Interview With an Adware Author 453
rye writes in to recommend a Sherri Davidoff interview with Matt Knox, a talented Ruby instructor and coder, who talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for surreptitiously installing adware on millions of computers.) "So we've progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that's encrypted — really more just obfuscated — to an executable that doesn't even run as an executable. It runs merely as a series of threads. ... There was one further step that we were going to take but didn't end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. ... It amounted to a distributed code war on a 4-10 million-node network."
Sometimes we forget. (Score:5, Insightful)
That the people who makes IT Guys lives difficult and annoying are indeed IT guys.
Re:Sometimes we forget. (Score:5, Insightful)
Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.
Re:Sometimes we forget. (Score:5, Informative)
Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.
*COUGH [wikipedia.org]*
Allegedly
or the cops still on the force... (Score:5, Insightful)
Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.
What about those that use color of law? It's not terribly surprising that the FBI only receives about 200 complaints of color-of-law, and doesn't investigate, much less prosecute, a single one.
Simply being a police officer offers enormous immunity from the general public accusing you of crimes, and further means that most of your fellow officers won't "rat" on you (instead of being disgusted at your behavior and bringing disrepute to the supposed "profession.")
Re:Sometimes we forget. (Score:5, Insightful)
[Sometimes we forget t]hat the people who makes IT Guys lives difficult and annoying are indeed IT guys.
Or lawyers.
Yes, law (Score:5, Funny)
Lol, the only "other" profession where it can take 4 million lines of code and a dozen libraries to effectively state "Hello World".
-Matt
Re:Sometimes we forget. (Score:5, Insightful)
Difficult? Maybe, but for freelancers who collect a check every time they "fix" an infected computer (read: fiddle around for a while and ultimately end up reinstalling Windows), these crapware authors are the reason they can stay in business.
Re:Sometimes we forget. (Score:5, Informative)
Talented computer repair techs can stay in business just fine. But yes, the adware/spyware boom caused an explosion in the repair field too.
Re:Sometimes we forget. (Score:5, Insightful)
Without malware writers, I'd be down a few 1000 bucks and would have to do something meaningful.
Still, you may believe me when I tell you, I'd really prefer to write software people want to have to writing software people hate to have but grudgingly accept as a necessary evil.
Re:Sometimes we forget. (Score:4, Insightful)
if all you end up doing is reinstalling windows then maybe you should be in a different line of work.
Re:Sometimes we forget. (Score:4, Insightful)
Hello, I understand you have a pretty serious malware problem. Well, here are your choices: I can spend 10 hours researching all of the hundreds of different problems you have, and fix them, and maybe I'll find them all, and maybe your computer will run ok for a while after that. Of course, if I do miss something, it's your financial information that gets stolen, not mine. That'll run you $300. Or I can just back up your data, format your hard drive, reinstall Windows, secure it in its virgin state, restore your data, and have you back up and running in half the time. For half the money. Oh, and when *I'm* done with your computer, it will run faster and more reliably than the day you bought it. What would you prefer?
And, please, don't give me the "you must not be very good at what you do if you can't make a 5 year old install of windows work better than a sparkling clean one in 20 minutes" line. Your arrogance is making my eyes water.
Re: (Score:3, Insightful)
This debate has come up numerous times on slashdot, and I'm disturbed by the completely different paths such professionals adhere to.
I've also been an independent technician for home/small business for 7 years, and for the vast majority of situations, I strongly believe in fix instead of reload. The reason is two-fold:
Most of time it is a single issue (such as an infection), which I consistently remedy in an hour or so of billable time. If there are many issues it's a strong indication of hardware problem
Re:Sometimes we forget. (Score:4, Insightful)
Until the user screws up again.
Most of the battle is educating the users how to keep themselves clean.
Re: (Score:3, Insightful)
Please tell me you're not being serious.
Re: (Score:3, Insightful)
Do you really have people do that? If so where do you live? If close I'll be happy to stop by and save you guys the trouble of carrying the machine out to the trash.
Disposable computers? Can I have them? (Score:4, Insightful)
Can you get me in touch with these people you're advising? I could certainly use some free IT equipment.
No really, I'm serious -- if you know of folks throwing out perfectly functional computers solely because of virus infections, I'd love to have a few of their machines. Heck, they're worth something just for hobbyist spare parts, if nothing else. :)
Cheers,
Re:Sometimes we forget. (Score:5, Insightful)
Typically, yes, cleaning a virus infection from a windows computer costs more billable time than the replacement computer costs. I see a bunch of contrary responses, but I'm guessing they just don't know what's going on here.
