Archive for Evil software

Malicious BitTorrent clients

January 21, 2007 at 13:30 pm · Filed under Evil software

Another post stressing the fact that freeware is not free software.

A while ago I warned about Browsezila (a freeware web broser, infected with malware), and now I warn about Bitroll and Torrent101. They are freeware, but, since they are proprietary, and closed source, no-one can read the code behind them. Is this important? Does someone actually read the code of free software programs? Well, it seems it is important, and it seems that free software programs do get read, because I am yet to see these problems in free BitTorrent clients.

Comments

PDF exploits for all readers and platforms?

January 7, 2007 at 20:47 pm · Filed under Evil software

I have read in Kriptopolis some posts about new PDF exploits (in Spanish). The articles say that web broser PDF plugins are vulnerable, dedicated PDF readers are also vulnerable, and new exploits may be created. The Kriptopolis site keeps on talking about new vulnerabilities in PDF documents, and how they affect all platforms. Do they?

If you go to the SecurityFocus site, where they cover the new, you can download an example PDF, that exploits this vulnerability. If you open it with any (vulnerable) PDF reader, the program will freeze, and the CPU usage will go over the roof.

Well, bold as I am, I did the test. I opened it with Acroread 7.0 for GNU/Linux and… it froze, and… the CPU usage hit the roof. I could not Ctrl-C the beast, and a kill would not kill it. Fortunately, a kill -9 did the job :^(

Now, I tried Evince:


Heracles[~/Downloads]: evince MOAB-06-01-2007.pdf
Error (3659): Illegal character ')'
Error (0): PDF file is damaged - attempting to reconstruct xref table...
Segmentation fault

and Xpdf:


Heracles[~/Downloads]: xpdf MOAB-06-01-2007.pdf
Error (3659): Illegal character ')'
Error (0): PDF file is damaged - attempting to reconstruct xref table...
Segmentation fault

Ta-chan!! Yes, they crash, but refusing to open the damned thing! They both complain, and don’t fall for it.

Perhaps it’s worth reminding the reader that Evince and Xpdf are free software, whereas Acroread is not. Acroread is merely free of charge, but not free as in freedom.

Comments

Txema’s SCF recipe for Gaussian

October 11, 2006 at 8:17 am · Filed under Evil software

According to an e-mail by Txema, if you have a Gaussian job whose SCF does not converge, you can try the following:

scf(noincfock,conver=6,maxcyc=2025) iop(5/22=20)

Explanation:

  • NoIncFock: Prevents use of Incremental Fock formation
  • Conver=6: Request a mere 10-6 convergence criterion (whereas the default is 10-9, I believe).
  • iop(5/22=20): Use DIIS extrapolation, with energy-based mixing. OK, OK, I have no idea what this means, and I use it out of superstition… yeah, sue me.

Other keywords with (in)direct impact on convergence: QC, VShift, FullLinear.

Comments

Gaussian shared memory

October 9, 2006 at 16:42 pm · Filed under Evil software

If you are running Gaussian in shared memory mode (in parallel in a multi-CPU computer, for example), you might get the following error (last line of output file):

shmget failed

It means that it was not possible to get the amount of shared memory required by the input. This can mean that the computer does not have so much physical RAM, but usually it is just a somewhat silly system setting.

Check the file /proc/sys/kernel/shmmax. Inside it there should be a single number, namely the amount of permited shared memory use (in bytes). If you need more (in my computer it was like 32MB… puaff), just echo xxx > /proc/sys/kernel/shmmax, where xxx is the desired amount of bytes (e.g. 500000000).

Comments

Symmetry change in Gaussian optimization

July 28, 2006 at 15:22 pm · Filed under Evil software

Ever have a Gaussian job die with this error?:

Omega: Change in point group or standard orientation.

It simply means that up to that point the molecule had a certain symmetry (for example, it was planar), and the last optimization step made it jump to another (usually lower) symmetry (for example, bend out of the plane). This is regarded as an error by Gaussian, and thus it aborts the job.

