Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Creative Zens Ship with Worms

Posted by ScuttleMonkey on Tue Aug 30, 2005 05:28 AM
from the egg-on-your-face dept.
Portables Security Worms Hardware
An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Creative Zens Ship with Worms 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Product Liability (Score:5, Interesting)

    by Monte (48723) on Tuesday August 30 2005, @05:29AM (#13434298)
    Ouch - that's going to be a black eye. Although it isn't the first case of software shipping with malware, IIRC there was some kid's game on CD that included a Bonus Virus inside.

    Now a comment and a question for the peanut gallery - it's always been a pet peeve of mine that software companies aren't held to any real sort of accountability for shipping product that is clearly flawed. They hide behind the "shrink wrap" license, and (at least IMHO) get away with murder. Imagine if GM or Ford or Daimler-Chrysler put such a waiver of liability on a sticker on the doors of their new cars. The courts would tear them a new one so fast it'd be like lightning.

    The question - what sort of liability does Creative have in this case, and what's fair recompense for shipping a clearly flawed product where said flaw has the possibility of harming the user's computer, data integrity and / or privacy?

    How much is enough? Should Creative be given a hard enough pranging to get the attention of other software manufacturers?

    Personally, I say "Yes". GM spends a hell of a lot of time and energy making sure their brakes work, I'd like to see software companies (and you all know exactly who I've got my sights on here) make sure they ship product that isn't horribly broken right out of the box.

    • Re:Product Liability (Score:5, Insightful)

      by LordSnooty (853791) on Tuesday August 30 2005, @05:37AM (#13434327)
      It's a fair point, but I suppose a key difference is that if the car makers released a defective product, people could die because of it. Having to re-install Windows is a pain, sure, but no-one dies.

      Cue posts about hospitals running Windows... ok, in certain circs there is a valid agrument. I don't think you can stretch it to cover the average Joe. A refund might be nice, though.

      • Re:Product Liability (Score:5, Insightful)

        by FictionPimp (712802) on Tuesday August 30 2005, @07:03AM (#13434698)
        no your looking at it all wrong. When a car is broke, people die. But when a computer is down people lose money. Which one is worse in the corp eye again?

          • Re:Product Liability (Score:4, Interesting)

            by TheViewFromTheGround (607422) on Tuesday August 30 2005, @08:15AM (#13435111) Homepage
            Though very rarely, strange shit like this happens. I had a friend brought home his clothes from the laundromat compressed together in big bags. The clothes (particularly the metal pieces) were hot enough from the drying that they set fire to the bags, which should have burned out but set fire to some paper, which resulted in his apartment slowly catching fire. The resultant fire and (mainly) smoke damage, his lack of insurance, and his slum-lord renter meant his family almost wound up homeless. Shit happens, but weird shit happens, too.

  • I swear I'm not a grammar geek (Score:5, Informative)

    by coshx (687751) on Tuesday August 30 2005, @05:31AM (#13434300)
    but shouldn't it be affected?
    the possibly effected devices means the devices that possibly came into existence because of the worm.
  • iPod and Mac zealots are now going to proclaim that "iPods don't get viruses!" ?

    • Probably... (Score:5, Funny)

      by Knome_fan (898727) on Tuesday August 30 2005, @05:36AM (#13434321)
      because you are desparately trying to start a flamewar?
    • Well this doesn't exactly help Creative Zen being marketed as an "iPod Killer". 3,700 of them. Ouch.

      • Re:Why do I somehow think that.. (Score:5, Informative)

        by Henriok (6762) on Tuesday August 30 2005, @06:06AM (#13434452)

        "Do mac users run virus scanners often?"

        There are quite a lot of Mac users that have anti virus installed. Mostly because they fall for the virus hysteria in the Windows centric press, and thinks that it applies to them too, but also because they don't want to risk sending a virus infected document or mail to a Windows user by mistake. Even if the virus didn't infect the Mac itself.

        "How do they know if they have viruses that aren't commonly known yet?"

        There are exactly zero known viruses for Mac OS X right this minute. If one would emerge it will be commonly known in the Mac community quite fast. It is a closely knit community after all.

        "I keep virus scanner running on my linux machines just in case, and it disinfects few files every now and then."

        Prudent, but it's mostly for the benefit of your Windows friends.

  • Not the first, won't be the last (Score:5, Funny)

    by jarich (733129) on Tuesday August 30 2005, @05:31AM (#13434303) Homepage Journal
    Microsoft did this a few years back if memory serves.

    When you run Windows, you must run anti-virus ~all~ the time!

  • That's why Win32 in a factory is a bad idea (Score:5, Interesting)

    by SysKoll (48967) on Tuesday August 30 2005, @05:37AM (#13434322)
    This is exactly why having windows machines in a production process is a bad idea. You never know when a worm, virus, trojan or other beast is going to interfere with your fabrication, the files or the hard disk imaging.

    IBM is running its new 90-nm microelectronics fab (in Fishkill, NY) entirely on Linux. So if it's feasible for a plant of that complexity, it should be feasible for a small assembly plant such as Zen Creative's.

    • Not just Windows (Score:5, Interesting)

      by RAMMS+EIN (578166) on Tuesday August 30 2005, @06:17AM (#13434502) Homepage Journal
      ``This is exactly why having windows machines in a production process is a bad idea.''

      Although Windows has a deserved reputation for being susceptible to viruses and break-ins, this problem is not unique to Windows. Any software written in unsafe languages (like C and C++) is bound to contain exploitable vulnerabilities. Any system that allows the user to run software that they bring to it is susceptible to trojans.

      AFAIK, no current operating system is both usable and provides adequate protection mechanisms against viruses. A fine-grained permission system might help, though. Allow the MP3 player's software access to your music directory, but nothing else. Allow the word processor access to your documents directory, but nothing else.

      I wrote a utility called chrootexec that allows you to run a program in a chroot jail (it cannot access files outside that directory). It's basically the same as the chroot command, except that you don't need to be root to use it (but it does have to be installed suid root to work).

      However, some programs (file managers come to mind) need access to many directories to be useful. These will still be exploitable.

  • homophones (Score:5, Funny)

    by ajs318 (655362) <sd_resp2@NOSPam.earthshod.co.uk> on Tuesday August 30 2005, @05:38AM (#13434329)
    Scrawny man in PE kit, about to lift a small weight: "Will this affect me?"

    Muscular man, lifting two larger weight with each hand: "Look at the effect it had on me!"

    From a poster in the Remedial Studies unit at my secondary school.

  • They not only didn't virus check... (Score:3, Funny)

    by term8or (576787) on Tuesday August 30 2005, @05:39AM (#13434338)
    These people don't even know how to grammer check their press release...

    It was verified that it is the possibility the extermination possible worm type virus of the risk which is called to the player itself of Creative Zen of the digital audio player who it was produced was shipped from shipment preparation and late July this each time in our company Neeon "W32.Wullik.B@mm" having mixed low.

    OK. The actual problem is probably not serious as far as I can tell, since running the virus software is not automatic on installation (which I bet is done by a super user or admin). But really, this is not professional and someone ought to get the sack. And the person who wrote the press release ought to be retrained as a petrol station attendant.

  • I guess Zen doesn't run Linux (Score:5, Interesting)

    by AndroidCat (229562) on Tuesday August 30 2005, @05:40AM (#13434342) Homepage

    Come to think of it, how does this worm manifest itself on a player device?

    "W32.Wullik.B@mm is a mass-mailing worm that attempts to send itself to all the contacts in the Outlook address book. The worm makes numerous copies of itself in random locations, and moves to a new location when Windows Explorer browses to the folder from which it runs. It can spread to floppy disks and shared network drives under some conditions.
    I doubt it executes on the player itself. Can it infect the PCs that you connect the player to for syncing?

  • Just wondering.... (Score:4, Insightful)

    by someone300 (891284) on Tuesday August 30 2005, @05:40AM (#13434347)
    Is this virus on the software/driver CD or the actual device itself?

    If it's on the device, how is it running on the zen, since I'd imagine the zen doesn't run windows, and how does it get from the zen to the operating system? (Wouldn't a zen be just like a bulk transfer device or something, and require the user to download and run the virus from it?)

  • oopsies (Score:3, Interesting)

    by theheff (894014) on Tuesday August 30 2005, @05:41AM (#13434349) Homepage
    It'll be interesting to see how both the consumer and the company react to this situation and to see how public this could get. If damage is actually done here from the defect, who would be liable? Oh the joys of transitioning into the digital age...

  • In related news... (Score:5, Funny)

    by Anonymous Coward on Tuesday August 30 2005, @05:50AM (#13434384)
    The author of W32.Wullik.B@mm is suing Creative Zen for copyright infringement under the DMCA.

  • The consumers won't be amused.. (Score:4, Insightful)

    by manavendra (688020) on Tuesday August 30 2005, @05:59AM (#13434419) Homepage Journal
    ..for a product vying a piece of personal hdd-based players dominated by iPod, this is bad news.

    Creative may try to position itself as the player with replaceable battery (hence longer life), has few more quirks (such as allowing you to move files across computers, rather than going the iTunes way), however, iPod still remains the benchmark in usability and style (the USP of iPod).

    Till they manage to one-up the market leader with innovative design or something special, such glitches will always render it as also-ran

  • Poorly edited news post (Score:5, Informative)

    by theraccoon (592935) on Tuesday August 30 2005, @06:24AM (#13434525) Journal
    The author of the post and the editor who posted it both failed to mention that this only affects models shipped in Japan. The link to the creative page is a babelfish translated website! Plus, the engadget page says that in order to become infected, you'll need to "go running conspicuous applications found on your device".

    Why does this sound like some Mac/iPod anonymous fanatic kicking dust?

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.