Fortunately the users of Slashdot had pretty much the same questions as I did. Mainly “What’s the name of the app? (We want to know, so we can avoid it.)” and “How does it sneak in past Android’s warning system?”

Well, it turns out that the name of the app is not something that figures anywhere — neither in the Kaspersky announcement or in the more specific ReadWriteWeb article. According to the latter the app is not even in the Android Market, and — funniest of all — the trojan only works if you’re on a Russian carrier! So basically, here’s what you have to accidentally do to install this “trojan”:

1. Figure out the name, because Kaspersky seems to not want to tell us.
2. Find the downloadable .apk package somewhere on the web and download it.
3. Configure your phone to allow installation of non-market/untrusted apps.
4. Install the app and ignore the part of the installation process, where the phone actually warns you that this app requires access to services that cost you money. Which is even further specified as: Send SMS messages. Granted, it doesn’t specify if the app will actually make use of it, but it should seem odd to anyone why a media player would need to send out text messages.
5. Move to Russia. (Unless you already live there, in which case you can happily skip this last step.)

So let us draw a parallel to the actual story that spawned the use of the term “trojan” in this modern context. You know, just to put things in perspective. (Bah! Who am I kidding, I just love a ridiculous analogy.)

The Greeks built this huge wooden horse and loaded up 30 men in it because after 10 years of siege of Troy they still couldn’t pwn those Trojan n00bs. Then they put this huge wooden horse somewhere in the woods outside of Troy, but not anywhere obvious because that would be too easy, and the Trojans wouldn’t find it until a couple of years later when some Trojan emo kid and his emo girl friend were hiding in the woods crying and writing poems. Now the Trojans were all pumped up because of this loot and started hauling it back to Troy and someone noticed a sign on the horse saying, “There are some Greek soldiers inside this horse. Maybe they have weapons. And maybe they intend to use them. But who knows? GL HF!” “Fuck it!”, the Trojans said and brought the horse back to town only to get completely Zergling rushed by the Greek soldiers inside who were apparently still in great shape after 2 years inside a wooden horse with only very little to eat and even less to drink and no internets at all! So they killed a brazillion Trojans and then they had pancakes to celebrate and was all like *om-nom-nom-nom-nom*. And they never told anyone — ever! — how they’d passed time waiting for 2 years inside a huge-ass wooden horse.

Now, in this version I would say that the whole Trojan Horse ploy worked, not because of Greek ingenuity and cunning, but because of incredible retardedness on the part of the Trojans. And it does make the Trojan Horse seem like way less of a trojan, doesn’t it? Same thing goes for this “First Android Trojan” — not so sneaky after all, when you have to actually give it permissions to perform it’s trojan-y goodness.

There’s an angle on this story that’s really interesting, because Kaspersky Lab not only announced that they’d found this alleged trojan, they also announced that they’ll be rolling out some security software for the Android platform in early 2011, and what better way to spark interest than to find some obscure proof-of-concept trojan that’s not even active in the wild and hype it as if it’s actually a real threat?

I really, REALLY wish that news agencies and newspapers would do just a little research before posting such sensational stuff, because we’re definitely not going to see a follow-up that clarifies the matter.

They list the steps for a Windows performance boost as follows:

• Update drivers
• Update firmware
• Give Windows less to think about (involving messing with the registry, disabling unnecessary graphic effects, removing unused fonts etc.)
• Overwhelmed by icons? (Involving messing around with msconfig.)
• Malware removal
• Defrag the hard drive

Now consider that updating drivers — and especially firmware — requires very specific knowledge of your hardware, while rummaging around in the registry and msconfig requires a good deal of knowledge about how software works and in some cases knowledge about — or ability to guess — how software vendors may choose to name their executables and the paths at which they might put the executables. Malware removal may have become easier over the years, but to a lot of users the terminology and processes involved seem intimidating, which ultimately stops them from doing it properly; or at all. And finally, defragmentation? Are you fucking kidding me?

Now Linux (let’s just take any Debian based distro for these examples.)

• Updating drivers is handled like all other updates, i.e. unless you’ve specifically disabled the automatic check for updates, you’ll be prompted to install fresh drivers pretty much as soon as they’re available. No manual searching required (unless you have some poorly supported hardware that doesn’t have drivers in any of the available repositories).
• Updating firmware can be a bitch, since most firmware updaters are Win only. On the other hand, I’ve never had to update my firmware from Linux on neither my MacBook nor my ThinkPad, so personally I regard this as a non-issue, but your mileage may vary.
• Cleaning up the registry… What registry?
• Managing applications that auto-start? System > Preferences > Startup Applications — easy and not as potentially dangerous as msconfig!
• Disabling unnecessary visual effects? System > Preferences > Appearance > Visual Effects.
• Malware removal. Not really necessary (for the time being), but under all circumstances no harder than on Windows.
• Defragmentation. No!