However, sometimes we are not interested in mantaining the symmetry, maybe even the high symmetry of the input was just a coincidence! One way or another, we might be interesting in having this job go on even if the symmetry changes. To do so, we just need to include the following IOp in the input file:

IOp(2/16=1)

Comments

Browsezilla: when freeware comes at a price

June 26, 2006 at 14:53 pm · Filed under Evil software

Just a week after Stallman’s talk, I read at Kriptopolis (Spanish) about a (alleged) malware piece, hidden into some freeware by the name Browsezilla. This is a perfect example of something free of cost not being half as good as a free/libre thing. This Browsezilla might be zero-cost to the user (freeware), but a piece of shit all the same, which stresses the fact that it is the FREEDOM of the Free Software that makes it great, not the PRICE.

It seems that the computer security company Panda Software warned about the freeware internet browser Browsezilla “visiting” porn sites in the background, fact unknown to the unsuspecting user. Its aim would be to increase the number of hits for those pages (and thus have them obtain higher revenues from advertising).

The lame idiots at browsezilla.org seem to be defending themselves, in such a bad english that makes it hard to take them seriously.

Now, both sides can be flaming each other until the end of times. Maybe in this case the issue is clear. Panda is not expected to spread FUD for the sake of it, whereas Browsezilla’s credibility is thin at best. However, imagine a security company not being completely honest, a freeware producer being apparently serious, and a bug/malware being veeery subtle to spot… endless debate, never fully establishing the complete truth.

On the other hand, were this Browsezilla free software, inspection of the code would settle the matter within minutes.

Stuff malware, stuff freeware, and stuff all non-free software.

Comments

Mathematica fonts error

June 20, 2006 at 9:50 am · Filed under Evil software

I reproduce here a new entry in the (pompously self named) GNU/Linux Troubleshooting subsection of the Linux Stuff section of my Home Page. The original entry can be directly accessed here.

Problem

I don’t have Mathematica installed on my PC, but I execute it remotely at a computer that does have it. However, I have found the following error when executing mathematica remotely:

xset:  bad font path element (#77), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax
xset:  bad font path element (#77), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax

It means that I don’t have some fonts installed in my computer, so I googled for the string ‘”Directory missing fonts.dir” mathematica’, and found this Wolfram Inc. support page. Read it, but don’t follow its instructions literally. Instead, do the following:

Solution

Download the corresponding tar.gz here (for GNU/Linux), which is the place referred to in the support link above, and untar it anywere. It contains a directory called Fonts/, which in turn contains AFM/, BDF/ and Type1/. You have to su to root and create the directory /usr/lib/X11/fonts/Mathematica/, and place the directories AFM/, BDF/ and Type1/ there. Actually, only BDF/ seemed necessary for me.

Next, the support page I mention above says you have to execute:

% xset fp+ /usr/lib/X11/fonts/Mathematica/Type1

and

% xset fp+ /usr/lib/X11/fonts/Mathematica/BDF

However, the first one (Type1), will faill again with the same message that caused all this trouble in the first place:

xset:  bad font path element (#77), possible causes are:
    Directory does not exist or has wrong permissions
    Directory missing fonts.dir
    Incorrect font server address or syntax

You will be at a loss, but don’t despair: actually only the latter (BDF) is needed, and it won’t give you any error. After that, the remote execution of Mathematica should work fine.

Comments (2)

Window Vista: reinventing the wheel

June 1, 2006 at 10:15 am · Filed under Evil software

[Last reviewed 12-Feb-2007]

I have read at menéame (Spanish) about a Windows Vista review, and I have decided to comment about it here. The original review (in English) here.

The first thing one notices is the blatant copy of many MacOS (as usual) and FLOSS project (Linux and Firefox) features.

1) The Aero User Interface allows for window transparency. Wow, I’d be hard pressed to name a Linux desktop environment that couldn’t do it long ago.

