Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Vista Designed to Make Malware Easy

CmdrTaco posted more than 7 years ago | from the it-wasn't-that-hard-in-xp-either dept.

Microsoft 311

SlinkySausage writes "Trojan horses masquerading as 'cracks for Vista' are starting to appear on pirate boards. More worrying though, Microsoft has confirmed that Vista's image-based install process is designed to allow third-party software to be slipstreamed into the installation DVD. Great for corporate deployment of Vista with software pre-installed, but also a huge benefit for malware writers, who can distribute Vista images with deeply-rooted malware."

cancel ×

311 comments

Sorry! There are no comments related to the filter you selected.

So? (5, Insightful)

Nemetroid (883968) | more than 7 years ago | (#17090106)

Pirates risk getting malware with their downloaded Vista. Is this a problem?

Re:So? (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17090144)

Exactly. If someone pirates it and gets Malware, it's not really MS's problem. Their not obliged to help pirates keep safe from malware.

Re:So? (1)

ATMD (986401) | more than 7 years ago | (#17090496)

Except that people will see their computer not working properly, and blame Microsoft - especially if they bought a pirated Windows preloaded on their new machine.

Re:So? (5, Insightful)

6Yankee (597075) | more than 7 years ago | (#17090236)

Yes.

What about everyone else on the Internet who gets DDoSed or spammed by this malware? Last time I checked, I was on the Internet - for me, therefore, this is a problem.

Re:So? (4, Insightful)

orkysoft (93727) | more than 7 years ago | (#17090316)

It would be just as much a problem with any other piece of software, Microsoft Windows or not, pirated or not.

To recall the tired (tyred?) car analogy, it is a problem if people start driving cars that are dangerous to other drivers, due to unreliable breaks or parts falling off when driving at high speed.

ISPs need to be more proactive at disconnecting people who can't keep their computer clean.

Re:So? (-1)

Anonymous Coward | more than 7 years ago | (#17090906)

ISPs do their part by offering asymmetrical connections, for example 350 K/s down and 50 K/s up.

Here's a little homework question for you: Assume a hypothetical Internet where everyone has this kind of connection. Assume that EVERYONE BUT YOU IS ROOTED and is spewing 50 K/s of junk to others at random. How many K/s of junk do you expect to receive?

Answer: 50 K/s, leaving you 300 K/s down and 50 K/s up. See, that isn't very bad considering that we assumed everyone but you is rooted.

Re:So? (2, Informative)

sponga (739683) | more than 7 years ago | (#17090442)

Lets be real here and actually thinking that the pirates are usually the ones who know most about technology.
Most likely the pirates will be the ones who find out that they are infected and will try to fix it; compared to installing it on Mom's laptop and never bothering to fix it.

I think this is being blown out of proportion and a little exaggerated.

Re:So? (1)

John Hasler (414242) | more than 7 years ago | (#17090668)

> Most likely the pirates will be the ones who find out that they are infected
> and will try to fix it; compared to installing it on Mom's laptop and never
> bothering to fix it.

Most wannabe pirates know less than nothing about software and are quite likely to install "it" on Mom's laptop.

Ignoring the big picture (0, Flamebait)

Anonymous Coward | more than 7 years ago | (#17090554)

Ok, so malware can be slipstreamed into Vista. So what makes that different than having trojans, viruses, etc. inserted into Linux's source code and redistributed (which has actually happened)?

Slipstreaming isn't anything new. So it seems once again Slashdork comes up with some kind of tenuous nitpick which is infeasible in the real world.

Re:Ignoring the big picture (1)

TufelKinder (66342) | more than 7 years ago | (#17090654)

If you have left off your second paragraph and included
a source link about this happening, this would've been
a helpful and up-mod worthy post.

Re:Ignoring the big picture (4, Insightful)

Anonymous Coward | more than 7 years ago | (#17090672)

So what makes that different than having trojans, viruses, etc. inserted into Linux's source code and redistributed
The price. No one chooses a shady linux distro ($0) because the mainstream ones are also $0. Now when you have to choose between a shady Vista release ($0) and the official one ($xxx)...

Fixing botnetting is potentially easy (4, Insightful)

EmbeddedJanitor (597831) | more than 7 years ago | (#17090852)

These problems arise for three reasons:

1) People run insecure machines. 2) People leave computers on. 3) People leve them coennected to the internet.

Break any of these three links in the chain and you'll fix bot netting. (1) is impossible, given V1.00-beta humanity. But surely, (2) and (3) are pretty easy to achieve. For Joe Sixpack, there is no benefit in keeping a PC running 24/7, except that it helps contribute to the power bill and rolling blackouts.

