Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Sunday, March 06, 2005

Vitalsecurity under fire..for 65Mb install

It's become clear that people out there are completely missing the point of the 65MB malware install article. In the handful of places that the story has appeared, either vast swathes of readers are losing their glasses at key points of reading, or I'm an idiot who can't type properly. Well, an idiot I may be, but to those who have sent me numerous offensive emails, criticised me for running the story and, shock horror, actually blamed ME for the install, please read the below defence of the story before giving me the hung, drawn and quartered treatment?...

Let's start off with the most obvious point, and its something that seems to keep popping up on both news sites and in the comments below. I'll start with a statement, and take it from there:

THE ARTICLE IS CALLED 65MB MALWARE INSTALL, not 65MB MALWARE BANDWIDTH USAGE.

From the comments on this weblog:

"cmon... the .NET download is barely about 23MB."

".NET is a 23mb download - hardly a threat to anyone's bandwidth limits. Installed its ~65mb, in a world where it's nearly impossible to find and buy a hard driver smaller than 20 *gigabytes*. (Where'd you get that 100mb number?)"

Well, to the first poster - you can't possibly have missed the fact that the article repeatedly states the size of the .NET download at - amazingly enough - 23MB. And I quote:

"The actual size of the .NET framework to download is around 23MB".

To the second poster - wow, I really got you excited, didn't I? I'll address your issues with the article -

1) .NET is a 23mb download - hardly a threat to anyone's bandwidth limits. Installed it's ~65mb, in a world where it's nearly impossible to find and buy a hard drive smaller than 20 *gigabytes*. (Where'd you get that 100mb number?)

Well, at least you agreed on the install size of 65MB. Where did I get the 100MB number for .NET installs? Funnily enough, the Microsoft .NET resource center. Depending on what you want to do with the .NET framework, there are a whole pile of add-ons and additions to the mix. There's the .NET framework, the .NET SDK (which actually weighs in at around 700MB in total) and the .NET Redistributable. And don't forget the Microsoft Bootstrap, which combines both the framework and the application, the 10MB service packs, the separate installers for items such as Java applications....

...which is why I said depending on what version of .NET was installed on your machine, the used disk space would vary. The point is, if they can install the bare minimum on a PC unnanounced, what's to stop someone else installing an even bigger .NET framework onto your machine?

2) The Eric Howes link leads to a big resource page full of ... other links. Maybe you could link directly to whatever the heck you're banging on about?

Yes, that would be because it's Eric's home page. Go back and look at the sentence referencing him - does it indicate that the link is going to do anything other than simply give a courtesy link to his homepage? Nope. If that was the case, the link would have been the words "puzzling over a machine slowly dying a death" and not his name. For such a tinderbox story, am I going to do something so stupid as miss referencing a link that contained more valuable information on the matter at hand? Nope.

3) After re-reading the article I finally realized that all the Eric Howe stuff is a red herring, almost completely irrelevant to your issue.

Really? Well, feel free to ask him at Spywarewarrior.com - you'll notice we're both site admins there. And generally, when two people are administrators of a site, they tend to, y'know, talk about things and stuff. I'd noticed something funny going on with a network, he'd noticed something funny on a machine he was using and we put two and two together.

In addition, if you're trying to make the point that I somehow have no association with Eric, randomly dropping his name into the mix to make me look more authentic, then that kind of makes his contribution to this story somewhat of a black ops escapade, doesn't it? Or maybe his name just fell onto the PDF that covered the technical details. 'Tis truly a mystery.

As for the claims that the amount of bandwidth used up isn't significant - that simply isn't true. Relative to bandwidth with multiple PCs downloading across a network, the impact could indeed be substantial. In addition, there are many capped DSL accounts in developing countries that, compared to Western ones, are absolutely tiny in size. To simply brush off a "small" amount of what is (let's not forget) stolen bandwidth is outrageous and some people need every last drop of their monthly allowance - especially those running anonymous proxy servers (the equivalent of Peek-A-Booty in China), programmers, people wanting to download the latest Linux distros...those wasted units would have been crucial to someone, somewhere. I have an uncapped service, but I still begrudge anyone using up even a tiny portion of it without my consent.

To say no big deal is totally missing the point.

4) how is this security related? So some users downloaded dumb stuff, wasted some bandwidth and a tiny amount of disk space. If you don't know how to lock down your network and your machines properly, you'll always be whining about this.

The network's is IBM, not mine - I had a quick look as a favour to a friend. However...

Your ignorance of the issue at hand is staggering. If you have no issue with the latest Adware and Malware developers choosing to install entire application frameworks to run their "programs" unannounced on an end-user's PC, then I'm not entirely sure what security issues you've been keeping up with these past few years. Apart from the fact that this now potentially paves the way for cracked versions of frameworks being installed on PCs (and the Malware to go with it), it also indicates that the size of random crudware installs is simply going to get bigger and bigger and there's not a damn thing you can do about it. And you probably wouldn't have even known of this download unless I'd posted something about it - so I do the decent thing and inform, and come under fire for it. Go figure.

I even got an email this morning from someone accusing me of being behind the install!

Anyway, must dash - the good news is, the story is slowly starting to spread. I've just discovered it on ZDnet. The bad news is, people are missing the point there too (though it's nice to see people agreeing with me that this is a bad thing on Slashdot!)

posted by paperghost at 8:12 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.