2) You can Alt-Tab (Win-Tab, really) between open windows, having them appear in 3D. This is nice, but similar effects are obtained with 3D-desktop for Linux (only for desktop switching, not window switching), and now with XGL, which I expect to be fully functional much sooner than the Vista release date (mark my words).

3) The desktop supports applets, that, in the long standing Microsoft custom of reinventing the wheel, and then renaming it to pretend it’s something new, they call “Gadgets”. Such gadgets would be things like calendars, weather forecast indicators, clocks… Such things have been long present in Linux with SuperKaramba, gDesklets, and adesklets.

4) IE7 can now read RSS, and supports tabbed browsing. Again, Firefox supported it long ago.

5) IE7 now supports international URLs, such as www.müller.de. Firefox, of course, already supports them. Moreover, the URL display is not correct in IE7, whereas it is in Firefox (see images below):

ie7

Figure 1: Internet Explorer 7

ff15

Figure 2: Firefox 1.5.0.3

6) IE7 is said to come with anti-phising settings. Firefox already had extension for that, namely Google safebrowsing, Personal Anti-Phising Sidebar, FirePhish Anti-Phishing Extension or TrustWatch Search Extension by GeoTrust.

7) IE7 has a “MSN search” box next to the URL box (IE6 has it too?), but now it permits to add other search engines. Firefox has had it for ages:

ie7

Figure 3: Internet Explorer 7

ff15
Figure 4: Firefox 1.5.0.3

8 ) IPv6 support, I think was present at XP (through obscure commands), now is properly handled. How long has this been correctly handled under Linux?

9) UAC (User Account Control). A garbage far inferior to the user management in UNIX-like systems (I added the boldface bits):

A new User Account Control (UAC) function enables those whose accounts possess administrator-level privileges (or who log on using the Administrator account) to perform actions unavailable to other types of user accounts [it always was like that for UNIX]. Those who lack such rights will be informed that they lack the privileges necessary to run the program [it always was like that for UNIX], and that they should execute it under a different account instead. This doesn’t mean logging out and then logging back in is strictly necessary [it never was in UNIX. su to different user, then exit.], though, because those who have access to privileged account information can always use the “runas” [another MS reinventing and renaming, now for sudo] command to access more privileged credentials.

The guiding idea behind this technique is called the “principle of least privilege” [used in UNIX since the down of times]. Under this doctrine, users who normally work on a Windows machine should log in using ordinary user accounts, so that if they contract a virus or other malware, that unwanted software is a lot less able to do serious damage than if they routinely log in using administrative privileges. But Microsoft hasn’t taken this principle entirely to heart, either. The first user defined during installation is automatically granted administrative privileges. Worse yet, the reserved account named Administrator is not required to have a password to log into the machine!

Moreover, unless under Windows, in UNIX-like systems different users have different privileges regarding reading, writing and executing not only root’s (again, MS renames to “Administrator”) files, but also each other’s files. Maybe I can read some or your files, but not write to them, maybe you can let me write to some of your files, maybe I let you see what’s inside one of my dirs, and open (but not modify) some files in it, and not even open some others.

10) Windows Updates has been improved, but still I can’t see anything that Debian APT, SUSE YaST or RedHat RPM can not do. I can’t see, either, some things that APT, YaST and RPM can do. I don’t know if Window Updates has those capabilities, the review just doesn’t mention them.

11) At startup, it checks whether hard disk defragmentation is necessary. What kind of shitty filesystem needs defragmentation nowadays! Journaled filesystems such as ReiserFS and others certainly don’t!.

12) I quote: “Some things never go away: even for Windows Vista, installing some new system components still requires a reboot.” This is really garbage. In Linux only a kernel reinstall forces a reboot (you can choose not to reboot, just the new kernel won’t be active until you reboot).

13) The review spends 7 of its 40 pages commenting games included with Windows Vista (such as Minesweeper or Solitaire, but also a 3D chess game and some others). While critics for that excess should go to the reviewer, not MS, it is still true that with a long overdue OS, any delay that the polishing of the games could have caused would be criminal.

