Forgot your password?
typodupeerror
Portables Operating Systems Security Software Windows Worms Hardware

Asus Ships Eee PCs With Malware 124

Posted by timothy
from the well-there's-your-first-mistake dept.
An anonymous reader writes "'According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and any removable drives connected to the system.'"
This discussion has been archived. No new comments can be posted.

Asus Ships Eee PCs With Malware

Comments Filter:
  • by SL Baur (19540) <steve@xemacs.org> on Friday October 10, 2008 @10:48PM (#25335827) Homepage Journal

    Quoting TFA:

    According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:

    The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.

  • Just sloppy. (Score:3, Insightful)

    by fuzzyfuzzyfungus (1223518) on Friday October 10, 2008 @10:52PM (#25335867) Journal
    This particular viral infestation doesn't look all that harmful; but it is really, really hard to feel good about the overall integrity of the system when things like this are happening. In fact, the fact that the virus is so pitiful makes it even worse; because it suggests that high-density fuckupitude, rather than sophisticated malice, is all it takes to get a serious defect onto loads of production systems.

    Just another reason to always build and verify your own system images, I guess.
  • by Alex Belits (437) * on Saturday October 11, 2008 @03:19AM (#25337361) Homepage

    A prompt will only decrease the percent of people that fall victim. IMO, if an inserted media has files flagged to autorun, a prompt should only appear if a user has already installed a program to handle that format. In this sense, a DVD can have a 'play DVD' prompt *IF* the user has approved that behavior and *IF* the program executed is already installed.

    DVD (or anything that "has already installed a program") does not "run", it contains no executable code, only data and minimal scripts that are interpreted (or ignored) by the player.

    The idea to ACTUALLY RUN EXECUTABLE CODE JUST BECAUSE IT APPEARED ON SOME MEDIA is far, far more stupid than any automated playback. When player is automatically started, it might create a security hole because player may be buggy. Running executables is a security hole all in itself. There should be no questions, no dialog boxes, no anything that will even suggest that the user might want to run those things until the user runs the executable or installs it as a handler for something.

  • by Anonymous Coward on Saturday October 11, 2008 @05:15AM (#25337813)

    What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support

    Because the use of Linux was accidental, not the objective. The target was to make it inexpensive.

  • You do not want to run anything new landing on a system by default or even prompt to have it run.

    It's a remarkably stupid design.

    So should a DVD player or home theater PC not start the DVD or prompt the user to start the DVD? Should a video game console or gaming PC not start the game or prompt the user to start the game? Please clarify.

  • A DVD player is a single purpose device, it reads data from the drive and may execute some sandboxed scripting, unless there are security holes in the player program it's unlikely to be an issue, and since dvd players are typically standalone its unlikely to be a problem.

    A games console is also a single purpose device, it's purpose is for providing entertainment...

    A fully fledged computer is not a single purpose device, whereas some are used like games consoles solely for entertainment, some people actually try to get important work done on them and deal with confidential data using them. If something is a toy then fair enough, but for a critical tool that could hold the keys to your business and finances there is no way it should do something so stupid as to execute unknown binaries as soon as media is inserted.

    The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

  • by Darkness404 (1287218) on Saturday October 11, 2008 @11:01AM (#25339333)

    The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

    No. No. No. Thats exactly what the software/hardware companies want us to do. For example, the TiVo is basically a computer, however, it cannot be modified to run whatever we want it to run unlike a computer. The hardware companies and software companies want us to have one device per purpous, that rather than just having 2 desktops and a laptop they want us to have an iPod for playing music, a TiVo to only record shows, a gaming PC only for playing games, a work PC only to work on, a cell phone only to make calls, a camera only to take pictures, etc.

  • by Anonymous Coward on Saturday October 11, 2008 @09:10PM (#25342861)

    You can ONLY use your car to drive to work. Heaven forbid you drive it to the movies.

We are not a loved organization, but we are a respected one. -- John Fisher

Working...