Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Best Resource For Identifying Legit Applications?

kdawson posted more than 4 years ago | from the x-ray-goggles dept.

IT 255

bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"

cancel ×

255 comments

Sorry! There are no comments related to the filter you selected.

Rob Malda's tranny died under mysterious circumsta (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31418626)

Rob Malda's tranny died under mysterious circumstances

New details about Rob Malda's past may come out in the divorce proceedings with his wife of 8 years, Kathleen. Page 6 speculates that she may fight the prenup, citing Malda’s infidelity with various street trannies.

In 2007, Malda was caught by Dexter police with a transvestite hooker in his car. He told his wife that he “stopped to help a person crying.” Several other hookers sold tales of Malda’s solicitation to the tabloids, and all of them were convinced to recant, with one exception:
Paul Barresi, a private detective who claims he was hired for damage control by Malda when the scandal broke, tells Page Six: “I called [Malda attorney] Marty ‘Bull Dog’ Singer and told him I could round up all the transsexuals alleging sexual dalliances with Malda.” And they would all recant their stories.

“In less than 10 days,” Barresi says, “I got them all to sign sworn, videotaped depositions, stating it wasn’t Malda himself, but rather a look-alike, who they’d encountered - with the exception of Suiuli.” In 2008, she fell to her death from her Dexter roof.

Atisone Suiuli was the tranny found in Malda’s car in 2007. After being caught by police, she had proof that she was with Malda and wouldn’t change her story. How convenient for him that she died soon afterwards.

download.com (3, Informative)

martas (1439879) | more than 4 years ago | (#31418636)

and many other software download sites [claim to] thoroughly test submitted applications with antiviruses. in recent times i haven't downloaded any app from them that turned out to contain any sort of malware.

Re:download.com (1)

Saishuuheiki (1657565) | more than 4 years ago | (#31419020)

May be true, but not his question. His question is how do you tell if something you have is malware, not how to find something not malware.

Though theoretically you could see if it's on download.com...this can only prove that it isn't malware, not that it is

Re:download.com (3, Insightful)

kalirion (728907) | more than 4 years ago | (#31419032)

That might work if the application is infected by (known) malware. What if the application is itself the trojan, perhaps one that activates in the future so no one would have reported it yet? Unless someone has access to the source code and the time and inclination to look through it, how do you know it's safe?

Re:download.com (1)

martas (1439879) | more than 4 years ago | (#31419062)

good point, which is why i typically try to download relatively popular software, which is another thing such sites can help you determine.

Re:download.com (1)

Kurrel (1213064) | more than 4 years ago | (#31419416)

By testing it in a sandbox, of course! Here's a super-nifty free binary analyzer that runs in your browser: http://anubis.iseclab.org/ [iseclab.org]

beware! (5, Informative)

TheSHAD0W (258774) | more than 4 years ago | (#31419298)

BitTornado, an application I administer, was once available via ZDNet, a site which distributed freeware and shareware apps much like Download.com. At some point someone began offering download mirrors for BitTornado and other apps, with installers that were modified and apparently contaminated with malware. I complained twice; the second time, they nastily asked whether I wanted them to remove BitTornado from their site. I told them yes.

Just because software is available via some popular gateway, you can't be 100% certain what you download will be perfect and free from malware.

What is your OS? (1)

Kitkoan (1719118) | more than 4 years ago | (#31418644)

That will help in figuring out where to go.

Re:What is your OS? (0, Flamebait)

Anonymous Coward | more than 4 years ago | (#31418684)

Seen as "somewhat computer illiterate," read as "Windows."

Re:What is your OS? (5, Funny)

Kitkoan (1719118) | more than 4 years ago | (#31418756)

Seen as "somewhat computer illiterate," read as "Windows."

I know a lot of OSX users that fit that description.

Re:What is your OS? (2, Insightful)

ColoBikerDude (947706) | more than 4 years ago | (#31418802)

Seen as "somewhat computer illiterate," read as "Windows."

I know a lot of OSX users that fit that description.

The OP also said "dialup" and "malware" so I still read as "Windows." :)

Re:What is your OS? (3, Funny)

e2d2 (115622) | more than 4 years ago | (#31419156)

Macs are dumbed down. So you gotta be smart to use them. Or something like that.

Re:What is your OS? (2, Informative)

Anonymous Coward | more than 4 years ago | (#31419240)

I know a lot of OSX users that fit that description.

And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.

Re:What is your OS? (0)

Anonymous Coward | more than 4 years ago | (#31419004)

Seen as "somewhat computer illiterate," read as "Windows."

OS X users suffer from using the search bar as the address bar just as much as Windows users. Also, have you ever tried instructing an OS X user on installing an app from a zipped .dmg file into the Apps folder?