Unfortunately, the cost of replacing the machine is just the beginning. After you have the new machine, the crudware infestation it comes with must be removed and that's often a wipe and reinstall from Microsoft media anyway. Then the broken OEM drivers have to be replaced with the functional OEM drivers from the vendor's website, and the installers for those don't always work properly. Then you have to add the drivers for add-on equipment like that combo scanner/fax/printer that the drivers never quite worked for and was discontinued years ago. Then you have to find all the user data from the old machine and put it on the new machine, even the user data that's hidden in stupid places like the programs folder for the application. You'll need to install the third party antivirus, all the Windows updates, and the usual suspects: Flash, Acrobat Reader, an office suite. Then it's all got to be tested with the end user to make sure they've got everything back they need to get their work done. Then if you're going to avoid doing this again in six months, you should take the precaution of capturing a system image.
Yeah, when you're billing at a reasonable rate the cost of the machine is very little. But still, it's something and when a small business is down because the viruses make their computer unusable it's usually best to fix it now rather than wait on a replacement PC to get the doors open again.
If you're reading this and you're a small business owner your best course is to go to EBay right now and buy another system that's the same model as yours for about $150. Then have your IT guy clone your system to it, take it home and put it in storage. Then when your system goes down, you've got a replacement to swap right in and load your data backups on (you DO make data backups, right?) so you can stay functional while your IT guy makes the dead system back into a spare for you.
Re:Sometimes we forget. (Score:5, Insightful)
Re: (Score:3, Insightful)
Can we throw away the idea of a "throw away society"?
Yes. Unfortunately the baby that goes out with that bathwater is "growth economy".
I'm for it still, but it would suck for most of you.
Mod "Insightful", not "Troll" (Score:3, Informative)
Mods, while I might not personally agree with the rationale of throwing away computers because of infections, Digishaman's argument certainly makes sense, at least on an economic level, for the vast legions of the clueless. If they have browsing habits that habitually get their machines so glommed up with muckware as to be unusable, they're going to have to shell out major buckage to get their machines un-mucked -- and at that point, it *does* indeed begin to make more sense for them to just buy a newer lo
Re:Sometimes we forget. (Score:5, Informative)
You don't "fix" a computer. You reinstall, it should only take 20 minutes tops. Of course, you should not be an idiot and not let it get that way to begin with. Regardless of your overinflated salary you are throwing away money. Dumbass.
Look, I'm not a stranger to making an ass of myself on slashdot, but I still get to point out when other people do it. Sure, from a good image I can flash a 40GB SATA 3.0 drive in 3 minutes flat and the user is up and running. Add five minutes and I can restore today's user data from their good backup. That's not the common experience in the field because they have no good image and seldom have backups. In 20 minutes on the same drive you can install Windows if you have SP3 media. You still can't get all the updates, install the system drivers, install the accessory drivers, do a reasonable security software install and user configuration in 20 minutes. You definitely can't restore their user data, nor their critical apps. It just can't be done.
If the typical consumer were willing to pay his tech to come out and set him up properly, and visit him and make a good image semiannually, maybe. If they bought spares, better still. But they usually won't. Usually they won't call for help until they've borked it good and don't have backups. Most people if you gave them a button that booted their computer from an "emergency backup" spare drive, would crash their main system, then the emergency backup, and then call for help.
And some of them, oh, God I wish it were not so, utterly rely on some system running Windows 95 that hasn't been updated since because it was set up for them a decade ago and it still works and they bought into a system with no migration path.
Comment removed (Score:5, Interesting)
Re: (Score:3, Insightful)
Have a look at broken window fallacy [wikipedia.org].
Not everyone wins. Just someone else is paying the price
I hate it when people venerate/elevate scumbags (Score:5, Insightful)
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
He should be forced to forever use an unpatched Windows (9x, XP, 2000, etc) as his OS on every computer.
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
He should be forced to use Windows ME, at no higher than 800x600 screen mode, with a 56K modem.
He should also be forced to eat his own testicles.
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
Re: (Score:2, Funny)
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
That's the trouble with browsing at +1...now I have to imagine what kind of comment that was a response to...
Re: (Score:3, Funny)
Given a choice between the two, I might go with the testicles.
Sometimes, the bull wins.
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
Maybe you should click the "whoosh" button.
Comment removed (Score:5, Funny)
Re: (Score:2)
But the 50 cal make a much bigger hole...
