Forgot your password?
typodupeerror
Microsoft Software Technology

DECAF Was Just a Stunt, Now Over 206

Posted by ScuttleMonkey
from the insecure-security dept.
An anonymous reader writes to tell us of the de-activation of all copies of DECAF. The creators have announced that the DECAF project was nothing more than a "stunt to raise awareness for security and the need for better forensic tools." Originally DECAF was billed as a tool to stop Microsoft's forensic tool "COFEE" and was covered here earlier this week. In addition to their message of security the authors somehow manage to interject a discussion about religion, so who knows what the real goal was.
This discussion has been archived. No new comments can be posted.

DECAF Was Just a Stunt, Now Over

Comments Filter:
  • heh (Score:5, Funny)

    by farlukar (225243) on Friday December 18, 2009 @02:51PM (#30491004) Homepage Journal

    0xDECAFBAD

    • Re:heh (Score:5, Interesting)

      by BeardedChimp (1416531) on Friday December 18, 2009 @03:08PM (#30491274)
      Very bad;
      "As you probably noticed, your copy of DECAF no longer works. We have disabled every copy of DECAF."

      They left the ability in to remotely control how the software behaves. Anyone who installed this let this be a lesson for you.
      • Re:heh (Score:4, Insightful)

        by zullnero (833754) on Friday December 18, 2009 @04:55PM (#30493004) Homepage
        Wait a minute. I never even tried it out...are you sure they had the capability to remote control it? Or did it just have some sort of built in time limiter the whole time? If I were intending something to be a stunt, I for one wouldn't bother remote controlling it unless I had some sort of botnet scheme in my head. I'd just set a simple timeout and make it shut down.

        It's also strange that I didn't hear many reports about it not working. I guess then the question becomes, how do you know if it's working or not? Do you have a pirated version of COFEE to test it out with?

        It'd be interesting though if someone were to hook up a sniffer on their line, leave DECAF installed, and see what happens.
      • Re: (Score:3, Informative)

        by jd_mccloud (1703700)
        They might have shutdown decafme.org server but that is simple to get around. Full details: http://praetorianprefect.com/archives/2009/12/reactivating-decaf-in-two-minutes/ [praetorianprefect.com].
        Plus the whole Hoax angle is totally false itself.
    • by batquux (323697)

      DECAF l33t

  • by OverlordQ (264228) on Friday December 18, 2009 @02:56PM (#30491092) Journal

    When after reading that I reply with "WTF?"

    • by NeutronCowboy (896098) on Friday December 18, 2009 @03:22PM (#30491472)

      Seriously. I read the summary. I read the article. I read the discussion on slashdot about the initial news posting. I still don't get what DECAF was exactly supposed to do, what it actually is doing, and what message the author of DECAF thinks he is sending with whatever his software does.

      Worst. Story. EVER!

      • by TubeSteak (669689)

        Seriously. I read the summary. I read the article. I read the discussion on slashdot about the initial news posting. I still don't get what DECAF was exactly supposed to do, what it actually is doing, and what message the author of DECAF thinks he is sending with whatever his software does.

        COFFEE is an idiotbox collection of tools that Microsoft put together for police to do "forensics" on computers.
        DECAF runs on your computer and allegedly checks for/neutralizes/prevents COFFEE.
        The author's general message is "don't trust" and "Jesus"

        If you couldn't figure any of that out, you may want to consider improving your reading comprehension skills.
        What's more likely is that you aren't so stupid, but like to pretend you are on /.

    • Re: (Score:2, Funny)

      by r00tyroot (536356)
      or, WTFWJD?
  • by AbsoluteXyro (1048620) on Friday December 18, 2009 @03:02PM (#30491188)
    I can see what they are getting at but it is a real douche thing for them to be all "shame on you!" for downloading and using software that they themselves created, provided, and handed out. I can't see a whole lot of people taking them seriously, as a result.
    • by causality (777677)

      I can see what they are getting at but it is a real douche thing for them to be all "shame on you!" for downloading and using software that they themselves created, provided, and handed out. I can't see a whole lot of people taking them seriously, as a result.

      The lesson here is that serious security software is not a black box. It's something you can audit and verify. And yes, shame on anyone who thought otherwise and fell for this. They should consider themselves fortunate that this one was rather benign. It could have easily done real damage.

    • Somehow, I get the impression that they didn't want DECAF to be taken seriously.

      From the start, even.

      As for the thing about salvation and Jesus, well, for example, Jesus said (paraphrased), "You should learn the truth. Learning the truth will make you free." Putting that into context for you, truth is about reality, and COFEE was/is not about reality, and their DECAF was an unreal response to security snake-oil.

      Poorly implemented, perhaps, but I read the message as something like, "You're not free if you tr

  • Ummmm... Okay? (Score:5, Insightful)

    by Beelzebud (1361137) on Friday December 18, 2009 @03:03PM (#30491196)
    When I saw the original announcement of this program, I was skeptical of what it was actually for. However, I didn't see this type of angle coming! LOL, wow!

    If you actually downloaded this thing, let this be a valuable lesson. Don't be gullible. This could have been a virus for your computer, instead of one for your mind.
    • by Anonymous Coward on Friday December 18, 2009 @03:20PM (#30491454)
      Ironic that the message to be learned from a group of people pushing a religious agenda is "Don't be gullible."
    • When I saw the original announcement of this program, I was skeptical of what it was actually for. However, I didn't see this type of angle coming! LOL, wow!

      Few would have guessed that there was an angel coming. :)

  • disappointing (Score:5, Insightful)

    by wizardforce (1005805) on Friday December 18, 2009 @03:08PM (#30491284) Journal

    In addition to their message of security the authors somehow manage to interject a discussion about religion so who knows what the real goal was.

    Considering that all but the first paragraph of the article was the religious message its self, I'd say that it is pretty clear what the goal was.

  • by Improv (2467)

    I think the coffee was spiked with something.

  • How exactly are they going to disable it remotely, when my firewall blocks the connections, and I can always reinstall a cracked download, when it disables itself with a timer?

  • and not even cofee based in the first place...
  • by Anonymous Coward on Friday December 18, 2009 @03:24PM (#30491514)

    You're doing it wrong.

  • by DNS-and-BIND (461968) on Friday December 18, 2009 @03:26PM (#30491536) Homepage
    What is it that is bad, exactly?
    1. All copies of the software were deactivated remotely
    2. The whole thing was a hoax
    3. The hoax was to raise awareness
    4. The author used the publicity to advocate a cause that he personally considers important

    Which of these are bad? And why? I've often heard that getting a personal message out via publicity stunts is a good thing (The Yes Men) and now all the sudden it's bad, and we should pay no attention to these reprehensible people whose only method is deceit?

    • Well the Yes Men don't try to get me to install stuff to my PC for one thing. This time we're assuming it's something harmless, but this would have been a fantastic way to do something malicious.
      Many people will poke fun at the religious angle of it, but frankly I would be critical of this stunt even if it was for a cause I believed in.
      • by tigre (178245)

        Many people will poke fun at the religious angle of it, but frankly I would be critical of this stunt even if it was for a cause I believed in.

        And seeing as it _is_ a cause I believe in, I will chime in with said criticism. It's not unlike those tracts that look like money that people sometimes leave as "tips". