Forgot your password?
typodupeerror
Portables Operating Systems Security Software Windows Worms Hardware

Asus Ships Eee PCs With Malware 124

Posted by timothy
from the well-there's-your-first-mistake dept.
An anonymous reader writes "'According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and any removable drives connected to the system.'"
This discussion has been archived. No new comments can be posted.

Asus Ships Eee PCs With Malware

Comments Filter:
  • by SupremoMan (912191) on Friday October 10, 2008 @09:34PM (#25335719)
    get Vista to run on that thing?
    • by SL Baur (19540)

      Quoting TFA:

      According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:

      The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.

      • by smash (1351)
        Vista doesn't do that, it prompts when media is inserted.
        • by SL Baur (19540)

          Prompt or no, it's still a stupid thing to do. You do not want to run anything new landing on a system by default or even prompt to have it run.

          It's a remarkably stupid design.

          • You do not want to run anything new landing on a system by default or even prompt to have it run.

            It's a remarkably stupid design.

            So should a DVD player or home theater PC not start the DVD or prompt the user to start the DVD? Should a video game console or gaming PC not start the game or prompt the user to start the game? Please clarify.

            • A DVD player is a single purpose device, it reads data from the drive and may execute some sandboxed scripting, unless there are security holes in the player program it's unlikely to be an issue, and since dvd players are typically standalone its unlikely to be a problem.

              A games console is also a single purpose device, it's purpose is for providing entertainment...

              A fully fledged computer is not a single purpose device, whereas some are used like games consoles solely for entertainment, some people actually try to get important work done on them and deal with confidential data using them. If something is a toy then fair enough, but for a critical tool that could hold the keys to your business and finances there is no way it should do something so stupid as to execute unknown binaries as soon as media is inserted.

              The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

              • by Darkness404 (1287218) on Saturday October 11, 2008 @10:01AM (#25339333)

                The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

                No. No. No. Thats exactly what the software/hardware companies want us to do. For example, the TiVo is basically a computer, however, it cannot be modified to run whatever we want it to run unlike a computer. The hardware companies and software companies want us to have one device per purpous, that rather than just having 2 desktops and a laptop they want us to have an iPod for playing music, a TiVo to only record shows, a gaming PC only for playing games, a work PC only to work on, a cell phone only to make calls, a camera only to take pictures, etc.

              • by Burz (138833)

                Don't know why parent would be marked "Insightful".

                Hello! This is Slashdot, we LIKE general purpose computers here.

                IMO you are making a silly argument to cover for Windows' malware problem (the blame for which rests partly with its crappy architecture, not just its popularity).

          • Re: (Score:3, Funny)

            by Jaktar (975138)
            My GRUB prompts me what I'd like to run, is that stupid?
          • when you insert a ubuntu install dvd....

            But seriously, asus should have configured their system to never do it, or at least bundle with avg.

      • by 1u3hr (530656)
        The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.

        In general, yes. But normally one would trust files on your own hard disk.

        • by SL Baur (19540)

          In general, yes. But normally one would trust files on your own hard disk.

          Sigh. You're new here, let me try a car analogy.

          This is like driving a car in the US with a large sign on top that lights up "I WANT TO BUY SEX FROM YOU, open the passenger side door and give it to me baby!" every time you drive by a person of your preferred gender on the sidewalk.

          Clear now?

          • Re: (Score:3, Funny)

            by tsa (15680)

            Hey, there's an idea!
             
            /runs off to the shop to buy a spray can of paint.

          • Re: (Score:1, Troll)

            by 1u3hr (530656)
            Sigh. You're new here, let me try a car analogy.

            1) I'm not new here.

            2) Anyone who uses car analogies to explain computers is either a troll or an idiot.

        • But I may not trust files on a CD or a USB flash memory. That stupid idea was introduced with windows 95 (I believe), and on windows XP it is very hard to disable (there is no way of just selecting "do not read autorun.inf file", you have to hack the registry to do it (just disabling autoplay in gpedit.msc will work only on media that was inserted after booting windows).

          • I believe autorun.inf files should be used only for convenience when installing software from CD's. That's what they were made for.

            But an autorun.inf from a read-write medium!? You're 100% right - it's an extremely stupid idea. And it's annoying since my own USB files get infected once in a while. I have to delete the autorun.inf and whatever .exe sneaked in whenever I open it in my Linux box.

            • Maybe sutorun was convenient before recordable CDs were invented. Even then, sometimes it was a PITA. For example - I start a game, it prompts me to insert the CD. I insert it and the game begins. Also, setup is launched automatically.