Servers, of course, are a different matter but they are [hopefully] better administrated.

Re:So? (2, Insightful)

MagusSlurpy (592575) | more than 7 years ago | (#17090352)

Problem? I doubt it. Designed feature to limit piracy? You betcha.

Re:So? (1)

joshetc (955226) | more than 7 years ago | (#17090414)

I believe it is more like designed FUD to limit piracy. They figure if you are at too great a risk system-wise as a result of pirating people will simply not do it. The thing is that it really doesn't matter. Just about any pirated version of Windows could have crap hidden in it. Not to mention the fact that there is virtually no need to do this if Windows XP is any indicator. If they want to infect you they almost always will be able to infect you. Even if a select few gurus are too solid to be infected there is still 95%+ of the Windows world that has their system wide open.

Also look at it like this, unless they are making their malware completely undetectable it will barely matter anyway. Anyone pirating copies of Windows knows well enough to be able to tell something is wrong with their system (IE. traffic flowing in and out at great numbers when it shouldnt, low system resources avaiable, etc.) So the worst that will happen is a few dumb people will wind up losing all their precious new Vista install data.

Re:So? (5, Interesting)

molnarcs (675885) | more than 7 years ago | (#17090452)

This article is troll, especially the "designed to make malware easy" part. This has nothing to do with design - it is an option that I'm quite surprised Microsoft didn't take away from Vista (if they did, you'll have an article complaining about it).

Slipstreaming is essentially remastering Vista (and XP-s) ISOs to include the latest patches/service packs, i.e. in case of XP, this allows you to have a windows install that won't get you rooted in 5 minutes after you go online (with SP2). You can also include drivers or basically anything you have installed. In other words, you can install win XP, firefox, ffmpeg codecs, a viruscanner, openoffice, etc., and then you can make a custom ISO that would install windows XP and all that software in one go! This is good if you maintain a number of PCs in a comp. lab.

This feature makes life of sysadmins a lot easier, and I'm glad MS didn't take this away - I wouldn't be surprised if the control freaks did. To turn this into a "Vista designed to make malware easy headline" is simply trolling, and article should be tagged troll accordingly. Especially since almost all operating systems have this ability (to remaster the ISOs to include updates/security fixes and 3rd party programs. Basically this is what linux distributions are about).

Solution? (1, Insightful)

KDR_11k (778916) | more than 7 years ago | (#17090118)

Establish a chain of trust before downloading a Vista distro.

Re:Solution? (0)

Anonymous Coward | more than 7 years ago | (#17090536)

Trust starts at the source, release it, then we can continue :P

Who installs from media .... (1)

aneeshm (862723) | more than 7 years ago | (#17090122)

... distributed by malware writers? I'm not going to install Vista from some obscure crack download site, am I?

Re:Who installs from media .... (1)

toleraen (831634) | more than 7 years ago | (#17090472)

As opposed to what? Malware writers that upload Vista to your favorite torrent site?

Let the FUD begin!!!

This is idiotic (5, Insightful)

readams (35355) | more than 7 years ago | (#17090124)

This article is just dumb. You can make custom Linux images with custom software also. If you download a random Vista ISO and install it, you deserve what you get, just like you would if you download a random Linux ISO.

Mod parent up, article is flamebait. (0)

Anonymous Coward | more than 7 years ago | (#17090170)

Well said. If you're not obtaining Vista from a trusted source (e.g. purchased in $BIG_BOX_STORE), you're getting the same possible problem as if you downloaded RootkitBuntu from Joe Bob's web site.

Re:This is idiotic (1)

FST777 (913657) | more than 7 years ago | (#17090384)

There is one big difference, and that is the current price for both OSses. Since Linux is Open Source, most folks who deploy it have downloaded an original copy, not some obscure malware infested "crack". For Vista, lot's of wannabee scriptkiddies will go searching for a "free" version of the OS, ending up with this crap.

Don't forget that those same kiddies will install said "crack" on every computer they can get their hands on (like their Grandma's).

The custom Linux images you mention won't stand a chance, since the original is free enough. It even doesn't matter that the current audience of both OSses is so extremely different.

Re:This is idiotic (1)

Aim Here (765712) | more than 7 years ago | (#17090416)

Erm, that's why you check the md5 (or hopefully some better) hash of the iso you just downloaded with the checksum provided by your distro manufacturer's homepage, yeah?

Good luck getting the md5 checksum of your pirate Vista iso from a trustworthy soul at Microsoft...

