Viral Videos That Really Are Viral

davidwr writes to mention a BBC article looking at booby-trapped Windows codecs. While some codecs required for online videos actually let you watch your content, others are just excuses to infect your system with spyware or adware. As davidwr says: "Now virtual sex can make your computer sick." From the article: "Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip. Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs. Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data. "

Re:serves yah right

[pegr]

I have to agree. This has been going on for quite some time, at least a couple of years. That's why I simply don't use codecs that come from questionable sources. You wouldn't run just any arbitrary program, would you?

But wait, if there's porn involved... :)

Re:One way to know if code is safe to run

[CastrTroy]

Although that's a little bit extreme, you can't possibly read and understand the source code for every single program you run, it makes a lot of sense. If they are willing to put the source code out there, then they are most likely not going to try and fool you. If they do, then you have the evidence of what they are doing. This is why the first place I go to look for software is Sourceforge. Because everything there is open source, I can be pretty sure that there's no adware, spyware, or other malicious things lurking around. Also, it's the best way to get full featured tools without paying anything. Searching for freeware using google or any other means other than sourceforge/freshmeat, means I have to take a lot of care to figure out what's spyware, and what's not, and which ones will expire in 15 days.

Some of us have a life

[everphilski]

Some of us have a wife and kids, a full time job, working on a masters/Ph. D, other commitments outside the daily grind. We don't have time to sit down and scrutinize every bit that enters our computers (I could - I'm a compotent programmer. That's not the point.). If I choose to download something I trust the developer. I have a level enough head on my shoulder to figure out what looks fishy and what doesn't. And if, for some reason, something bad does happen? Takes but 10 minutes to reimage a drive. Big deal.

That being said the primary machine at home for gaming/surfing is a windows box. Between me, my wife and my kids I don't think I've had to reformat it since it was built.

Read the Source code? Are you serious?

[runlevel 5]

Outside of the scope of this article, there are dozens of reasons not to relase your sourcecode, among the most common being the proffit motive. A A lot people look at OSS with are "why by the cow when you get the milk for free" attitude. What about companies that haven't yet copyrighted or patented the algorithims in their software before they go to market? And do you really think companies like Adobe and Autodesk are ashamed of their award winning flagship software packages? Quite honestly, your last argument is utterly rediculous. To bring things a bit closer to home, it's often way simpler, smarter, and faster to distribute codecs in binary form. People just want them to work right away without firing up the windows equivalent of "./configure --with-notrojans". If they have trade-secret compression algorithims, then your company may not want to give them to your competitors. Finally, even if the source code were made public, users have to read thousands of lines of code before knowing if it was "safe" or not. I seriously doubt you'd find any comments that say ""// Computer-destroying virus begins here". And safe is a relative term, because for some machines a segfault is just as bad as a trojan horse.

Re:One way to know if code is safe to run

[MightyYar]

But do you only eat cake baked in your own kitchen? Would you give up a piece of cake that everyone is raving about because the recipe is a secret? What if the baker had a solid reputation and thousands of satisfied customers?

I'm not sure why someone would have higher standards for what they run on their stupid computer than for what they allow into their body.

Re:One way to know if code is safe to run

[ehrichweiss]

"If you want me to run something on MY computer, I have a RIGHT to see the source code."

First things first, it is usually less of THEM wanting something run on your computer and more likely YOU wanting to run it. If it's freeware that scenario is lots more likely since they don't make money for every installation, etc. so they couldn't care less.

Next, you don't have a "right", you have a desire. If they publish the source code then you have the right to view it, otherwise you're SOL. You're likely not a king or otherwise powerful enough person to get such things done so put your words in some perspective.