale, and why?

    • Deletes viruses from your machine.
    • Deletes competing adware from your machine.
    • Rebuffs attempts by competing viruses and adware to be deleted.
    • Reconfigures IE to be more secure.
    • Reconfigures Outlook to send plaintext only, fixed-width font, no top-posting, do not load or display remote images.
    • Disables using MSWord as an email editor.
    • Deletes IE; replaces it with Firefox, preserving all your bookmarks.
    • Deletes Outlook; replaces it with Thunderbird, converting all your mail archives.
    • Deletes all BitTorrent clients; replaces it with a RIAA/MPAA/FBI warning.
    • Deletes the scary warning about installing device drivers not digitally signed by Microsoft.
    • Converts HDCP to a system security setting, and flags all unprivileged applications that attempt to mess with it.
    • Deletes Windows; replaces it with Linux+Wine.
    • Deletes Windows; replaces it with Linux+KDE, with a message on the desktop reading, "Learn to use a real computer, kid..."

    Playing "CoreWars" is tricky business, and people with even a dim sense of ethics are loathe to try it. But there's one case where none of the above actions are ethically questionable: When the machine's owner does it themselves.

    I think the adware author lost sight of that for a while...

    Schwab

  • Re:Chilling (Score:5, Insightful)

    by steelfood (895457) on Tuesday January 13, 2009 @06:30PM (#26440477)

    In life, genetic diversity means the species has a better chance of survival. OS diversity, processor, and even instruction set diversity, is important for the same ends.

    So it's not worth much to attack Linux or OSX or one of the BSD's. If all of these OS's including Windows had the same, 20% marketshare, perhaps it wouldn't be worth it to attack any of them. Or, it might actually be worth it to go for the low hanging fruit, namely, the easier-to-use OS's (OSX, Windows, and possibly a flavor of Linux). But the returns for the amount of work needed to attack 3 or 4 different OS's definitely wouldn't be as high, and the incentive for creating malware would be much less.

  • by Samah (729132) on Tuesday January 13, 2009 @06:34PM (#26440523)

    If you ask me, Microsoft is complicit in allowing malware to exist because they are unwilling to modernize Windows. They need to start over from scratch on their codebase and have a good hard think about what those APIs and interfaces are going to look like and then stick to it.

    And the new version of Windows would be laughed at by non-IT consumers. "Why would I upgrade to the new Windows when all of my stuff doesn't work?" This is part of the argument against Vista, and why some people can't see past the need to break backward compatibility to do things "the right way".

  • Re:Chilling (Score:4, Insightful)

    by vadim_t (324782) on Tuesday January 13, 2009 @06:36PM (#26440533) Homepage

    Except that for Linux, the situation is quite different.

    First, the OS is open. Which means any user of it can make and submit a patch, which would quickly spread around. Distributions engage in some competition, and the patch would get copied around. There's no need for anybody to wait for a vendor to do it.

    Second, there's much less backwards compatibility. If a library function is vulnerable, and fixing is impossible without breaking compatibility, a distribution can find all of the included software that uses it, and fix to work with the new version. You're not going to find libqt 1.0 in a modern distro either.

    Third, the open nature of the OS leads to the possibility of patching the OS to mess with the adware, making it report complete crap to the server.

    Fourth, there already are generic mechanisms such as SELinux to deal with such things. While they're not that widespread yet, a good attack or two of this sort would do a lot to help adoption.

  • by Red Flayer (890720) on Tuesday January 13, 2009 @06:45PM (#26440643) Journal
    You make a good point, but there is a huge flaw to your system.

    There is no disincentive to do wrong.

    I know there's a big philosophical issue with deterrence as a reason for punishment, but the truth of the matter is that people will tend to not commit crimes when the

    [risk of getting caught]*[punishment when caught] is greater than [benefit from committing crime]

    I think your philosophy tries to tip the balance by increasing the risk of getting caught for potential criminals... but that doesn't help when the punishment is minimal and the potential gains so large. Let's see... a life of luxury vs. a short stint in country club prison and a consulting gig with a three-letter-agency.

    The key is to increase the chances of catching criminals, while having punishment severe enough to factor into the potential criminal's decision-making process.

    I'd also note... the interviewee mentions that it was a gradual change to intentionally writing malware, and the incremental decisions to do what he did were easy to make. He valued pleasing his employer over not doing wrong, even if he didn't consciously realize it. If there is a risk of severe punishment for his actions, maybe those incremental decisions would have been made differently (note that at the time, legality was not an issue, however).

    To sum up, increased success at catching criminals solves nothing if it does not come with punishment for those criminals. As you point out, there will always be more brilliant people who will fulfill the role of criminal... we need to ensure that they don't *want* to commit those crimes.

  • by SuperBanana (662181) on Tuesday January 13, 2009 @06:50PM (#26440709)

    Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

    What about those that use color of law? It's not terribly surprising that the FBI only receives about 200 complaints of color-of-law, and doesn't investigate, much less prosecute, a single one.

    Simply being a police officer offers enormous immunity from the general public accusing you of crimes, and further means that most of your fellow officers won't "rat" on you (instead of being disgusted at your behavior and bringing disrepute to the supposed "profession.")

  • by Shados (741919) on Tuesday January 13, 2009 @06:57PM (#26440777)

    But I don't think you'll argue with me that Windows programming is helluva more complicated than Linux/Unix, and unnecessarily so.

    Oh yes I will argue with you over that :) You just have to get the parallels right. You can't go and compare the entirety of the API of Windows to a subset of Linux's...if you take all of the GUI APIs, the management APIs, .NET, Win32, etc, then just go and compare to the stuff the Linux kernel exposes... that doesn't work. Add the primary linux GUI environments, the various librairies, all of the integration issues, and you end up being in a fairly similar mess. Gnome alone is such a mess...

    "But Gnome isn't part of Linux, you don't have to use it to code in Linux!", well, you don't have to use Win32, and while it tends to hide under many APIs, it is possible to dodge it, for example. The documentation is some of the best on the market (it has to be: if you have an MSDN subscription, and there's an issue with the API, they have to help you out fix your issue, debug your code, and give you patches if a supported API doesn't work as it should... so while part of the API isn't as well documented as others, they're pretty careful that its only the rare edge cases, because it will cost them if you fall on it and have a support subscription...

    The old stuff isn't as good as the new, but its similar to what you said of Linux... some stuff gets forgotten and no one uses it anymore. Usually, if you still have to interface with it, its because of legacy code within the company, and that would be true regardless of OS.

    Seriously though... .NET isn't cross platform, and it costs to deploy on the server side (unless you use MONO, but thats uncommon). The top notch documentation and API is the ONLY reason it catches on at all. When it came out, it was "new", and very very different (especially C#), and broke a lot of stuff... people would have ditched it faster than you can say "Vista" if you couldn't pick it up in days with MSDN at your side.

    You probably just didn't have time to get all of the tools that are standard in a Windows dev environment, while on Linux/Unix, as soon as you sit down in front of a box, you make sure everything you need is there, which is the same thing I do when I sit in front of a Windows box.

  • Distributed crime (Score:3, Insightful)

    by onkelonkel (560274) on Tuesday January 13, 2009 @06:57PM (#26440779)
    "a big stretch between a serial killer and some guy writing malicious code"

    I sometimes wonder if there is a way to estimate aggregate "harm" caused by a widely distributed crime. Is it the same to steal 1 minute of time from 1 million people with an automated telemarketing robocall as it is to lock 1 guy in your basement for 2 years (1 million minutes)?

  • by try_anything (880404) on Tuesday January 13, 2009 @07:07PM (#26440901)

    Anyone who has any real competency or natural inclination to understand computers will mess with them and figure out how to make them do things outside of the "normal" range.

    "Normal?" Not "honest" or "right" or "non-dickish?" Do you really have the balls to suggest there is some kind of honest difference of opinion about the morality of what these adware guys do?

    As for what you did, we all have our shameful moments in life. We all, at some point in our lives, invented and couldn't resist using the really clever way to make fun of the retarded kid or the weak kid in class that nobody liked. We did it to show off, to take out our frustrated aggression, and to temporarily feel better than somebody else. It's called being a childish asshole and it isn't any different from a big kid beating up smaller kids because he hates his life and is desperate for any triumph, no matter how hateful it makes him feel.