(Okay, md5 isn't the epitome of security these days, but it's still probably ridiculously difficult for someone to generate the appropriate gribble that can be put inside an iso with a preinstalled rootkit so as to match the original hash)

Re:This is idiotic (5, Informative)

lowe0 (136140) | more than 7 years ago | (#17090718)

Say what? Any official source for Vista ISOs (MSDN and the like) include MD5 sums.

Now, if you're downloading the software illicitly, you deserve a compromised copy.

All I can say is: (0)

billsoxs (637329) | more than 7 years ago | (#17090130)

"but also a huge benefit for malware writers, who can distribute Vista images with deeply-rooted malware."

opps!

Sympathy? (4, Insightful)

nbannerman (974715) | more than 7 years ago | (#17090138)

And if you use an official installation image, that you've properly licensed, you'll know exactly what you are getting.

Now if someone wants to download an third-party image for something they haven't paid for, and gets stung with malware, how on earth is this Microsoft's fault?

Re:Sympathy? (-1, Flamebait)

antifoidulus (807088) | more than 7 years ago | (#17090156)

Shhh! This is slashdot, remember groupthink triumphs over all! It's Microsoft's fault even when an exploit is found in linux. Please, think of the groupthink next time before posting.

Re:Sympathy? (1, Flamebait)

cyber-vandal (148830) | more than 7 years ago | (#17090692)

The only Slashdot groupthink I ever come across is the Microsoft shill section. Either that or Microsoft have some software monitoring slashdot.org that posts a similar message to yours any time anything remotely critical gets said about Microsoft.

Re:Sympathy? (2, Insightful)

ginga (201422) | more than 7 years ago | (#17090186)

Yes and further to that, you could see this as a really smart move by Microsoft's Anti-piracy people...

mod parent up (1)

blackcoot (124938) | more than 7 years ago | (#17090478)

personally, i think it's brilliant -- "don't pirate vista because you'll be pwned before you've even finished the install". of course, this only works until someone is clever enough to start publishing hash checksums for known safe images...

Re:Sympathy? (0)

Anonymous Coward | more than 7 years ago | (#17090354)

It seems like the real issues with this are to be found in the corporate/legitimate environments. The ability to do this without any sort of integrity check could make for some unhappy results. Mainly I guess I'd think of situations like a slipstreamed service packed image on a corporate network ready for rollout or a backup image on a packaged computer's HD. Etc.

Vista _IS_ malware (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#17090142)

Even if you install an official build you're still gonna be infected with DRM.

Re:Vista _IS_ malware (1, Funny)

JebusIsLord (566856) | more than 7 years ago | (#17090160)

cause like, duuuude, Software wants to be free, man!

Also, its pretty stinking easy to check the MD5 sum of a downloaded image, ain't it? Non-story.

Re:Vista _IS_ malware (1, Funny)

Anonymous Coward | more than 7 years ago | (#17090218)

> cause like, duuuude, Software wants to be free, man!

What the fuck is that supposed to mean?

Re:Vista _IS_ malware (1)

moranar (632206) | more than 7 years ago | (#17090374)

its pretty stinking easy to check the MD5 sum of a downloaded image, ain't it? Non-story.

Checking the MD5sum against what exactly, seeing how one would have to be stupid enough to download an insecure ISO of Vista? An original disc? and in that case, why would one download it in the first place? And if the person didn't want the copy-protection in the original, and downloaded a cracked ISO, then what good would the MD5sum be?


Or did you mean that it's easy to get and check the MD5sum of a Linux ISO? Because that wasn't what the story was at all.

Re:Vista _IS_ malware (0, Offtopic)

jb.hl.com (782137) | more than 7 years ago | (#17090202)

How, precisely, will Vista infect ANYTHING with DRM? Other than allowing you to play DRMed music and movies, obviously. Infection implies that everything you have will suddenly be DRMed, which is patently bullshit.

So come on; infected with DRM. How are they going to do that exactly?

Nobody said that (-1)

Anonymous Coward | more than 7 years ago | (#17090300)

DRM [drm.info] is malware [google.com] Nobody said vista would infect anything, Vista itself is the infection. Also see here. [readingcom...ection.com]

Re:Nobody said that (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17090424)

You're a complete fucking idiot.

Re:Nobody said that (0)

Anonymous Coward | more than 7 years ago | (#17090570)

Thankyou for that well thought out and constructive comment. I suppose these people are complete fucking idiots too?


Re:Nobody said that (1)

jb.hl.com (782137) | more than 7 years ago | (#17090614)

Knew I wouldn't get a sensible, rational answer around here...

Re:Nobody said that (0)

Anonymous Coward | more than 7 years ago | (#17090688)

Oh, we all know you got your answer, you just can't counter it. I don't blame you for attempting to shrug it off and there's no loss of face. After all, the corporate PR machine has been trying to pitch TCPA/DRM for over half a decade and still resistance is growing.

Re:Nobody said that (1)

jb.hl.com (782137) | more than 7 years ago | (#17090800)

No, I'm not countering that "argument" because it isn't an argument, it's an assumption that DRM is evil and malware and nasty. Not a reason that Vista infects things with DRM.

Re:Nobody said that (0)

Anonymous Coward | more than 7 years ago | (#17090896)

Not a reason that Vista infects things with DRM.

This was an assumption solely made by you.

Re:Vista _IS_ malware (0)

Anonymous Coward | more than 7 years ago | (#17090310)

one word:
Bitlocker.

Re:Vista _IS_ malware (1)

jb.hl.com (782137) | more than 7 years ago | (#17090378)

BitLocker is disk encryption, to which the user retains full control and which the user can (as far as I can tell) opt to remove if desired. It's not DRM.

Try again.

Bad analogy time... (2, Funny)

Terminal Saint (668751) | more than 7 years ago | (#17090150)

Can't say I feel bad for a bank robber when it turns out the teller slipped them a dye packet...

Re:Bad analogy time... (2, Funny)

Brad1138 (590148) | more than 7 years ago | (#17090446)

Can't say I feel bad for a bank robber when it turns out the teller slipped them a dye packet...

Apples and Oranges
Your comparing a big corporate bank with a big corporate software firm, obviously stealing software doesn't hurt anyone.

Re:Bad analogy time... (1)

Terminal Saint (668751) | more than 7 years ago | (#17090530)

My disclaimer was in the post title.

Corporate deployment (5, Insightful)

RonnyJ (651856) | more than 7 years ago | (#17090168)

Great for corporate deployment of Vista with software pre-installed, but also a huge benefit for malware writers, who can distribute Vista images with deeply-rooted malware.
Given that the former is much, much more likely, how about an article entitled 'Vista Designed to Make Corporate Deployment Easy' ?

Silly (3, Insightful)

0123456 (636235) | more than 7 years ago | (#17090174)

Much as I dislike Microsoft, I don't see why people who are downloading pirate copies can really complain when the pirate copy is full of scumware... if people are willing to break one law to crack the software, why do you think they won't break more to install scumware on your computer?

Pile of FUD (5, Insightful)

jb.hl.com (782137) | more than 7 years ago | (#17090176)

What, the, fuck?

So you can customise the install disc yourself and slipstream software into it? Surely that's been possible with every single distro of Linux for the last few years or so now? Could put malware into a custom Ubuntu CD, couldn't you? Not a new thing.

More to the point, unless you download your version of Vista from some obscure warez site, it's very unlikely to have malware slipstreamed into it; UNLESS YOU PUT IT IN YOURSELF.

Just because something has the capability to have malware put into it does not make it bad. This is a stupid fuss being made of nothing. I'd say I expect better from Slashdot, but considering the number of Microsoft/Zune/Vista bashing troll articles that are getting posted these days I'd be lying.

Re:Pile of FUD (2, Interesting)

a.d.trick (894813) | more than 7 years ago | (#17090438)

Your exactly right.

This remindes me of the last time someone found out a way to crash firefox and jumped up and down saying ZOMG!! teh hax!!11. And my computer science friends who couldn't recognize a shell if it bashed them in the face will be prancing around saying Use IE, it's the most secure (even though there's a million ways to crash IE remotely). And what really gets me is that the editors at slashdot are dumb enough to post this nonsense.

Re:Pile of FUD (1)

jb.hl.com (782137) | more than 7 years ago | (#17090484)

I think this is going beyond dumbness and into malice. I can't see any other reason explaining the surge in MS bashing articles.

Re:Pile of FUD (2, Insightful)

StarfishOne (756076) | more than 7 years ago | (#17090686)

And my computer science friends who couldn't recognize a shell if it bashed them in the face


Congratulations, you win my Pun of the Day Award! :D

Re:Pile of FUD (3, Insightful)

Daath (225404) | more than 7 years ago | (#17090440)

Only... Noone wants linux. Hmm that came out wrong: The linux distro you want, is already available for download, from the source. Windows isn't avaiable for free legal download anywhere, so some will probably get sucked in by this.

Re:Pile of FUD (1)

moranar (632206) | more than 7 years ago | (#17090512)

More to the point, unless you download your version of Vista from some obscure warez site, it's very unlikely to have malware slipstreamed into it; UNLESS YOU PUT IT IN YOURSELF.

People interested in slipping malware into something would hardly limit themselves to just put it on "some obscure warez site", when they have the possibility to put it on a p2p network. Also, it only takes the first idiot to d'load it from the site and move it to its "share" directory to begin the chain.

Re:Pile of FUD (1)

jb.hl.com (782137) | more than 7 years ago | (#17090596)

Point taken. Replace "some obscure warez site" with "ThePirateBay" or something :)

Re:Pile of FUD (0)

Anonymous Coward | more than 7 years ago | (#17090666)

Why does the warez site have to be obscure? Even software downloaded from well-known warez sites have the risk of containing malware.

Re:Pile of FUD (1)

Jinxyjeanes (920503) | more than 7 years ago | (#17090674)

[quote]Surely that's been possible with every single distro of Linux for the last few years or so now? Could put malware into a custom Ubuntu CD, couldn't you? Not a new thing.[/quote] Absolutly. Including Windows XP

Re:Pile of FUD (1)

jb.hl.com (782137) | more than 7 years ago | (#17090690)

Of course. Matter of fact, every single OS that can be installed from some form of storage media suffers this sort of problem...little harsh to blame Vista alone...

Re:Pile of FUD (1)

John Hasler (414242) | more than 7 years ago | (#17090794)

No one has any incentive to download Linux from a shady warez site because they can get an official ISO direct from the distribution site.

Re:Pile of FUD (1)

GenKreton (884088) | more than 7 years ago | (#17090768)

I'm not sure how people mod'ed this up. The difference is your source of downloadable linux distros is from confirmed, trusted sources. Your source for downloadable Microsoft products, however, is not quite as reliable. Linux will never have this problem assuming the users take reasonable caution to verify the authenticity of what they are getting. The sites all publish checksums if you want to get it from faster sources.

With that said, I don't really see a problem with this in Vista either. It's a good form of punishment to those who chose to pirate software instead of paying up or taking the better alternatives. But we all suffer in the end from more bot machines. Events like EveryDNS being dos'ed can only get more powerful.

Re:Pile of FUD (1)

John Hasler (414242) | more than 7 years ago | (#17090838)

> With that said, I don't really see a problem with this in Vista either. It's a
> good form of punishment to those who chose to pirate software instead of
> paying up or taking the better alternatives. But we all suffer in the end from
> more bot machines. Events like EveryDNS being dos'ed can only get more
> powerful.

And that's the problem.

Why would Microsoft make piracy either? (1)

KingOfBLASH (620432) | more than 7 years ago | (#17090178)

Why would Microsoft make piracy easier?

They have added a valuable feature for their paying customers, and former non-paying customers may be more likely to pay.

From Microsoft's perspective, it's a no brainer business decision.

So basically (1)

Timesprout (579035) | more than 7 years ago | (#17090180)

getting stung by malware because you try to pirate windows is bad apparently.

Of course currently providing trojaned distros or packages in linux is absolutely impossible just ask the ssh people.

Re:So basically (0)

Anonymous Coward | more than 7 years ago | (#17090368)

Of course currently providing trojaned distros or packages in linux is absolutely impossible just ask the ssh people.


Just avoid pirated Linux distributions.

Check out Microsoft's wrongdoing! (0, Offtopic)

CensorsAreBadPeople (1034980) | more than 7 years ago | (#17090204)

It is here: http://malfy.org/ [malfy.org]

nothing new, move along (2, Insightful)

da_matta (854422) | more than 7 years ago | (#17090210)

I guess it's a normal Slashdot day when this kind of thing makes news. The half page "article" mentions that

a) there's a trojan that claims to be a free activation utility to Vista
b) you can slipstream malware into pirate Vista images (also possible in XP)

I.e. using pirated software could get you malware, which is news because of...?

Re:nothing new, move along (1)

C0vardeAn0nim0 (232451) | more than 7 years ago | (#17090916)

you must be new here.

this is slashdot. any non-issues that can be spinned in an anti-MS way is news.

when they do something good, they're wrong. when they do something bad, they're wrong. for the people here, there's no way MS can win.

How did this end up on the main page? (4, Insightful)

zjbs14 (549864) | more than 7 years ago | (#17090216)

What's the point of this article? If I download illegal cracked versions of a commercial Microsoft OS, something bad might happen? And somehow that's Microsoft's fault? If someone did the same thing with a RHEL install ISO, would that be Red Hat's fault?

This smacks of the same FUD that Microsoft tosses around about Linux and other FOSS. Let's stop stooping to their level.

