Lillesvin Networks

Danish newspaper Politiken is running a ritzau piece on what’s been dubbed “The First Android Trojan” [da] in its online version. Now, according to this little article Kaspersky Lab has identified a trojan that poses as a media player and then automatically sends out text messages to a specific number at ridiculous charges. The article doesn’t get more specific than that, so I thought Slashdot might know something more. Slashdot weren’t any more specific than ritzau (which makes sense, since ritzau probably ripped the news from Slashdot in the first place) and they just link to an article on ITWire which is exactly as vague and unspecific as all the other articles.

Fortunately the users of Slashdot had pretty much the same questions as I did. Mainly “What’s the name of the app? (We want to know, so we can avoid it.)” and “How does it sneak in past Android’s warning system?”

Well, it turns out that the name of the app is not something that figures anywhere — neither in the Kaspersky announcement or in the more specific ReadWriteWeb article. According to the latter the app is not even in the Android Market, and — funniest of all — the trojan only works if you’re on a Russian carrier! So basically, here’s what you have to accidentally do to install this “trojan”:

1. Figure out the name, because Kaspersky seems to not want to tell us.
2. Find the downloadable .apk package somewhere on the web and download it.
3. Configure your phone to allow installation of non-market/untrusted apps.
4. Install the app and ignore the part of the installation process, where the phone actually warns you that this app requires access to services that cost you money. Which is even further specified as: Send SMS messages. Granted, it doesn’t specify if the app will actually make use of it, but it should seem odd to anyone why a media player would need to send out text messages.
5. Move to Russia. (Unless you already live there, in which case you can happily skip this last step.)

So let us draw a parallel to the actual story that spawned the use of the term “trojan” in this modern context. You know, just to put things in perspective. (Bah! Who am I kidding, I just love a ridiculous analogy.)

The Greeks built this huge wooden horse and loaded up 30 men in it because after 10 years of siege of Troy they still couldn’t pwn those Trojan n00bs. Then they put this huge wooden horse somewhere in the woods outside of Troy, but not anywhere obvious because that would be too easy, and the Trojans wouldn’t find it until a couple of years later when some Trojan emo kid and his emo girl friend were hiding in the woods crying and writing poems. Now the Trojans were all pumped up because of this loot and started hauling it back to Troy and someone noticed a sign on the horse saying, “There are some Greek soldiers inside this horse. Maybe they have weapons. And maybe they intend to use them. But who knows? GL HF!” “Fuck it!”, the Trojans said and brought the horse back to town only to get completely Zergling rushed by the Greek soldiers inside who were apparently still in great shape after 2 years inside a wooden horse with only very little to eat and even less to drink and no internets at all! So they killed a brazillion Trojans and then they had pancakes to celebrate and was all like *om-nom-nom-nom-nom*. And they never told anyone — ever! — how they’d passed time waiting for 2 years inside a huge-ass wooden horse.

Now, in this version I would say that the whole Trojan Horse ploy worked, not because of Greek ingenuity and cunning, but because of incredible retardedness on the part of the Trojans. And it does make the Trojan Horse seem like way less of a trojan, doesn’t it? Same thing goes for this “First Android Trojan” — not so sneaky after all, when you have to actually give it permissions to perform it’s trojan-y goodness.

There’s an angle on this story that’s really interesting, because Kaspersky Lab not only announced that they’d found this alleged trojan, they also announced that they’ll be rolling out some security software for the Android platform in early 2011, and what better way to spark interest than to find some obscure proof-of-concept trojan that’s not even active in the wild and hype it as if it’s actually a real threat?

I really, REALLY wish that news agencies and newspapers would do just a little research before posting such sensational stuff, because we’re definitely not going to see a follow-up that clarifies the matter.

Peter Schönning fra Anti-PiratGruppen kalder de/vi piratkopierende unge “nærige”. Jeg vil vove at påberåbe mig kvalitetsbevidsthed og påstå, at folk ikke er nærige, men tværtimod gerne vil betale – omend helst for kvalitet. Grunden til, at APG ser et “fald” i salg af musik, er fordi forholdet mellem skidt og kanel er blevet så skævt, at det ser ud som om, at folk ikke vil betale. Det må jo ske, når man oversvømmer markedet med billig, massefremstillet skod-pop.

Måske musikbranchen skulle overveje at udgive mindre – men bedre – musik?

Back in March the web version of the Danish news paper Politiken ran an article on boosting computer performance [danish], where they list several steps for tuning Windows, with the last two steps suggesting that maybe re-installing Windows or installing Linux is the answer.

They list the steps for a Windows performance boost as follows:

• Update drivers
• Update firmware
• Give Windows less to think about (involving messing with the registry, disabling unnecessary graphic effects, removing unused fonts etc.)
• Overwhelmed by icons? (Involving messing around with msconfig.)
• Malware removal
• Defrag the hard drive

Now consider that updating drivers — and especially firmware — requires very specific knowledge of your hardware, while rummaging around in the registry and msconfig requires a good deal of knowledge about how software works and in some cases knowledge about — or ability to guess — how software vendors may choose to name their executables and the paths at which they might put the executables. Malware removal may have become easier over the years, but to a lot of users the terminology and processes involved seem intimidating, which ultimately stops them from doing it properly; or at all. And finally, defragmentation? Are you fucking kidding me?

Now Linux (let’s just take any Debian based distro for these examples.)

• Updating drivers is handled like all other updates, i.e. unless you’ve specifically disabled the automatic check for updates, you’ll be prompted to install fresh drivers pretty much as soon as they’re available. No manual searching required (unless you have some poorly supported hardware that doesn’t have drivers in any of the available repositories).
• Updating firmware can be a bitch, since most firmware updaters are Win only. On the other hand, I’ve never had to update my firmware from Linux on neither my MacBook nor my ThinkPad, so personally I regard this as a non-issue, but your mileage may vary.
• Cleaning up the registry… What registry?
• Managing applications that auto-start? System > Preferences > Startup Applications — easy and not as potentially dangerous as msconfig!
• Disabling unnecessary visual effects? System > Preferences > Appearance > Visual Effects.
• Malware removal. Not really necessary (for the time being), but under all circumstances no harder than on Windows.
• Defragmentation. No!

So to sum up, all you actively need to do to keep a Debian based Linux box speedy is basically to decide which applications and services you want to start up as you log in. That’s it! (If you’re really picky about getting the most out of your battery, you may want to turn off visual effects while running on battery power; or all together.)

Now I’m left wondering why so many people think that running Linux is for geeks only. To me it seems like running a Windows machine (and keeping it running) requires a good deal of knowledge about your computer’s hardware, it is insanely time-consuming and in general a pain in the ass. (I wouldn’t know for sure since I haven’t done it for several years, but I still help plenty of people with their Windows related problems.) No matter what OS people run, they always tend to have a backup geek they can turn to when things get too complicated — that goes for OS X, Windows and Linux, so why not start relying a little more on your personal Linux geek?

At a recent press event Apple presented a lot of “new” stuff, and as usual Steve Jobs gave the presentation. As I was looking through Engadget’s liveblog from the event, I stumbled upon a quote that pretty much sums up why I’m looking into getting a non-Apple computer the next time around.

Steve Jobs: “Home sharing: we‘re going to let you copy songs, TV shows, etc. with up to 5 computers in your house.” (Emphasis mine.)

Well, thanks a lot. Are you really going to let me do that? Gee, Steve! I don’t know what to say. I can play my DVDs on pretty much any device with a DVD drive without being limited to 5. I can even let friends borrow them without being worried that I won’t be able to see them myself when I buy a new DVD player because it would just happen to be the 6th device to play back that particular DVD. And don’t get me started on my vinyl collection.^[1]

I’m not sure I want an OS riddled with antifeatures, where I’m at the mercy of what Steve Jobs and Co. will let me do with my data.

^[1]: Irony would have it that in this recent press event, Apple announced the iTunes LP, which is basically nothing like a vinyl, but more like the many failed attempts at releasing extra material in a data track on a regular CD album. So get ready for craploads of cheesy DVD-like animated menus and metric tonnes of completely useless and indifferent bonus material.

Politiken runs an article titled “EU action may cost you your internet connection” (article in Danish, Google Translation) about how European Windows 7 users may not be able to access the internet because of the EU’s intervention against MS’s browser monopoly, forcing them to ship Windows 7 without Internet Explorer pre-installed.

Now, talk about jumping to conclusions — not to mention the wildy exagerated title! I’m willing to bet that MS won’t ship Windows 7 without any means of installing IE8 (e.g. via something like curl or wget — or simly via FTP). I’m pretty sure there’ll be big fat icon in some prominent location saying “Install Internet Explorer”. Besides, it’s not really that hard (for anyone) to open Explorer and type in: ftp://ftp.mozilla.org and navigate to the Firefox EXE and double-click — especially if Mozilla would make a shortcut. (Hint hint!) Alternatively, if MS wants to be really cool, they could offer installation of either of the major browsers when installing Windows 7. I.e. something like: “Thanks for installing Windows 7, which browser(s) would you like to install? IE, Firefox, Opera, Safari or Google Chrome?” Or they could even go as far as saying “Would you prefer MS defaults or non-MS defaults?” Where MS defaults would be IE, Outlook, Windows Media Player etc., and non-MS would be e.g. Firefox + Thunderbird + VLC, Opera + VLC or something completely different. MS already had something like this in XP SP2, where you could select standard setups (either MS or non-MS), which would then affect settings such as the default browser, mail client, media player and IM client. Pretty un-MS-ish and ironically my all-time favorite feature in Windows.

This is typical of Politiken’s  IT section. They always pretend to be seeing stuff from the end-user’s, while apparently being even more clueless than the average (l)user. Or maybe they have ulterior motives. Maybe they don’t like the EU putting up a fight against the MS monopoly and messing with their precious Windows. Either way it’s “journalism” like this, that makes the least technically inclined users stick to Windows XP, 98 or whatever untill someone or something forces them to upgrade.