• aliceif (disco)

    Failed to post: Frist successfully posted!

  • VinDuv (disco)
    in order to bid on projects," strong>Ben F.</strong> writes,
    

    I wonder if Internet Explorer 6.0 SP1 supports this kind of markup...

  • aliceif (disco) in reply to VinDuv

    TRWTF is "Pi" as a name, though.

  • Anonymous (disco)

    Not surprising, cmd.exe had been known to be able to run all kinds of threats!

    Probably should have also blocked explorer.exe too.

  • robt (disco) in reply to Anonymous

    CMD: Campaign for Microsoft Disarmament

  • aliceif (disco) in reply to Anonymous

    I'm sure that there could be viruses that replace cmd.exe with a malicious fake one (maybe one that logs keystrokes, for example?). Not sure if any of the popular ones ever did that, though. It sounds like a weird thing to do.

  • eViLegion (disco)

    What's a Software Engineer II? Is it a Software Engineer with twice the budget and three times the hype, but none of the magic of the original?

  • lcrawford (disco) in reply to aliceif

    Some viruses infected all .EXE files by appending a copy of themselves to ensure that they would always run and survive. This one may have attached to CMD.EXE for the same reason.

  • boomzilla (disco)
    Comment held for moderation.
  • warreng (disco)

    If I know software licensing, the car dealership probably has bought a key but it doesn't work. Ironic given how much car dealerships charge for their replacement keys,

  • flabdablet (disco)

    AVG was a really good product up to about v7.5. Since then, it's become progressively bigger, slower and more annoying.

    But it's not alone in the WTF false-positive department: I quite regularly need to reverse Panda Cloud Antivirus's decision to block a multi-installer downloaded from ninite.com. I've long encouraged my customers to use Ninite instead of trying to navigate through the minefield of foistware that modern Windows installers have devolved into, and having the AV I recommend fight with the package manager I recommend - especially in a way that frightens the civilians - is irritating.

    Even so, I rate that as less weird than AVG's apparent objection to cmd.exe, which ought at least to be easily whitelistable. Ninite installers, by contrast, are built on the fly and are likely to be unique once you've chosen to bundle more than about ten titles. They also require to be run elevated and they reach out to multiple download sites to grab the relevant installer packages, all of which is probably what's pinging the AV's behavior-analysis spidey senses.

    There will be a consistent stub that's common to all Ninite installers, but an AV that did whitelisting on partial file contents would become trivially exploitable.

    Installing software on Windows is such a crapshoot. It's better on Linux distros, where most of what you need can be found in a small set of carefully curated and well maintained repositories. Apple took that idea to its logical extreme for the iOS app store, and they're moving toward making it the standard way to acquire OSX packages as well; MS has its Metro store. But it seems to me that both these commercial providers have missed the essential feature that makes the Linux notion of distro and repository work so well for the end user: it's the conspicuous lack of advertisers.

    Advertising-supported revenue models cause a massive incentive to get the advertising your product is responsible for in front of as many eyeballs as possible. That incentive begets the creation of software whose primary purpose is displaying advertising, and the partner deals responsible for nearly all modern foistware (fake "security" software doesn't fit this model so much, but just about everything else does).

    There is no sound technical reason for e.g. Java to come bundled with the Ask Toolbar. It's all about wedging as much advertising into your PC as you can't work out how to remove.

    The near-complete lack of the need to deal with this kind of nonsense is the main reason I prefer Debian to Ubuntu, and either of those to OSX or Windows.

  • Vault_Dweller (disco) in reply to boomzilla
    Comment held for moderation.
  • boomzilla (disco) in reply to Vault_Dweller
    Comment held for moderation.
  • boomzilla (disco) in reply to flabdablet
    flabdablet:
    Even so, I rate that as less weird than AVG's apparent objection to cmd.exe, which ought at least to be easily whitelistable.

    Unless something really has compromised cmd.exe. Who's the Error now‽

  • flabdablet (disco) in reply to boomzilla

    No, that can't happen because Windows File Protection. Or something. So I'm told.

  • Maciejasjmj (disco) in reply to flabdablet
    flabdablet:
    ninite.com

    Note to self: that was the website you were looking for two years ago.

  • AwesomeRick (disco)

    Hey, I know strong>Ben F, and he's not really that strong!

    Also, is the creative re-pricing genius or insane? Was mis-priced at $129.99, so they offer it at "sale" price $9.99 to bring it down to the correct regular price. Then they mark that as the "Online Only Price", and flag the item as "not available online". Soooo - the only way to buy it is in-store, which means you don't get the "sale" price, and instead have to pay $129.99?

  • Zacrath (disco)
    Comment held for moderation.
  • flabdablet (disco) in reply to Maciejasjmj
    Maciejasjmj:
    [ninite.com] was the website you were looking for two years ago

    Great service. Really, really stupid name.

  • Maciejasjmj (disco) in reply to flabdablet
    flabdablet:
    Really, really stupid name.

    Not that bad, just entirely unmemorable. I think I've "found" this website about three times now.

  • flabdablet (disco) in reply to Maciejasjmj
    Maciejasjmj:
    entirely unmemorable

    Only way I can do it is by thinking of a cross between ice-nine and kryptonite for adware.

  • boomzilla (disco) in reply to flabdablet

    I'm always put in mind of a common shortening for "night, night," something basically equivalent to goodnight. But it doesn't make any sense.

  • aliceif (disco) in reply to Zacrath
    Comment held for moderation.
  • Maciejasjmj (disco) in reply to boomzilla
    boomzilla:
    I'm always put in mind of a common shortening for "night, night," something basically equivalent to goodnight. But it doesn't make any sense.

    It's a bit like "nanite", only there are nine of them, so nine nanites. Ninites.

    Come to think of it, that is a stupid name.

  • XanderTheGamer (disco)

    I use NCH's video editor.

  • TheGreatLobachevsky (disco) in reply to eViLegion

    I'm a Software Engineer T3. Who knows, maybe I'll become a T-1000 eventually.

  • TheGreatLobachevsky (disco) in reply to AwesomeRick

    AwesomeRick - strong>Ben F means Ben F. is less than strong. ;-)

  • operagost (disco)

    It's a good thing they did that with the ammo, because I would have emptied out their inventory of 175 rd 00 buck at $9.99 a box. I ran into something like that with a large online music retailer. They had trumpet mouthpieces that should have been around $40 going for $6. I bought several, then went to bed. In the morning, I realized that I wasn't dreaming, they were really that cheap and in fact the price was still $6 so I bought a bunch more in common sizes. I got to try a bunch of different size mouthpieces and made a killing selling even the used ones for more than I paid for them on eBay. I still can't believe they fulfilled that order, because they were really brand new and there wasn't even a packaging change or anything like that to indicate why they were something like 85% off. It did take them a few weeks to ship them all. Oh, and free shipping because I bought so many...

  • operagost (disco) in reply to AwesomeRick

    It's a 175 count box of 12 ga. 00 buck shells. $129 is the regular price, which is reasonable. $9.99 is ridiculous-- it's like the price for maybe ten of them. So they marked it "online only" and "not available online" to keep from selling any-- presumably this was easier than correcting the price for some unknown reason.

  • aliceif (disco) in reply to operagost

    Considering how WTFy eCommerce systems can be ... maybe it actually was easier.

  • DCRoss (disco) in reply to eViLegion

    It's short for "Software Engineerin' II -- Electric Boogaloo", which is one level below "Software Engineer: The Revenge. This Time It's Personal".

    If you stick with it you could eventually be promoted to "Software Engineer: The Third Gathers: The Backstroke of the West", but you may not want that.

  • kupfernigk (disco) in reply to aliceif

    In my time I have seen viruses attached to cmd.exe, a couple needing an HDD wipe and reinstall (boot sector as well). Some of us can remember why we screamed and kicked for.Unix.

  • Scarlet_Manuka (disco) in reply to operagost

    I assumed the error was in the value of the online-only price (maybe it should have been $99.99?), and making it not available online was the correction.

  • DaveK (disco)

    But why can't my job title be squinty-eyes-smiley? I want my job title to be squinty-eyes-smiley!

  • tin (disco) in reply to flabdablet
    flabdablet:
    AVG was a really good product up to about v7.5. Since then, it's become progressively bigger, slower and more annoying.

    I hear that a bit. But then the person saying it usually proves their point by saying they now use something even more bloated (like Norton) or something far more annoying (like Avast). I'm running AVG Free, and it sits there quietly doing it's thing, so I can never really tell what these whingers are talking about.

    Oh, and the behavioral detection on cmd.exe is probably due to cmd.exe having been modified to do something odd... I'd be pulling the drive and scanning it offline (preferably with a few programs) if that came up on my computer.

  • flabdablet (disco) in reply to tin
    Comment held for moderation.
  • Lawrence (disco)

    About the "error reason: Success" thing . . . just so everyone knows . . . it's something that regularly happens to developers who forget when (not) to use the perror() system call. A lot of system calls return an int. Some, who do not need to return any information beyond simple success/failure, return 0 in case of success and otherwise a value indicating the error. Other system calls, in case of error, return a single value recognized as invalid (such as -1), and set a special global variable called errno to indicate the problem. perror(str) is a convenient way to print str followed by a string corresponding to errno. If such a system call succeeds, errno is sometimes (but only sometimes!) set to 0, which corresponds to the string "Success". Obviously, if you call perror when the error you're having occurred in a way that errno was not set, or if you for some reason before calling perror first execute another system call that succeeded and set errno to 0, then you get the famous "error message is: Success". It's in the man errno Notes section as "A common mistake" . . . and indeed it is a staple of Error'd!

  • xaade (disco) in reply to aliceif
    aliceif:
    I'm sure that there could be viruses that replace `cmd.exe` with a malicious fake one (maybe one that logs keystrokes, for example?). Not sure if any of the popular ones ever did that, though. It sounds like a weird thing to do.

    My Blizzard.NET account was hacked, because I use cmd to log in.

  • chubertdev (disco) in reply to operagost
    operagost:
    It's a good thing they did that with the ammo, because I would have emptied out their inventory of 175 rd 00 buck at $9.99 a box. I ran into something like that with a large online music retailer. They had trumpet mouthpieces that should have been around $40 going for $6. I bought several, then went to bed. In the morning, I realized that I wasn't dreaming, they were really that cheap and in fact the price was still $6 so I bought a bunch more in common sizes. I got to try a bunch of different size mouthpieces and made a killing selling even the used ones for more than I paid for them on eBay. I still can't believe they fulfilled that order, because they were really brand new and there wasn't even a packaging change or anything like that to indicate why they were something like 85% off. It did take them a few weeks to ship them all. Oh, and free shipping because I bought so many...

    They probably "fell off the back of the truck"

Leave a comment on “CMD: Completely Malicious Data”

Log In or post as a guest

Replying to comment #:

« Return to Article