Re:How did this end up on the main page? (2, Insightful)

moranar (632206) | more than 7 years ago | (#17090434)

The difference is, the MD5 or SHA1sum of any Linux distro is usually available. I doubt that'll be the case with Vista.

Re:How did this end up on the main page? (1)

lowe0 (136140) | more than 7 years ago | (#17090780)

Oh, for fuck's sake, every time I've downloaded a Vista ISO from MS, the MD5 sums were right on the page. Do you have any fucking idea what you're talking about?

Re:How did this end up on the main page? (5, Informative)

synthe (86919) | more than 7 years ago | (#17090786)

The SHA-1 hash is available on any official downloads (Vista, Office 2007, etc) from Microsoft. That includes TechNet, MSDN, and Connect (Beta testers) download links. For reference, b71e04564ca22e4d9928e59298eff87cf62b382b is the SHA-1 hash from the TechNet Plus download of Vista x86 (one DVD includes all versions except Enterprise).

Re:How did this end up on the main page? (1)

YrWrstNtmr (564987) | more than 7 years ago | (#17090488)

How did this end up on the main page?

Because it casts Microsoft in a bad light. Not that they need much help, but we must do any little thing to further the cause.

from the it-wasn't-that-hard-in-xp-either dept. (1)

mobby_6kl (668092) | more than 7 years ago | (#17090226)

As Taco says, it's possible with XP. Just have a look at the availibe XP torrents, here's one for example: XP Jacked Robusto Edition [thepiratebay.org] .

What a time saver! (1, Redundant)

sporkme (983186) | more than 7 years ago | (#17090232)

Now my family will not have to go to all the trouble of downloading their malware - it will come preinstalled! It's a feature!

-1, Flamebait (0)

Anonymous Coward | more than 7 years ago | (#17090248)

We've been doing this with third-party tools like nvlite, it's good that MS added this feature to the OS. Tell me who is going to download an entire image from the internet anyway other than Warez doods?

If you want to attack Vista then do so on its merits, not with FUD.

Legitimate feature (1)

also-rr (980579) | more than 7 years ago | (#17090256)

You can't protect all of the people all of the time - the only issue here is the collateral damage that will affect people who get all the spam these pre-rooted installations will be pumping out. However since the rest of us are already getting flooded with spam from XP machines I don't really see what difference it will make.

If people want Vista they can pay for it. The operating system market will be a whole lot less broken once it gets harder to pirate copies so freely.

Designed to panic (5, Insightful)

Z0mb1eman (629653) | more than 7 years ago | (#17090274)

The amount of spin in this story is making me dizzy.

Getting malware when downloading a crack is always a possibility, yes.

However, this entire story smells of FUD - this is one of the oldest arguments software vendors use to scare people away from pirated software - "All pirated software has viruses in it! Don't use it, it'll make your computer blow up! Make sure your copy is legit!" It's a valid argument, and they have every right to defend their products from piracy, but I suspect it is often overstated.

Then take this article's headline - "Vista Designed to Make Malware Easy". We've gone from fact (one Vista crack was found - and caught by people downloading it - with malware in it), to speculation during an interview, to an entire Slashdot headline. Good good. The relevant part from the interview:


Dan Warne: I know that I have a cynical journalist's mind, but isn't that a bit of a risk for malware to be injected into Vista install DVDs, given that those apps are executed before logon?

John Pritchard: Yes, well I would certainly recommend when people are looking at any content they make sure they have the approved and hologrammed DVDs to make sure they're dealing with the genuine product, to get away from not knowing where the source comes from. But if they have got control of the unattend and built it themselves then hopefully they know what they are putting on it.


Finally, if the above headline is correct, then how is it different from "Linux Designed to Make Malware Easy"? Anyone can bundle a rootkit with a Linux distro and put a torrent of it up somewhere. Heck, it's even easier, since Linux is free and open to start with. The bottom line is, if you're not getting your software from a trusted source, then you have no reason to trust it.

I'm gonna go lie down for a bit until the spinning stops.

Re:Designed to panic (0)

Anonymous Coward | more than 7 years ago | (#17090580)

you hit on another point there aswell;

"Yes, well I would certainly recommend when people are looking at any content they make sure they have the approved and hologrammed DVDs to make sure they're dealing with the genuine product, to get away from not knowing where the source comes from"

We really don't know what the source even on the original is, the one strait from MS might have a rootkit on it (and they have been asked to do this by a government IIRC). Although it might sound like a troll I honestly think that it isn't never trust any program unless you, or several people who you trust, have looked over the code and know its all ok. I think this is good advice anywhere.