So to sum up, all you actively need to do to keep a Debian based Linux box speedy is basically to decide which applications and services you want to start up as you log in. That’s it! (If you’re really picky about getting the most out of your battery, you may want to turn off visual effects while running on battery power; or all together.)

Now I’m left wondering why so many people think that running Linux is for geeks only. To me it seems like running a Windows machine (and keeping it running) requires a good deal of knowledge about your computer’s hardware, it is insanely time-consuming and in general a pain in the ass. (I wouldn’t know for sure since I haven’t done it for several years, but I still help plenty of people with their Windows related problems.) No matter what OS people run, they always tend to have a backup geek they can turn to when things get too complicated — that goes for OS X, Windows and Linux, so why not start relying a little more on your personal Linux geek?

Now, talk about jumping to conclusions — not to mention the wildy exagerated title! I’m willing to bet that MS won’t ship Windows 7 without any means of installing IE8 (e.g. via something like curl or wget — or simly via FTP). I’m pretty sure there’ll be big fat icon in some prominent location saying “Install Internet Explorer”. Besides, it’s not really that hard (for anyone) to open Explorer and type in: ftp://ftp.mozilla.org and navigate to the Firefox EXE and double-click — especially if Mozilla would make a shortcut. (Hint hint!) Alternatively, if MS wants to be really cool, they could offer installation of either of the major browsers when installing Windows 7. I.e. something like: “Thanks for installing Windows 7, which browser(s) would you like to install? IE, Firefox, Opera, Safari or Google Chrome?” Or they could even go as far as saying “Would you prefer MS defaults or non-MS defaults?” Where MS defaults would be IE, Outlook, Windows Media Player etc., and non-MS would be e.g. Firefox + Thunderbird + VLC, Opera + VLC or something completely different. MS already had something like this in XP SP2, where you could select standard setups (either MS or non-MS), which would then affect settings such as the default browser, mail client, media player and IM client. Pretty un-MS-ish and ironically my all-time favorite feature in Windows.

This is typical of Politiken’s  IT section. They always pretend to be seeing stuff from the end-user’s, while apparently being even more clueless than the average (l)user. Or maybe they have ulterior motives. Maybe they don’t like the EU putting up a fight against the MS monopoly and messing with their precious Windows. Either way it’s “journalism” like this, that makes the least technically inclined users stick to Windows XP, 98 or whatever untill someone or something forces them to upgrade.

So will KEEP actually be written from scratch? Or will they simply bundle whatever Open Source software they find into one neat package? The project description doesn’t say anything about it. The first is stupid, because a lot of the Open Source emulators available are of high quality, are quite portable, have been developed for many years now and are still maintained. Some shiny new software is likely to be less stable and compatible, and the project description doesn’t give any promise of the software being maintained in the future. The latter is simply too expensive. €4.02 million for bundling some Open Source software?

Also, while preserving the games is all well and good, there’s more to preserving video game history than just preserving the software. Playing Super Mario Bros. on the Wii with the Wiimote is NOT the same as playing it with the good old, unhandy NES controller (even though the Wiimote is quite unhandy for that purpose).

Unfortunately, Valdi Ivancic (CEO and president of Medison Europe Ltd.) is the kind of man who gets the idea, but doesn’t have any of the resources to pull it off — far from it. In this particular event he did try to pull it off, not knowing that his rather unimpressive past (to say the least) would be researched and analyzed, and all his references — and even his tax records — checked. When people (particularly on the internet) are dealing with a new company selling something that’s almost too good to be true, it’s not unusual to at least do a bit of Googling around on the company history and the history of the CEO. In this case it was the story of some 3, maybe 4, companies who’d never paid their taxes and usually ended up declaring bankruptcy. The company website (medison.se) and the product website (medisoncelebrity.com) weren’t exactly impressive either — they looked like something produced in Frontpage Express and that’s probably me being a bit generous. In general, from the beginning everything looked a bit shady.

However, around 7000 people ordered the laptop through 2CheckOut (though Valdi claimed quite a different figure) and a long waiting ensued. 3 months after the first orders (with a promised delivery time of 4–6 weeks) the laptops had still to be shipped. Finally 2CheckOut lost their patience with Valdi and canceled some orders that had been marked as shipped by Medison, but apparently wasn’t even close to shipping, so 2CheckOut simply canceled the orders and refunded the money. The latest news is that 2CheckOut has suspended Medison’s account, thus Medison is now without a way to accept orders/payments. So is this the end of the story?

Judging from Valdi’s behavior throughout this whole ordeal and the facts that:

• most (all?) of his references on his CV (page 1, page 2) are made up
• he’s applied for Head of Tourism in Blekinge attaching the aforementioned CV
• he ran for Swedish prime minister in 2006

all more or less point toward a person with no real hold in reality, so what should stop him from finding another way to receive orders/payments? He’s already complained that sceptic bloggers (like myself) and media have made it really hard for Medison to keep appearing trustworthy and that the bad press is ruining their relations to and deals with business partners, so I think this would be the time for him — if he has any sense of realism left — to officially announce that Medison is giving up on the whole affair because of the bad press. That way he can walk away from all of this and still convince himself that it was the bad press that killed his project, not poor execution. On the other hand, he’s been really stubborn all along, so he might make one or two last futile attempts at bringing the $150 laptop to the world.

The whole story is actually a lot more complicated and can be followed in greater detail on medisonscam.info (and remember, you can’t send that link via MSN Messenger), I’m just giving a very brief outline in order to get to my point.

As we know, pointing out mistakes when they have been made, is a lot easier than before they’re made, so why not look at what Valdi and Medison could have done to have come off as more trustworthy.

• No one has ever seen a photo of the laptops Valdi claims exist somewhere in Asia. Through the amazing digital technology of our time, Valdi could have someone at the plant take a shot of a couple of laptops — perhaps some packaging too — and email them to him, so he could post them on the website.
• If you really want a laptop to become popular, you need for it to get some attention. Usually this is done by shipping out a few demo models to reviewers in popular computer/tech magazines. The only “demo model” of the Medison Celebrity the world has ever seen, was at a press conference in August where Valdi showed off his Clevo with Czech keyboard, a demonstration model he received from a European Clevo vendor. At least he took the time and effort to remove the Clevo branding and the serial number from it before presenting it to the press.
• Valdi could have been a bit more open about how he was going about producing the laptop and the numbers and figures involved. Lying about the number of unique hits on the website when your web host’s Webalizer statistics shows something completely different and is available to the general public doesn’t really inspire trust. Likewise with the number of sold laptops. Valdi’s roughly 300.000 versus 2CheckOut’s roughly 7000 doesn’t exactly point to a trustworthy CEO.

Now if Valdi was as smart as his CV would have us believe, then he’d have known that when you try to sell something that appears too good to be true on the internet, people will usually assume that it’s not true, so any relatively sane person, would probably see this coming and have some sort of strategy for backing up the claims and proving the existence/legitimacy of the product in question, but Valdi did not. Of course, as with any imaginary product, there’s not a whole lot of options available for proving any actual existence.

All these things aside, I can’t help but think what would have happened if everyone had taken a slightly different approach to the idea of a $150 laptop. In this particular instance of “a $150 laptop” I think the approach (namely scepticism) taken by many, was correct, but had Valdi not been Valdi and Medison not Medison, maybe — just maybe — it could be pulled off.

Let’s, for a moment, assume that a more reputable company, like Acer, IBM or Apple, started pre-selling a $150 (ex. shipping) laptop while stating that they’d need at least, say, 100,000 orders in order to be able to actually produce it without losing any insane amount of money. (Now stay with me, this is purely hypothetical and thought up numbers, I’m merely speculating.) When ordering bulks of 100,000, surely you can get some kind of Good Deal™, especially if your name and reputation is already well-established. Maybe you could make the sales of the $150 laptop go in at just about 0, but make some extra bucks by selling accessories and services, like .Mac, extra batteries, bluetooth adapters, external CD-/DVD-drives, bigger hard drives, extra RAM, additional software etc. According to Valdi, this — and ad revenues — was how it was supposed to work; without the pre-sale threshold though, and I actually don’t think that’s entirely impossible, but I’m just a linguist speculating in a domain that I’m completely unfamiliar with.

I don’t think Valdi ever had the intention of scamming anyone, if he did, why choose a well-known and widely used payment provider like 2CheckOut? (I know, some have speculated that he might have someone from 2CheckOut in on the scam, but I really think that’s over-elaborate speculation and seems to be just that; speculation without any real evidence.) And why choose to appear so much in public (eg. at the press conference) if you know you’re about to become a wanted criminal? Why on earth let everybody know who you are and how you look? If this is a scam, it’s about as poorly executed as is humanly possible. Valdi is not a scammer, he’s a pathological liar — an ambitious one at that, one might say — and possibly one of the worst and unrealistic businessmen to ever walk this earth, and last, but not least, he’s involuntarily become a great entertainer on the Internet. It’s kinda sad to see this whole thing slowly come to an end, and it is coming to an end, unless Valdi by some stroke of genius becomes able to ship around 7000 laptops very soon, since I’ve very much enjoyed following this whole thing, albeit I felt a bit sorry for Valdi at times. But hey, at least he tried. Hopefully someone will see the amount of attention this has drawn and perhaps try to make an actual $150 laptop – or maybe just a $200 laptop. If anyone ever succeeds in doing it (at least in a way similar to what Valdi tried), they ought to give a little credit to the raving mad Swedish “businessman” who couldn’t.

Now, what’s really retarded is that each and every TinyURL still gets through just fine (but probably not for long now) and now Microsoft has to play catch-up to maintain that list of blocked sub-strings. This is really, really stupid, because the poor end-user will never know why their link to http://cutesie.example.com/pics.php isn’t sent — just that it’s not. And most people will probably never see the list and know which words they can’t use, hence confusion. Besides, the fact that Microsoft choose to “solve” problems in this way instead of fixing the vulnerabilities in their software, just makes me wonder how common this practice is to them and how many other problems they’ve “fixed” in a similar manner.

I know it’s just a little thing and that it probably doesn’t really matter, but I do, none the less, think it’s a bit inconsiderate of Politiken.

Update (Sun, Feb. 18, 2007 15:49): As I said in the comments I actually mailed the author to mention it (not to whine or bitch about it) and today she sent me a nice and friendly reply and told me she wasn’t aware and that she’d try to keep such things in mind in the future. Apparently she’d had the same reaction from a lot of other readers. I guess the proper heading for this entry should have been Accidental FUD. Anyhow, it’s nice to know that you’re being taken seriously even though it was really just a silly little thing. :)

Seriously… I’d probably use it a little every now and then if I was able to, but they do not even support Linux! I am actually able to watch the shows with a some human interaction with the sources of the pages that embeds the video stream and a little going through the ASF playlist files manually to copy/paste the actual stream URLs to my media player of choice. I am not sure that my dad would be able to do that though — or for that case, nor would most of my Linux- (and Mac-)using friends.
OK, great, so I am actually able to watch the shows… Good, because their FAQ specifically states, that even if you use Linux or Mac (and are thus (in most cases) unable to watch the programs) you still have to pay. And as far as I know, this also goes for game consoles with internet access and cell phones that are capable of WAP, GPRS etc… I guess, even my Nintendo DS is enough, since I am able to buy a browser for it and use it to access the web. Same goes for all the PSPs out there.

Another problem presents itself…
Until very recently I was on a 256/256 kbps connection and that was definitely not fast enough to even watch the low-quality streams from DR without major hiccups or buffering half the show before pressing start. I would say that a 1 mbps pipe would be the slowest possible, to watch their streams — and the quality would still be questionable at best. (Especially the sound, they are really doing a bad job compressing that.)

To lay down some facts now… I own an old Thinkpad R32 running Debian Linux (unstable) on what is now a 1024/128 kbps[2] connection, I don’t own neither a TV or a radio (and I am getting along just fine, thanks). Until now, I have not been paying the license fees, which is perfectly legal, because I am not able to watch or listen to their programming, nor do I have any desire to. But, from Jan. 1, 2007, where nothing in my life changes — except for the calendar year — I will have to cough up 2000 DKK (~355 USD / ~270 EUR) a year just because I have a computer (and a Nintendo DS) and an internet connection. That is half a month’s income for a student such as me — it doubles the cost of my internet connection!

Now, the question is: is this fair?
I say NO!, not by a long shot! If DR wants people to pay for the content they access over the internet, then they will have to put some access control on their website, which can easily be done[3] — that is the only sensible way to do this; not force everyone with an internet capable device to cough up. This is the government forcing people to pay DR (a public service TV network, for crying out loud!) for having an internet connection!
By this logic, I should start lobbying for the government, so they can make everyone pay for being able to access lillesvin.net. That’s public service too! I’m telling you all the things you didn’t know you wanted to know… And all the things you didn’t know you didn’t care to know.
This reminds me so much about when Jubii.dk (a danish search engine that started out as a ripoff of Yahoo!) started talking about making the ISPs pay for their costumers being able to access the search engine — and take my word for it if you have not tried it out, it is nothing special. In fact, it is quite the opposite. Not surprisingly, that idea did not quite get the support that Jubii.dk had hoped for.

1

This is not to be confused with the likes of the American public access channels. DR actually run some decent programs every now and then.

2

The good people at Tele2 upped my downstream from 256 kbps to 1024 kbps! Wow, that’s a friggin’ 400% increase!!! OMG!!!1 … And, well, they downed my upstream from the lousy 256 kbps to an even lousier 128 kbps… They were even kind enough to give me notice 5 days after… Can they do that?!? I mean, decrease my upstream… I’ve got a server running on this line — 256 kbps was bad enough!

3

Hire me to do it — I would love to!