Re:I hate it when people venerate/elevate scumbags (Score:5, Insightful)
There seems to be a big stretch between a serial killer and some guy writing malicious code. My primary interest in computers initially involved all sorts of fraud and outright criminality. I now work in IT and have a completely legit lifestyle. Anyone who has any real competency or natural inclination to understand computers will mess with them and figure out how to make them do things outside of the "normal" range.
The article talks about exploiting some incompatabilities between the Win32 and WinNT APIs. If there weren't guys like the subject of the interview, those incompatabilities would remain hidden. It takes mischevious people to come along and exploit the holes so that they get patched. By its very nature, software gets better when people push the boundries and tweak it. The person who writes code that leads to improvements in the most widely used operating system is not the same as the person who kills a bunch of people.
If anything, Microsoft made the mistake of making the computer too friendly. They released technologies that gave people too many options. In any sort of free environment, there will be people who abuse the freedoms that they are presented with. Malware authors are those kinds of people. It is easy to blame Microsoft for looking into the future and envisioning a world where web browsers are the central application on the computer. They rushed blindly into it and unleased things like ActiveX on the world. At the core, their intention was right.. they wanted to make it easy to execute code in a distributed environment like the internet. Yet the implementation sucked and it seems like they didn't pay any attention to security.
Re:I hate it when people venerate/elevate scumbags (Score:5, Insightful)
Damn right, dave. However, it's hard to deny that someone who writes malicious code that directly targets (ignorant) consumers may very well be treading on morally bankrupt territory.
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
Yes, but malware authors are a bit gamey. I suggest buying a lot of rosemary before hunting them.
Re:I hate it when people venerate/elevate scumbags (Score:5, Funny)
OMG, you're right! I'll be over in 20 minutes to smash all your windows. You know, to stimulate the economy!
All these tools are doing is saving M$ money on code audits and proper beta testing at the expense of EVERYONE else.
Re: (Score:3, Insightful)
"Ecosystem"??? (Score:5, Insightful)
Of course they're morally bankrupt. However they also play an important role in the ecosystem.
What? How in the hell are malware writers an "important part of the ecosystem"?
This is the Internet, not Wild Kingdom. In nature, real virus infections do indeed serve a natural purpose. On a computer, it serves nothing but the ends of assholes and criminals. There's no justification... none whatsoever... for what these guys do. And don't give me that farcical security argument, either. They're not doing the world any favors by violating other people's computers.
Re: (Score:3, Insightful)
"Not for the purpose of the point that was being made, "scum should be treated as such." It doesn't matter what they did to be labeled scum.
So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault
Re:I hate it when people venerate/elevate scumbags (Score:5, Insightful)
So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief. Windows has many problems, but all the fault for exploiting it is on the malware authors.
I disagree.
If you buy a door that has a lock with a flaw, and the lock maker knows about this flaw and does nothing about it and continues to sell this same flawed model for many years, making billions of dollars of profit, while people like you keep getting your stuff stolen, there's two parties at fault: 1) the thieves, obviously, since they stole the stuff, and 2) the lock maker, because they sold you something they claimed to be secure and which would protect your stuff from thieves, but which really wasn't, and they knew about it.
When assigning blame for things like this, you have to look at the big picture. For a single instance of criminality, it's usually just the criminal's fault. But when the criminals keep using the same tricks over and over to commit their crimes, you have to look at what's enabling them. In the case of MS, they shoulder a lot of blame, because they, for decades, have put features ahead of security, even though they own the lion's share of the market and any security flaw has the most potential for damage because of that. Finally, because users have known about MS's crap and keep buying it, users also share part of the blame, for continuing to purchase MS's shoddy products, although this is mitigated partially because of MS's manipulation of the market to keep themselves in a position where it's difficult to get by without their product (for instance, because many important software products like AutoCAD only work in Windows).
Why did you buy a door with a lock on it? (Score:3, Insightful)
So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief.
I'm sorry, but why did you buy a door with a lock on it if not to protect against thieves? If someone sells a product that purports to protect you against criminals, and it fails to do as advertised, then that seller has sold a defective product and partially to blame for your loss. To follow your line of logic would absolve locksmiths of any responsibility to make a product that isn't slipshod.
Microsoft thumps its own chest about the safety and security of its system. Their failure to live up to their c
Distributed crime (Score:3, Insightful)
I sometimes wonder if there is a way to estimate aggregate "harm" caused by a widely distributed crime. Is it the same to steal 1 minute of time from 1 million people with an automated telemarketing robocall as it is to lock 1 guy in your basement for 2 years (1 million minutes)?
Re:I hate it when people venerate/elevate scumbags (Score:5, Insightful)
Anyone who has any real competency or natural inclination to understand computers will mess with them and figure out how to make them do things outside of the "normal" range.
"Normal?" Not "honest" or "right" or "non-dickish?" Do you really have the balls to suggest there is some kind of honest difference of opinion about the morality of what these adware guys do?
As for what you did, we all have our shameful moments in life. We all, at some point in our lives, invented and couldn't resist using the really clever way to make fun of the retarded kid or the weak kid in class that nobody liked. We did it to show off, to take out our frustrated aggression, and to temporarily feel better than somebody else. It's called being a childish asshole and it isn't any different from a big kid beating up smaller kids because he hates his life and is desperate for any triumph, no matter how hateful it makes him feel.
By its very nature, software gets better when people push the boundries and tweak it. The person who writes code that leads to improvements in the most widely used operating system is not the same as the person who kills a bunch of people.
Bigger problems get more attention. The more people exploit a flaw, the bigger a problem it is. So yeah, if you go around making problems worse, they'll get patched faster. Childish, egocentric hackers use that logic to rationalize the havoc they cause. People with an honest desire to protect users act in a very different way. The difference is instructive.
Re:I hate it when people venerate/elevate scumbags (Score:5, Insightful)
Some serial killer goes and and murders dozens of innocent people; and we reward him with veneration, books written about him, endless press coverage, etc. Scumbags don't deserve our respect, our veneration, or polite treatment.
We're not here to discuss his moral infirmities. We're here to discuss effective ways of countering the threat the aforementioned poses. It is logical to begin by questioning those we've found engaged in such behaviors as to their motivations, goals, and methods. However, if you do not wish to dissect the frog due to moral outrage, I can give you some music to listen to but you will not pass the course.
Re: (Score:3, Insightful)
Scumbags don't deserve our respect, our veneration, or polite treatment.
True, but they are interesting to watch from a distance.
Re: (Score:2)
Certainly not. But the abnormal throw the normal into contrast. I don't think there's anything wrong with finding that fascinating.
I do disagree with you about polite treatment. Being impolite, even to someone we can agree is a scumbag, only diminishes you. Dick.
Just kidding.
Kinda.
-Peter
Re:I hate it when people venerate/elevate scumbags (Score:5, Interesting)
Firstly, he's not a serial killer, he hasn't killed anyone; he's just irritated a LOT of people by installing infuriating software that's a pain to remove; in my view, this isn't quite of the same calibre as murdering people.
And if you read the interview, you'd see he's not really evil, like many/most/all serial killers, but a very intelligent young person.
His actions were motivated out of being extremely poor, he needed the money, and so he got involved in dodgy software programming. This isn't a justification for what he did, but it's nevertheless important to note. Further, he removed a lot of viruses and adware through his own adware, I'm not sure if this qualifies as grey hat behaviour, but once again, it blurs the line. Most importantly, he's reformed, and persuing an honest living, as well as providing insight into his past actions. I found his explanation of the measures he took to ensure his software remained on the infected computer fascinating from a technical perspective, there were some very clever approaches there.
I don't agree with what he did, but I'm not going to relegate him to "scumbag" status, and I wouldn't be surprised if over the coming years and decades, he makes many valuable contributions to IT and the Ruby community in particular.
"Not evil?" (Score:4, Insightful)
And if you read the interview, you'd see he's not really evil, like many/most/all serial killers, but a very intelligent young person.
First, what exactly is "evil?" Some people think that one has to cackle and twirl your moustache with glee at being evil for its own sake, but most people who do horrible and evil things to other people have a good justification for their acts: "I was desperate and I needed the money," "I was just following orders," "I'm protecting my family and my country," "Everybody else gets away with doing it," "My evil rids the world of other evils," "If I didn't, then someone else would," "It was just a job," "It's nothing personal," "Stupid people get what they deserve," "It's just survival of the fittest," etc., etc.
Doing something wrong just because you were in a tight spot and put your own needs over others is no more just than doing it just because you enjoyed it. Evil is evil. While I feel sympathy for his poverty and think that we as a society should focus our government's attention more on preventing the root causes of crime than just "deterrence," I feel no real qualms about stringing someone up if they've crossed the line. He had a choice whether to do right and struggle or to do wrong and prosper. He chose the easier of the two paths.
