How Asus Recovery Disks Ended Up Carrying Software Cracks 241
Anthony_Cargile writes "We all now know about Asus shipping illegal software cracks and confidential documents/source code on their recovery DVD (and in the system root), but this article tells exactly how it happened. It's even more careless than you think, and most likely an accident."
This doesn't explain everything (Score:5, Insightful)
I can how an internal ASUS USB flash disk with an unattend.xml file on it, might get used to move documents around, and then also get used to install windows.
That might explain how certain documents got put on a lot of harddrives inside ASUS.
It doesn't explain how that directly ended up being part of what they made an ISO out of, and how no one apparently did quality control and checked every single file on a CD before it was replicated and sent out to the world.
Crack vs. Foss (Score:5, Insightful)
"c:\Windows\ConfigSetRoot\ contained a software crack for the WinRar program...
So apparently an Asus employee happened to have a personal flash drive, and stored his resume (presumeably, conspiracy theorists may disagree) as well as a few harmless keygens and serials on it.."
It amazes me that this employee chose illegal means of getting an archiving program instead of using a FOSS solution such as 7-zip ( http://www.7-zip.org/).
I know some companies have protocols for handling FOSS software, but this should have never have happened if the employee had just turned to his company's legal department for obtaining software licenses.
Re:This doesn't explain everything (Score:5, Insightful)
First rule of internal company dynamics: they are not nearly as well staffed, as organized, as thorough, or as competent as you think they are. They are in all probability just as quick and careless as you would be doing the same thing.
Re:This doesn't explain everything (Score:2, Insightful)
If it's Asus confidential crap or someone's personal CV then they should obviously be removed.
Re:This doesn't explain everything (Score:5, Insightful)
When was the last time that anyone checked every file on a CD when it's say, a windows restore? Yeah. Nice job dipshit. Think before you talk. What human actually knows every file that's supposed to be on there?
diff -r, dipshit.
If doing this kind of quality control doesn't seem trivial and normal to you, then congrats; you don't work in the IT field.
Could have been me (Score:5, Insightful)
I am completely unsurprised. When I heard about it I thought, "Oh, some jackball inadvertently copied his personal files via some install script. That's pretty funny."
I personally have the exact same stuff on my thumb drive - my resume and some cracking tools. As we all know, nobody tests their own work. That's why testers have jobs.
So he screwed up - at least he has a good story to tell!
Re:This doesn't explain everything (Score:4, Insightful)
"When was the last time that anyone checked every file on a CD when it's say, a windows restore? Yeah. Nice job dipshit. Think before you talk. What human actually knows every file that's supposed to be on there?"
How else do you think this stuff could have been found? Magic?
I dunno... maybe the guy responsible for figuring out what the hell is supposed to go on there in the first place would know. Last I checked, Microsoft only hired humans for work outside of the legal department. More importantly, nobody would need to know off the top of their head, since they could just check against a list... or even better they could write a short script to do it for them.
Re:Crack vs. Foss (Score:2, Insightful)
And yet your idiot rambling is being distributed and viewed globally with FOSS.
I'm willing to bet that, in general, the quality of free software is is much higher than propietary software.
The reason crappy proprietary software seems rare is that it sinks to the bottom of the barrel faster than crappy free software, as it should.
Re:This doesn't explain everything (Score:5, Insightful)
Sloppy work at the best - a simple engineering problem to solve, takes 2 minutes to run after the ISO is cut. My QA lead would laugh hysterically at me if I tried to pull a stunt link this on her. Easy to verify final ship products
Carelessness (Score:1, Insightful)
"It's even more careless than you think, and most likely an accident."
Not really. While the details are interesting, this is about the level of carelessness I expected.
Software cracks and other personal files somehow made it into the master ISO, and nobody caught it. We knew that already, and that fact alone implies massive carelessness by several individuals. TFA just shows the path that carelessness took.
And of course this is an accident. Unless you think Asus decided to go into the software crack business, what the hell else would it be? Someone screwed up.