Microsofts concern? (1)

nEoN nOoDlE (27594) | more than 7 years ago | (#17090280)

How is it Microsoft's concern if the only people this will affect are piraters who get their Vista images from a source other than Microsoft? This is like the gun excuse that comes around with every video game censorship discussion; just because a gun can be used to kill, does that mean Smith and Wesson is to blame? This feature can be used for good as well, and making it seem like a haven for malware for people who get their Vista copies from places other than the actual distributers is just reaching for an anti-Microsoft troll. Even if Dell accidentally ships malware with their Vista releases, that's Dell's doing, and they should be the ones on the chopping block when that day comes.

Bad news for the pirates (1)

93 Escort Wagon (326346) | more than 7 years ago | (#17090346)

Can someone come up with a believable scenario where this could be exploited as part of a legitimate install?

If not, why is this even news?

Re:Bad news for the pirates (2, Interesting)

Calydor (739835) | more than 7 years ago | (#17090706)

Easy. Any Vista CD bundled with a new computer, and containing a bunch of proprietary malware crap to allow the company behind the computer to make more monies.

It's not malware, it's adware (1)

iamacat (583406) | more than 7 years ago | (#17090386)

In this case you do get something for putting up with popup ads - you get a free operation system, ultimate edition at that. I would imagine uninstalling it (format c:) removes the ads as well, so what do you have to complain about?

Um (0, Redundant)

trifish (826353) | more than 7 years ago | (#17090392)

Just two words about TFA and the Slashdot title: Utter FUD.

How is this new? (1)

jandrese (485) | more than 7 years ago | (#17090394)

Can't you slipstream patches into an XP or 2000 install? I know I install XP off of a XP + SP2 CD these days, I'm not seeing where Vista is that much different. Frankly, this whole article is retarded, if you're downloading a copy of the OS off of some pirate site that associates with spammers it really doesn't matter which OS it is, they all could have something bad in them.

A better title for this article would have been: "Downloading and running untrusted software from disreputable sources can get you owned".

I guess this makes it easier for... (0)

Anonymous Coward | more than 7 years ago | (#17090456)

...Sony to include their rootkit. No need for a victim to insert a CD now!

I don't see how this is a problem for the 90% of the world that will end up using Vista. I seriously doubt Dell, Sony, and the like are going to package malware in the installation CD. I mean, they'll include the same lame software they do on XP and such, but what's the difference? It's easier now? Woohoo!

interesting strategy (1)

v1 (525388) | more than 7 years ago | (#17090480)

Assuming the malware was written properly, it has already jacked your OS before you can intall your defenses (norton, spybot, etc) since it's there as part of the initial installation. Your tools may as well be running in a virtual machine at that point, the rootkit could have already made it virtually impossible to detect the bundled malware after the fact.

Isn't OS X using "signed binaries" for their critical apps like the dock and Finder? I assume those would not be so easy to subvert or even modify in the installer?

FUD (0)

Anonymous Coward | more than 7 years ago | (#17090500)

And this effects legal versions of vista how?

always (1)

Bizzeh (851225) | more than 7 years ago | (#17090522)

why is this news? if i remember right, windows has always had this functionality, the NT line has anyway. there are even applications that will create the preloaded ISO for you, like nLite [nliteos.com]

This is retarded. (0)

Anonymous Coward | more than 7 years ago | (#17090534)

You can slipstream both Windows 2000 and Windows XP with service packs, hotfixes, drivers, and applications. So how is this different than some group distributing a modified ISO? The funny thing is that these cracking groups actually take pride in what they do, so I think it would be highly unlikely for an established group to do something like this. Of course there is nothing stopping some random guy from posting an ISO under a respected group's name. So, like always, be cautious when acquiring software (or any other item) through unofficial channels. I fail to see how this is newsworthy, other than for the daily two minute hate of Microsoft.

Deceptive Title Practices (2, Insightful)

LACanadian (853198) | more than 7 years ago | (#17090546)

The biggest problem I have with the article is the title. Others have made the comment, quite accurately, that no legitimate deployer of Vista will be harmed. At least one comment suggested that the story was an example of FUD spread, supposedly, by Microsoft to keep people from using pirated copies of Windows. I actually think the FUD is more aimed at Microsoft by trying to prolong the image that Windows has as being insecure and easy to infect. Is Vista perfectly safe? Of course not. But too many people play pinata with Microsoft because it's easy, regardless of whether the facts back them up or not.

This is pure FUD (1)

istartedi (132515) | more than 7 years ago | (#17090576)

So. All this tells me is that if you install from an image, you can include anything on the image you want. Well, Linux or any other OS is just as vulnerable to this. Bringing it up in the context of Vista is just pure FUD against MS. Why doesn't Slashdot wait until Vista is in enough hands for some real vulnerabilities to emerge? I'm fairly confident that will happen at some point.

Re:This is pure FUD (0)

Anonymous Coward | more than 7 years ago | (#17090646)

It isn't when you "install from an image" it's when you install period.

Windows Vista setup uses an image of windows vista, it's not like previous installers where it copies files from the cd, it simply uses an image on the dvd. Therefore in the pirate community it would be really easy to redistribute vista with some malware installed in the image... although this would only affect pirates and they're scum anyway.

good in the long run (0)

Anonymous Coward | more than 7 years ago | (#17090578)

Once people find out that windows software actually will cost them money, ie, cracked stuff will come pre hosed and won't be functional, making them either drop big bucks on a new machine or huge bucks on a little plastic disk, then people will start to look at exactly what windows software really does cost, and will reject it in droves. With the previous versions, it was too easy to install and get away with it, some pirated version,so people just used it through inertia and apathy, this version is going to be the first one that people will really have to pay for, in one way or the other, and the MS gravy train will start the huge spiral down.Inevitable. Operating systems and an office suite are not worth hundreds of dollars to most people out there, and most businesses will ignore it as long as they can, some years probably, and stick with what they have, and by then there will be even more pressure to never again pay huge costs for tools to go to work with. It is the work with the tools that is important and where the value of software lies. There's nothing really useful in it for them to keep buying 600 dollar hammers when the six dollar hammer works just fine.

Warez don't need slipstream (1)

Kjella (173770) | more than 7 years ago | (#17090700)

If you get a warez WinXP CD today, I've heard rumors that it normally contains a WGA crack. So does most any other software too, either if it's a no-cd check, no activation check or whatever which the user will happily execute. Not to mention it's trivial to extract an image, replace the original file with a trojaned one and create a new image, without any extra files. So what exactly is the story about? Oh, features that make it much easier to bundle in apps. You think they're going to put your "deeply rooted" Windows rootkit like an install package? It doesn't make sense, because one place it's very hidden and one place very obvious.

Title should read: (4, Insightful)

AusIV (950840) | more than 7 years ago | (#17090790)

Vista Design Makes Malware Easy

Vista isn't designed to make malware easy, it's a problem inherent in the design. When I read the headline I thought "Microsoft wants it easy to distribute malware?" But when I read further, it's just another misleading headline on slashdot.

Smells like an Apple (1)

edwardpickman (965122) | more than 7 years ago | (#17090818)

Vista's image-based install process

Why does this sound familiar? I say Vista be renamed Pussy Cat. Future upgrades can be named Tabby, Manx and Burmese since Apple is already using big cat names. Why is it if Windows is so fundimentally superior does it as the years go by get more like Mac? This is from a primarily Windows user. Just seems like Windows is stuck in the rut of trying to catch up with what it considers an inferior OS. Mac isn't perfect but when it comes to involvation and stability there really is no way to compare the two. The biggest downsides I keep finding are more related to vendor support. If they could ever grab 25% of the market share that would disappear. So long as they stay below 10% most vendors aren't going to see it as worth supporting. There's a lot more on Mac than ever before but there's an ocean of software availible on Windows.

Clue Phone its for you! (1)

RobertLTux (260313) | more than 7 years ago | (#17090902)

Okay kiddiez here is the deal with the Vista ISO what you have on the disc can be broken down into a few categories

1 the setup program itself (and assorted deps)
2 various documents and nifty bits
3 THE VISTA ULTIMATE FILESYSTEM and the various offset files (this maps what you get for a given key to the rev you land up with)

If you happen to have also gotten your hands on the Vista Final Automated Install Kit (aka the WAIK) you can loopmount the WIM file and then scan it to so see exactly what will get written to your disk. (note the Vista WAIK is hidden on a publically availible ftp site)

if you have the tools you could if you want hack , crack quack and completely butcher the install (all the way to the point of a full insert disc and reboot the computer setup) i wouldn't be surpised if there was a way to build a dual boot system if you could find the Haque.

Nothing that's not been said already... (1)

kalemika (1033980) | more than 7 years ago | (#17090928)

I'm not an experienced slashdotter so excuse me if this sort of reply is out of line, but that's probably the worst headline you could have come up with for this article. It's simply not the truth. Microsoft did not intentionally design the OS so that it could be exploited, that's dumb. D:
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>