Visual Studio .Net: Now with more Viruses 406
News.com breaks the story (and 8000 readers submit) that Microsoft distributed Nimda-infected copies of Visual Studio .Net in Korea. I don't even know what to say here; nothing seems adequate, except to point out that "trustworthy computing" does not seem to have had any effect whatsoever. News.com just updated their story to point out that it probably won't infect the people who installed Visual Studio .Net, but it's still a rather nasty faux pas for a company that's supposed to be cleaning up its act.
So.... (Score:5, Funny)
Re:So.... (Score:2, Funny)
More Chambraigne quotes related to MS products: (Score:2)
Windows user: "Finally, a product for me! I believe every word that man just said, because it's exactly what I wanted to hear."
Linux user: "Man, you've been brainwashed."
News.com: "Microsoft developer tool distributed with viral payload."
BillG: "He's making a mockery of the product! You're making a mockery of the product!"
(Linux user): Noooo!! Can you not comprehend that your ignorance will cause me to explode now? Arrgghhh!!!
BillG: "I AM THE KING!"
What... the... hell.... (Score:2, Interesting)
Seriously, before any of the "OH ITZ M$, THY SUXX!!!1111" posts come out, lets be honest. Any company can make that mistake. It takes a special moron in Quality Assurance to release that one.
I have to ask though... what would YOU do if you were MS in this case?
Re:What... the... hell.... (Score:2)
MS has a very good system of preventing viruses (used to be documented in a knowledge base article until someone realized that article said they used UNIX systems because they were impervious to Windows viruses).
What probably happened is that a system was infected before the help files were compiled, and then once they were compiled (rendering the virus intert) the AV software did not pick it up. Once the masters are checksummed, then no one will notice because the subsequent copies have not been tampered with.
Again, the virus is inert. But this is a HUGE publicity blow to Microsoft, so it is a BIG deal.
Re:What... the... hell.... (Score:3, Funny)
Re:What... the... hell.... (Score:5, Informative)
By the way, this is just another example of a premature attack by OS zealots. Just as the case of the cross-platform virus discussed previously, the Nimda file is installed as part of the help system, but is never loaded by the help system. As the tounge-in-cheek editorial posted by the illustrious Slashdot editors put it, "Only a complete moron would get infected by this virus." So unless someone in Korea is stupid enough to uninstall IE 6.0 (required for .Net to run), install IE 5.5, and then load the Nimda file, it is unlikely that they will get infected. For every MS goof, there is an equal goof in the OS community. (But we all know people that point that out get modded down....)
Re:What... the... hell.... (Score:2)
I did realize it was a joke. I think, though, that before you make a joke at the expense of an entire culture that is proud, ancient and sensitive, you would do well to know that it has at least the smallest kernel of truth (for example, if you had made a joke about the disks getting copied all over the country, it would have been funny). Also, yes, I did the exact same thing by lumping you with the 31337 skr1p7 k1dd33z that live in their mothers' basements, when in fact I know nothing about you, and yes, I did it on purpose, and yes, I wrote my comment right off the cuff because I was irritated, and yes, the word "moron" was calculated to incite anger, so my comment should be properly be modded as flamebait. Still, though, I think the joke was about as fair and as funny as making a joke about how dispassionate Linux users are about their OS of choice.
Re:What... the... hell.... (Score:2)
Oh. C'MON! (Score:3)
There is no way it can be stated that it's no big deal when this kind of thing happens. Period. The bottom line here is quality. If this kind of thing gets through, what else can get through? What kind of quality controls are really in place?
Whatever controls ARE in place, apparently they aren't effective or aren't being followed...
I really do know a Glen from Canada! (Score:2)
they should sort of borrow oracle's motto. (Score:3, Funny)
or maybe that doesn't quite say it. Hmmm, what am I trying to get at.
"trivially breakable"
It only infects one file that's never referenced by the system, and there are all sorts of unlikelihoods that prevent this from being executed. Still, bad press is bad press.
even better (Score:4, Funny)
"breakable"
or maybe that doesn't quite say it. Hmmm, what am I trying to get at.
"trivially breakable"
In this case, "broken" is what your looking for.
way to go (Score:2, Funny)
Sue 'em (Score:4, Funny)
It's a feature! (Score:3, Funny)
Microsoft should be applauded for this (Score:5, Funny)
None of your shoddy open-source crap here, no sir!
Maybe a re-brand? (Score:5, Funny)
Re:Maybe a re-brand? (Score:2)
http://www.ubersoft.net/d/20020527.html
Bet you can't guess what company is being parodied
Re:Microsoft should be applauded for this (Score:4, Funny)
After all, that would mean that MS would have to distribute the source to VS.NET!
Hey... now there's an idea
virus?? (Score:4, Funny)
A great new marketing line for Microsoft. (Score:4, Funny)
-Restil
Where's the foot? (Score:2)
Re:Where's the foot? (Score:2)
Re:Where's the foot? (Score:3, Funny)
Not entirely Microsoft's fault (Score:5, Insightful)
Re:Not entirely Microsoft's fault (Score:5, Funny)
Re:Not entirely Microsoft's fault (Score:5, Insightful)
Isn't Microsoft entirely in control of selecting the vendor (the translation/locatization company)?
Would Microsoft be liable if the translator had said: Fuck you and You Eat Dog Now in the manual? Of course.
Another silly analogy. My VW beetle was assembled in Mexico. Do you think VW says: "Oh, sorry, those damn mexicans screwed up?" when I have a problem with my car? No. They say: "We're sorry, and we'll fix it right away at no charge".
They don't even mention the outsanding factory workers south of our border. They just take it like men and deal with it responsibly.
That's why I prefer VW service over Microsoft's.
Re:Not entirely Microsoft's fault (Score:5, Insightful)
That's a load of hooey. Microsoft's customers didn't ask them to use a third party to translate the files, nor did they purchase the product from the third party. If Microsoft can't even handle the elementary security step of scanning the product for viruses before putting it on a CD, how do you even know that the mysterious third party isn't replacing important DLLs with DLLs that are functionally equivalent but have a hidden backdoor.
Clearly Microsoft isn't really checking these files. Which means that when Microsoft says "Trustworthy computing" what they are really saying is that you should trust them, and all of their "third party" allies despite the fact that they have a horrific track record.
Trustworthy computing? (Score:2)
Well, at least we can still trust Microsoft on one count...
Only one thing I can say... (Score:4, Funny)
Morons.
Give it a rest (Score:5, Insightful)
Of course, that's a problem with the Linux crowd. Feer of being, and being seen as, professional.
Re:Give it a rest (Score:2)
Oh come on.
Just like deleting the MS viruses in your inbox and ignoring them, you can just as easy ignore these Slashdot topics.
Re:Give it a rest (Score:2)
It's as simple as that. You'd probably be much more upset at us if we didn't all point out up front that we know we're flaming MS.
Sometimes I wonder what MS would have to do to actually lose some market share if the anti-MS crowd wern't so passionate - probably kill a few people in the middle of a crowd, caught on videotape, I'd wager, although I imagine they'd just point out that the guy holding the gun wasn't an employee
Re:Give it a rest (Score:3, Informative)
Go here [slashdot.org]. See the section entitled "Exclude Stories from the Homepage"? Find the box that says "Microsoft" and check it. Scroll all the way to the bottom and click the "Save" button. Walah.
Re:Give it a rest (Score:2)
Re:Give it a rest (Score:2)
Re:Give it a rest (Score:2)
Re:Give it a rest (Score:5, Insightful)
Slashdot is rapidly becoming useless with the constant derision it heaps on Microsoft. Let's have more computer news and stuff about FreeBSD and Linux and less "make fun of" news about Microsoft.
Slashdot is hardly rapidly becoming useless. There is no lack of abundance of news about FreeBSD, Linux, Apache, Space, OS X, Wireless, and just about any other significant I/T and geeky topic.