    By its very nature, software gets better when people push the boundries and tweak it. The person who writes code that leads to improvements in the most widely used operating system is not the same as the person who kills a bunch of people.

    Bigger problems get more attention. The more people exploit a flaw, the bigger a problem it is. So yeah, if you go around making problems worse, they'll get patched faster. Childish, egocentric hackers use that logic to rationalize the havoc they cause. People with an honest desire to protect users act in a very different way. The difference is instructive.

  • by Anonymous Coward on Tuesday January 13, 2009 @07:14PM (#26440995)

    Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

    Actually, they get caught by the criminals who became cops.

  • by Opportunist (166417) on Tuesday January 13, 2009 @07:32PM (#26441217)

    Without malware writers, I'd be down a few 1000 bucks and would have to do something meaningful.

    Still, you may believe me when I tell you, I'd really prefer to write software people want to have to writing software people hate to have but grudgingly accept as a necessary evil.

  • by Grishnakh (216268) on Tuesday January 13, 2009 @07:38PM (#26441285)

    So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief. Windows has many problems, but all the fault for exploiting it is on the malware authors.

    I disagree.

    If you buy a door that has a lock with a flaw, and the lock maker knows about this flaw and does nothing about it and continues to sell this same flawed model for many years, making billions of dollars of profit, while people like you keep getting your stuff stolen, there's two parties at fault: 1) the thieves, obviously, since they stole the stuff, and 2) the lock maker, because they sold you something they claimed to be secure and which would protect your stuff from thieves, but which really wasn't, and they knew about it.

    When assigning blame for things like this, you have to look at the big picture. For a single instance of criminality, it's usually just the criminal's fault. But when the criminals keep using the same tricks over and over to commit their crimes, you have to look at what's enabling them. In the case of MS, they shoulder a lot of blame, because they, for decades, have put features ahead of security, even though they own the lion's share of the market and any security flaw has the most potential for damage because of that. Finally, because users have known about MS's crap and keep buying it, users also share part of the blame, for continuing to purchase MS's shoddy products, although this is mitigated partially because of MS's manipulation of the market to keep themselves in a position where it's difficult to get by without their product (for instance, because many important software products like AutoCAD only work in Windows).

  • Sociopath (Score:1, Insightful)

    by kbg (241421) on Tuesday January 13, 2009 @07:40PM (#26441303)

    This guy is a clear example of a sociopath. He doesn't give a damn about anyone else but himself, and doesn't have one thought about if his actions will cause harm to other people computers. This is the guy that has wasted my time over the years fixing my relatives computers. What a sleazeball.

  • by Holi (250190) on Tuesday January 13, 2009 @08:14PM (#26441687)

    if all you end up doing is reinstalling windows then maybe you should be in a different line of work.

  • by Anonymous Coward on Tuesday January 13, 2009 @08:30PM (#26441847)

    * Deletes viruses from your machine.
    * Deletes competing adware from your machine.

    That's OK, as long as it doesn't mess anything else up.

    Rebuffs attempts by competing viruses and adware to be deleted.

    And "competing" anti-virus/adware/malware programs. And users.

    Reconfigures IE to be more secure.

    No warning? Breaking something that used to work?

    Reconfigures Outlook to send plaintext only, fixed-width font, no top-posting, do not load or display remote images.

    What about people that want to send not-plain text messages or have a good, accepted system of top-posting? What about people that want to see the images in the email (possibly from a family member).

    Disables using MSWord as an email editor.

    Good.

    Deletes IE; replaces it with Firefox, preserving all your bookmarks.

    Making Firefox look like a bad program. Breaking Intranet apps and other IE only sites. Who are they going to blame; the bank site that used to work or this strange program that magically appeared in IE's place?

    Deletes Outlook; replaces it with Thunderbird, converting all your mail archives.

    Same as above.

    Deletes all BitTorrent clients; replaces it with a RIAA/MPAA/FBI warning.

