[LINK] Downloading malware [was: A Definition Of Piracy In The Digital Age]

Rick Welykochy rick at praxis.com.au
Sat Feb 7 09:59:31 AEDT 2009 

Marghanita da Cruz wrote:

>> Almost half of Australians believe it is okay to use pirated software for personal use, and many can’t tell the difference between genuine and illegal software, new research commissioned by Microsoft Australia shows.
>>
> <http://www.crn.com.au/News/95586,aussies-ok-pirated-software-for-personal-use.aspx>

Years ago, long before the acronym "IT" existed, the term for pirated
software was "evaluation copy" ;)

A quote from the article:

    "With security top-of-mind for Australians, it is a worrying statistic
     that almost half of those surveyed wouldn't know how to check if their
     computer software was a genuine copy, thereby exposing themselves to
     the risk of security threats," said Johns.

Utter crap. Security might be top-of-mind (a bizzare turn of phrase) with
IT professionals, but for most Australians, it is a case of "roo in the
headlights" when it comes to computer security, especially home computers.

How often have we on Link discussed the complete lack of interest and skill
on the part of most "lusers" when it comes to protecting the security of their
data and operating system?

As to how to tell if your copy of software is genuine? You can't really. Not
unless you are given a reliable checksum (like an SHA-256 hash) from the
software supplier and then verify your copy. I suppose another clue is
from where you obtained the software.

As we saw today on link, grabbing software from warez sites is fraught with
danger since you have no idea what has been added to your "free copy" of MS
Office or iLife '09.

You must know and trust the web site from where you download. But even that
can be tricky. There have been cases of exploits involving trusted sites
being compromised with malware.

<http://securitywatch.eweek.com/exploits_and_attacks/most_popular_sites_were_hacked_in_08.html>

   "Overall, a thunderous 77 percent of the malware-bearing sites that Websesnse [sic]
    detected in Q3 and Q4 '08 were legitimate properties, and the sheer volume of
    infected sites tracked by the company's labs group increased by 46 percent over
    the course of 2008, compared to the previous year. And it's not like there wasn't
    plenty of this activity going on in 2007!

    This is pretty scary stuff. In the old days, you could fairly confidently assume
    that if you steered clear of mom-and-pop sites, or porn sites, you could likely
    avoid most of the truly bad malware being floated out online. Now we have to assume
    that even the most trusted sites... can't really be trusted."

I doubt even the most seasoned expert would be able to detect that their copy
of VectorDraw-1.0 downloaded from a trusted but compromised legitimate site
has been hacked, cracked and/or trojaned.


cheers
rickw



-- 
_________________________________
Rick Welykochy || Praxis Services

Maybe this world is another planet's Hell.
      -- Aldous Huxley

More information about the Link mailing list