And second, I'd like to point out that most serial killers were "very intelligent young people." Unlike them, he wasn't mentally ill -- just greedy, ethically bankrupt, and too enthralled by the shiny programming challenge.
Re: (Score:3, Interesting)
If someone was to ask me to provide an example of someone who is just plain evil, I'd reply with someone like Robert Mugabe. Completely and utterly corrupt, inhumane, starves his people, an absolute disgrace with no redeeming features.
For someone like the subject of this article, I prefer "unethical". What he did was undoubtedly wrong, but he also did things that imme
Re: (Score:2)
Permanant Midnight (Score:4, Interesting)
It was funny. It really showed me the power of gradualism. It's hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.
It reminds me of the movie Permanent Midnight [wikipedia.org] , where Ben Stiller starts out the movie smoking weed and at the end is hooked on crack.
It's probably Ben Stiller's best work, by the way.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Insightful)
If you've watched enough Ben Stiller movies to have an opinion on which is the "best", not only do I not trust your opinion, I fear for the health and welfare of you and those around you.
Re: (Score:2)
Still, he's not as bad as Adam Sandler.
Seriously (Score:4, Funny)
It would be a damn shame if something bad happened to this guy.
Re:Seriously (Score:5, Funny)
Re: (Score:2)
You first, buddy (Score:5, Interesting)
Times change. In order for this to continue to be a factor, we need to make sure that occasionally, someone *does* show up on a doorstep and club someone over the head.
I suggest we start with people who have kidded themselves that the abusive software they've written does not make them a villain.
Re: (Score:2)
Re:You first, buddy (Score:5, Funny)
I grew up on a farm, where we did not have to dilute the whack-a-FOO experience with carnival games.
Juvenile groundhogs leaving the nest to dig their own burrow were frequent targets of a well-timed shovel strike.
Potentially-rabid raccoons, whether in the bottom of a 55-gallon drum, or in a wire mesh trap, proved no match for a well-placed pitchfork thrust.
Voracious, ridiculously fecund rabbits proved much easier to deal when their heads were separated from their bodies via garden hoe.
Pesky, time-wasting, crop-damaging field/woodland creatures QUIVERED before the mightiness of the farmer's kids.
It'd be a better world if malware writers trembled before the wrath of internet users.
Re: (Score:3, Funny)
Chilling (Score:5, Insightful)
Re: (Score:3, Insightful)
Hey, *someone's* got to apply all those malware techniques to a money-making venture.
Re: (Score:3, Informative)
Malware isn't as lame as you make it seem. I just got infected by a virus. It doesn't do much, except a few things : when you log into FTP to upload to your website, it sniffs the FTP packets so it can itself login again and deface your website by inserting malware in it (which results in a Google malware warning that I currently still have on this site [homebrewgames.org] (the site is still "infected")). It does one other thing, it prevents your web browsers (although not your entire system, nslookup still works) from resolvi
Re:Chilling (Score:5, Insightful)
Re:Chilling (Score:5, Insightful)
In life, genetic diversity means the species has a better chance of survival. OS diversity, processor, and even instruction set diversity, is important for the same ends.
So it's not worth much to attack Linux or OSX or one of the BSD's. If all of these OS's including Windows had the same, 20% marketshare, perhaps it wouldn't be worth it to attack any of them. Or, it might actually be worth it to go for the low hanging fruit, namely, the easier-to-use OS's (OSX, Windows, and possibly a flavor of Linux). But the returns for the amount of work needed to attack 3 or 4 different OS's definitely wouldn't be as high, and the incentive for creating malware would be much less.
Re:Chilling (Score:4, Insightful)
Except that for Linux, the situation is quite different.
First, the OS is open. Which means any user of it can make and submit a patch, which would quickly spread around. Distributions engage in some competition, and the patch would get copied around. There's no need for anybody to wait for a vendor to do it.
Second, there's much less backwards compatibility. If a library function is vulnerable, and fixing is impossible without breaking compatibility, a distribution can find all of the included software that uses it, and fix to work with the new version. You're not going to find libqt 1.0 in a modern distro either.
Third, the open nature of the OS leads to the possibility of patching the OS to mess with the adware, making it report complete crap to the server.
Fourth, there already are generic mechanisms such as SELinux to deal with such things. While they're not that widespread yet, a good attack or two of this sort would do a lot to help adoption.
