Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mozilla Wrongly Accused Sothink Addon of Malware

CmdrTaco posted more than 4 years ago | from the sorry-bout-that dept.

Bug 59

eldavojohn writes "Mozilla has admitted to wrongly accusing Sothink of distributing a video downloader with a trojan virus as a Firefox addon. From their official blog: 'We've worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware.' Before you go download that addon, however, keep in mind that Sothink has come under fire before for GPL violations and dishonesty."

cancel ×

59 comments

Who cares (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31099268)

How is the dumb GPL shit relevant? What a shit license anyway.

Re:Who cares (0)

cheftw (996831) | more than 4 years ago | (#31106148)

Ya, the only license for trolls is...
Apache?

"Wrongly" ? (-1)

Adolf Hitroll (562418) | more than 4 years ago | (#31099282)

I know everybody likes Mozilla here, but instead of saying it's been "wrongly" accused, I'd prefer an headline that'd say it's been clear because of...

Nice apology... sort of. (0, Redundant)

Ardx (954221) | more than 4 years ago | (#31099290)

It's all well and nice to apologize, but adding the qualifier makes it sound very insincere. While the company may be guilty of GPL violations, maybe it might be a smidge more tactful and graceful to remind that on a different day.

Re:Nice apology... sort of. (3, Informative)

Anonymous Coward | more than 4 years ago | (#31099356)

The qualifier was added only in the summary. The quoted part is just: 'We've worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware.'

Re:Nice apology... sort of. (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31099370)

Notice the end quote after "malware.' " ? The GPL violation is the eldavojohn's stance... it is not quoted text from the real blog post.

Re:Nice apology... sort of. (0)

BhaKi (1316335) | more than 4 years ago | (#31099404)

GPL is the reason why we have Linux and several other free software. Many people voluntarily contribute to GPL'd projects without receiving anything in return. So GPL violation is not just a legal issue but a moral issue as well. I think it's fair enough to point out a GPL violation whenever there's a chance.

Re:Nice apology... sort of. (0)

Anonymous Coward | more than 4 years ago | (#31100340)

GPL is the reason why we have Linux and several other free software.

No, Linus is the reason why we have Linux. It could've been any other license.

Re:Nice apology... sort of. (1)

BhaKi (1316335) | more than 4 years ago | (#31101020)

No, Linus is the reason why we have Linux. It could've been any other license.

Then it would have died a quick death. See the answer to second question in this Linus Torvalds interview. [archive.org]

Re:Nice apology... sort of. (1)

Eraesr (1629799) | more than 4 years ago | (#31100366)

Yes, let's make a special case for GPL, because we have no moral issue at all with stealing software from people who earn money working on proprietary (closed) software and feed themselves and their families with it. Damn them for earning money with writing software!

Re:Nice apology... sort of. (1)

BhaKi (1316335) | more than 4 years ago | (#31100808)

I understand your point about piracy. Pirates are committing a crime by not paying for the software they use. GPL violators, OTOH, are making money without writing code and without giving anything in return. They neither negotiate development sponsorships like RedHat nor pay royalties nor give credit. Which is a more serious crime?

Re:Nice apology... sort of. (1)

canajin56 (660655) | more than 4 years ago | (#31101230)

This is the USA, son. Committing copyright violation and selling a million illegal copies of somebody else's software is good for the economy! Pirating even one thing is you refusing your duty as a consumer! Easily 1000x as serious.

Re:Nice apology... sort of. (1)

Sancho (17056) | more than 4 years ago | (#31101536)

GPL violators may not be making money. Pirates may make money. The whole thing is a class of violations called "copyright infringement." While making money off of the infringement may increase its severity, it's all pretty well under the same umbrella.

Within copyright infringement is the idea of the value of a work. That is, the amount that it costs to purchase or otherwise legally acquire the software. Penalties are usually assessed keeping the value of the work in mind. Proprietary software usually has a non-zero cost to acquire. GPL software usually has a zero cost to acquire.

So when you ask

Which is a more serious crime?

the courts would probably answer "Illegally copying non-free software."

Re:Nice apology... sort of. (1)

vadim_t (324782) | more than 4 years ago | (#31111564)

It depends on how you see things.

One position is all about money. Depriving people of money is bad, if they're not earning money it's not a big deal. I strongly disagree with this one.

Another is if you see it as that copyright gives authors the ability to dictate how their work should be used, and any terms they come up with are equally valid, then all violations are bad, and both regular copyright infringement and GPL infringement are equally serious. It's not about money, it's about doing what the author wishes.

But if you see the GPL as what should exist instead of copyright, then regular infringement isn't a big deal, and GPL infringement is serious.

I should note people make money writing GPL licensed software too. I do.

Re:Nice apology... sort of. (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31100790)

Many people voluntarily contribute to GPL'd projects without receiving anything in return.

That might be true for many of the irrelevant apps. But things like the kernel, GCC, libc, KDe, GNOME, etc are all mostly developed and maintained by people who are receiving something in return for doing so — a paycheck.

Re:Nice apology... sort of. (1, Redundant)

Ardx (954221) | more than 4 years ago | (#31099434)

It's all well and nice to apologize, but adding the qualifier makes it sound very insincere. While the company may be guilty of GPL violations, maybe it might be a smidge more tactful and graceful to remind that on a different day.

Missed the nested quotes, my bad. Thank god I don't code at this time of the morning anymore. :D

Re:Nice apology... sort of. (0)

Anonymous Coward | more than 4 years ago | (#31100878)

test

Bad news is bad news. (1)

geekmux (1040042) | more than 4 years ago | (#31099734)

It's all well and nice to apologize, but adding the qualifier makes it sound very insincere. While the company may be guilty of GPL violations, maybe it might be a smidge more tactful and graceful to remind that on a different day.

Yes, I'm certain the tactic of half-truth would work well on the showroom floor at Toyota dealerships.

"Hey, this guy wants to buy a new Camry. Should we tell him about the recall?"

"Nah. Wait until next week, after we get the sale and he's put enough miles on the car. Hopefully he won't have a problem with the pedals."

Sorry, but I'd rather have ALL the information up front to make a fully educated decision.

Re:Bad news is bad news. (2, Interesting)

Linuxmonger (921470) | more than 4 years ago | (#31100222)

Sorry, but I'd rather have ALL the information up front to make a fully educated decision.

Bullshit

If you had ALL of the information to make an educated decision, you'd spend years reading the tracking information on the product, then the product wouldn't be available anymore.

I bought an EMC Clarion once, it came with hundreds of pages of documentation, which I skimmed. Two years later, we lost a couple drives, EMC replaced them, problem solved, turns out that one of the chips on the drives had a known failure, but it wasn't known at the time of manufacture.

There are hundreds of chips in your PC, do you want to pay the expense of tracking every one? Do you have any idea what that would cost? I buy hundred dollar motherboards, for me to research every product of every sub-company that has a component on that MB would take hundreds of hours of work, it isn't worth it for a product that isn't directly involved with life support

Re:Bad news is bad news. (2, Interesting)

Anonymous Coward | more than 4 years ago | (#31101014)

No, not every chip, but it might be worth it to check that your computer doesn't have the components that are most likely to fail. I currently warn customers against the following components: -known defective nvidia chipsets (especially on laptops since they are on the motherboard) -seagate hard-drives that have the perpendicular writing tech (extremely high failure rate) -list of motherboards with known bad capacitors -hp home products (office are fine, but the home products are such crud that they inevitably break a week after the 1 year warranty) -dell (except servers) proprietary drivers make re-installation more difficult for end users and they don't notify customers about products that have known defects. Case in point: nvidia video cards above. While apple, hp and others extended warranties by 3 years on affected GPUs and posted technical documents dell's only acknowledgment is in a couple buried blog posts, and when a customer with an affected unit called they said it was the operating system (vista) to avoid having to honor the extended warranty. The video has since failed completely and is no longer covered by their measly 1 year extension despite him having called to complain while it was still in effect

Re:Nice apology... sort of. (0)

Anonymous Coward | more than 4 years ago | (#31099818)

Please mod this idiot down, not up. His assessment of the situation is 100% wrong. Don't let the another first post contain misinformation.