It's not like OS X users are born knowing their UI/OS inside and out... or are they some kind of cult of the chosen few that I have successfully learned to infiltrate by learning to use a Mac despite my being born without instant OS X recall?

Re:What is your OS? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31419072)

"Doubleclick it until it opens up a Finder window, and then drag the icon into the Application folder on the left hand side of the Finder window".

"to big to download" (4, Insightful)

Sir_Lewk (967686) | more than 4 years ago | (#31418656)

downloading malware detection applications (and updates) is too heavy consider.

Any yet they find the time to download all of that malware...

Re:"to big to download" (4, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#31418724)

Exactly. If you have the time to download an application you have time to download malware detection.

And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

It honestly sounds like either you or the person you're helping simply don't want to put in the effort in -actually- testing the machine for malware.

Re:"to big to download" (0)

Anonymous Coward | more than 4 years ago | (#31419084)

And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

Do they not make keyboards with a Delete key anymore?

Though incredibly tedious and annoying, deleting or renaming potential problem files in safe mode is an effective way of removing malware. In some cases, it's still the only way.

Though, frankly, once it gets to that point on a person's machine, I prefer to simply reinstall windows and lock everything down. If they don't like it, they can either stop screwing up their computer or stop asking me to fix it when they do.

Re:"to big to download" (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31419340)

Some Malware puts itself onto the Kernell - and will be present during safe mode.

I take it you've never had to deal with an infest HAL.DLL before? Don't delete it.

Re:"to big to download" (0)

Anonymous Coward | more than 4 years ago | (#31418754)

I believe his comment should be taken as, "This is a person that doesn't want/will not allow unfamiliar applications installed on their computer, but are not wise enough to filter out the crap they should not be touching."

Re:"to big to download" (2, Informative)

jtownatpunk.net (245670) | more than 4 years ago | (#31419030)

A dialup connection can pull a quarter gig per day. Malwarebytes is under 10 megs with all updates and patches. (More like 8 megs.) You can get 200k per minute on dialup without breaking a sweat. That's 5 minutes per meg. That's 40 minutes for the full Malwarebytes download including updates. How much time do you plan to spend investigating the source of every installed program? Sure, it would be nice if there was a big list of every application on the planet with happy faces and frowny faces next to them but that would be a heck of a thing to maintain. The few companies that maintain such lists aren't likely to give you direct access as they've got commercial products built around that information. And, even if you found such a list, you would still have to pick through the installed programs and compare then one-by-one with the list. How long will that take? And the bad ones won't announce themselves by hopping on the add/remove programs list so you still need to scan. Start downloading and have a beer while you wait.

Or, since you know what you're up against, load up the thumb drive before you go over next time. Bring a couple of good spyware removal programs (and their standalone update files) along with the complete installer for a good AV program.

Re:"to big to download" (0)

Anonymous Coward | more than 4 years ago | (#31419506)

PDF Suite appears to be legitimate software, at only 2.6 MB, it's smaller than Adobe Reader, and far smaller than most anti-virus/spyware.
Back when I had dial-up 10MB was probably the biggest thing I ever downloaded, an intermittent connection that cost me per-minute certainly wasn't suitable for downloading files.

Assume malware (5, Insightful)

c++0xFF (1758032) | more than 4 years ago | (#31418658)

If you've never heard of an application, assume that it's untrusted malware.

Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

Re:Assume malware (4, Interesting)

tepples (727027) | more than 4 years ago | (#31418846)

If you've never heard of an application, assume that it's untrusted malware.

Then how should a micro-ISV [wikipedia.org] or a free software developer earn users' trust?

Re:Assume malware (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#31419018)

There are certainly costs to the strategy; but it is still a decent heuristic for somebody in the demographic we are talking about(ie. clueless, no broadband, probably no backups, or even system restore media).

New entrants will naturally attract the attention of the sort of savvy tech enthusiasts who follow news outlets and whatnot, and are arguably in a far superior position to evaluate for utility and nonmalice. Once they've rendered their verdict, the noobs can follow the received wisdom, or have it done for them.

"If you've never heard of an application, assume that it's untrusted malware." would make a shitty universal rule; but it is mostly a good idea in this context. Some people are better cut out to deal with technical risk than others. People with disposable VM appliances can do whatever they want. Noobs with dialup who will end up losing months of work, a week's use of their computer, and several hundred in Geek Squad fees if they do the wrong thing should probably stick to the beaten path.

Re:Assume malware (1)

b4dc0d3r (1268512) | more than 4 years ago | (#31419078)

some options:

  • Release the source code, or source with paid registration
  • Get listed by one of the major download sites as this poster said [slashdot.org]
  • Get listed on one of the major OS-specific app news sites as in this thread [slashdot.org]

WOT has the same problem as anything else, false negatives. I found many different sites offering software with this name.

