Star Lose/Lose: Art or a Trojan?
Linked by Thom Holwerda on Thu 5th Nov 2009 17:29 UTC
Bugs & Viruses Computers are taking on ever more important roles in our daily lives. They used to be simple tools to get simple things done - work-related, mostly, maybe a few simple games, and that was it. However, over time, they have become the central hubs for all sorts of data - including precious data. For his Master of Fine Arts thesis project, Zach Gage illustrated just how important our computer data has become.
E-mail Print r 0   · Read More · 28 Comment(s) http://osne.ws/hbf
Thread beginning with comment 393023
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: "Malware"
by umccullough on Thu 5th Nov 2009 19:15 UTC in reply to "RE[2]: "Malware""
umccullough
Member since:
2006-01-26

If software that behaves in a trojan-like way is known to the anti-malware vendors, then I would consider it irresponsible if they didn't add it to their database. Their target audience isn't me, it's more vulnerable users who could benefit from these warnings.


In order to "behave like a trojan" - the software would pretty much have to do something other than what it says it will do. Since it specifies exactly what it will do, I don't consider it to be a "trojan" by the definition.

Dangerous, yes, trojan, no.

It's really no more dangerous than the rm command - it just gives the user a fun, random way to do the same thing that a user can already do on their own.

"Seems like you've possibly fallen into the trap this article was trying to portray... You've put your trust into software written by others to protect your data for you.

If you're not backing it up and taking precautionary measures to prevent data loss, then you're ultimately just wandering around in a dangerous world hoping that everyone is watching out for you.


I think that's quite a lot to infer from what I said! "

I inferred a possibility based on what you claimed should happen with your anti-malware software - nothing more.

There's also a "trap" in assuming that because technically literate users are able to protect their personal machines against such threats that nobody else has a legitimate usecase for anti-malware software.


I never said anti-malware software was useless - but if you rely on it to protect your data, you're doing it wrong. It should be viewed as a time-saving product, not a data-saving product: it can occasionally save you the time of having to restore from backups due to data loss. I believe you alluded to this also in your followup statement (which I didn't quote).

If I were in this position, I'd prefer that the software flag up known applications that look like a game and yet delete files. In this case it is known, so it's been listed as malware and I think that's the sensible precaution for the vendors to take.


Where do you draw the line for "looks like a game"? I've seen some pretty fancy/shiny looking software that has the sole purpose of altering files on your system (possibly destroying them) without backing them up first. Sometimes this software just begs you to click a button and destroy data by making the button so nice and pleasant looking ;)

As it turns out, I've seen software I use daily flagged as "malware" because the vast majority of people don't know how to use it properly, or doesn't understand the consequences of running it. In some cases, this software has been added/removed/added/removed from malware listings repeatedly over several years because the malware software authors can't decide if it's legitimate or not.

In the end, by choosing anti-malware software, you've chosen to let someone else decide what's best for you. You're also relying on them to do it right in the first place, which is no guarantee.

Always backup your important data.

Reply Parent Bookmark Score: 2

RE[4]: "Malware"
by Mark Williamson on Thu 5th Nov 2009 21:15 in reply to "RE[3]: "Malware""
Mark Williamson Member since:
2005-07-06

In order to "behave like a trojan" - the software would pretty much have to do something other than what it says it will do. Since it specifies exactly what it will do, I don't consider it to be a "trojan" by the definition.

Dangerous, yes, trojan, no.


Neither do I - but if it looks like one thing and does another, then that is behaving somewhat like a trojan. It doesn't make it a trojan - trojans are malware and I don't think this is. But its appearance would still seem to be misleading...


It's really no more dangerous than the rm command - it just gives the user a fun, random way to do the same thing that a user can already do on their own.


At least with the rm command you know what you're deleting. Most of the time, depending on how much fun you have with globs!

"
I think that's quite a lot to infer from what I said!


I inferred a possibility based on what you claimed should happen with your anti-malware software - nothing more. "

I don't actually use any anti-malware software, so I don't know what exactly is normally expected behaviour. I was merely pointing out what I saw as a logical inconsistency in the article's suggestion that listing this software as malware is peculiar. I think malware vendors are right to list this, even though I think individual users should take responsibility for their stuff where possible.

<snipped some stuff>


Where do you draw the line for "looks like a game"? I've seen some pretty fancy/shiny looking software that has the sole purpose of altering files on your system (possibly destroying them) without backing them up first. Sometimes this software just begs you to click a button and destroy data by making the button so nice and pleasant looking ;)


That's true :-) I think in this case the difference is (relatively) clearcut in that the software is trying to mimic the appearance and user-facing functionality of space invaders whilst also performing a function that no sane person would expect space invaders to perform.

In this case the software is doing the honourable thing and warning users about what it *really* does, so it's not actually trying to deceive them. But I'm happy to see other tools attempting to protect users from their stupidity / misunderstanding.

I know computer users who I can imagine would think the warning messages were some kind of plot background for the game, or click through without reading them. Do these people deserve to lose data? They'll lose it eventually but I wouldn't want to speed the process for them ;-)


As it turns out, I've seen software I use daily flagged as "malware" because the vast majority of people don't know how to use it properly, or doesn't understand the consequences of running it. In some cases, this software has been added/removed/added/removed from malware listings repeatedly over several years because the malware software authors can't decide if it's legitimate or not.


Not really related but - I had a friend who kept an archive of virus code for educational purposes (and, in his case, it really *was* for educational purposes). Whenever he plugged in the hard drive that contained it, his AV software would go insane and slow down his PC for a considerable length of time, even though they were meant to be there (and weren't being run).

Out of interest, what sorts of things do you find keep going in and out of malware rating? It's certainly something I can imagine happening in the same way I can think of some network admin tools sometimes being "hacker tools". Just curious.


In the end, by choosing anti-malware software, you've chosen to let someone else decide what's best for you. You're also relying on them to do it right in the first place, which is no guarantee.


True. This *is* the case with all software, in a sense - people assume that their operating system will prevent other users bypassing permissions checks, that their word processor will not silently alter their data ... At the end of the day, though, you just can't remove the human element from your computer system and people do have to take responsibility for foul-ups that they let a computer perpetrate.


Always backup your important data.


Amen. (in fact, this discussion reminded me to do another backup for offline storage!)

Reply Parent Bookmark Score: 2

RE[5]: "Malware"
by umccullough on Thu 5th Nov 2009 21:39 in reply to "RE[4]: "Malware""
umccullough Member since:
2006-01-26

Out of interest, what sorts of things do you find keep going in and out of malware rating? It's certainly something I can imagine happening in the same way I can think of some network admin tools sometimes being "hacker tools". Just curious.


Actually, pretty harmless stuff that is generally classified as "distributed computing" software.

Examples include BOINC, distributed.net's dnetc, Seventeen or Bust's sb.exe client, etc.

Being a member of several distributed computing forums and mailing lists (and even committing changes to some of them), I often see people reporting "<some famous company>'s antivirus product has flagged <some app> as malware, how can we get it removed from their list?".

Often times the very purpose of the software is what causes it to be labeled malware, namely: It runs in the background (often as a service, or program that starts up automatically), it eats up CPU resources, it downloads new work, and uploads results to the server, it reports some basic usage info (for statistics purposes).

While these activities don't destroy data, neither does the majority of malware out there. Most of it is classified as malware simply because it's running without the user's knowledge, regardless of what it actually does.

Reply Parent Bookmark Score: 2

Read more of this thread... >