Linked by Thom Holwerda on Thu 5th Nov 2009 17:29 UTC
Computers are taking on ever more important roles in our daily lives. They used to be simple tools to get simple things done - work-related, mostly, maybe a few simple games, and that was it. However, over time, they have become the central hubs for all sorts of data - including precious data. For his Master of Fine Arts thesis project, Zach Gage illustrated just how important our computer data has become.
Thread beginning with comment 393081
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-06
In the cases I have seen reported - the anti-malware vendors had specifically labeled the product as such (giving it a "name" and everything).
Thus, it wasn't necessarily the behavior of the software, but rather someone having reported the behavior of the software to the vendor.
Oh, that makes more sense. I was wondering how this stuff might get on their lists otherwise. I suppose one would expect that the vendors in question would apply a certain amount of vetting to the stuff submitted - but if they take a "better safe than sorry" approach to categorising an apparently suspicious program they haven't seen before, I suppose that makes some sense.
"I must admit that my first (naive, I hope!!!) impulse was to think that, perhaps, some script kiddies try to improve their scores in distributed computation competitions by trojanning their clients onto others' machines. I can just about imagine this being done but it's not something I've thought about before. Have you ever known this happen?
Oh indeed. In fact, there have been known-reported trojans out there whose sole purpose was to install a distributed computing app in a hidden location and start it running. In those cases, the app being dropped by the trojan is not the malware, however, but the trojan itself.
"
Argh! The reason I was hoping that it was naive was that it actually kinda seems like a daft thing to do, given your user ID could potentially identify one (unless you genuinely were doing this out of a twisted kind of altruism, then I assume it would be done to inflate ones personal account stats ...).
Depending on the protocol, maybe they could bounce the results through a proxy to help mask what they're actually doing (giving the impression that they just own a really big machine somewhere, for instance).
Fortunately, in almost all cases where this behavior has been detected, the projects have blacklisted the user and removed all their statistics. Almost every distributed project out there makes a disclaimer that installation of the software on a machine without the owners permission is illegal and subject to fines and or imprisonment (or both).
Good :-) There are worse things, I suppose, for a script kiddie to do but it's best not to encourage them. Risking those penalties just to improve some computation stats does seem like an incredibly silly thing to do but I suppose I shouldn't be surprised that people do it anyhow!
In some cases, I even suspect system admins for corporations likely are finding the software installed by some employee (perhaps who is no longer working there), and probably reports it as malware. Again, this is not a case of the software being malware, but rather an abuse of corporate resources. The same argument could be used if someone was using a corporation's high-end server to compile nightly builds for some large FOSS project - and yet gcc is not malware
Yep. Would be interesting to see if something like build tools (or OpenStreetMap's distributer rendered, Osmarender) have ever actually been added to a malware database.
Whilst the procedures for adding reported malware signatures might be relatively opaque for certain companies (don't know, I've never thought about finding out before!) it could be interesting to compare and contrast what something like ClamAV does - I'd hope they're a bit more transparent, maybe...
Member since:
2006-01-26
Ah, that's an excellent question indeed.
In the cases I have seen reported - the anti-malware vendors had specifically labeled the product as such (giving it a "name" and everything).
Thus, it wasn't necessarily the behavior of the software, but rather someone having reported the behavior of the software to the vendor.
Oh indeed. In fact, there have been known-reported trojans out there whose sole purpose was to install a distributed computing app in a hidden location and start it running. In those cases, the app being dropped by the trojan is not the malware, however, but the trojan itself.
Fortunately, in almost all cases where this behavior has been detected, the projects have blacklisted the user and removed all their statistics. Almost every distributed project out there makes a disclaimer that installation of the software on a machine without the owners permission is illegal and subject to fines and or imprisonment (or both).
In some cases, I even suspect system admins for corporations likely are finding the software installed by some employee (perhaps who is no longer working there), and probably reports it as malware. Again, this is not a case of the software being malware, but rather an abuse of corporate resources. The same argument could be used if someone was using a corporation's high-end server to compile nightly builds for some large FOSS project - and yet gcc is not malware