This one has links to tucows and is the Google keyword sponsored link, making it look legit: http://pdf-suite.com/us/default.asp [pdf-suite.com]
This has the same picture but entirely different website, looking suspicious: http://www.pdf-suite.com/ [pdf-suite.com]
This looks like different software with the same name: http://www.aloaha.com/wi-software-en/printing.php [aloaha.com]
But that's featured on TechSite. Do you trust Techsite? http://www.techspot.com/downloads/4109-aloaha-pdf-suite.html [techspot.com]

Basically it's the same reputation-based research you use anywhere - if a reputable source links to it, or even better offers it for download, your reputation improves exactly like PageRank. If dubious sites link to it, it looks like a bad idea to download.

Consider it from a different angle - if you are a Micro ISV, how do people hear about your product in the first place? Chances are you're not getting first-page google results unless you have a truly niche product. However people hear about it is a channel you want to strengthen.

Thank you for recommending Upload.com (1)

tepples (727027) | more than 4 years ago | (#31419404)

Release the source code, or source with paid registration

I know of several developers who refuse to release source code because they've had their software plagiarized[1] by some unscrupulous yet judgment-proof[2] party.

Get listed by one of the major download sites as this poster said

I looked into this, and it turns out that the way to get your software listed on Download.com is (fittingly) called Upload.com. And its policies don't look as bad as I expected.

[1] Copied without attribution. In most cases, plagiarism is a form of infringement.

[2] Lacking financial resources or located in another state or country.

Re:Assume malware (1)

perlchild (582235) | more than 4 years ago | (#31419272)

I was going to say the only safe approach was to whitelist, but you beat me to it.

If you're not sure, don't.

You're better off living without that one piece of software that's obscure, than dealing with the malware.

If you really can't live without one piece of software, then you gotta research it.

Re:Assume malware (1)

Dynedain (141758) | more than 4 years ago | (#31419396)

Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

I've been hearing this canard trotted out quite a bit recently... How Linux is so much easier than Windows to manage updates, so much easier than Windows to install software, etc.

But think about it for just a minute. The model only works because you trust RedHat, Gentoo, etc to do the right thing. Imagine if the recommended way for doing software installs or updating 3rd party apps was through Windows Update. How much uproar would there be about MS "requiring" software developers to register. How much fury would there be about MS trying to use it's monopoly practices to kill its competitors InstallShield and Download.com.

Just look at the iPhone app store. Do you really want that distribution model for Windows?

how about google? (1, Informative)

Anonymous Coward | more than 4 years ago | (#31418666)

ummm, first hit on google for PDF Suite.

http://www.pdf-suite.com/

Looks legit to me...

Re:how about google? (3, Insightful)

Mr Z (6791) | more than 4 years ago | (#31418818)

Well, if it was benign software, then maybe the free trial ended? Or, if it really did have some malware in it, maybe it was a "cracked" version, with extra Russian Hacker Goodness?

Re:how about google? (0)

Anonymous Coward | more than 4 years ago | (#31419336)

Of course, but that the OP's question was whether the software was legit. Looks like legit software, and it took all of 2 seconds to determine that. Now, if the software was infected with malware or whatnot, that is a separate issue which the OP should investigate. So, what have we learned: OP is lazy and/or incompetent.

Re:how about google? (3, Insightful)

Mr Z (6791) | more than 4 years ago | (#31419432)

There is a legit package named PDF Suite. It's unclear whether that installation was legit or not. If "PDFs stopped working," it's entirely likely that the trial period for the legit software expired. No idea. I wasn't weighing in on either side of that.

The problem as stated in this article's question is almost something of a fools errand: "I have a connection to the Internet that at best can give me benign but worthless stuff, and can give me unbounded amounts of virulent crap. I can't use this connection to download anything useful or helpful, nor can I bring anything with me that's useful and helpful. How do I avoid the crap?"

Perhaps I overstate it a bit, but not by too much, I don't think.

Re:how about google? (1)

dbcad7 (771464) | more than 4 years ago | (#31419620)

Maybe it's a file association problem ?

Legit (1, Offtopic)

oldhack (1037484) | more than 4 years ago | (#31418670)

"Legit" apps sells your info just as well as the others. That's another plug of open source software.

Re:Legit (1)

qw(name) (718245) | more than 4 years ago | (#31418838)

"Legit" apps sells your info just as well as the others. That's another plug of open source software.

Google comes to mind...

Re:Legit (1)

FlyingBishop (1293238) | more than 4 years ago | (#31419154)

And there's a plug for the AGPL.

"Where can you quickly find information?" (0)

Anonymous Coward | more than 4 years ago | (#31418682)

Google.

Does the vendor make md5 or sha1 hashes available? (3, Insightful)

number6x (626555) | more than 4 years ago | (#31418694)

Does the vendor make md5 or sha1 hashes available?

Linux repositories are signed with pgp keys, this is usually pretty good(pun intended) for security. Even when breaches happen things are found out pretty quickly.

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

Re:Does the vendor make md5 or sha1 hashes availab (5, Funny)

Anonymous Coward | more than 4 years ago | (#31418836)

Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!

I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!

Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.

What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...

oh dear, it appears my monocle has come off again! Ho ho!

Re:Does the vendor make md5 or sha1 hashes availab (2, Insightful)

tepples (727027) | more than 4 years ago | (#31418966)

LINUX has SOFTWARE REPOSITORIES, did I mention this?

The software repositories associated with major desktop Linux distributions, such as Fedora and Ubuntu, have a drawback: not all applications, even useful and legitimate ones, satisfy the licensing requirements of the repositories. For example, almost no major label video games are completely free software [gnu.org] and free assets [freedomdefined.org] .

Re:Does the vendor make md5 or sha1 hashes availab (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31418998)

And they aren't always up to date, certain software you might want could have been removed from them (XMMS for example with later versions of Ubuntu), or they just never included certain software in the first place.

Re:Does the vendor make md5 or sha1 hashes availab (1)

amRadioHed (463061) | more than 4 years ago | (#31419666)

How is removing XMMS a sign of not being up to date? XMMS hasn't been supported by the developer for years. Audacious is what you are looking for and I'm sure it's in the Ubuntu repos.

Re:Does the vendor make md5 or sha1 hashes availab (1)

frank_adrian314159 (469671) | more than 4 years ago | (#31419680)

... almost no major label video games are completely free software and free assets.

Well, don't you have something better to do with your life than play games?

Re:Does the vendor make md5 or sha1 hashes availab (1)

Anonymusing (1450747) | more than 4 years ago | (#31418976)

I'm trying to picture a penguin with a monocle and a snifter of brandy... it's like Mr. Peanut, but with booze.

Re:Does the vendor make md5 or sha1 hashes availab (1)

ScouseMouse (690083) | more than 4 years ago | (#31418982)

Amusing, however app repositories arent confined to open source, Apple do it (At least for the IPhone), Nintendo do it, google do it, Sony do it. No reason Microsoft couldnt do it.

Re:Does the vendor make md5 or sha1 hashes availab (0)

Anonymous Coward | more than 4 years ago | (#31419626)

No reason Microsoft couldnt do it.

...except for massive anti-trust suits. Microsoft are in an absurdly sticky situation; if they ship some kind of repository, vendors who AREN'T on the (default) repository will sue (and rightly so). If they make third-party repositories and support multiple respositories (like Debian's apt/.deb, and I assume RPM/pacman/ebuild/etc), the attack vector will then switch to convincing users to add your repository, rather than getting them to install your malware. The only thing that would result in is pissed off users (another step to install programs, since vendors wouldn't cooperate enough to share repositories so you'd have one repo per app) and a better attack vector. And this is assuming vendors even WANT to use a repository system - remember, they already have their own install procedure (self-rolled updaters/install binaries/etc), and wouldn't be keen to throw all that work away (and possibly money down on licences for install binary middleware like InstallShield).

It's best to leave repositories for those who already have it (Linux, BSD) or for those who more rigidly control their platforms (Apple/OSX, Sony/PS3, Nintendo/Wii). Personally, I'd rather Microsoft not even try, lest they turn everyone off of the idea of repositories (which is a damn good one) when they F it UBAR (and they will, though not necessarily because they're incompetent).

Re:Does the vendor make md5 or sha1 hashes availab (1)

mchugh (627644) | more than 4 years ago | (#31419290)

Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!

I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!

Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.

What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...

oh dear, it appears my monocle has come off again! Ho ho!

sudo apt-get install monocle

HTH.

Re:Does the vendor make md5 or sha1 hashes availab (1)

RotateLeftByte (797477) | more than 4 years ago | (#31419468)

Actually, as he is using Monocle then I'd like to suggest he might be a SUSE User.
Then sudo apt-get install monocle is absolutely useless.

Obligitory XKCD link... (2, Funny)

Stick32 (975497) | more than 4 years ago | (#31419582)

because someone has to [xkcd.com]

Re:Does the vendor make md5 or sha1 hashes availab (0)

Anonymous Coward | more than 4 years ago | (#31418896)

Its hard to believe Windows users don't have App repositories yet.

It's not *that* hard to believe...LOL

Re:Does the vendor make md5 or sha1 hashes availab (4, Insightful)

Dr_Barnowl (709838) | more than 4 years ago | (#31418946)

Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

Re:Does the vendor make md5 or sha1 hashes availab (0)

Anonymous Coward | more than 4 years ago | (#31419342)

hashes don't assure you of the source at all, they just provide a unique (within the limits of the hash type) fingerprint for the file. If you know what a file's hash should be, the source is irrelevent.

Re:Does the vendor make md5 or sha1 hashes availab (1)

mcrbids (148650) | more than 4 years ago | (#31419586)

Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

How don't they provide provide assurance of trust?

If you trust Vendor A, and you install Vendor A's repo, then the number of things to worry about has just been sharply reduced, because you can reasonably trust that packages signed by Vendor A's repo do, in fact, come from Vendor A.

I think what you meant to say is that hashes only assure that the files came from a specific vendor, and that's self-evident. It's like saying that water is wet.

You don't see how this is a dramtic net improvement?

Re:Does the vendor make md5 or sha1 hashes availab (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31418974)

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

App repositories are only good if they are always up to date. One can go to Ubuntu forums, as an example, to find numerous stories of people having to go outside of the repositories to find the latest versions of apps or to find apps that aren't in the repository. Sure, repositories can help to ease in installing and finding software but they aren't this perfect magic bullet as people like you like to claim. If they were why is there any need of a mechanism to add 3rd party repositories in apt?

Re:Does the vendor make md5 or sha1 hashes availab (1)

h4rr4r (612664) | more than 4 years ago | (#31419296)

Third party repositories are still better than random app off random webpage. As you first trust the repository before you would think of adding it. Nothing is a magic bullet, but you knew that already.

No go back under your bridge.

Re:Does the vendor make md5 or sha1 hashes availab (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31419458)

Third party repositories are still better than random app off random webpage.

Why? Any person can set up a random repository.

Nothing is a magic bullet, but you knew that already.

Which runs contrary to what the GP was attempting to project.

No go back under your bridge.

*yawn* Get some better material, kiddo.

Re:Does the vendor make md5 or sha1 hashes availab (1)

nschubach (922175) | more than 4 years ago | (#31419034)

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

I haven't spent any time looking, but is there possibly a nice cross platform (Win/Lin/Mac) solution for an application developer to stick on his web server and give everyone a link to add that to their package manager of choice? That or some kind of uniform repository "tag" of sorts. This would be something that would contain the developer's repository information and all repository clients could understand how to read it and/or know if they support it.

It definitely would be cool (and avoid silly one click installs) if an indie developer distributing their application could just give their users a link and post their latest version(s) to that application so anyone can keep up to date with the latest version. I have a feeling such a system doesn't exist and people would get all strung up arguing how to do it.

Re:Does the vendor make md5 or sha1 hashes availab (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31419134)

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software.

No, that's pretty much how everyone install applications except you linux fags

Re:Does the vendor make md5 or sha1 hashes availab (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31419144)

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

How is that any less worse than having to dig up third-party repositories or searching the internet for packages to install software that isn't in your OS's repository?

Re:Does the vendor make md5 or sha1 hashes availab (1)

h4rr4r (612664) | more than 4 years ago | (#31419250)

It's not, novice users should not be installing non-repository apps at all.

Of course since I am responding to a troll I am sure you will insist on making more silly claims.

Re:Does the vendor make md5 or sha1 hashes availab (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31419434)

It's not, novice users should not be installing non-repository apps at all.

Why? What if they want something that is more up to date than what is in the repository or what if the application they want has been removed?

Of course since I am responding to a troll I am sure you will insist on making more silly claims.

How am I a troll? Because I bring up legitimate issues that have appeared on various linux forums such as Ubuntu Forums?

Feel free to use my method (2, Funny)

yttrstein (891553) | more than 4 years ago | (#31418704)

find /usr/ports/* >> notmalware.txt

Re:Feel free to use my method (1)

cormander (1273812) | more than 4 years ago | (#31419104)

Okay, so from what you're saying: rootkit != malware Good to know, reinstalling my OS after getting hacked is a big pain in the ass.

Hard to Define "Trusted" (1)

DIplomatic (1759914) | more than 4 years ago | (#31418782)

Unfortunately there's no one good list of "Trusted" software. Mostly because "trusted" cannot be empirically measured. Trusted by whom? Bloatware/Spyware/Crapware are sort of like art, you know it when you see it.

Look at it this way (4, Funny)

Anonymous Coward | more than 4 years ago | (#31418784)

If it is malware, it's probably more secure against attack than Adobe Reader is.

Maintain the USB stick. (1)

Tackhead (54550) | more than 4 years ago | (#31418792)

And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often.

No better time than now to start collecting installer .exe files.

The reason you collect the installers (or the portable installations for programs that don't require installers) is because in the Windows world, you never know when a publisher will go rogue. UsefulUtility 0.8.5 might be great, UsefulUtility 0.8.6 might come with an optional toolbar/crapware that can be deselected at install-time using the "custom" button, and UsefulUtility 0.8.7 might not have the option to delesect the toolbar/crapware.

In that case, UsefulUtility 0.8.5 or UsefulUtility 0.8.6 are the last safe versions (depending on how you define "safe"), and you stop upgrading. But even if the publisher vanishes from the face of the earth (or puts in gobs of crapware in 0.8.8), you've still got that USB stick with known-trustworthy installers.

The best place to find this sort of information, unfortunately, is by random googling on an app-by-app basis. UsefulUtility might have user forums, and when they go from 0.8.6 to 0.8.7, its users will be screaming bloody murder. Or you might come across a thread on one of the larger tech sites that talks about utilities, and when people start looking for replacements for UsefulUtility, you might find a BetterUtility that does the same thing, only with less bloat.

Re:Maintain the USB stick. (1)

Rob the Bold (788862) | more than 4 years ago | (#31419208)

And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often.

No better time than now to start collecting installer .exe files.

Unless you really don't want to become that "guy who knows computers and fixes mine for free". Even if they pay you -- or especially if they pay you -- you've gotta deal with that "you touched it last" problem the next time they install some malicious. I used to be that guy, and I did just as you said. And you're absolutely right about publishers "going rogue" and the advantages of keeping multiple old version, JIC.

I still keep that USB stick. But I try to make sure no one knows about it anymore. It's only for my wife's windows laptop that she won't part with yet.

I'd say if you've moved away from Windows yourself to try as hard as possible not to keep maintaining "somewhat computer illiterate person('s)" machines.

Er (5, Informative)

Quiet_Desperation (858215) | more than 4 years ago | (#31418814)

Did you try Googling it *without* the word malware?

http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1 [google.com]

Re:Er (1)

wurp (51446) | more than 4 years ago | (#31419220)

The only thing that could have made that comment better is to use LMGTFY instead of Google in the link.

Did you consider... (1)

eeth (1557089) | more than 4 years ago | (#31418822)

that it might not be malware, but simply ancient software incompatible with newer documents?

repos (0)

Anonymous Coward | more than 4 years ago | (#31418828)

If it's legit it's in your repos.

you answered your own question (0, Redundant)

Fujisawa Sensei (207127) | more than 4 years ago | (#31418848)

I believe that you answered your own question.

Before installing an unknown application, do a little research first; such as google for the app + malware.

Why are you doing this? (0, Troll)

realmolo (574068) | more than 4 years ago | (#31418850)

Helping someone try and fix their computer is an exercise in futility, even if you are getting paid for it. Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

Tell the person that they need to pay you to fix their computer (even if they need to ship it to you). Anything else is a waste of your time.

Re:Why are you doing this? (2, Insightful)

tepples (727027) | more than 4 years ago | (#31418930)

Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.

Re:Why are you doing this? (1)

jimicus (737525) | more than 4 years ago | (#31419518)

Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.

At this point it would probably be substantially cheaper, quicker and easier to post them a prepaid 3G dongle and deal remotely using a proper remote support tool.

Though if they're on dialup it's possible they live in the back end of beyond, in which case there may not be a 3G signal.

Re:Why are you doing this? (1)

Merc248 (1026032) | more than 4 years ago | (#31419170)

Every time I've tried introducing a revenue stream, it's only resulted in people shying away from getting my help.

Even though it means, "yay, more free time for myself," it also means, "wow, people really don't value technical support."

Re:Why are you doing this? (2, Insightful)

Lunix Nutcase (1092239) | more than 4 years ago | (#31419484)

Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

Because some people are actually nice and want to help out their friends and family?

Re:Why are you doing this? (2, Funny)

oodaloop (1229816) | more than 4 years ago | (#31419508)

Yeah, I feel the same way with any service I provide. Want me to hold the door for you? Pay up. Want me to help you move? Pay. Pick up a coke while I'm up? Pay. Jumpstart your car? Fix your collar? Point out your shoe's untied? That's right, PAY.

Who needs friends as long as you have money?

You can't really tell. (1)

Oxford_Comma_Lover (1679530) | more than 4 years ago | (#31418912)

I don't think there's a good way to tell, short of a truly rigorous approach that takes a long time to verify all the software on a system. It's a combination of (1) too many things happening at once on a modern system, (2) lack of good DRM-type authentication (which would allow you to approve or disapprove vendors, or approve each software package independently if from a noncommercial vendor), (3) too much of the stuff that's happening being distributed to different locations. In linux, you can usually tell pretty easily what's going on by running ps and tracing down the processes--okay, you can hide stuff in libraries and modify the code, but you've got a good first step there.. In windows, some is in processes and some is in services, and it's a pain to even put together a list of everything that's running, much less find out where it comes from or whether it's the software it claims to be. It should be easy, but I don't know of a good way to do it.

There are anti-malware programs that take a common swipe at your system. Sometimes they work. But it's like practicing bad medicine as opposed to figuring out what's really wrong--it may work sometimes, but it doesn't solve the larger problem. The reality is it's a completely broken system. We can hunt down bugs, and if we lock down a system from install-time and don't do anything too adventurous or unusual we can be sure to keep it clean, but our security model is basically wrong because we're blacklisting instead of whitelisting, and it's hard to even get a list in the first place. Why aren't there system utilities that automatically generate a list of all running processes and services and anything else that uses CPU time, lists their pipes to each other and to the file system and the network, and then verifies all of that against digitally signed configurations from the vendor?

If the software isn't doing what it's supposed to be doing, it should shut down after giving you a chance to override the shutdown. So leave the end-user with control, but leave the default conditions so for the 99.99% of end users who don't want the nondefault behavior, their machines are safe.

Document everything. (1)

magus_melchior (262681) | more than 4 years ago | (#31418972)

If you're a small shop and can't afford the "arm, leg, and firstborn" prices of volume licensing, set up a system where a manager or an experienced IT admin pre-approves software installation, and makes a (hopefully organized) record* of what software got installed on what computer/server.

If you're not starting up, have all the users go through their PCs and write up a list of software on their computers. It's disruptive, it's time-consuming, but only when you do it the first time, and it ferrets out the odd user who installed Google Desktop and a crapton of add-ons, distracting him more than making him more productive.

* If there's discomfort over management approval of software installs, you could be fairly liberal about it and say "well, you can install anything within company policy (i.e. no porn), just let us know so we don't freak out when WeIRDsofTWAREName shows up."

Google.com (1, Informative)

Kylow (581998) | more than 4 years ago | (#31418986)

The best resource is still Google. You will need to be a little more patient and a little more competent with your search terms, however. Or you could just write in to Ask Slashdot.

How important is this person to you? (3, Interesting)

pz (113803) | more than 4 years ago | (#31419066)

If this person is important to you (ie, a relative, family friend), then set up a CD-R with A/V and malware detection on it such that it autoruns, and mail them a new, fresh copy once per month that includes the latest A/V definitions. Hell, include a defrag as part of the autorun process. What does this person do for updates to Windows? I'm betting nothing. Include those too.

90% of maintaining my computer semi-literate parents' and relatives' computers is basically this: (1) update antivirus, (2) run A/V, (3) update Windows, (4) defrag.

Re:How important is this person to you? (0)

Anonymous Coward | more than 4 years ago | (#31419166)

Defrag is cargo cult.

Re:How important is this person to you? (1)

mikael_j (106439) | more than 4 years ago | (#31419364)

Sadly NTFS still benefits from the occasional defrag (although not to the extent that FAT did).

/Mikael

Re:How important is this person to you? (1)

tomhudson (43916) | more than 4 years ago | (#31419682)

Defrag is cargo cult.

They're on dialup. Who's to say it isn't Win95 on an 80 meg fat-16 hard drive that was upgraded from wfw 3.1?

simple (0)

Anonymous Coward | more than 4 years ago | (#31419086)

If it's not in the Ubuntu Software Center, don't even consider installing it. Works great for me.

file advisor (0)

Anonymous Coward | more than 4 years ago | (#31419118)

http://fileadvisor.bit9.com You can search by file name or md5 hash, but you'll want to use the md5 hash to ensure you are checking the real file (and that it is not just spoofing a good file)

The repositories dummy. (1)

h4rr4r (612664) | more than 4 years ago | (#31419188)

If it is not in the default repositories do not install it.

For novice users the Ubuntu Software Center is nice too.

Best idea (1)

Darkness404 (1287218) | more than 4 years ago | (#31419216)

Just delete the apps that aren't needed and replace them with OSS alternatives. Other than some well known software (Office, Photoshop, iTunes, etc) most everything else can be replaced with a better working, faster and generally better OSS alternative. Why keep that PDF suite? The most you would need would simply be Foxit, Sumatra PDF or Adobe Reader.

Download from CNET (0)

Anonymous Coward | more than 4 years ago | (#31419248)

Downloading only from CNET is probably the lowest common denominator that provides some level of protection

What's happening to /. ? (0)

Anonymous Coward | more than 4 years ago | (#31419312)

What's with the incredibly nooby questions today?

News for (wannabe) nerds?

Download.com (1)

westlake (615356) | more than 4 years ago | (#31419328)

Download.com [cnet.com] has it all. Programs of every description.

Open Source. Closed Source. Free Ware. Trialware. Inkscape is there.

It's a painless way to survey pretty much everything worthwhile that is out there - and infinitely more accessible than SourceForge.

File Hippo [filehippo.com] has much narrower, utilitarian focus, but the essential apps are there. File Hippo's update checker is quick and reliable.

 

Re:Download.com (1)

Smidge207 (1278042) | more than 4 years ago | (#31419684)

Open Source. Closed Source. Free Ware. Trialware. Malware. Bloatware. Crapware. Inkscape is there.

Take the computer home with you (1)

generalhavok (1432165) | more than 4 years ago | (#31419354)

I do this all the time. I live in a rural area where some people still have dial-up. They get infected. I'm known as the computer geek, so they call me. I either go to their house, confirm that it's malware, etc, and then take the computer home with me, where I have broadband, my big box of tools, spare parts, etc, and work on it there, or just have them drop it off. I'll then either download what I need to clean the system, or I'll just completely re-install it for them. It's nice doing it from the comfort of my home. I can let it install or run scans while I work on other things. When it's done, I call them up, or go deliver it. And I get paid. Imagine that. I find that trying to work over dial-up is impossible, or a huge waste of my time, when it's much quicker to drive to my house than to wait for something to download. Also, trying to talk users through things over the phone, especially when they are on dial-up or hampered by a slow, infected computer, is an even bigger waste of time! So, even if you love this person, and want to just do it as a favor, then do yourself a favor, and take the computer somewhere where you have the proper tools, a good connection, and can do it at your leisure.

bit9 (1)

elhondo (545224) | more than 4 years ago | (#31419410)

may help. they collect a lot of md5's and have a plugin to run an md5 within explorer.

Upload to virustotal.com (1)

drewhk (1744562) | more than 4 years ago | (#31419424)

It scans the file with several virus scanners and returns the result. Not 100%, but quite useful.

Live CD (1)

zogger (617870) | more than 4 years ago | (#31419452)

Really, today, on dialup, the best you can do is run an up to date live cd that has a range of apps on it, suitable for most purposes, and drop the few bucks every few months to get an updated version snail mailed to you from one of the disk burner companies. Knoppix, ubuntu, whatever, one of those live versions.

  Get a few different ones to start, see which works the best, then stick with that one if you can. I was on dialup until last year and actually had two different isps give me grief over being online excessively, and dang if it wasn't just trying to keep up to date with patches overnight in a lot of cases. Trying to patch plus surf at the same time made both near unusable, dialup really can't handle that well, so I did the "do it over night" deal, which lead to excessive hours online. Note, the cheaper "bargain" dialup providers gave me the grief, then I went with the large nationwide one sorta sounds like planet chains, which is full price, and never no grief from them. FWIW. Still took a long time though, and was a PITA for patches and updates. And forget full distro upgrades, that was just nuts to try and do that.

    Modern web pages are designed for broadband for the most part. No way around it anymore, so for those stuck on dialup with no broadband on the horizon for another few decades, like still huge areas of the US, it's live CDs if they want to go online. Keep an old rat box with windows on it that isn't connected to the net *ever* never, ever, ever to play games if you must. Modern OSes and apps need frequent patching, and it takes a long time to do this on dialup, so just run the best live CD you can and be done with it. Not worry so much about malwarez then, just reboot for a clean new install every time, and make sure to keep images turned off for the most part, and run noscript and adblocker to also help with the security and to give you a fighting chance of viewing a web page under two minutes load time. That's the best I could come up with as a workable compromise being stuck on dialup from 95 until 09.

Compulsory... (1)

vorlich (972710) | more than 4 years ago | (#31419606)

hopefully your friend has kept all the original packing that their computer came in. Repack everything and return it to the original vendor. Tell them that your friend (and quite possibly your friend's friend) is not really smart enough to own a computer.

Is it in the repository? (0)

Anonymous Coward | more than 4 years ago | (#31419632)

So my question is, where can you go to find out if something is legitimate?

The quickie test is: if it's in the repository (Linux) or ports (*BSD), then the app probably at least means well; it's very unlikely going to be deliberate malware (though it might be buggy). If it's not in the repository and not written in-house, then it's at least suspicious. Who vouched for it? How does it get installed in the first place? It's actually pretty rare for this situation to even come up; when it does, there ought to be an explanation. Is this a developer checking out app sources from github or something?

If it's suspicious, then you need to audit the source yourself (Hi, Theo!), do without it, or install it with acceptance that it may compromise the machine (you're doing this in a VM, right?). If you're a casual user, then the real answer 99.999% of the time, is to do without. You don't want to end up like those poor Windows users.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>