Re:Nice apology... sort of. (1)

RebelWebmaster (628941) | more than 4 years ago | (#31099838)

The qualifier was put in by the submitter, not TFA.

ie * (0, Troll)

MrShaggy (683273) | more than 4 years ago | (#31099300)

Ms has also have been found guilty of misleading customers.

Re:ie * (2, Insightful)

The MAZZTer (911996) | more than 4 years ago | (#31099446)

Intentionally misleading and making a mistake are two different things.

Re:ie * (0)

Anonymous Coward | more than 4 years ago | (#31100984)

Your hilarious sig forgets to take into account the fact that 6.1 was a technical decision. Cheers, bandwagonneer.

Trojan Virus? (2, Insightful)

Anarke_Incarnate (733529) | more than 4 years ago | (#31099304)

Not more of this shit again.... A Trojan Horse is NOT a virus. It IS malware, but a virus tends to replicate and trojan horses do not, on their own. A trojan horse is just a program is the infection (In that it does something other than wanted or specified, and does so intentionally)

Re:Trojan Virus? (4, Insightful)

mamer-retrogamer (556651) | more than 4 years ago | (#31099424)

You are waging a losing battle my friend. Just as the distinction between the terms "hacker" and "cracker" has been lost upon wider usage, "virus" has now come to mean any type of malware.

Re:Trojan Virus? (1)

multisync (218450) | more than 4 years ago | (#31099606)

And "computer" is the monitor, and "hard drive" is the box on the floor, and "download" is anything you do on the computer (as in "I downloaded my printer to my hard drive but I still couldn't make a program").

Pointing out that malware can be a trojan or a virus but normally isn't both seems like a fair enough comment to make on Slashdot. I'm frankly surprised eldavojohn would use that phrase; maybe he hadn't had his coffee yet ;)

Re:Trojan Virus? (4, Funny)

Low Ranked Craig (1327799) | more than 4 years ago | (#31100244)

All I know is the Internet is that little blue roundish e thing on my desktop.

Re:Trojan Virus? (1)

commodoresloat (172735) | more than 4 years ago | (#31101232)

that little blue roundish e thing on my desktop.

That's an ecstasy tab, dude! Paaaarty at Low Ranked Craig's place!!!!

Re:Trojan Virus? (0)

Anonymous Coward | more than 4 years ago | (#31104412)

And I, for one, welcome our new /. editor.

Re:Trojan Virus? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31100774)

Perhaps but when I talk to my family guess what THEY DONT CARE about the distinction. They know their computer is screwed up and that a 'virus' did it. Because after the fact the results are the same to them. Their computer is messed up. They do not care that they did it or someone other program did it automatically. I then tell them if they did it to themselves or not and how to avoid it in the future. It is my job to make the distinction. You need to talk their lingo to figure out what happened if you dont you just come off as arrogant and rude. The end users realllllllllly do not care. Much like I do not care what plastic the moldings on my car door are made out of. I know they keep the water out.

Re:Trojan Virus? (0)

Anonymous Coward | more than 4 years ago | (#31109674)

By that logic, a "woman" is a vagina.

Re:Trojan Virus? (2, Insightful)

Hurricane78 (562437) | more than 4 years ago | (#31100444)

What gave you the idea, that we care what the general public thinks about our area of expertise?
Are you so weak, that you bow to a stream of loud idiots saying that 2+2=5?

We define what a virus is. We define what a cracker and a hacker is. Like professionals in any other profession.
There is no battle, so we can’t lose. I’m still calling anyone calling a cracker a hacker somebody who got no fuckin’ clue. Including you, if you do so. Period.

Re:Trojan Virus? (1)

Idiomatick (976696) | more than 4 years ago | (#31100754)

True, but if you use words properly whilst knowing the people you are addressing will completely misunderstand you then you are being plain stubborn. ie. I doubt you'd put that you do lots of linux hacking in your spare time on a resume...

Re:Trojan Virus? (0)

Anonymous Coward | more than 4 years ago | (#31104046)

To be fair, "cracker" wasn't lost. It was introduced after hacker was widespread, and didn't catch on. It was a nice idea to have a separate term, but the community had already settled on the Black Hat / White Hat distinction, and too much of the greater populous already used cracker for a type of white trash.

Re:Trojan Virus? (1)

AmberBlackCat (829689) | more than 4 years ago | (#31107612)

I think it helps to call them all viruses. Having a thousand different names just makes things inefficient and confusing. It also helps antivirus makers sell you an antivirus and an antispyware, when there should just be one product.

Re:Trojan Virus? (1)

HungryHobo (1314109) | more than 4 years ago | (#31099612)

combined with the fact that trojans can be just a layer.
Simple trojan infects a machine, on it's own it does nothing but execute arbitrary code on the target.
Trojan downloads code from it's controller which is an actual virus or code for a botnet etc etc...

it's not really an important distinction since the lines have become more blured as virus writers have tended towards hybrids or outsourced different parts of the infection process to others.

Re:Trojan Virus? (2, Interesting)

Alwin Henseler (640539) | more than 4 years ago | (#31099654)

a virus tends to replicate and trojan horses do not, on their own.

How weird... I recently dealt with an infected system where a trojan (2 different ones, in fact) copied itself onto an USB stick, without user intervention.

IIRC a virus usually tries to replicate itself without user action, or the user noticing. A trojan OTOH 'rides along' with another program that is intentionally run by a user. So the virus may come in on its own, the trojan arrives in 'useful' program+trojan packages. After infection, the trojaned program may place executables on the system that behave like a virus (further blurring the distinction). Isn't a program like this called a dropper or something?

Re:Trojan Virus? (4, Insightful)

Spad (470073) | more than 4 years ago | (#31099688)

These days you've got malware that is a trojan (to get onto your machine) and a virus (to spread itself to all your facebook friends, email contacts & embed itself on your USB key) and a worm (to spread itself around your LAN), which will zombie your machine to send spam and conduct DDoS attacks, keylog to steal your bank and WoW credentials and try to get you to buy fake AV software to get both your cash and personal info.

To say the lines between trojans, viruses, worms and spyware are blurry is a serious understatement.

Re:Trojan Virus? (0, Troll)

cerberusss (660701) | more than 4 years ago | (#31100384)

These days you've got malware that is a trojan and a virus and a worm, which will zombie your machine.

At the risk of sounding like a Linux/Apple fanboy, "I couldn't care less".

Re:Trojan Virus? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31100640)

At the risk of sounding like a Linux/Apple fanboy, "I couldn't care less".

At the risk of sounding like the voice of reason, "It's still possible to get rooted by a worm on a Linux/OSX box"

Re:Trojan Virus? (1)

Mister Whirly (964219) | more than 4 years ago | (#31101644)

Yes, pretending nothing could possibly happen to your machine is the very best security model I have ever heard. Run, don't walk, to the patent office and patent your idea immediately. I suggest calling it the "Ostrich Method of Securing a Computer System".

Keep your head buried down in that sand man! Ignorance is bliss!

Re:Trojan Virus? (1)

HellYeahAutomaton (815542) | more than 4 years ago | (#31109692)

Whoa whoa whoa. Stealing WoW credentials is enough to get even the most complacent geek to take notice.

Re:Trojan Virus? (4, Funny)

Ihmhi (1206036) | more than 4 years ago | (#31099920)

In my day, a trojan horse was a goddamned wooden tank full of angry ninja soldiers.

Re:Trojan Virus? (1)

thetoadwarrior (1268702) | more than 4 years ago | (#31102676)

I don't care what people call it just as long as they start taking better care to protect themselves from any vulnerability.

That's what they want you to think. (0)

Anonymous Coward | more than 4 years ago | (#31099374)

>>We've worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware

The below post is a Troll (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31099634)

Is she illin in the panicillin?
Is she chillin in the panicillin?
Is she stealin in the panicillin?
Is she feelin in the panicillin?

Panka panka

Is she liable no suitifiable pliable style is so suitifiable
Is she liable no suitifiable im not on trial but its suitifiable
Is she reliable no suitifiable not just viable but real suitifiable
Is she try-able no suitifiable lying in the aisle im real suitifiable

Is she spillin in the panicillin?
Is she squealin in the panicillin?
Is she feelin in the panicillin?
Is she trillin in the panicillin?

Panka panka

Is it libel? no suitifiable pliable style is so suitifiable
Is it a style? no suitifiable im not on trial but its suitifiable
Is it a mile? no suitifiable not just viable but real suitifiable
Is it wild? no suitifiable lying in the aisle im real suitifiable

stop using links to previous slashdot articles (0)

Anonymous Coward | more than 4 years ago | (#31099826)

For Christ's sake, stop using links to previous slash dot articles if you want to show the history of something. If there was previous history, just post the links to the actual articles already. What is it that makes you think a previously posted article lends more credibility than articles that actually inform us. For fuck's sake already...

Re:stop using links to previous slashdot articles (0)

Anonymous Coward | more than 4 years ago | (#31100022)

you must be new here.

Re:stop using links to previous slashdot articles (1)

Shoe Puppet (1557239) | more than 4 years ago | (#31101528)

New? He's got a 0-digit ID -- as do you!

Re:stop using links to previous slashdot articles (0)

Anonymous Coward | more than 4 years ago | (#31104544)

It's actually a 3-digit ID.

Offtopic, but regarding the tagline at the bottom (0, Offtopic)

clone53421 (1310749) | more than 4 years ago | (#31100760)

In spite of everything, I still believe that people are good at heart. -- Ann Frank

Her name is Anne Frank.

Re:Offtopic, but regarding the tagline at the bott (1)

Mister Whirly (964219) | more than 4 years ago | (#31101670)

The Nazis hauled away her "e" in the middle of the night. Nobody has heard from it since.

Re:Offtopic, but regarding the tagline at the bott (1)

arth1 (260657) | more than 4 years ago | (#31101938)

Her name is Anne Frank.

Still offtopic, but her name was Annelies Frank.
Ann Frank and Anne Frank are both valid spellings of her pet name, although we know her by the latter.

Re:Offtopic, but regarding the tagline at the bott (1)

clone53421 (1310749) | more than 4 years ago | (#31102198)

Ann Frank and Anne Frank are both valid spellings of her pet name, although we know her by the latter.

Jonathon can be “Jon” or “John”. Brooklyn can be either “Brook” or “Brooke”. Annelies can be “Ann”, “Anne”, or “Annie”.

Having multiple ways to spell a nickname doesn’t make all of them correct. As far as I know, Anne Frank spelled it with the e at the end.

Still might be Malware! (2, Informative)

canajin56 (660655) | more than 4 years ago | (#31101276)

Whenever you use the downloader, it goes to their website to display a "Download Started" page, and passes the URL you downloaded as a parameter. Do they have logs enabled on their webserver? I dunno. Better safe than sorry though. Just use FlashGot, the GPL plugin they stole all their code from.

Re:Still might be Malware! (0)

Anonymous Coward | more than 4 years ago | (#31107830)

even better, use tor and tubegrip.com

no scripting required, no tracking IP

The False Positive problem (1)

ElmoGonzo (627753) | more than 4 years ago | (#31105070)

It's even worse when a major anti-virus/internet protection application named after a pioneer of MS-DOS utilities throws a false positive and declares your CSS to be malware.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...