And while Linux has its problems, and you may not share the editors views about Microsoft, there are two facts about Microsoft that are hard to ignore:
1) They are huge. Absolutely huge. They have a lot of influence in the I/T and software industry.
2) Sometimes their market presence and control gives them reputation beyond what's deserved.
You may not agree with #2, but consider:
I wouldn't claim their technology is useless. It has its high points, a few better than open source alternatives. The problem is that it's all too easy to fall into "They're big, they're #1, so it must be the best" viewing of Microsoft. Most of us who bring up reports like this one do so because we've put up with far too much of that kind of reasoning.
As if Linux doesn't have it's problems. You might end up like Larry Ellison and his ridiculous "Unbreakable" claims.
Of course, that's a problem with the Linux crowd. Feer of being, and being seen as, professional.
Well, that wasn't anything like our petty digs at MS.
Do you mean afraid to make claims like Microsoft's "Trustworthy Computing" initiative and Oracle's "Unbreakable"? I don't see this as a problem in the open source world. OpenBSD is the only distro that comes close to making anything like an unbreakable claim, and it has history to back it up. We speak softly and upload running code. We release timely information about bugs, security holes, and patches. Cover ups are few. That's professional.
Of course, yet again, it's so easy to confuse "big" and "professional".
Re:Give it a rest (Score:2)
No, I don't. Do you? Really?
The Cost of Outsourcing (Score:5, Insightful)
Ultimately it was MS's responsibility to verify they did not shit in their own bed, but how many of us look at every line of code in a distibuted or outsourced project.
Just my $.0199999
Re:The Cost of Outsourcing (Score:3, Insightful)
Do you think they approved the disc without verifying all libraries, resources, etc., were present and properly named? (Okay, this *is* Microsoft but work with me here)
If we can expect them to perform that level of checking, why can't we expect them to run a virus checker at the same time?
Re:The Cost of Outsourcing (Score:2)
Well, we at least install it and see if it works right. We do this on machines that have AV protection.
Bottom line, ther is NO excuse for this type of FU. Whoever is in charge of MS's QA should be fired. Immediately.
Re:The Cost of Outsourcing (Score:2)
Well, you'd think they'd at least compare MD5 sums of the binaries they know didn't change. Besides being easy to do, it's just common sense.
Re:The Cost of Outsourcing (Score:2, Insightful)
Ford Motor Co. ships(ed) thousands of cars that when rear ended with the left turn signal on would explode killing people.
Ford Motor Co. and Firestone shipped thousands of SUVs with faulty tires that would explode at high temperatures and rates of speed.
Funny how these things keep happening over and over again? Nimda isn't going to cost lives is the big difference here.
Outsourced translators (Score:2, Insightful)
Whoo hoo hooo! (Score:2)
That's One Degree of Separation! (tm) (Score:5, Funny)
Leave out the middleman when it comes to distibuting viruses! Give it straight to your customers!
Re:That's One Degree of Separation! (tm) (Score:2)
(Just say the subject and message really fast and it gets funnier, I swear.)
In Other News (Score:4, Funny)
A spokes person from Microsoft was quoted as saying "This is the best chance we have at cleaning up our image."
So.. is it any wonder (Score:2)
Or maybe this is just another sleazy MS retaliation tactic?
The fact that it backfired might just be proof.
Slamming MS (Score:5, Informative)
I'm not trying to defend MS. Just pointing out the facts (or at least how they were stated in the article). On one hand it's kind of funny to read through all the quick one-liner jokes about MS (definitely worth a chuckle) but I think MS isn't quite as bad as they're being made out to be.
By the way, anyone know the company that wrote the nimda infected software?
Re:Slamming MS (Score:5, Informative)
Assuming that by "help files" they mean "VS.Net Documentation" then there are quite a few help files covering everything from JScript, VB, C#, C++, to the Windows Platform API, the C# class library, and more - which means it'd be practically impossible to manage to find the one Nimba file amoungst the croud. However, if they just mean tool help, then that content is a lot more limited, but I somehow doubt that is the case.