14) I read in the #218 issue of Computer Hoy (Spanish computer magazine), that the Windows Search utility in Windows Vista has been highly optimized. Basically, so far Search looked up the actual filesystem when looking for some file, whereas now it makes use of periodically renewed indexed lists, that say what is where, so the lookup is much faster. While this is a vast improvement, the Unix/Linux users must be far from impressed. The wheel that Microsoft smartasses reinvented here is the GNU locate, an oooold friend of GNU/Linux users. What the Windows Search did, was similar to the alternative program find.

All in all, I would say that they have spent a few years since Windows XP just polishing the look of Vista, and trying to copy what the FLOSS movement has been innovating. To me, an OS should be completely independent of the look of the desktop, or the games it includes, or how utility applications work. But, well, maybe it’s just me.

Read also: 20 things you won’t like about Window Vista.

Comments

Windows sucks… batteries

May 18, 2006 at 12:10 pm · Filed under Evil software

I read (via Kriptópolis) that Microsoft has partially corrected a bug that caused the batteries of some laptops to run out too fast. However, if we are to believe the source of the new (The Register), MS only fixed one of the three causes of power drain.

Only MS could make an OS that affected hardware adversely… Sad.

Comments

Rootkits and FLOSS

April 19, 2006 at 8:48 am · Filed under Evil software

Amazing the human boldness is. Truly amazing.

The McAfee anti-virus company Senior Vice President of Global Threats at McAfee, Stuart McClure (the more impressive a title, the less impressive the job) poured a bit of poison through his mouth, and ascribed the increase of rootkit attacks (into Windows systems, I suppose. But remember there are Linux rootkits. Linux is immune to virus, not to other attacks, including rootkits, intrusion via weak passwords, DoS attacks, annoying pop-ups and java scripts in web pages, etc.) to the Open Software movement (article at NetworkWorld.com here).

Now, this comes from a company that failed to properly handle the Sony rootkit threat, even though they had many customers calling for help. Mmmm, I see, rootkits are only a menace if they don’t come from huge corporations eager to squeeze our money out of us.

The link this cretin uses to blame the FLOSS movement is twofold: the first one is a post hoc, ergo propter hoc (sorry, I’m a pedant bastard). He implies that both FLOSS and rootkits are rising, and thus the latter is caused by the former. In related news, he also [could have] said that the global warming is caused by the decrease in the number of pirates, because there is a definite correlation between the two over the last 200 years (see it here).

His second link from rootkits to FLOSS is the web page rootkit.com. This web page is allegedly malicious, and helps people (crackers) create baneful (sorry, I woke up with a Merriam-Webster mood today) malware (as the page name, ehem, implies).

Now, I have a couple of objections to that reasoning. The first, and most obvious one, is that one can not blame the whole FLOSS community for some rogue members. The second is that… are those guys at rootkit.com rogue at all?

I did visit the web page, and the first article one stumbles upon right now is:

Ad-Aware is a poorly written anti-spyware program from Lavasoft. Running it gives you a false sense of safeness. There can be done numerous attacks against this software. I’ll show some of the problems and attacks in this write-up. Here’s just a summary of the most visible problems I’ve run into.
[…]

So, on one hand, it seems to be (and is) giving info to exploit holes in that program, but, most importantly it is pointing out those holes, PUBLICLY. If those dummies at Lavasoft cared about their clients and the quality of their product, they’d only need to read rootkit.com to find out what errors it has, and presumably hints on how to fix them.

One can only wonder how a publicly announced exploit can be of malicious use at all. Indeed, if the rootkit the cracker creates is Open Source, it becomes trivial to eradicate it. The rootkits that actually scare me are the ones that don’t get announced!

Remember that security through obscurity is a Bad Thing(TM). The security problem of the example above (Ad-Aware) is to be found in its bugs, not in the airing of them. The publification is a way to solution.

As Linus Torvalds says: “many eyes make all bugs shallow”.

Comments

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »