×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McAfee Manufactures Virus Threat

michael posted more than 11 years ago | from the virus-laboratory-has-new-sinister-meaning dept.

Editorial 787

The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors.

The latest "news" to come out of the AV industry is New Virus Infects Picture Files. McAfee put up their description and made sure to issue a wide-spread press release to stir up some interest. McAfee's spokesdrone fans the flames:

  • "Potentially no file type could be safe."

    That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.

    "Going forward, we may have to rethink about distributing JPGs."

Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code. An image file is just data to be displayed. The line between "data" and "code" is a little bit fuzzy - often particular characters or a particular file can be both data and code, depending on the context of how other code handles it. Or a particular file can include both data and code separately, like a Microsoft Word file that includes data (your text) and code (some macro designed to be executed by Word when the document is opened).

But for JPEGs there's a well-designed standard, and it doesn't include executing code of any sort. If a JPEG-handling program doesn't like the data it sees, it should just stop trying to display the image, not decide to start executing code from the image. JPEGs are mostly harmless.

McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code. What it comes down to is:

Once you're infected with a virus, the virus can set you up to be infected by other viruses.

No shit, Sherlock. Once you have enemy code running on your system, you're toast. A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone. But this isn't a new virus threat of any sort. It isn't a breakthrough. It's a consequence of being infected, not a new method of being infected.

Two weeks ago, we ran a story about a cross-platform virus. Like this one, it didn't really exist in the wild. Like this one, it was mainly a PR ploy (by Symantec, in that case). But we thought it had at least some minimal technical interest as a bit of code that would run under Windows or Linux.

McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against. To get maximum coverage, your new virus needs to do something unique or different -- make your computer turn green, or infect something previously uninfectable, or whatever it might be. Compare this to Klez, a very basic virus similar in most ways to viruses that have gone before, which is still out there looting and pillaging tens of thousands of computers every day, but isn't ideal for AV vendors because they don't have a monopoly on the cure.

The press is catching on, to some tiny extent at least, that most virus alerts are fictitious and just designed to drum up business for the vendors. But it's far easier to repurpose a vendor's press release and call it a story than to dig into real threats that exist on the Internet, and the causes of those threats. Today, like last year and the year before and five years ago, there are major email-borne virus threats out there. (There are still old-school viruses out there too, transmitted by sneaker-net or by downloading suspicious software, but email is clearly the way to go for the discriminating virus creator.) All the real email virus threats share a few distinguishing characteristics:

  • They only affect Microsoft Windows. If you aren't running Windows, you are safe.
  • They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
  • They auto-execute in Microsoft Outlook or Outlook Express. Microsoft has finally made some progress, after many years, in reducing the vulnerability of their flagship email programs. So if you have a recent or fully-updated version of these programs, you may not be as vulnerable as people running older versions. Nevertheless, this was (and still is, since so many people don't have recent or fully-updated versions) a primary vector.

And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.

McAfee, and Symantec, and everyone else involved in the anti-virus FUD business: lay off. I mean that literally, as in, "Lay off the people you employ for the purpose of drumming up new virus threats." Lay off the public relations people you employ to say things like, "We may have to rethink about distributing JPGs." Lay off the BS. There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook, and haven't received the half-hour training course necessary to avoid viruses. You can market to them based on your fast responses to real virus threats - you don't need to manufacture any more.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

787 comments

Cowboy Spears (-1)

Big Dogs Cock (539391) | more than 11 years ago | (#3700808)

Yeah yeah yeah yeah yeah yeah
Yeah yeah yeah yeah yeah yeah

I think I did it again
I made you bleed with rough anal sex
Oh baby
I'm hardly hung like a horse
But it doesn't mean that I'm serious
'Cause to lose all my faeces
That is just so typically me
Oh baby, baby

:Chorus:
Oops!...I did it again
I came in your ass, got lost in the game
Oh baby, baby
Oops!...You think I'm in love
That I'm sent from above
I'm not that Kathleen Fent

You see my problem is this
I'm dreaming away
Wishing that Hemos, was drinking my piss
I cry, watching the gays
Can't you see I'm a faggot in so many ways
But to lose all my share price
That is just so typically me
Baby, oh


:Chorus:
Oops!...I did it again
I played with your penis, got lost in the game
Oh baby, baby
Oops!...You think I'm in love
That I'm sent from above
I'm not that Kathleen Fent

Yeah yeah yeah yeah yeah yeah
Yeah yeah yeah yeah yeah yeah


Re:Cowboy Spears (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3700996)

Yeah yeah yeah yeah yeah yeah
Yeah yeah yeah yeah yeah yeah

I think I did it again
I got it stuck in the toaster oven
Oh baby
I'm hung like a mouse
But it doesn't mean that I'm serious
'Cause to lose all my pubes
That is just so typically me
Oh baby, baby

:Chorus:
Oops!...I did it again
I am an ass, got lost in the game
Oh baby, baby
Oops!...You think I'm in love
That I'm sent from above
I'm Fat Dog's not so Big Cock

You see my problem is this
I'm dreaming away
Wishing that I, was drinking my piss
I cry, watching my life
Can't you see I suck in so many ways
But to lose my nads in such an awful way
That is just so typically me
Baby, oh

:Chorus:
Oops!...I did it again
I am an ass, got lost in the game
Oh baby, baby
Oops!...You think I'm in love
That I'm sent from above
I'm Fat Dog's not so Big Cock

Yeah yeah yeah yeah yeah yeah
Yeah yeah yeah yeah yeah yeah

-----------

Yes, I'm rising to the bait. Go back to letting your mum wipe you.

fp? :o (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3700813)

Could it be? No?

Simple Virus Protection Schemes (1, Funny)

ThrasherTT (87841) | more than 11 years ago | (#3700823)

1) Stop doing stupid things that can cause you to get infected!
2) Trust no one!
3) Throw your computer out the window!

Re:Simple Virus Protection Schemes (5, Funny)

GreatErdrick (528207) | more than 11 years ago | (#3700921)

3) Throw your computer out the window!

I would rather throw out Windows out of the computer...

Outrageous (-1)

PhysicsGenius (565228) | more than 11 years ago | (#3700831)

This kind of behavior is absolutely atrocious and I simply won't stand for it. I think the only solution is to let these companies know how we feel about their unscrupulous practices. Perhaps a boycott is in order. I'll certainly be writing a letter to my congressman to ask him to drop everything and immediately investigate virus manufacturers deceitful practices. This is easily the most important issue facing America today.

Re:Outrageous (0)

Anonymous Coward | more than 11 years ago | (#3700903)

Tone it down a little and the 'bots will reply...you're too obvious with this one.

You mean . . . (3, Funny)

vegetablespork (575101) | more than 11 years ago | (#3700832)

. . . that all this time, the satire about the virus development divisions of anti-virus software companies actually contained a kernel of truth? Who woulda thunk it?

Re:You mean . . . (1)

mike77 (519751) | more than 11 years ago | (#3700999)

ok, vegetablespork, the always say there's a kernel of truth to most things, so I GOTTA know about your sig!

Darn... and I just updated my anti-virus software (5, Insightful)

eaddict (148006) | more than 11 years ago | (#3700833)

I use AVG from Grisoft [grisoft.com] and just updated the signature file. I am SOOooo glad I use a freeware/shareware product that keeps up with REAL virus and not marketing. As they say here in the U.S. "There ought to be a law..."

Re:Darn... and I just updated my anti-virus softwa (0)

Anonymous Coward | more than 11 years ago | (#3700936)

thanks for the plug Its not like the AV companies hyping this up haven't added protection for it too. That was the whole point for hyping it in the beginning.

How Linux Can Defeat Micro$oft (-1)

egg troll (515396) | more than 11 years ago | (#3700837)

Hi,

I've always used Windowz and I consider myself an exceptional Visual
Basic programmer, so I know computers pretty good. In fact I got an A-
in my programming class last term. But I'm a little wary of how much
power Microsoft has in the computer field. Many of my friends use
RedHat and I've recently installed it on my machine at home. Although
I haven't had as much chance to play with it as I'd like, I've been
greatly impressed.

This weekend I gave some thoughts to the things that are wrong with
Linux. I hope no one minds having some flaws pointed out. I'd like to
help make RedHat stronger so it can conquer MS. Hopefully RedHat will
hear this (crossing fingers) and address these. I think with a little
effort, RedHat's Linux can defeat Microsoft's Windows! :)

To begin with, there are too many different flavors of RedHat.
Browsing a list on Amazon, I saw they made varients under the
codenames of Mandrake, Debian and Slackware, just to name a few. I
know that I'm very new to RedHat so maybe this is obvious but it seems
like RedHat should just sell a few different flavors of its operating
system. Perhaps one for the desktop and one for a server? Could
someone explain why RedHat produces dozens of different versions of
Linux?

Secondly did you know that anyone can view the source code to Linux! I
think that RedHat shouldn't make its code available. After all, what
keeps Microsoft from stealing RedHat's ideas and putting it into
Windows? My friend says that FreeBSD stole the TCP/IP stack from DOS a
long time ago and Microsoft is always looking for revenge for that.
Plus it seems to me like RedHat is just giving away its ideas for
free. And what keeps hackers or terrorists from tampering with the
code and putting a virus in every computer?

On a related note, why doesn't RedHat write Linux in assembly? My
friend says that's what Microsoft does for Windows, and that's why
Windows is faster and more stable than Linux.

Next RedHat definitely should kill -9 (ha, ha!) the command line.
Microsoft finally gave up DOS when Windows 2000 came out. I'm suprised
that RedHat hasn't migrated away from...whatever its version of DOS is
called (Bash, I think?) But maybe this is planned for a future
release?

Finally Linux needs games! RedHat will never be successful in the home
without games. They should also tell M$ to release a version of Office
for Linux too. And Internet Explorer!

Have a nice day! Go Linux!!

The police (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#3700840)

do it all the time, warning you against criminals! But there are no criminals, are there! its all a big joke!

I think I've heard this before.... (-1, Flamebait)

MattCohn.com (555899) | more than 11 years ago | (#3700843)

In a simmiler story, Microsoft embeds thousands of back doors and security vunaribilities into their operating systems...

Fix the Link (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3700845)

Click on "Read More" and this is what you get:

The requested URL (articles/02/06/14/1343223.shtml?tid=166) was not found.

Linux. My anti-virus. (1)

sirinek (41507) | more than 11 years ago | (#3700846)

Simple, dont run Windows. Now I'm certainly not so naive to think that you are 100% safe on Linux/*BSD but you are certainly far more sheltered from the types of virii that affect your average Microsoft OS.

siri

Re:Linux. My anti-virus. (4, Insightful)

sehryan (412731) | more than 11 years ago | (#3700907)

Intelligence is my anti-virus. I have been running Windows for a long time now, and have never been infected with a virus. Why? Because I am careful about what I allow to run on my computer. Linux or Windows, it doesn't matter. If you don't have some common sense, you are going to get burned.

Re:Linux. My anti-virus. (1)

Dunkalis (566394) | more than 11 years ago | (#3700983)

I don't really run an anti-virus, since I do know what to avoid. But if your user is a multi-user machine(not OS), its particularly bad. My mom had infected our system once by opening an attachment. It was opened in NS4 Mail, by the way, not Outlook. I have a virus-scanner, its just that I'm to lazy to install it. Viruses effect those who aren't careful. Not those who don't have anti-virus software.

Re:Linux. My anti-virus. (-1)

Jon Katz on Tuesday (578508) | more than 11 years ago | (#3700923)

That is simply a lie. I am an expert in the Anti-Virus community and I know for a fact that people are planning virii that will be able to take control of your Linux/*BSD machine easier and spread faster than anything we have seen in Windows.

I works by infecting the kmem section of the kernel code and changing registers to make the operating system think you are the root user. At this point it installs itself in several places. It speads to other Linux machines due to a bug in the kernel. I hope this doesn't harm Linux being taken up as a Desktop OS.

LINUX. MY ANTI-PRODUCTIVITY TOOL. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3700946)

n/t

Re:Linux. My anti-virus. (1, Troll)

yatest5 (455123) | more than 11 years ago | (#3700954)

Simple, dont run Windows.

There are no virii on Linux, because (relatively) no-one uses it. Your solution: everyone should use it. Nice one.

Sometimes, (1)

labratuk (204918) | more than 11 years ago | (#3700850)

In my more paranoid moments, I wonder to what extent antivirus companies are writing virisues themselves.

Re:Sometimes, (2)

00_NOP (559413) | more than 11 years ago | (#3700915)

Or maybe they are being written by Linux fanatics :->.

Seriously, the rise of Unix-like OSes, a full ten years after they were supposed to be dead (Byte, July 1992, anyone else remember? - be a good slashdot posting now the anniversary is coming up) must be a real threat. I am sure we can expect to see lots more FUD-enducing "cross platform" nonsense shortly.

First Hug A Root Post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3700851)

You will hug a root today!

or the root will die!

do you want the root to die?

Please, hug a root today!

Malicious Code In Pictures? (5, Funny)

spudwiser (124577) | more than 11 years ago | (#3700852)

I guess I better not scan in my poster of the kernal tree rendered as Tux. Thanks, thinkgeek!

Nothing left to say ... (0)

Anonymous Coward | more than 11 years ago | (#3700859)

... the writeup covered it all.

Blah (-1, Flamebait)

Your_Mom (94238) | more than 11 years ago | (#3700861)

And we know that Michael is an /expert/ on Anti-Virus and Virii, so we should hail his words as gospel.

How is this News for Nerds or Stuff tha tMatters? I don't read Slashdot for Rants.

Michael == Katz + 'edge'?? (1)

RocketJeff (46275) | more than 11 years ago | (#3700863)

From this 'article' it seems that Michael is stepping into Katz shoes. The only difference is that Michael seems to have a bit more of an 'edginess' about him (Katz seems more laid-back).

Add this to his add-on editorial for Warcraft III - is he trying to get a payraise for upping the number of hits to /.?

Good article, good idea (4, Interesting)

mpweasel (539631) | more than 11 years ago | (#3700864)

Attention, AV companies:

You could make some money offering training classes on how to avoid common viruses.

Aren't there laws (3, Insightful)

Black Aardvark House (541204) | more than 11 years ago | (#3700865)

Against misinformation the public via the news channels? I understand they want business, but using FUD techniques will only backfire and cause major distrust among the public.

Would you want to use a product from an entity you don't quite trust?

Well spoken (2)

zaren (204877) | more than 11 years ago | (#3700867)

When I first heard about this yesterday, I was thinking "So what? This is the same kind of Windows&Outlook-only virus problem that's been painfully well documented and explained". I saw no point in the FUD coming from the anti-virus people. Good to see someone else makes those observations, and in such a public forum.

-----
Apple hardware still too expensive for you? How about a raffle ticket [macraffle.com] ?

Key points for Windows/Outlook users (5, Insightful)

Peyna (14792) | more than 11 years ago | (#3700869)

It's pretty simple to stay safe, and I have repeated this many many times to customers when I worked at an ISP. If you are using Windows or Outlook, do not open an attachment if you don't know what it is. It's very simple. I don't care if it says "This is very important, Bob and you must open this now." Unless you know specifically what it is and you were expecting it, don't open it. There is no need to, and you aren't going to miss out on much.

Of course, in the case of stupid users, there are some steps you can take on the server side to filter some viruses, but it's not perfect. In the end, patch Outlook, and educate your users. You could probably pretty easily drop any potentially executable attachments before they even got to Outlook (which drops many of them on its own).

The next thing you know... (0)

Anonymous Coward | more than 11 years ago | (#3700871)

...they'll be telling us that there's an airborne computer virus, and you'll have to get their new filter for your cpu fan. and we'll continue to go 'uh-huh.'

wrong assumption... (2, Insightful)

iramkumar (199433) | more than 11 years ago | (#3700873)

They only affect Microsoft Windows. If you aren't running Windows, you are safe...

No you are not. Its not what fscking OS you are running, it about what OS and applications are running on the system to which you gave your credit card number and your SSN. Its about what OS your company runs to store the employee databases. You can hide your head in sand and pretend that you are safe ofcourse..

Re:wrong assumption... (1, Funny)

Anonymous Coward | more than 11 years ago | (#3700918)

Because as everybody knows, giving out you SSN and credit card numbers is the number one cause of computer viruses.

Re:wrong assumption... (2)

sofar (317980) | more than 11 years ago | (#3700964)

you are safe...



From the most common virus threats these companies can can protect you against.



Reading between the lines isn't all that hard you know!

No big surprise (1)

delphin42 (556929) | more than 11 years ago | (#3700877)

You mean I have to be an idiot to get infected by a virus? I already knew that. Don't open strange attachments, and wear a condom.

Get With the Program! (5, Funny)

Sloppy (14984) | more than 11 years ago | (#3700880)

JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed.

Shows what you know. You Linux lusers don't even have Microsoft ActiveJPEG Technology yet?!?

Re:Get With the Program! (0)

Anonymous Coward | more than 11 years ago | (#3700951)

Carefull, don't give microsoft any dumb Ideas

Is AV software really necessary? (2)

teslatug (543527) | more than 11 years ago | (#3700881)

I am sure I can prevent my computer from being infected just by using common sense (don't open unexpected attachments, download only from trustworthy sites, etc). Even if I did get infected, I could just re-ghost my drive and be done with it. Sure I have to make current ghost images, but I do that anyway and storage is cheap these days. On the up side, I don't have to take the performance hit of running AV software, and I don't have to deal with constant updates.

Virus Authors? (2)

Caradoc (15903) | more than 11 years ago | (#3700882)

A friend of mine who's into conspiracy theories thinks that the anti-virus companies like McAfee also have people writing the viruses - so they can sell "subscriptions" to keep the definitions updated.

I'm reserving judgement on that one until a virus is actually tracked back to an author who's affiliated with an anti-virus company.

But I *do* wish they cut out the FUD. It's bad enough getting my weekly dose of "Delete jdbgmgr.exe from your system! It's a virus!" from my friends and relatives, who then get dutifully pointed to www.snopes.com to read "Inboxer Rebellion," without having people who supposedly know better promoting the same kind of crap.

Ante Virus (0)

jeanicinq (535767) | more than 11 years ago | (#3700885)

How many years have gone by with the wonder of differences between antivirus software and ante virus software. Most individuals tend to speak broken English and the ante virus lingers from such laziness. Such is terrible.

bah (4, Insightful)

ceejayoz (567949) | more than 11 years ago | (#3700888)

I'm running Windows and Outlook, and I haven't been infected with a virus yet. It's just common sense... "MY WIFE NUDE.JPG.exe" probably isn't something I want to open. The real anti-virus software is common sense, but there don't seem to be many available copies out there. :-/

Re:bah (1, Funny)

Anonymous Coward | more than 11 years ago | (#3700989)

"MY WIFE NUDE.JPG.exe" probably isn't something I want to open.

Speak for yourself. And send me a copy of it, too, please!

well.... (4, Insightful)

jeffy124 (453342) | more than 11 years ago | (#3700889)

say an attacker knows you use a certain program to view JPEGs, or other data/multimedia files. This attacker knows that certain program contains a buffer overflow, and how to exploit it. The attacker can assemble a specially formed file that exploits the overflow and opens a backdoor on your machine, granting himself some level of access to your computer (most likely user level access). Combined with knowledge of a local root hole, the attacker now has root access to your machine (ie, he 0wns j00). The attacker delivers this specially formed file to you in some manner (email, webpage, etc).

Suddenly, this "data" file is now containing a virus, isnt it?

Re:well.... (3, Informative)

freuddot (162409) | more than 11 years ago | (#3700945)

No. For one simple reason :

JPEG format is so fucking complicated that everyone uses libjpeg. And guess what ? There's no buffer overflow in libjpeg.

This is the reason there never is any question when importing/exporting JPG (compared to TGA/TIFF/BMP) about compatibility.

Re:well.... (2)

Peyna (14792) | more than 11 years ago | (#3700952)

I would bet that most people using windows XP using MS Picture Viewer or whatever to view them. Especially since I think that is what it uses to preview them. It would be interesting to see if that is exploitable in some way.

I heard this on the news last, I figured the virus just went around deleting *.jpg or corrupting them, not really 'infecting' them.

Goatse (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3700890)

I would consider the Goatse picture to be an information virus, and if McAfee can innoculate against it, more power to them.

Virus programs are worse than the virus (4, Informative)

Capt_Troy (60831) | more than 11 years ago | (#3700893)

Someone should make a special program to detect and turn off Virus programs! I get a lot of calls from family members complaining about their slow computers, I check it out and they have the defacto McAfee install which checks all email, boot sector and floppy on boot, and (the worst one) EVERY exe before it starts. This causes a horrible delay everytime you do anything! I refuse to install any AV software on my computer simply because I am not stupid enough to open any of these files, and I consider the AV software itself to be a performance affecting Virus.

I'm a Visual Basic Programmer with a CS degree... (-1)

Jon Katz on Tuesday (578508) | more than 11 years ago | (#3700895)

I like to think I know computers well. I've been programming for a long time. I've used all the programming languages out there and prefer Pascal or Visual Basic. I like these because not only are they easy to write secure and fast code, they allow me to live my life the way I want. I was recently hired for my skills of computer management. When I started at my new company they were all using Linux because it was free. I told them I don't work in a Linux environment because I choose not to bat for the wrong team. So after I got approval from the president of the company I went on IRC and downloaded a CD rip of Windows 2000 Professional edition and Windows 2000 Advanced Server. I deployed the server first. One thing people did notice is that we no longer have all the downtime we used to have.

Just yesterday, I unstalled Linux from all the computers at work - and the strangest thing happened...the office is smelling a lot better today? I posted this information to a newsgroup this morning and it mentioned that most Linux users are dirty smelly hippies who don't shower. I guess this morning they all decided to shower - it is very pleasant here now.

I also noticed that about 4 times as many bugs are being completed by our programming staff. I assume this is because of the extra productivity Windows 2000 affords us. Instead of fumbling around with source codes/etc just to play an mp3 or open a file - they are doing their jobs. This is a good day for Microsoft and their NT Technology.

Does anyone know when these Linux hippies with finally go away for good? I don't know what the IT people before me were thinking installing Linux. If you just look at the stock for it's creator LNUX, you'll see a sad tale over the last year or so. Millions lost - and that's just in investments. This doesn't even account for all the productivity lost by using Linux and the fact that you need a Haz-Mat crew to clean an office after a linux hippie was using it.

So - in closing - today is happy Linux is gone day!

Creating Business (0)

Anonymous Coward | more than 11 years ago | (#3700896)

How soon till it's not limited to FUD in order to create business? How soon till (or perhaps it has already happened) AV vendors channel money to unscrupulous people to write/release viruses?

Everything was going just fine.. (1)

banuaba (308937) | more than 11 years ago | (#3700897)

until this line: "There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook..."

This article was nice. It was well balanced. It looked like old mikey-boy had actually done some research. It seemed as if it had been spell-checked. Why throw in the Microsoft dig like that? It throws the credibility of the entire article out the window.

The slashdot crew should hire a decent editor. Or even a bad one, for chrissake.

The Kid (2, Insightful)

Wierd Willy (161814) | more than 11 years ago | (#3700898)

There was a Charlie Chaplin movie, silent, made in 1926? that was about a glazier(Charlie) who needed to drum up some business, so he employed a small boy to run around town, breaking windows. The victims of this nefarious window breaking were then offered "discounts" if they purchased charlies services. Odd, how history seems to repeat itself....

Same old story (1)

Mr. Eff (148641) | more than 11 years ago | (#3700899)

This isn't surprising from the virus protection companies. There have been persistent rumors from years ago where anti-virus programmers released virii into the wild to help enhance their job security. I don't know if there is any verifiable evidence of this, but as this article mentions there is PLENTY of incentive for the anti-virus folks to create threats, both real and make-belive.

Anti-Virus software is a virus (1, Interesting)

Anonymous Coward | more than 11 years ago | (#3700900)

IMHO anti-virus software is a virus in itself. I have spent more time trying to install/uninstall anti-virus software than fixing a virus infection.

Most gnarly viruses anti-virus software cannot catch anyway.

Yes, it might be crap. (0, Redundant)

brain-in-a-box (168001) | more than 11 years ago | (#3700906)

But beware !
Everybody made jokes about the "good times" virus hoax.
But then there was Melissa.
Ok. It worked little differently but in essence it proved that you can spread viruses via email.

Re:Yes, it might be crap. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3700950)

hey everybody, I'm looking at PORN!

good line (0)

Anonymous Coward | more than 11 years ago | (#3700910)

"As with any computer threat, the best way to protect a computer is to have updated antivirus software."
Funny tho, no mention of al qaeda

If you aren't running Windows, you are safe... (2)

br4dh4x0r (137273) | more than 11 years ago | (#3700913)

... unless you're using a Mac. Oops.

Not Windows = Linux, right?

Re:If you aren't running Windows, you are safe... (2, Interesting)

lonely (32990) | more than 11 years ago | (#3700997)

Okay, it is a slow day so I will bite.

As of now there are zero, I mean 0 known virus threats for MacOS X. According to my antivirus software that I bought for my new mac. What a mug I felt.

Even for Mac OS 9 there are very few viruses.

Fist Sp0rk! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3700914)

Well I was just rubbing some hot grits into my bits to sooth them after a marathon sesh with Anal Cox when I spotted this FESTERING SHITE of a post.

Please refrane from posting such anal discharge in future and get back to buggering Timmay!

Doesnt this sound a little like Homeland Security (0)

Anonymous Coward | more than 11 years ago | (#3700916)

I think the Government, or is that the shadow government, you know the one set up by Bush after Sept 11, the one he did not tell congress about, yes that one. I think the same marketing is being used and will be being used. What was the next step.. oh yes newspeak..

It's entirely possible that such an exploit exists (2, Insightful)

Tribbles (218927) | more than 11 years ago | (#3700920)

Just because an image file consists of data, if a poorly designed decoder has been written, then if the data is corrupted, you could end up spewing data over stack or even main memory.

If you had some control over what data is written, then you could get the decoder to write out what amounts to a virus, and then get the decoder to execute it (by trashing the stack).

I won't use JPEG as an example, but some lossless compression, such as GIF. Instead of having the image compressed, you could have your program compressed. Decompressing the data would effectively copy the code into some memory location. The difficult bit would be getting the decoder to actually execute it.

Don't forget that such a virus doesn't actually need to spread itself in images; it could be a simple bootstrap loader in the images that downloads a larger virus with its own payloads.

No let's not take them on... (2, Interesting)

Sheik Yerboutii (197867) | more than 11 years ago | (#3700928)

For the average computer user a virus is an
abstraction. Virus companies must PROMOTE
thier product for the good of everyone.

These companies make money by making sure you don't notice any interruption in the use of your computer.

Think, If the average computer user never noticed an interuption wouldn't they one day say "why am i spending this much on an anti virus package that dosen't do anything for me"

Any computer that has a virus can potentially be part of a DoS attack. all of a sudden you're not only losing money on the customers that don't have anti virus packages but on those that get hit by DoS attacks (despite having anti-virus SW)

it is in ALL of our best interests that everyone has an anti virus package. and it is a RESPONSIBILITY of these companies to make sure that they promote knowledge of how much dammage a virus can do.

if symmantec et al. make money in the process SFW ... we need them ... more than you realize

FUD mightn't be all bad (1)

walkern (235600) | more than 11 years ago | (#3700929)

You don't deny that viruses are indeed raping and pillaging peoples machines - and there is a part to be played by AV-company-sponsored warnings. My own experience of this is that my Mum, whose knowledge of computers is small, asked me if they had an up to date virus scanner on their PC.

There is no way that she would have asked this if she hadn't been subjected to popular media stories about viruses, and there is no way that popular media stories are going to be written without the FUD from the AV companies.

It's a necessary evil, and it annoys those in the know but in the end the more people are aware of the threats, the more people will get protected.

Irony (1, Insightful)

jasoncart (573937) | more than 11 years ago | (#3700930)

I find it interesting how MS haters use virus news in a similar way to the virus companies.

If you aren't running Windows, you are safe
If you don't run Outlook, you're safe

Ironic seeing as the author is blasting the AV companies for using the news to push propaganda.

Should almost all home users use another email client or OS I am sure that virus writers would target that, probably with similar results.

One little quibble (3, Insightful)

burgburgburg (574866) | more than 11 years ago | (#3700934)

I agree wholehardedly with about 99% of the article (I also saw the JPEG thing and thought it ridiculous and hilarious, in a dark and depressing way).

One statement of yours needs modification:

They only affect Microsoft Windows. If you aren't running Windows, you are safe.

There have been macro viruses which have inadvertently worked on the Mac versions of Word and Excel. I would correct the statement to:

They only affect Microsoft products, primarily Windows. If you aren't running Windows, you are almost entirely safe.

Probably gonna regret this but... (1)

Boss, Pointy Haired (537010) | more than 11 years ago | (#3700937)

I've never run any kind of virus checking and in nearly 12 years all I suffered was a small outbreak of FORM whilst at Uni a few years ago.

I download all sorts of things, but I always think before I click. I look at the URL's, check I'm not being redirected - stuff like that, and simply don't bother running those Christmas Card .exe things that get sent about.

Even spammers are catching on (5, Funny)

artemis67 (93453) | more than 11 years ago | (#3700939)

Check out this spam email a bunch of people in my office got yesterday:

-=-=-=-=-
Return-Path: postmaster@salisbury.net
Received: from salisbury.net (12.152.4.9) by myoffice.com with ESMTP (Eudora
Internet Mail Server 3.0.3); Wed, 12 Jun 2002 23:08:21 -0400
Date: Wed, 12 Jun 2002 23:09:46 -0400
Message-Id: 200206122309.AA2564817116@salisbury.net
Mime-Vers ion: 1.0
Content-Type: text/plain; charset=us-ascii
From: "postmaster " postmaster@salisbury.net
Reply-To: postmaster@salisbury.net
To: people in my office
Subject: WARNING: YOU WERE SENT A VIRUS
X-Mailer:
X-Mozilla-Status2: 00000000

On 06/12/2002 at 23:09:45 Our special virus software on our servers at salisbury.net
reported that your were sent an Email Virus containing the Unknown Virus in the Unknown File attachment.
The subject of the E-mail was "L Specifies the length". The E-mail containing the virus from kbndl@salisbury.net has been quarantined on our servers to prevent further damage. The virus never made it to your mailbox. (emphasis mine)

Internet Of Salisbury, Inc. provides this service free to our customers while other providers charge
a monthly fee. Though this software should catch up to 99 percent of viruses, a new virus could make it in.
If you are not running Anti-Virus software you should ASAP!

Please Contact N-Techsolutions @ 704-638-2422 or visit their website at:
http://www.n-techsolutions.com Look for the Norton Anti Virus Special!
(emphasis mine)

Please do not call Internet Of Salisbury, Inc.
-=-=-=-=-

Not that there was ever any question about sleazy spammers being out there, but this one takes the cake.

Ever heard of a buffer overflow? (5, Insightful)

autopr0n (534291) | more than 11 years ago | (#3700940)

Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code

No, and HTML readers don't download HTML with an expectation to run the code natively, but it can happen thanks to bugs in IE.

Just like Outlook, the program you deride for its ubiquity, a huge, huge number of jpegs are viewed through the Microsoft libraries. If a hole was discovered in that library, it could be used as a vector for viruses.

The truth of the matter is that if you run windows, there is a real risk of getting a virus from things other then just running .exe files. In windows 98/2k you can be infected simply by clicking on a file once (because of the little preview window thing). Holes in Word, outlook, IE, IIS, and even windows explorer have made things completely ridiculous.

Also, Your list of things not to do to catch a virus reminds me like avoiding pregnancy via the 'pull out' method. Sure it might improve your chances, but it won't 'protect' you in any real sense.

I don't think viruses on Linux have any real future, due to the fact that the most obvious holes would get fixed quickly, but if you run windows you really should get some Anti virus software.

McAfee has been doing this since '93 (4, Insightful)

phsolide (584661) | more than 11 years ago | (#3700942)

It's been more-or-less common knowledge that McAfee has done this since the Michelangelo scare [vmyths.com] in 1993.

I recommend going to vmyths.com to read their "rantings" section.

Let me predict that about 50% of the replies in this thread will consist of arguments like "Well even if we did get rid of MSFT products we'd still have a virus problem: look at staoG or Bliss or Ramen or the '88 Internet worm."

Those replies are guilty of a flaw called The Excluded Middle where one argues that a situation that in reality has a spectrum of situations only has the 2 extreme cases. In this case the replies will say that even Linux has viruses and worms (true and probably inescapable for a Turing-complete computer) so doing away with the source of 99.44% of viruses and worms won't solve the problem.

Of course this is crap. I'm still getting hits from Code Red I v2 nearly 10 months after it was released. When was the last time you got a sadmind/IIS hit? The problem isn't to eliminate 100% of all worms chainmails and viruses the problem is to keep worms chainmails and viruses from ramping up the exponential part of the logistics curve.

Wrong Target? (1)

sgtsanity (568914) | more than 11 years ago | (#3700944)

The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors.

Oh, until that last sentence there, I thought you were going to talk about John Ashcroft and the Bush Administration.

Years ago - early 90s (3, Interesting)

hottoh (540941) | more than 11 years ago | (#3700948)

Years ago - early 90s, the AV vendors had cash 'awards' for new virus discoveries.

Therefore, this story is not a big surprise.

404? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3700953)

I get a 404 when I click Read More.... but when I click 6379 bytes in story I got the story at least..... Can I get a fix please?

Wait a minute... (0, Flamebait)

Tyrone Slothrop (522703) | more than 11 years ago | (#3700956)

If anti-virus companies can overstate problems and spread fear inducing hoaxes, could OUR GOVERNMENT do the same????

Naaaaaaaaaaaaaaaaah

Dont forget... (1)

Zibu (200971) | more than 11 years ago | (#3700958)

20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear.

Does it include the FBI, the CIA, the Govt?

And Yet... (1)

Phil Gregory (1042) | more than 11 years ago | (#3700961)

Sigh. If anti-virus companies truly are casting about for problems to hype, they should use some of the ones actually around and causing problems for people. Klez comes to mind. I know I'd be a bit happier if people didn't keep sending me Klez emails. Raising awareness of the thing would be a good step toward convincing people to use some anti-virus software so their computers would stop bothering me.

Yep, it's a selfish argument. It's still true.


--Phil (And don't get me started on Nimda.)

An email virus usually... (1)

kasparov (105041) | more than 11 years ago | (#3700966)

All the real email virus threats share a few distinguishing characteristics:
...
# They're usually transmitted by email.

In related news, redundancy is usually redundant.

The profit model for Anti-Virus software requires (5, Insightful)

neo (4625) | more than 11 years ago | (#3700968)


a steady stream of new threats. There was another model for anti-virus
software. One that didn't have a patch model, but it was ignored because
profit driven companies require "revenue streams".

Rather than having a program that removes a virus from your system after
you've been infected or which requires an "inoculation" to recognize
viruses, the other system looks at program activities.

The actions taken by a virus are painfully obvious when you look at them
from a macro point of view (no pun intended). While not a trivial coding
task, it's possible to monitor for these types of action and freeze a
program that would take them. More over, with an ample supply of ram and
CPU, new programs could be tested in a "Safe Zone" the first time they are
run, ensuring that problem programs would be caught in the act.

Unfortunately this type of protection doesn't require incremental upgrades
from Anti-Virus companies and so we're stuck with something that can make
profits rather than something that works pro-actively. Thus is the basic
flaw of capitalism.

there was a bug in netscape.... (3, Informative)

Chaostrophy (925) | more than 11 years ago | (#3700969)

That let really large comments in the jpeg overflow a buffer, and so that means you could write an exploit. You want to bet that some common MS products don't have a similar bug?

Go do a google search, it returns plenty about it.

Klez owns (4, Interesting)

dlur (518696) | more than 11 years ago | (#3700970)

I'm lead tech at a small computer store. The massive onslaught of Klez in the wild makes us techs more money per day than a good, strong lightning storm will in a week with modem replacements. People in the general public that aren't in the "know" on computers are deathly afraid of viruses, and generally have no idea how to protect themselves.

Most of the John Q Publics out there buy a cheap computer from *.mart that has MS Windows pre-loaded on it that has virus protection software that will expire in 3 months, or require the end user to manually update the definitions. Most of them have no idea that their protection will run out, or that they need to update their software in order to keep it up to date and protecting them from the latest greatest virus.

So these folks turn to their cousin's brother who knows a bit about computers, and ends up screwing the computer up worse, or finds that they are unable to remove the virus from the computer. That's when they turn to us, and other techs. And they're generally willing to pay good money to get rid of the virus, have up to date protection that actually works installed, and be shown how to keep it up to date for a very long period of time, not to mention given a quick tutorial on what to open in their email and what to delete immediately.

In a perfect world un-educated folk wouldn't be given the option to purchase un-educated software, but until that time comes they need to rely on people that do know something about computers, and on software that can help protect them from their own lack of knowledge.

I agree!!! (1)

Mysticalfruit (533341) | more than 11 years ago | (#3700979)

Being an SA of both Unix and NT servers, and having to sit through negotiations with a certain large anti-virus company who's name we shall not name... They hype it up like your going to walk into your lab and find that your machines have metamorphosed into kobolds and are attacking en-masse.

This is the danger of being a publiclly traded company... you need to make the numbers, no matter what. I wouldn't be suprised if they didn't have a skunk words devision who's whole job is just dreaming this stuff up. What's next, an mp3 infector???

<whine>
I submitted this story twice and got it rejected twice, just to see micheal post it... Thanks...
</whine>

attention trolls (-1, Troll)

Anonymous Coward | more than 11 years ago | (#3700982)

please post more adult stories. they help make work go by much faster. except when i need to get up from my desk and i've got a boner. then we run into some problems.

unngh! unngh! must... stop... thinking about... filling cmdrtaco with my hot load... unnghhh!

Corporate and Media Irresponsibility (2)

wulfhere (94308) | more than 11 years ago | (#3700987)

Things like this are what happen when the news media are owned by giant corporations. They do not care about truly informing the public, they care about selling papers, ads, etc. And what's the best way to do that? Scary headlines.

50% of the news nowadays is reprinted press releases from companies. There should be some kind of accountability, both for the misleading/false statements coming out of these corporations, and for the idiot reporter that took this "news release" off the fax and submitted it for print without any kind of fact checking.

-Just my $.02
Wulfhere

Ok Ok... (2)

powerlinekid (442532) | more than 11 years ago | (#3700993)

I'm just gonna start ranting and hopefully a point will come out of this somehow ;). Anyway, who cares? Seriously... I haven't had a virus since I was 15 or so and know better now. If this "marketing hype" is to just sell virus scanners but scares the public into being more secure then thats fine with me. Potentially means less code red in my logfiles and less klez complaints to deal with. Look, yeah hyping something up thats bad so you can sell a cure sucks and is rather unethical, but the vast majority of computer users have no clue on why they get virus's besides some vague knowledge that it has to do with the internet. So, again... whatever. Calm down. Take some deep breaths. Do some pushups. Go conspire about something that matters. Now some additional things because well goddamn it, this is my post and I'll say what I want and you'll listen. Please spare the +5 funny "what virus? i use linux" and "windows, by definiton it is a virus" post. Please Please Please. Please follow the directions I gave above before posting them. As for linux and virus... soon my pretty... you will have your virus. Yeah yeah, root blah... blah... doesn't mean your home directory can't get wiped and doesn't mean some sad bastards out there don't run linux in root. Anyway I'd like to close this with a little simpson's quote:

Actually can't remember it, but it had something to do with flu shots and flanders and not believing in them and it was funny. Just trust me it had some relevance to all this.

Not entirely the case (3, Insightful)

OpenMind(tm) (129095) | more than 11 years ago | (#3700995)

If you have basic email skills, you're safe.

Unfortunatley, this is not entirely true. Quite a few of these viruses are happy to infect non email files once they get on a network via the email vector. We haven't seen many where I work, but we have seen a few that will infect various system files. Then, when a user logs into that system, the virus infected system will gleefully infect any exe's on the network that that user has write access to. Log into a machine like this as a domain administrator, and the chances of it getting to every machine on the network without them opening any email message is quite good.

Some of them will replace .jpg and mp3 files with dummy executables that Explorer will foolishly make look like the original files. So common MP3 shares and such make a pretty good vector for crossing the network, as well.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...