Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

News: Microsoft spreads virus--by accident
Special to ZDNet News ^ | June 14, 2002, 9:20 AM PT | By Robert Lemos

Posted on 06/14/2002 5:22:49 PM PDT by amigatec

By

Robert Lemos


Special to ZDNet News

June 14, 2002, 9:20 AM PT

Microsoft accidentally sent the virulent Nimda worm to South Korean developers when it distributed Korean-language versions of Visual Studio .Net that carried the virus, the company acknowledged Friday.

Microsoft's flagship developer tools picked up the digital pest when a third-party company translated the program into Korean, said Christopher Flores, lead product manager for Visual Studio .Net. Flores stressed that no other foreign-language versions of the program were found to carry the worm, and he said the worm had not actually executed on any developers' systems.

"There have been no recorded infections," Flores said. In fact, he added, it's almost impossible to get the worm to execute on computers with Visual Studio .Net installed.

The infected file is stored in the same location as the help files, Flores said, but it's a file created by Nimda, so the .Net program's help system doesn't know it's there and will never reference--or open--the file. It's unlikely, then, that Nimda would break loose, Flores said.

And if the worm did execute somehow, he said, it couldn't spread to the developer's system because the virus only runs on systems running Internet Explorer 5.5 and lower, and Visual Studio .Net requires version 6.0 of the browser.

"It's extremely unlikely that a developer would ever accidentally get infected by Nimda," said Flores. "They would have to try hard just to run the worm."

Still, the slip up is yet another stain on Microsoft's reputation as the company works to convince the public and the tech community that its products are secure. In a company-wide memo sent last January, Bill Gates trumpeted a " trustworthy computing initiative," calling on Microsoft's employees to put security above all else.

Nimda started infecting computers last September and quickly became an epidemic. However, since October, incidents of the worm have dropped.

The Redmond, Wash.-based software giant released Visual Studio .Net in February, and the Korean version made it to market some 90 days ago, Flores said.

The Korean version of the developer tools picked up Nimda from the third-party "localization" company Microsoft hired to translate the program's help system into Korean. That company had already been infected by Nimda and spread the virus to the help tools, which gained an extra, infected file.

Flores said that under Microsoft's security policy, the company normally scans every file being transferred to the master of a program. But in this case, the company only analyzed files it expected to find. Since the Nimda-infected file had been added by the worm, the company overlooked it.

"We have been (scanning all files) in every one of our geographies," Flores said. "There was a loophole in our Korean side that caused us to miss files that we didn't expect to be there."

It wasn't until a Microsoft employee was adding the help documentation to the software giant's developer Web site that the worm was found. "We have to go through a conversion process to an online HTML format," said Flores. "During that process we found an extra file hanging around."

Microsoft has notified all its registered Korean customers, and the company posted a patch to its Web site Thursday night. It also plans to send clean copies of the program to every registered customer free of charge and is attempting to contact developers who may have bought the product but not registered it.




TOPICS: Business/Economy; Front Page News; Technical
KEYWORDS: hehehehe; microsoft; nimda; techindex
Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 next last
To: magellan
I would suggest that Windows itself is a computer virus.

That's profound. Call the DOJ.
21 posted on 06/14/2002 6:26:58 PM PDT by Bush2000
[ Post Reply | Private Reply | To 13 | View Replies]

To: Bush2000
And you wonder why Linux is doomed to always live in the server rooms with the geeks. You guys can't even make the mental leap from fear to hate.

Whistlin down the graveyard?

22 posted on 06/14/2002 6:28:44 PM PDT by Stentor
[ Post Reply | Private Reply | To 16 | View Replies]

To: Stentor
Whistlin down the graveyard?

Add 'em to the same list as Palm, Sun, Oracle, Novell, Lotus, IBM, Corel, WordPerfect, OS/2, and Mac...
23 posted on 06/14/2002 6:30:58 PM PDT by Bush2000
[ Post Reply | Private Reply | To 22 | View Replies]

To: Bush2000
Dude, I ain't using Linux. Yet.

'Microsuck' is a put-down on the bug infested software that I am forced by circumstances to use.

Seriously, if there are alternatives to MicroSoft (TM) that have file compatability, I would like to hear about them.

But if all you have to offer is automatic defense of some of the worst software in the world (Microsoft [TM]), well I am not interested.

24 posted on 06/14/2002 6:31:41 PM PDT by LibKill
[ Post Reply | Private Reply | To 20 | View Replies]

To: LibKill
Methinks you are naive and the Linux snake-handlers have sold you a bill of goods. Linux and Mac and Solaris are just as buggy as Windows. http://www.wininformant.com/Articles/Index.cfm?ArticleID=23958.
25 posted on 06/14/2002 6:35:34 PM PDT by Bush2000
[ Post Reply | Private Reply | To 24 | View Replies]

To: amigatec
This really isn't anything new... Apple, Intel, and Novell have all shipped infected products...

Mark

26 posted on 06/14/2002 6:38:47 PM PDT by MarkL
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Linux and Mac and Solaris are just as buggy as Windows.

Sorry, I mistook one of your posts to mean that you were into Linux.

I am not eager to learn another operating system. I have been through too many already since I first took up the challenge and blessing of personal computers 20 years ago.

I know a couple of Linux geeks but it seems very complicated. I can't see where it will benefit me to learn this new system.

Solaris is something that I am blissfully unaware of.