I have to wonder how much about that "scan only files that should be there" is really spin doctoring, and if they didn't really scan the disk and are instead coming up with an excuse for having missed the presence of the file.
Anyway, the Slashdot writeup is, as usual, way overblown in its anti-Microsoft slant. If they're going to write tirades about McAfee scaremongering [slashdot.org], then they probably shouldn't do it themselves.
(And, by the way, Michael is the author of both articles...)
Re:Slamming MS (Score:2)
That's exactly what I thought. Who the hell writes scanning software that instead of 'scan *', only scans stuff on a list? The very fact that there ARE extra file(s) should immediately set of warning lights to any validation procedure worth it's salt, unless it's coded by a band of retarded monkeys.
Oh wait, we're talking about Microsoft, nevermind.
Re:So we shouldn't talk about it? (Score:2)
Is it a problem? Yes. Is Microsoft doing something about it? Yes. In fact, Microsoft seems to be going out of their way to ensure that no one is harmed by it - giving clean copies to all the customers they are aware of.
Michael is trying to make the situation seem much more dire than it really is. Yes, Microsoft managed to let a file infected with a virus into a version of one of their most important products. However, that product makes the system it installs on immune to the specific vector of infection that the infected file accidently included with the product.
Just like Michael went after McAfee for claiming that the JPEG virus is a huge concern, he's claiming that the virus Microsoft included is a huge concern. It isn't.
An appropriate headline might be "Korean Visual Studio .Net Ships With Nimba" and then mentioning in the story body that the infected file is not actually used by the system and should theoretically never be run, and even if it is run, can't infect the system with Visual Studio .Net installed anyway. The story body should most likely also mention that the virus was added by a third party contracter.
The headline and story blurb seem to suggest that installing the Korean version of Visual Studio .Net will infect your computer with a virus, and that simply isn't the case. Yes, it still shows sloppy QA, but it can't really cause any actual damage, and that should be mentioned in the story.
Re:Slamming MS (Score:2)
On the contrary, I think this is worse that it's made out to be...
Since we know for a fact that they didn't scan for a virus before burning it to CD and shipping it, why the Hell should we assume they do that for any of their products?
Dinivin
Re:Slamming MS (Score:3, Informative)
Really, it's a close to harmless as you can get, considering the astronomical improbability of someone executing the infected file by accident. Of course, one should never underestimate the ingenuity of fools, so I have no doubt that it will happen.
On the whole, I have to give MS credit for the way they are handling this. They are offering free clean replacements to everyone who has an infected copy, they have a patch out, and they are spreading the news so that people are informed and thus able to fix the problem. I'm a little curious about the "patch", but I suppose it's a more reliable solution than just telling people to delete the file.
Yes, I am pointing and laughing at MS right now, I am typically an MS basher after all, but at the end of the day I have to say that I wish they would deal with more of their problems as honorably as they've dealt with this one. It would have been really easy for them to sweep this under the rug and pretend it never existed.
Re:Slamming MS (Score:4, Insightful)
As for outsourcing, this is absolutely ludicrous that companies neednt take accountability for the actions of their contractors. Thats how all the clothing manufacturers dodged the anti-sweatshop movement. Now Nike/Espirit/Adidas/Gap/Etc doesn't employ the sweatshop workers, they contract them! Brilliant, and insedious. While it may not be fair to compare that to the IT world, it shows the extreme consequences of allowing companies to divest accountability for services and products offered under their brand. If we dont hold MS accountable in the least, wheres the motivation for them to be more careful with their contractor selection skills? They will continue to select contracts based on politics and economics rather than on the quality of the service/product being outsourced.
I realize that its not *entirely* their fault, but it doesn't help with the kind of facade MS puts on. Just like Oracle's "unbreakable" claim, if you want to make claims that simply are not true or that you cant deliver on (I dont care if its your fault or not, you made the claim), you're never *ever* going to get the benifit of the doubt in this kind of situation. If you wanna make claims you cant back up, you dont deserve the benifit of the doubt.
Easter Egg (Score:2)
"It's extremely unlikely that a developer would ever accidentally get infected by Nimda," said Flores. "They would have to try hard just to run the worm."
So I guess its more like an Easter Egg. I hope this isn't World Cup related.
Virus? What virus? (Score:5, Funny)
Mark
Someone had to say it (Score:2)
It's not a bug, it's a feature!
Now instead of working with those pesky Outlook and MS Word middlemen your system comes complete with virii pre-installed!!
Now THAT's customer service. Viri. No waiting. (Score:2)
And if you're a developer you can infect your products right from the delivery platform and onto the CD burner.
No more waiting around until some moron uses Outlook to download one. Even boxes not connected to the net can be infected.
If GM made a car this shoddy, they'd be dead.
Will somebody hurry up and sue M$'s ass off.
Re: (Score:2)
Trustworthy code (Score:2)
-
Just another reason to complain (Score:2, Insightful)
But hey, this is Slashdot. Let's all miss the relevant parts of the article and just bash "M$"! Yay, fun.
Re:Just another reason to complain (Score:5, Insightful)
You are missing the point. The problem isn't really that Microsoft is shipping a virus (although you have to admit that this is pretty darn funny). The problem is that Microsoft is shipping files that they don't know about. This file could have been anything.
Microsoft has set up their business so that their customers have to trust them. There is no way for Microsoft's customers to verify that Microsoft software is safe. Yet time and time again Microsoft has shown that they simply are not particularly trustworthy. It has gotten so bad that it isn't just /. that is laughing at Microsoft. This particular story was published by CNET (which is a very Microsoft-friendly news source).
shipping unknown files... (Score:2)
They could clearly argue that the file was NOT part of their distribution, and therefore the product does not have to have source released under the GPL. But I'll bet until they finally came to that conclusion, there'd be a TON of Brownian motion in Redmond on the part of execs and lawyers.
So before someone actually does this, the need to let the alternative energy people know, so the heat source can be tapped.
Re:Just another reason to complain (Score:2)
Microsoft has set up their business so that their customers have to trust them. There is no way for Microsoft's customers to verify that Microsoft software is safe.
Umm, how about running a virus scanner?
DOJ Take Note (Score:5, Funny)
expecting a virus? (Score:2)
I would think one might look for something that shouldn't be there when trying to detect a virus. I guess MS has some more "advanced" method that I just can't grasp.
Life Imitates Art (Score:5, Funny)
In the list of new features... (Score:3, Funny)
How would you know they'd fixed IE if they didn't distribute a virus that no longer worked?
Cool! Virus Free! (Score:5, Funny)
Now, instead of meaning it ships with no viruses, it means they include them at no extra charge!
It may be fun to bash Microsoft . . . (Score:2, Insightful)
There's many, many other reasons to dislike Microsoft. Taking one out of context only strengthen's Microsoft's hand and makes those who oppose Microsoft look petty.
Absolutely wrong (Score:2)
If GM includes defective 3rd-party gas tanks and brake-pads in their vehicles, will you absolve them from blame? The sad thing was that this wasn't even a very subtle flaw. Microsoft could easily have found it with a slightly more robust virus checking process.
"Trustworthy computing" means that your 3rd party suppliers are going to have to go through the wringer, too. Otherwise the phrase has no meaning, and there's nothing at all wrong with making this point.
..And in other news (Score:2, Funny)
Jabala, who came to America on a work Visa, denies official reports that he deliberately caught the flu to infect persons in the USA whom he would come in contact with.
Jabala is currently being held in a city hospital, under armed guard, until officials can verify any terrorist links.
Perspective (Score:3, Funny)
Trust No One (Score:2, Informative)
Just because MS code and systems are "secure" and "virus-free", as soon as they hand the code off to someone else, the code is only as virus free as their system is.
Nimda-infected Visual Studio .NET (Score:2)
And it will run on any platform too. :)
And in other news . . . (Score:2, Funny)
This was predicted weeks ago (Score:4, Interesting)
Banner Ad (Score:3, Funny)
It's that kind of policy that keeps me reading
Just to be fair... (Score:2, Informative)
Microsoft's agent that put the virus in is the culprit here, and the risk, as news.com pointed out, is low.
Inconsistent or sloppy? (Score:3, Insightful)
So, Microsoft only scans the files they expect to be part of the install but they ship all the files anyway. While there is no way from the outside to prove or disprove this statement, I think it's odd they aren't consistent in which files they choose to scan and which they choose to ship. A decent process would use a consistent way to manage it.
At a minimum, I find this an example of the sloppy techniques I see all over the industry. Of course, sloppiness is one of the reasons that all these viruses keep finding new ways to infect software so I think it's a pretty big slap in the face for MS's Trustworthy Computing program.
Only an utter idiot.... (Score:2)
I'm seeing 40-80 probes daily (heh.. intermixed with 40-80 MS SQL port 1433 probes daily), on my firewall at home on a goddam dialup, fer krissakes...
How the hell can *any* company, or *any* subcontractor not be aware of this ongoing problem?
How the hell can any company with any pretensions to "Trustworthy Computing" have let this happen?
Make no mistake (Micro$oft apologists notwithstanding): there is absolutely no excuse for this unparalleled screw-up.
Do these people really think they are so all-powerful as to be immune to this sort of thing, or do they think they are so all-powerful that they just don't need to care?
t_t_b
What was it AdTI was saying? (Score:2, Interesting)
They always screw up (Score:3, Interesting)
At last... (Score:4, Funny)
Re:Perhaps not accidently (Score:2, Funny)
Re:Perhaps not accidently (Score:2)
Well that depends. Since MS is the one taking us for a ride, it depends on where we want to go today.
Re:technically, it's not a virus (Score:2)
Yeah it does. When you buy windows, you start emailing files to world+dog (colleagues) as microsoft word files, so for them to work at the same office as you, they all need to install windows too.
And once your whole office is publishing IE-only websites with Powerpoint presentations on them, then anyone who wants to do business with you has to install windows too. The virus is already starting to spread.
Eventually it reaches a government department, and they make laws saying all tax-filings need to be done electronically, then write a website that only reads MS digital cerificates. Then anyone who has to pay tax (i.e. everyone except the queen) needs to install Windows.
Course it's a virus. Just because it relies on stupidity to spread doesn't mitigate anything -- loads of 'real' virii spread that way.
"Warn all your friends - you MUST delete command.com which is a virus"
"Warn all your friends - you MUST send your CV in
Re:Is M$ getting into the AV Software business? (Score:2)
Either that or someone there has been watching too many episodes of 'The Mole".
Re:slashdot morons strike again (Score:2, Insightful)
This significant issue is that they only check the files they *expect* to be in their distribution.
Before you ship code, you had better know *exactly* what you were shipping. What if the 3rd party localizers added a nice trojan program? It's *trivial* to execute code on a remote Windows machine. There are several exploitable holes to accomplish this.
The included virus is trivial. Microsoft's shoddy QA is the problem. Unfortunately, this isn't only a MS issue. It's an industry wide problem.
Re:Accident? Sounds like criminal negligence! (Score:2, Insightful)
It's not that hard to say: scan all, including compressed files.
Re:Accident? Sounds like criminal negligence! (Score:2)
"It's not our fault," claimed Blamer, er, Balmer, "it's the fault of the {temporary worker|sub-contractor|college intern} we hired."
Re:Accident? Sounds like criminal negligence! (Score:2)
It's just extremly funny and mostly harmless this time unfortunatly it's not the first time MS shipped a product with a virus.
Re:This is Obviosly sabotage - (Score:2)
t_t_b
Re:People like viruses (Score:2)
Re: (Score:2)
Re:Interestingly enough: (Score:3, Insightful)
And it is a PR nightmare for MS because a lot of people aren't technical enough to understand what's necessary to become infected. All they hear is "shipped with Nimda" and it's bad news.