Re: (Score:3, Insightful)
Re:Chilling (Score:4, Interesting)
Demonize him now, but when the aliens invade... (Score:5, Funny)
Unless the aliens AREN'T running Windows.
Re:Demonize him now, but when the aliens invade... (Score:4, Funny)
Keep him around once Skynet becomes self aware, we might need him!
Re: (Score:2)
Not a complete jerk (Score:5, Interesting)
I'm seeing comments and tags using words like "scumbag". Well, I actually RTFA, and this guy doesn't seem to be a complete jerk.
According to him, the adware he wrote did not crack into your system using exploits, and when you ran the uninstaller it would go away and never come back. Also, according to him, it didn't scan for really personal information like credit card numbers.
I'm not about to start a fan club for him, but I don't hate him either.
I was interested in the technical stuff. His software would find other adware on a system and kick the other adware off; it was also designed to be very difficult for other adware to kick off.
The best single exchange in the interview:
steveha
Yes, he is a jerk (Score:5, Insightful)
To get that oh-so-useful uninstaller you had to go to a website, answer a survey, and only then could you download it. If they genuinely wanted to make it easy, they would have put it in Add/Remove Programs, and stuck their survey in there.
I don't know about you, but after getting sketchy software on my machine, the LAST thing I want to do is go to some random website and download even MORE crap. I wouldn't trust that download one bit.
And the bit about "it was also designed to be very difficult for other adware to kick off" is complete hand-waving B.S. It was designed to be very difficult for anti-virus packages and anti-spyware packages too. In fact, anti-malware packages were probably the primary target of the persistence code.
And their distributors were complete scum that Direct Revenue did very little to police. Yeah, they suspended any that were complained about (if the hapless users even had any clue how they got the software), but those rogue distributors would just sign up under a new name.
I can't believe he thought this job was a "net positive" simply because he wiped out the other guys' malware more than he installed. That just means he is a very sneaky coder... That's like a embezzeling salesman saying he was a "net positive" because he generated more profits than he stole. It may be true, but it doesn't make him any less of a scumbag.
SirWired
Re: (Score:2)
So the worst offenders on Windows are all from Unix.
Re: (Score:2)
Just because the company used social engineering instead of technical exploits to put unwanted software on people's computers doesn't make it ethical. They were piggybacking their adware software on screensaver software or little widgets and then hiding that extra unwanted software on your system so it wasn't clear where it was coming from. Putting something in the EULA that you click through shouldn't cover this.
You had to go to some web site, download an uninstaller, take a short survey about why they were getting rid of us, and then it would actually remove us and we would also leave a Registry key to make sure we didnâ(TM)t reinstall.
That isn't like any uninstaller I have ever heard of, basically that means that they hid soft
Re: (Score:2)
You have no experience with adware uninstallers, it seems.
This scumbag's software could ONLY be uninstalled if the user jumped through more hoops than in a hulahoop factory. If you used the windows uninstall feature or deleted directly, his software would reinstall itself.
Only after forcing you to take a survey on the web would you have the option of removing the software. Surveys are valuable commodities. Basically, he wrote ransomware.
Re:Not a complete jerk (Score:4, Funny)
he wrote adware. yes, he is a complete jerk. he worked for a corporation that did evil things.
What evil things? Did you read the article, or ignore the comment you replied to?
Are you new here? Advertising is EVIL!
The new battle ground (Score:5, Interesting)
I think the Windows programming model is at fault for much of the obfusciation tactics used by malware. Entire classes of exploits have arisen due entirely to the complexities and obscurities of the interface. Modern anti-malware tactics have to monitor many different parts of the operating system, and in some cases due to architectural constraints the methods of doing so can make the entire operating system unstable. Not only that, but race conditions and the use of special trap conditions/exception handling can make safely disabling malware a frustrating experience. Even professionally designed applications can sometimes tank the Operating System. Trying disabling Symantec Anti-virus on an XP system without a reboot, for example, and then doing a reinstall of it remotely. In the field, I saw failure rates of about 6% for SAV10. On a hundred thousand systems, let's just say I was not happy on that deployment! Killing malware is even more risky.