I am familiar with Macs from work. They are OK for the office, but I would not have one in my home.:)

Still, I say that if another manufactorer gave me software (windows based?) that did what I wanted it to do and had MicroSoft(TM) file compatability, I would buy it with my hard earned dollars.

My major gripe with MicroSoft(TM)is the versions of Word after Office 97.

You put a picture and some text here. You do a save and everything is automatically reformatted without so much as a 'by-your-leave-sir'.

Dammit! I am supposed to be the boss, not the software.

27 posted on 06/14/2002 6:46:47 PM PDT by LibKill
[ Post Reply | Private Reply | To 25 | View Replies]

To: MarkL
This really isn't anything new... Apple, Intel, and Novell have all shipped infected products...

True. And it's not the first time for MS either.

28 posted on 06/14/2002 6:50:21 PM PDT by TechJunkYard
[ Post Reply | Private Reply | To 26 | View Replies]

To: LibKill
Still, I say that if another manufactorer gave me software (windows based?) that did what I wanted it to do and had MicroSoft(TM) file compatability, I would buy it with my hard earned dollars.

Ah, Ok. I understand. Have you ever tried Adobe Acrobat?
29 posted on 06/14/2002 6:57:19 PM PDT by Bush2000
[ Post Reply | Private Reply | To 27 | View Replies]

To: Bush2000
This is weaaaaaaaaaaaaak

No..... that is bad quality control. Distributing bad software is not too bad. Every company does it from time to time. Distributing a virus when you're as big as Microsoft is not acceptable. They aren't some small shareware developer, they are one of the richest companies in the world.

30 posted on 06/14/2002 7:21:46 PM PDT by dheretic
[ Post Reply | Private Reply | To 17 | View Replies]

To: Bush2000
Add Microsoft's XBox division to that as well. The XBox hacks can very well spell real trouble for Microsoft. If I buy a XBox and turn it into a DivX player they just lost $100.
31 posted on 06/14/2002 7:24:36 PM PDT by dheretic
[ Post Reply | Private Reply | To 23 | View Replies]

SUPPORT FREE REPUBLIC

Donate Here By Secure Server

Or mail checks to
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794

or you can use

PayPal at Jimrob@psnw.com

Thank you Registered!
STOP BY AND BUMP THE FUNDRAISER THREAD

32 posted on 06/14/2002 7:25:11 PM PDT by Mo1
[ Post Reply | Private Reply | To 31 | View Replies]

To: Bush2000
Why do you insist on trying to prove your points by going to windows-centric websites? That is as pointless as a Socialist pointing to the Communist Manifesto as a good list of reasons why Capitalism ain't all it's cracked up to be.
33 posted on 06/14/2002 7:26:59 PM PDT by dheretic
[ Post Reply | Private Reply | To 25 | View Replies]

To: LibKill
Is there any other supplier that produces good software with Microsuck file compatability

Try a mainstream Linux distribution (RedHat, etc...) then run WINE (Wine Is Not an Emulator) to run Windows in a window :) If windows crashes close the window and restart it. A newer alternative that is comming out is Lindows, a unix distribution that runs almost all windows software. I read about it on slashdot.

34 posted on 06/14/2002 7:27:21 PM PDT by MarshalNey
[ Post Reply | Private Reply | To 7 | View Replies]

To: Bush2000
You guys can't even make the mental leap from fear to hate.

Well, B2K, a true geek (read: true technology enthusiast) is most certainly not a shill.

35 posted on 06/14/2002 7:28:08 PM PDT by rdb3
[ Post Reply | Private Reply | To 16 | View Replies]

To: amigatec
Payback for the World Cup match with Korea???
36 posted on 06/14/2002 7:31:28 PM PDT by texson66
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Linux and Mac and Solaris are just as buggy as Windows.

Well!

If that's the case, Linux must be ahead of the curve (using your logic, of course) since it started in the early '90s. When the MS start? When did Apple begin? Solaris (Sun)?

Again, if "Linux and Mac and Solaris are just as buggy as Windows," Linux wins. The way you frame it, there shouldn't even be a comparison!

37 posted on 06/14/2002 7:35:00 PM PDT by rdb3
[ Post Reply | Private Reply | To 25 | View Replies]

To: dheretic
The article references statistics posted on www.securityfocus.com. And nobody is calling them a shill for MS, either. Don't believe the article: Check out the numbers yourself.
38 posted on 06/14/2002 7:37:03 PM PDT by Bush2000
[ Post Reply | Private Reply | To 33 | View Replies]

To: dheretic
Add Microsoft's XBox division to that as well. The XBox hacks can very well spell real trouble for Microsoft. If I buy a XBox and turn it into a DivX player they just lost $100.

I don't think you quite know what's involved to hack an XBox, dude. You have to remove the case and unsolder/solder components on the motherboard to get it to work. If you think that's a mainstream job for just about any user, you're kidding yourself. It's strictly a geek hobby thing.
39 posted on 06/14/2002 7:39:41 PM PDT by Bush2000
[ Post Reply | Private Reply | To 31 | View Replies]

To: dheretic
No..... that is bad quality control. Distributing bad software is not too bad. Every company does it from time to time. Distributing a virus when you're as big as Microsoft is not acceptable. They aren't some small shareware developer, they are one of the richest companies in the world.

I agree that it is unacceptable. But you will have to admit: It didn't affect anyone; therefore, the practical damage is zero. You're crying over milk that was never spilled.
40 posted on 06/14/2002 7:41:03 PM PDT by Bush2000
[ Post Reply | Private Reply | To 30 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson