how-to block ads
|
edbott
join:2005-01-02
Scottsdale, AZ
| reply to eburger68
Re: WMP Adware: A Case Study in Deception
I'm not the only one who interpreted the PC World story as meaning that the Windows Media files in question actually contained spyware code.
Techdirt wrote:
Overpeer, a subsidiary of Loudeye, has been caught hiding adware and spyware within Windows Media files. [emphasis in original] Boing Boing, which picked up the story from Techdirt, read it that way too:
According to PCWorld and TechDirt, Windows DRM contains a flaw that allows for attakcers [sic] to create music files that contain trojans that attack your computer when you play them. [emphasis added] My original post was skeptical about both of these reports, which were posted on very high traffic Web sites (Boing Boing is insanely popular, with more than 200,000 unique visitors a day and countless RSS subscribers). It turns out my skepticism was justified.
These "poisoned" files don't contain spyware. Rather, they use a DRM mechanism to open a dialog box that hosts a Web page that can try to fool a user into installing hostile software. That's not good, and the techniques used to push the crapware contained on those Web pages are sleazy. But the files themselves do not contain any hostile code, and the user has to be tricked into cooperating before anything gets installed. That's a far cry from what was in the three original and sensationalist stories.
There are no corrections at any of those three sites, by the way. So what the average user thinks is "the Internet is riddled with WMA files that contain viruses and trojan horses and spyware." Even though that simply isn't true. | |
eburger68
Premium,MVM
join:2001-04-28
| Ed:
You wrote:
said by edbott  :My original post was skeptical about both of these reports, which were posted on very high traffic Web sites (Boing Boing is insanely popular, with more than 200,000 unique visitors a day and countless RSS subscribers). It turns out my skepticism was justified. Fair enough. The Techdirt and Boing-Boing stories were not the best. Indeed, that's the kind of careless/clueless reportage that would have gone on no matter what PC World had written. The real story here is rather involved and difficult to understand, and Techdirt and Boing-Boing predictably made a hash of it. I see that all the time with spyware/adware issues, which are inherently confusing.
The PC World story, on the other hand, was well done for the most part. I just re-read it, and for the complexity of the issues covered, it does a respectable job of conveying the essentials. Here and there I might prefer a slightly different choice of words, but it's pretty close to what we understand now. Certainly nothing in there is outright false.
Just for the record, PC World was the first out with the word on this story. I wrote about it here at DSLR in the other discussion thread on this topic. DSLR/BBR news then picked it up, pointing both to the PC World story and the Security forum discussion thread. Techdirt got it from BBR/DSLR news, and Boing-Boing from Techdirt. In retrospect, it all looks like a high-tech game of "telephone."
Eric L. Howes | |
edbott
join:2005-01-02
Scottsdale, AZ
| >> In retrospect, it all looks like a high-tech game of "telephone." Exactly, and that was my point in my original post. I certainly wasn't trying to "throw cold water" on the story, and please note that as soon as I heard that a sample file existed I contacted you to get a copy so I could do my own tests.
I do wish the larger sites would pick up on the real story, which is important and which people like you and Ben and Andrew and Suzi and me have dug out the hard way. But I guess that isn't sexy enough. | |
|