Windows is layers upon layers of earlier APIs that cannot be removed due to "backwards compatibility" concerns. I have some limited exposure to the .NET framework, and it has perhaps a half-dozen APIs for threading, and the documentation is riddled with exposed interfaces that have the note "Do not use. Not safe. bullet in the brain pan squish" in it. Over a third of the API is already depreciated (as far as I can tell), and there is an ever-shifting set of best practices standards. I can only imagine the hell a proper programmer endures in developing truly complex applications for .NET -- all I was doing was a few WMI calls and a database interface and I still crashed the kernel many times trying to figure out what to trap -- in many cases, error handling is mostly about creating a catch-all and then trying to break your code to see what is generated and then guessing what to trap accordingly. With an interface this complicated and unstable, it will always be a cat and mouse game between the white and black hats on this architecture, a game predicated on undocumented interfaces, obscurity, and deep knowledge of layers of the operating system that interact in unpredictable ways.
Compare this to linux, where the interfaces haven't changed that much, and when they do, depreciated means "We're going to remove this in a year or so and we mean it." Open source has one huge advantage here -- if it's not maintained, it ceases to be relevant and there's no 20 year old code lurking about in an unused API long forgotten. At least not nearly to the degree Windows has it. If you ask me, Microsoft is complicit in allowing malware to exist because they are unwilling to modernize Windows. They need to start over from scratch on their codebase and have a good hard think about what those APIs and interfaces are going to look like and then stick to it. Or at the very least, they could start by documenting these interfaces and releasing some code so we can be more confident that our hooks into their black-boxed APIs won't tear the operating system's heart out...
Re:The new battle ground (Score:4, Insightful)
Wow there cowboy... only a very small part of the API is deprecated, the best practices changed a bit once, and only had additions as new features popped, but didn't change much in years... if you crashed the -kernel-, you were using legacy APIs through .NET, not .NET itself, and error handling is very well documented for the most part, and doing a catch all is a (no offense, since .NET is obviously not your primary dev environment) noob way of doing things and is heavily warned against since version 1.
Maybe you fell in the ONE edgecase where it doesn't work well, but 95%+ (probably more) of it works flawlessly, is clearly documented and predictable...even if you go really deep. It becomes a bit more messy when you're interacting with separate products that just happen to have APIs coded in .NET (especially if its not the only language, and thus is probably coded by programmers who have no clue wtf they're doing), and its poorly done... Happens a lot. An example is the SSIS API (thats by Microsoft too), which is in .NET, but was clearly written by C++ gurus...so its a total fucking mess.
Re: (Score:2)
Well, you're probably right on all counts. .NET is not my environment. But when my manager throws me an intractable problem that's going to result in a legion of poorly trained kids being thrown at it otherwise, in less than a month, I adapt. I also scream "Train! Train! Get off the tracks--TRAIN!" to the aforementioned manager while doing so. -_- I basically had an O'Reilly book on Visual Basic and the online references to work with. And I had to bust a few people's nuts in another department to get Visual
Re: (Score:3, Insightful)
Oh yes I will argue with you over that :) You just have to get the parallels right. You can't go and compare the entirety of the API of Windows to a subset of Linux's...if you take all of the GUI APIs, the management APIs, .NET, Win32, etc, then just go and compare to the stuff the Linux kernel exposes... that doesn't work. Add the primary linux GUI environments, the various libr
Re: (Score:2)
"Do not use. Not safe. bullet in the brain pan squish"
I wish the API docs actually said that... that would be awesome.
Re:The new battle ground (Score:4, Insightful)
If you ask me, Microsoft is complicit in allowing malware to exist because they are unwilling to modernize Windows. They need to start over from scratch on their codebase and have a good hard think about what those APIs and interfaces are going to look like and then stick to it.
And the new version of Windows would be laughed at by non-IT consumers. "Why would I upgrade to the new Windows when all of my stuff doesn't work?" This is part of the argument against Vista, and why some people can't see past the need to break backward compatibility to do things "the right way".
Re: (Score:3, Informative)
True, and even some corporate users would not want it if their old applications won't run. On the other hand, the old cruft will continue to give them trouble until they DO a redesign.
Apple went the other way with OS X, see http://en.wikipedia.org/wiki/History_of_Mac_OS_X [wikipedia.org]. It took them four years to develop it, and backwards compatibility was limited.
For a while, I'm sure that cost them customers. But by now, it seems they got past that problem and the new, shiny OS helps them to gain market share from Micr
Re: (Score:3, Insightful)
Persistance is the problem (Score:2, Insightful)
The problem, obviously, is when uninstalling the adware becomes a major hassle. For example, the author described in the interview how you would have to download a special uninstaller from the net, fill out a survey, and allow them to keep a re
Sadly, no. (Score:5, Insightful)
From the article:
Um, no. Unconscionability is a pretty ancient principle of contract law. People joke about signing away their first-born child in an unread EULA, but they understand that it's a joke: that term would never be enforced by a court, because allowing contracts of adhesion (like EULAs) signed by non-lawyers in casual circumstances to extract those kinds of concessions from the parties would result in the complete breakdown of society.
So when this guy (and his bosses) talk about how there was "no law around this", they're not fooling anyone, least of all themselves. If I buy a bus ticket and on the back there's some fine print stating that by riding the bus I've agreed to let the driver break into my house and take anything he wants, guess where the bus driver ends up if he tried to exercise his contractual "rights"? In prison. Which is where this guy belongs.
Why Windows Registry is a bad idea (Score:5, Interesting)
Re:Why Windows Registry is a bad idea (Score:5, Interesting)
The differences in the way the NT api and Win32 api handle registry strings has been very well documented by Mark Russinovich and others.
Rootkit Revealer (written by mark) uses this difference to try and detect rootkits - read the registry using both APIs, and see what comes back different.
Hence Rootkit Revealer would put a huge flashing neon sign above malware that uses this technique
there are comments here threatening violence (Score:5, Insightful)
so let's educate some of you:
we capture someone like frank abagnale [wikipedia.org], and we go all sharia law on him, as a lot of you propose, and leave him as a bloody stump
then what?
well, there are other frank abagnales out there. how do we detect them and capture them? well, the frank abagnale you just beat to a pulp: he would have made a good tool to do that, ya think?
luckily, in real life, this is exactly what the feds and the banks did. in real life, you capture and use highly intelligent crooks to... drum roll please... capture more highly intelligent crooks. get it?
law enforcement is hard grinding work, it doesn't happen like "death wish" or "dirty harry". i know in some of your justice league of america fantasy lives, delivering justice with a fist and a gun is the way to go. but we'd like to talk about reality, ok?
so to review:
1. we can have justice your way, and beat adware authors to a pulp, or
2. we can have smart justice, and listen carefully to mr. adware author's words, and use those words to catch more adware authors
get it? see the difference? do you want to pursue justice? or do you want to beat people up?
these are mutually exclusive activities, despite your dimwitted fantasy lives
now go crawl back under your rocks mouth breathers. nobody who is actually going to catch and punish cybercriminals in this world is going to think like you do
even the most vile amoral serial killer is useful to keep alive and listen to. simply for matters of brain analysis and psychological study. or, we could put a bullet in his head, scrambling the abnormal brains, and having nothing useful to catch more vile amoral serial killers
dumb violent justice leaves a dumb violent society that knows nothing about the smart and truly vicious criminals in their midst
smart justice is about studying smart criminals, and using them against each other
Re: (Score:3, Insightful)
There is no disincentive to do wrong.
I know there's a big philosophical issue with deterrence as a reason for punishment, but the truth of the matter is that people will tend to not commit crimes when the
I think your philosophy tries to tip the balance by increasing the risk of getting caught for potential criminals... but that doesn't help when th
The Ethics of CoreWars (Score:5, Insightful)
Just for fun, consider the following actions a Unitary Programmer might do to your machine. Where would you rate them on the $SCOUNDREL scale, and why?
Playing "CoreWars" is tricky business, and people with even a dim sense of ethics are loathe to try it. But there's one case where none of the above actions are ethically questionable: When the machine's owner does it themselves.
I think the adware author lost sight of that for a while...
Schwab
Re: (Score:2)
Re: (Score:3)
Re: (Score:3, Informative)
Maybe even that won't get rid of the adware.
It will, if you do it right. That means
1) Don't try to "repair" the installation, format C: and do it really from scratch.
2) Don't install from a "recovery CD" from the hardware vendor, it might have the adware pre-installed. Use an unmodified Microsoft CD. Install from that.
Now you have a clean installation. To make it stay clean (not only from adware), do the following:
3) Before you connect to the internet again, install the latest service pack AND the post-SP4
Re: (Score:3, Insightful)
3.b. Make a clone image of the system to an external hard drive so that next time you can be done in 20 minutes. I recommend clonezilla [clonezilla.org] for this because it's free, boots from a pen drive, supports Windows and Linux, and will save to a USB drive or open Windows share on the network.
4) It is usually a good idea to use something else than Internet Explorer for surfing ;-)
Another good tip is to load a good hosts [msmvps.com] file. You would be amazed how much it helps. There's no host like localhost. It's cheezy, it's retro, it's cheating. But it doesn't cause cancer.*
*This statement has not been evalua