I'm all for rhetoric and such, but come on--in a 2 sentence OP, 1 of those sentences shouldn't be throwaway.
Re:Could have been me (Score:2, Insightful)
As we all know, nobody tests their own work.
Speak for yourself.
I always get keygens for software I buy (Score:4, Insightful)
I always get keygens and cracks for software I buy as a safety measure, and test them in a virtual machine to make sure they work. With all the phone home activation that software does these days I don't want to have to call a vendor and beg for access to to software I've already paid for when Windows takes a nose dive. What if the vendor doesn't support that version any more and doesn't want to give me a new activation key? What if the vendor is bought or goes out of business? If I reach that point I can at least use the keygen or crack to protect my investment.
I can't fault anyone for having keygens for their apps.
Re:Crack vs. Foss (Score:2, Insightful)
WinRAR is $30, for something that inexpensive I'd send an email to whoever handles purchasing requesting the software and reminding them that if I have to come explain to them why I need it, the waste of both our time will cost the company more than just buying the program in the first place.
It's always worked for me, your mileage may vary.
Re:This doesn't explain everything (Score:3, Insightful)
I think the point is that Asus *was* sloppy about it, and they just happened to get away with it until now. That's the nature of sloppy work -- if it's too sloppy, you don't get away with it, so you improve the quality until you generally can get away with it. Doesn't need to be 100% -- just most of the time.
I'll bet they don't make the same mistake again. (Though of course, they may make similar makes, or may create procedures to help prevent them too. We shall see.)
There is a simpler, safer solution. (Score:4, Insightful)
I have one key that is over 10 years old, that was updated by the company from an 8 digit code to a more secure 6-groups-of-5-alphanumeric code that still works.
Never needed a crack, and the key takes up a lot less space. Plus it I know it isn't a trojan program or a virus.
Comment removed (Score:3, Insightful)
Re:This doesn't explain everything (Score:4, Insightful)
well, if they have a clean copy to compare with diff, then why wouldn't they have just used that disc image for the shipped discs?
obviously more stringent quality control is needed here, but i don't think running a simple diff command is the solution.
Re:There is a simpler, safer solution. (Score:5, Insightful)
Re:TFA (Score:2, Insightful)
I thought it would be "Don't buy Asus machines." It isn't hard to imagine a vendor doing something similar to this for Linux installations.
Re:Could have been me (Score:5, Insightful)
As we all know, nobody tests their own work.
Speak for yourself.
I don't know anyone that tests their work as thoroughly as the next person to find a mistake in it.
Re:TFA (Score:5, Insightful)
Great, then the mac or linux files would have been copied from the usb stick to the windows install directory. Reduces the chances of cracks appearing, but does nothing for the documents.
Re:TFA (Score:5, Insightful)
That sounds like the dumbest choice. The only negative effect an Asus client could have is if the USB flash drive contained malware of some description.
Condemning the whole company because of one employees ignorance of MS's stupid xml magic really is cutting your nose to spite your face.
Asus products have always been good to me.
Re:So the guy who goofed, is he BLACK? (Score:2, Insightful)
Re:So the guy who goofed, is he BLACK? (Score:2, Insightful)
Re:This doesn't explain everything (Score:1, Insightful)
Why not just give out copies of the installed software on their PROPER install media? Not too long ago when you bought a new computer you didn't get a crappy "restore disk" that became useless by a simple hardware change. You had the option to NOT install the crappy bloatware that came bundled with the machine. You could change your harddrive without jumping through hoops. It is sheer laziness and greed that came up with those silly things.
Re:I'm curious about that anti DR-DOS document (Score:1, Insightful)
Blaming Microsoft for the death of Amiga makes you sound like a rabid Amiga fanboy. I'm guessing you hail from the western side of the pond, and thus only experienced the Amiga popularity secondhand. (And also - kept the flag flying long after the masses over in Europe had abandoned Amiga)
By the time Gateway got involved with the name 'Amiga' (c. 97), the platform was already dead. Personally, I think Amiga was dead by the time A1200 hit the market ('92) - a successor for the last great home computer (A500) came way too late to keep the masses buying.
Re:This doesn't explain everything (Score:5, Insightful)
At least not any more.
As long as a company's stock price gets rewarded by Wall Street for laying off employees, we're going to see stressed corporations.
Remember that really slow guy in QA who took forever to write his reports, and was getting a little gray, and was making more than a lot of us because he'd been with the company forever? He was the guy who would catch these stupid mistakes.
But he was laid off when we got "lean and mean".
Re:This doesn't explain everything (Score:3, Insightful)
As an employee of an OEM that does these installs all day long, I can say they really messed up.....
Yeah, but I bet you don't work for an asian vendor of cost competitive commodity goods. Sure there are procedures to prevent this, sure they don't cost much to implement, but the culture that enforces the kind of safeguards you mention does actually ingrain cost into the product along with quality.
It's much more cost effective to fire a couple of guys as an example and continue with business as usual, especially when the majority of your customer base doesn't really care.
Re:TFA (Score:4, Insightful)
Because all Linux config files make perfect sense... Seriously though, XML may be verbose, but at least the format is clear. In contrast, ever .conf file has its own peculiar formatting that makes editing an adventure.
Re:So the guy who goofed, is he BLACK? (Score:2, Insightful)
And they don't realize they are discriminating against the free speech of the people that are being "racist".
The problem with racism, is, until every "race" gives up their "identity", we will all be different. Period.
--Toll_Free
Re:TFA (Score:2, Insightful)
But, the problem is, nobody in their right mind (consumers) want to go through all the bullshit of installing linux.
Yeah, I downloaded Ubuntu. Latest and greatest, 4 weeks ago.
Took a week / week and a half for my roommate to get a friggin Broadcom wifi card working. It was done as a test, to see "just how good" the install of the newer distros is. (I run slackware). Yup, install windows, runs fine OOBE. Run Linux, go find some FWCUTTER thing, then have to compile it, then have to get it to work (it never did for him), then figure out where in the OS to install the "flash" files.
Yup, that's an operating system destined for desktops everywhere!
The problem with Microsoft isn't that they make things easy, that's what the world wants. Tech geeks, I'm sorry to say (as one), are NOT the people MOST companies mass market to, they do it to the people NOT classified as nerds or geeks in school because, magically, THEY ARE THE MINORITY.
Anywho, just thought I would set you straight. Having an easy to install O/S isn't the problem. The problem was the asshole at Asus that didn't do his job correctly, was using illegal software cracks (presumably, nobody knows for sure where he lives), and the assholes that where supposed to actually TEST the OOBE (Out Of Box Experience) and the image verifiers should ALL LOSE THEIR JOBS!
--Toll_Free
Re:This doesn't explain everything (Score:3, Insightful)
And keep in mind that if ASUS had been shipping Linux, this mistake would still be possible, if they were setting up their machines using a "kickstart" USB flash disk.
Re:TFA (Score:4, Insightful)
I don't get it. Why is this "XML Magic" bad? That flag is clearly documented. Open source wouldn't have prevented this problem any more than just reading the documentation would have. It's even likely that this person knew about that flag and just forgot about it.
Re:This doesn't explain everything (Score:3, Insightful)
It's because your average grandma doesn't know how to install and configure Windows and any of the software they may want on their computer after a reinstall, and your average software company doesn't want to pay for 4 hours on the phone explaining the process. It takes a lot less time to say, "Insert the disc labelled 'restore', then reboot your computer. Call us back in four hours if it doesn't work." The company pays less, the customer doesn't have to follow difficult (to them) and tedious steps, and it makes reinstalling Windows a breeze. Considering how often this is necessary, I'd say that it's a perfectly reasonable thing for a company to do to make it as easy as possible.