don’t be stupid

You are currently browsing articles tagged don’t be stupid.

Why I Hate PC World

September 13, 2007 in Uncategorized | 2 comments

Regular readers of this blog will know that I’m not a fan of PC World. In fact, I strongly dislike PC World.

Why, you may ask? Well, here’s why.

  • Whenever you take a PC in to be repaired at PC World, they will invariably dump their purple and orange bloatware on your machine (along with a few adverts) under the pretence of being a ‘performance test application’.
  • As they connect your machine to a different monitor, it occasionally comes out of it thinking it’s got two screens and letting the cursor veer off into non-existence.
  • Contrary to what their advertisements would have you think, 80gB is not ‘massive’ by today’s standards. True, 80gB is a respectable amount, and massive in comparison to the 20gB disks you used to get a few years ago, but massive is more like 500gB (or two such disks in a RAID array, making 1tB). (Oh yes, and don’t forget the fake hard disk capacity counting system.)
  • Don’t be fooled by the Tech Guys service – you’d be much better off asking your technically-minded friend from down the road to do it, as he/she will probably provide a friendly, reliable and informal service, is less likely to patronise you, and will almost definitely do it for a fraction of the price PC World charge (if they ask for a fee at all).
  • They seem to have some kind of vendetta against Linux. They won’t sell any out-of-the-box Linux-compatible WLAN cards, and refuse to repair hardware if Linux is installed on it (presumably because they can’t put their bloatware on it).
  • They still list items on their website that have been discontinued.
  • Their staff feel undervalued – you can just see from their facial expressions when they serve you.
  • The only machines on which Windows isn’t installed are the Macs. But can we not have some kind of option? Can’t we opt out of the Microsoft tax?

Tags: , , , , , ,

Honeypot Experiment #1 – screensavers.com

September 8, 2007 in Uncategorized | No comments

So, the Crashed Pips honeypot set up and ready, the first experiment took place. Using a certain search engine and a known supplier of malware.

Honeypot The honeypot takes forever to boot – virtual machines are generally very slow and resource-intensive on the rest of the system. Windows took around ten minutes to get to a usable desktop.

Honeypot #1 - usable desktop

The usable desktop, before the infectofest started. And now we bring you coverage of experiment #1 – how easy it is for an inexperienced computer user to infect their machine using only Microsoft’s own search engine.

Honeypot #1 - MSN

Alarm bells should immediately start to ring at this point – in this case, an outdated version of Internet Explorer is being used, there is no antivirus software (see the system tray’s Windows Security warning) and the fictional user is now going to look, using Windows Live Search, for a screensaver for his/her new setup.

Honeypot #1 - Search results

The first organic result here is for screensavers.com, which, according to a SiteAdvisor report, is a distributor of adware and spyware.

So, taking the position of the gullible computer user, here’s the download page for the Matrix screensaver.

Honeypot #1 - Download page

‘Virus checked’ and ‘Spyware checked’ are visible below the ‘download’ link. Lies. Lies. Lies. As indicated by the next page:

Honeypot #1 - Starware offer

Uh-oh! Starware is a known spyware distributor, and to an inexperienced computer user this would appear to be quite a good software package. Note that the installer (even without the toolbar) automatically dumps an ‘affiliate shortcut’ on your desktop (essentially an invitation for spam galore).

Honeypot #1 - Install complete

After the install is complete, you are offered these (seemingly good) options.

Not so. The search engine actually uses your searches to create an advertising profile that helps ads to be delivered (outside the browser) that you are more likely to respond to. It isn’t like Google or most other search engines, which use the search data to optimise the searches. These are used to make you easier to sell to.

And this was just the Starware toolbar that was actually installed.

Honeypot #1 - Install really complete

Aha! The screensaver has finally been installed, after a magnitude of bogus free offers and all sorts of other junk. And we’ve now effectively opened up the honeypot to other spyware/adware etc.

Tags: , , , , , ,

The Crashed Pips Honeypot Experiment

September 5, 2007 in Uncategorized | No comments

A honeypot is a computer (or virtual computer) designed to catch all those internet nasties that you’d normally want to avoid – so that people can be educated on what they do and how to avoid them, and to study them and find out which ports they use, what files they’re reading that they shouldn’t be etc.

So, with that settled, I can now announce the Crashed Pips Honeypot Experiment 2007. Over the next 30 days, I shall be making occasional posts updating you on the results of the experiment. I may even prepare a report/conclusion at the end.

What is the machine’s setup?

The machine’s a Virtual PC setup using 128mB of RAM and a 15gB hard disk (more than adequate for this purpose). It will be running an installation of Microsoft Windows XP Professional without any security software installed whatsoever apart from what is built directly into the operating system – in this case, nothing more than a firewall. Windows Update warnings will also be ignored.

How will you hose the machine?

I will visit certain websites, and leave ports open deliberately in an attempt to lure viruses, spyware etc into the honeypot. I also intend to follow spoof virus warnings that lead to spyware, and to install certain software that is known to contain advertising and spyware.

How realistic is this experiment? Could I cite it in a paper?

There is no way that this experiment could be called realistic, because a special effort is being made to infect the machine with as much malware as possible. This will therefore make the test wildly unrealistic and inaccurate. If you’re quoting this in a scientific paper or anything serious, you’re a Cornish sardine.

Tags: , , , , , ,

« Older entries