    There are legitimate uses for BitTorrent. Just a warning would suffice. It could say "We're watching what you download. Here's some online music stores you might want to visit." That'd scare the crap out of most people.

    Deletes the scary warning about installing device drivers not digitally signed by Microsoft.

    Great, until people start installing bad drivers and start blaming this/you.

    Deletes Windows; replaces it with Linux+Wine.

    "My computer's broken!"
    "My programs don't work!"
    "How do i do x? I knew how to do x before!"
    And most importantly "Where's solitaire?!"

    Deletes Windows; replaces it with Linux+KDE, with a message on the desktop reading, "Learn to use a real computer, kid..."

    Just a message. "Your computer is vulnerable to virus here is some info from..." and then some trusted sources.

  • by SpaceLifeForm (228190) on Tuesday January 13, 2009 @08:56PM (#26442089)
    Add clearcmos, reflash BIOS, zero out the entire drive, then reformat, reinstall, and you should be clean.

    Until the user screws up again.

    Most of the battle is educating the users how to keep themselves clean.

  • by camperdave (969942) on Tuesday January 13, 2009 @09:02PM (#26442183) Journal
    Virtualization. Microsoft should put out a proper version of windows with a sandbox area for old software.
  • Re:Outsource (Score:3, Insightful)

    by Lotana (842533) on Tuesday January 13, 2009 @09:05PM (#26442217)

    As an Out-sourced IT consultant I don't forget. I thank them.

    Everyone wins.

    Have a look at broken window fallacy [wikipedia.org].

    Not everyone wins. Just someone else is paying the price

  • "Ecosystem"??? (Score:5, Insightful)

    by DesScorp (410532) <DesScorp@[ ]il.com ['Gma' in gap]> on Tuesday January 13, 2009 @09:33PM (#26442499) Homepage Journal

    Of course they're morally bankrupt. However they also play an important role in the ecosystem.

    What? How in the hell are malware writers an "important part of the ecosystem"?

    This is the Internet, not Wild Kingdom. In nature, real virus infections do indeed serve a natural purpose. On a computer, it serves nothing but the ends of assholes and criminals. There's no justification... none whatsoever... for what these guys do. And don't give me that farcical security argument, either. They're not doing the world any favors by violating other people's computers.

  • by bensafrickingenius (828123) on Tuesday January 13, 2009 @09:40PM (#26442603)
    "if all you end up doing is reinstalling windows then maybe you should be in a different line of work."

    Hello, I understand you have a pretty serious malware problem. Well, here are your choices: I can spend 10 hours researching all of the hundreds of different problems you have, and fix them, and maybe I'll find them all, and maybe your computer will run ok for a while after that. Of course, if I do miss something, it's your financial information that gets stolen, not mine. That'll run you $300. Or I can just back up your data, format your hard drive, reinstall Windows, secure it in its virgin state, restore your data, and have you back up and running in half the time. For half the money. Oh, and when *I'm* done with your computer, it will run faster and more reliably than the day you bought it. What would you prefer?

    And, please, don't give me the "you must not be very good at what you do if you can't make a 5 year old install of windows work better than a sparkling clean one in 20 minutes" line. Your arrogance is making my eyes water.
  • by Valdrax (32670) on Tuesday January 13, 2009 @10:31PM (#26443067)

    So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief.

    I'm sorry, but why did you buy a door with a lock on it if not to protect against thieves? If someone sells a product that purports to protect you against criminals, and it fails to do as advertised, then that seller has sold a defective product and partially to blame for your loss. To follow your line of logic would absolve locksmiths of any responsibility to make a product that isn't slipshod.

    Microsoft thumps its own chest about the safety and security of its system. Their failure to live up to their claims makes them part of the problem and not an innocent bystander.

  • by DiLLeMaN (324946) on Tuesday January 13, 2009 @10:42PM (#26443179) Homepage

    Please tell me you're not being serious.

  • "Not evil?" (Score:4, Insightful)

    by Valdrax (32670) on Tuesday January 13, 2009 @10:51PM (#26443251)

    And if you read the interview, you'd see he's not really evil, like many/most/all serial killers, but a very intelligent young person.

    First, what exactly is "evil?" Some people think that one has to cackle and twirl your moustache with glee at being evil for its own sake, but most people who do horrible and evil things to other people have a good justification for their acts: "I was desperate and I needed the money," "I was just following orders," "I'm protecting my family and my country," "Everybody else gets away with doing it," "My evil rids the world of other evils," "If I didn't, then someone else would," "It was just a job," "It's nothing personal," "Stupid people get what they deserve," "It's just survival of the fittest," etc., etc.

    Doing something wrong just because you were in a tight spot and put your own needs over others is no more just than doing it just because you enjoyed it. Evil is evil. While I feel sympathy for his poverty and think that we as a society should focus our government's attention more on preventing the root causes of crime than just "deterrence," I feel no real qualms about stringing someone up if they've crossed the line. He had a choice whether to do right and struggle or to do wrong and prosper. He chose the easier of the two paths.

    And second, I'd like to point out that most serial killers were "very intelligent young people." Unlike them, he wasn't mentally ill -- just greedy, ethically bankrupt, and too enthralled by the shiny programming challenge.

  • by asdfghjklqwertyuiop (649296) on Tuesday January 13, 2009 @11:18PM (#26443503)

    Do you really have people do that? If so where do you live? If close I'll be happy to stop by and save you guys the trouble of carrying the machine out to the trash.

  • by zooblethorpe (686757) on Tuesday January 13, 2009 @11:36PM (#26443633)

    Can you get me in touch with these people you're advising? I could certainly use some free IT equipment.

    No really, I'm serious -- if you know of folks throwing out perfectly functional computers solely because of virus infections, I'd love to have a few of their machines. Heck, they're worth something just for hobbyist spare parts, if nothing else. :)

    Cheers,

  • by symbolset (646467) on Wednesday January 14, 2009 @12:14AM (#26443869) Journal

    Typically, yes, cleaning a virus infection from a windows computer costs more billable time than the replacement computer costs. I see a bunch of contrary responses, but I'm guessing they just don't know what's going on here.

    Unfortunately, the cost of replacing the machine is just the beginning. After you have the new machine, the crudware infestation it comes with must be removed and that's often a wipe and reinstall from Microsoft media anyway. Then the broken OEM drivers have to be replaced with the functional OEM drivers from the vendor's website, and the installers for those don't always work properly. Then you have to add the drivers for add-on equipment like that combo scanner/fax/printer that the drivers never quite worked for and was discontinued years ago. Then you have to find all the user data from the old machine and put it on the new machine, even the user data that's hidden in stupid places like the programs folder for the application. You'll need to install the third party antivirus, all the Windows updates, and the usual suspects: Flash, Acrobat Reader, an office suite. Then it's all got to be tested with the end user to make sure they've got everything back they need to get their work done. Then if you're going to avoid doing this again in six months, you should take the precaution of capturing a system image.

    Yeah, when you're billing at a reasonable rate the cost of the machine is very little. But still, it's something and when a small business is down because the viruses make their computer unusable it's usually best to fix it now rather than wait on a replacement PC to get the doors open again.

    If you're reading this and you're a small business owner your best course is to go to EBay right now and buy another system that's the same model as yours for about $150. Then have your IT guy clone your system to it, take it home and put it in storage. Then when your system goes down, you've got a replacement to swap right in and load your data backups on (you DO make data backups, right?) so you can stay functional while your IT guy makes the dead system back into a spare for you.

  • Re:No wonder (Score:3, Insightful)

    by symbolset (646467) on Wednesday January 14, 2009 @12:32AM (#26443989) Journal

    3.b. Make a clone image of the system to an external hard drive so that next time you can be done in 20 minutes. I recommend clonezilla [clonezilla.org] for this because it's free, boots from a pen drive, supports Windows and Linux, and will save to a USB drive or open Windows share on the network.

    4) It is usually a good idea to use something else than Internet Explorer for surfing ;-)

    Another good tip is to load a good hosts [msmvps.com] file. You would be amazed how much it helps. There's no host like localhost. It's cheezy, it's retro, it's cheating. But it doesn't cause cancer.*

    *This statement has not been evaluated by the AMA. Void where prohibited. Your mileage may vary. Everything causes cancer.

  • by juventasone (517959) on Wednesday January 14, 2009 @12:59AM (#26444167)

    This debate has come up numerous times on slashdot, and I'm disturbed by the completely different paths such professionals adhere to.

    I've also been an independent technician for home/small business for 7 years, and for the vast majority of situations, I strongly believe in fix instead of reload. The reason is two-fold:

    Most of time it is a single issue (such as an infection), which I consistently remedy in an hour or so of billable time. If there are many issues it's a strong indication of hardware problems, which may appear fixed after a reload, but this is only temporary. It has nothing to do with ego--fixing requires lots of experience and competence, it is a skill worth developing.

    Secondly, and perhaps more importantly, users have lots of stuff that can't be backed up and restored. A good example would be a printer, which these days typically can't be installed without being present. The list goes on. The beginner users struggle to do these things themselves, and the advanced users who could will have an endless list of things they've setup just their way. Users appreciate having their PC back the way they're familiar with.

  • by HybridJeff (717521) on Wednesday January 14, 2009 @01:39AM (#26444473) Homepage
    Except for the fact that salt works way better at melting ice than gravel does. It's not some kind of conspiracy to rake in more money for the repair shop, salt just works better (unfortunately it also screws with the environment more than gravel would).
  • by feepness (543479) on Wednesday January 14, 2009 @01:52AM (#26444551) Homepage
    Can we throw away the idea of a "throw away society"?
  • by symbolset (646467) on Wednesday January 14, 2009 @02:38AM (#26444887) Journal

    Can we throw away the idea of a "throw away society"?

    Yes. Unfortunately the baby that goes out with that bathwater is "growth economy".

    I'm for it still, but it would suck for most of you.

  • "Your views seem to advocate tolerating criminal actions because the criminal can help you"

    no. my view advocates a criminal reversing themselves and doing some good with their position. and what incentive does a criminal have for stopping to be criminal? some leniency, redemption, a sense of forgiveness. something all moral codes must have in order to be valid

    "Would you let a big criminal run free because he donates a couple million dollars to a law enforcement agency"

    no, and it doesn't compare. in your situation, you have a criminal going free by commiting yet another crime: bribery. in my situation, you have leniency towards a criminal by commiting a follow up good deed: helping the authorities catch yet more criminals. understand the difference?

    furthermore, i am saying you have no choice on the matter. say a criminal invents or discovers or is among the few people in the world who can do technical feat xyz. he is caught, but other criminals get wind and start using technical feat xyz to commit crimes. do you want to stop the second round of criminals?

    or do you want to adhere to your idealism and allow the second round of criminals to go unpunished?

    in my world, the second round gets punished harshly, since their special technical knowledge isn't so special anymore, thanks to cooperation of the original criminal. in your world, you sit on the original criminal harshly, and have no way to stop the second round of criminals

    not a very superior attitude

    criminality in life isn't an aspect of doing one thing wrong, and remaining on ice forever. all mature systems of morality understand that there is an interplay between right and wrong, and someone who does wrong, and later does something right, deserves consideration for that

    your attitude meanwhile, is all stick and no carrot. you punish, but you don't reward. no, you need a carrot, and a stick. you need to punish wrong, and you also must provide a path back towards doing the right thing, the carrot

    in your harsh sharia law world, you will punish someone and give them no consideration for doing anything later that might help society. in this system, all you do is turn minor criminals into major criminals, because you haven't given them any incentive to ever do anything right ever again in their lives. its a feedback cycle, and it creates a society with more hardened criminals

    you speak of incentive for good people to continue being good, and not doing something criminal. yet a genuinely good person needs no such incentive, they already udnerstand right and wrong and the implications. meanwhile, a criminal needs incentive to do good. but your attitude of all punishment no reward just burns those bridges and gives someone who commits minor crimes no reason to ever turn towards doing something good ever again in their life: its all just punishment for them from here on out

    redemption and forgiveness figure into every moral code in the world

    but apparently, not in yours, making your "morality", or understanding of morality, to be invalid and incomplete

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley

Working...