              What is more stupid is that there is no "easy" way of disabling it, you have to hack the registry or autorun.inf file will be read even though autoplay is disabled (it will be read on startup, if you leave the CD in the drive or the file is in a hard drive or a USB flash memor

      • That's why you shut off autopwn, I mean autorun with a global group policy throughout your whole active directory. Consumers should turn it off globally with a local group policy. Microsoft should be shot for leaving this feature on by default.
        • by SL Baur (19540)

          Microsoft should be shot for leaving this feature on by default.

          ? They are the idiots who incorporated the misfeature ignoring decades of prior experience in the field.

        • Re: (Score:2, Informative)

          by Pentium100 (1240090)

          Even if you disable autoplay with group policy, the autorun.inf file will be read during startup, if you leave a CD in the drive or the autorun.inf file is on a hard drive...

          You have to hack the registry...

        • by DrSkwid (118965)

          autopwn, yay genius

    • by steeljaw (65872)

      Shipped it with an 80G hard drive. After you remove all the pre-installed bloat you could have about 10G for whatever you see fit!

  • I guess it means they found a way to cram Vista onto it ...
  • Asus... (Score:1, Funny)

    by Anonymous Coward

    FFFail.

  • by Anonymous Coward on Friday October 10, 2008 @09:42PM (#25335761)

    D:

  • by Anonymous Coward on Friday October 10, 2008 @09:45PM (#25335797)

    No, Windows is not a virus. Here's what viruses do:

            * They replicate quickly - okay, Windows does that.

            * Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.

            * Viruses will, from time to time, trash your hard disk - okay, Windows does that too.

            * Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.

            * Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.

    Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

    So Windows is not a virus.

    It's a bug.

    • by Sta7ic (819090)
      Windows replicates quickly? You must never have had to nuke'n'pave a laptop...
    • by Antique Geekmeister (740220) on Saturday October 11, 2008 @02:15AM (#25337331)
      You've obviously not looked at much virus, worm, or malware software. It's mostly crap, assembled by people who think that inventing their own version of a sorting function or a password checker makes them 3l33t. Some of it is insightful, but mostly it's assembled like kids building go-carts from a junkyard of parts.
      • You've obviously not looked at much virus, worm, or malware software. It's mostly crap, assembled by people who think that inventing their own version of a sorting function or a password checker makes them 3l33t. Some of it is insightful, but mostly it's assembled like kids building go-carts from a junkyard of parts.

        Ten years ago this was certainly true. A lot of the commercial malware coming out of Russia today is as well written or better written (and certainly better-tested!) than standard commercial software. In capitalist Russia........ Profit!

        • That is picking the cream of the crop, however. There, you have professionals running it, and some of them have gang bosses who would take failure very seriously. Like seeing the spam that gets past a modern filter, you're perhaps seeing the best of the huge sea of bad malware and worms out there.
    • by dasunt (249686)

      No, Windows is not a virus. Here's what viruses do:

      • They replicate quickly - okay, Windows does that.
      • Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
      • Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
      • Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
      • Viruses will occasionally make the user suspect their system is too slow (see 2) and the user
    • by Blakey Rat (99501)

      That was really creative and entertaining when I first saw it back in 1998. Thanks for the blast from the past.

      Next time, however, maybe you should attempt to come up with, you know, a *new* joke.

  • by markdavis (642305) on Friday October 10, 2008 @09:47PM (#25335819)

    ...then maybe this wouldn't have happened?

    Take a great concept- the netbook... a small, light, inexpensive, flash-based, long-battery life, Linux based system. Then ruin it by making it a large, heavier, expensive, hard-drive based, medium battery life, MS-Windows based system.

    Oh well. I guess some people didn't "get it".

    • by westlake (615356)
      Too bad they didn't stick with only Linux

      Asus ships Windows because they are in this business to make money.

      We have been around this track before.

      Confirmed orders for the Linux only XO laptop stalled at around 700,000 units. Summary of laptop orders [wikipedia.org]

      When MSI ran into serious trouble with Linux returns, the geek was there with 660 excuses. Netbook Return Rates Much Higher For Linux Than Windows [slashdot.org]

      • by Alex Belits (437) *

        Confirmed orders for the Linux only XO laptop stalled at around 700,000 units.

        XO is neither designed as a consumer laptop, nor is available for purchase by individual users.

      • Re: (Score:3, Interesting)

        by Nutria (679911)

        When MSI ran into serious trouble with Linux returns,

        The problem is, MSI doesn't say 4x what.

        Thus, it's a meaningless statistic, and every time you read an article that mentions "Linux returns 4x greater than Windows" you wasted time learning nothing.

  • Just sloppy. (Score:3, Insightful)

    by fuzzyfuzzyfungus (1223518) on Friday October 10, 2008 @09:52PM (#25335867) Journal
    This particular viral infestation doesn't look all that harmful; but it is really, really hard to feel good about the overall integrity of the system when things like this are happening. In fact, the fact that the virus is so pitiful makes it even worse; because it suggests that high-density fuckupitude, rather than sophisticated malice, is all it takes to get a serious defect onto loads of production systems.

    Just another reason to always build and verify your own system images, I guess.
    • by cbreaker (561297)

      I guess so. But out of the millions and millions of PC's that have shipped with Windows, only a very, very small few (thousands) have shipped with something like this. And of those, only a few hundred of these went out, and it's not like the virus was running - it was in the deleted items area.

      Sloppy, yea, and a big oops. But really, I don't think it's that big a deal.

      • by Sabriel (134364)
        But this isn't the first or even the second time Asus has slipped up recently. I've personally encountered their recovery dvds (on recent F8 models); add this and their preinstall/recovery people really need the cluestick applied.
      • ... And of those, only a few hundred of these went out, and it's not like the virus was running - it was in the deleted items ...

        Except that all autorun.inf viruses that I saw (on a USB flash memory) used \RECYCLED to store their executable, and the .inf file would look like
        open=\RECYCLED\desktop.exe

    • by mea_culpa (145339)

      because it suggests that high-density fuckupitude, rather than sophisticated malice

      Hammer hits nail square on the head.

      Wish I had the mod points

  • I was only interested in a couple things with the eee:

    - It runs Linux well.
    - It's really small.
    - It's pretty cheap.

    That's about it. Any business of this thing running Windows in the first place is a mystery to me. We bought a number of these for students here and they love them to death (yes, even with Linux).

    • by cbreaker (561297)

      A lot of folks love running Linux on these small devices. It's small, boots fast, does what you want it to do. I know I like Linux on these kinds of toys.

      But, this one is billed out to be a mini-PC, and a lot of people wanted Windows on it, so Asus made a model that is big enough to run Windows.

      Ho hum.

    • by pembo13 (770295)
      Which is suprising seeing as these netbook manufactures seem to be putting little to no effort into it. Wifi cards driven by Ndiswrapper? I would have expected a "5s" boot from a netbook manufacture before some hackers.
    • Afaict there are two types of user for theese new "netbooks" and the closely related EEEBox

      One is people who want a simple system for web email and maybe some light word processing. Theese people are happy with the cheaper linux models.

      Then there are people who want an ultraportable laptop (or in the EEEBox's case a miniture desktop) but couldn't previously afford one. Yeah the specs on an EEE aren't great but it's perfectly capable of running older games like starcraft (blizzard generously modified this to

  • Oh thank god I have the 20GB version. Also Linux.

  • Inaccurate Title (Score:5, Informative)

    by TrekkieTechie (1265532) on Friday October 10, 2008 @10:09PM (#25335999)
    "Eee PC" =/= "Eee Box"

    The Eee PC is Asus' line of netbooks. The Eee Box is Asus' line of nettops. While in some ways they are similar, in other important ways they are very different products.
    • by Warll (1211492)
      Speaking of which, why is this in mobile?
    • by sowth (748135)

      With the malware, maybe they should be called "Aieee"?

    • The EEEBox looks pretty similar to the EEEPC 1000H to me. The differences seem to be

      * more flexible memory card reader
      * more ports
      * no battery
      * no screen

      Storage, processor, chipset and ram all seem to be the same.

  • by _Sprocket_ (42527) on Friday October 10, 2008 @10:21PM (#25336067)

    I bet it doesn't come on the Linux version.

    When will we get equal treatment from hardware vendors?

    • Re: (Score:2, Interesting)

      They probably over looked it figuring, what with it being Windows and all, that it wasn't going to work properly anyways.
    • It's open source, write it your damn self? : )
      • by tomhudson (43916)

        It's open source, write it your damn self? : )

        >> Dear Slashdot Reader
        >> This is an open-source virus.
        >> Please forward it to all your friends
        >> Then, as root, run "dd if=/dev/urandom of=/dev/sda"

        There - fixed it for you.

    • Windows on netbooks/nettops really makes no sense. I bought my wife an EEE PC a while back. She doesn't like computers in general, and I can't say that she's seen the difference really. She cares about browsing the net and reading her email. That works like a charm with the included Xandros Linux.

      When I get mine (they are soo cute, gotta have one ;) it's going to be sporting Ubuntu EEE which seems to be maturing nicely.

    • And no, I don't have it!

      Though on a more serious note, I must admit the headline did concern me. The Xandros linux which ships with the EEE is very easy to use, albeit setup a little insecurely. I like the fact that I don't have to login, but it makes me wonder if they did a good security analysis. If they did, and decided to do automatic login for usability, I don't have a problem with that; but I can't help but wonder if for the sake of expedience they discarded all of the other security as well.

  • And a bright, shiny prize in every box.
    Good to the last byte!

    But mind the spoilage date.

Old programmers never die, they just hit account block limit.

Working...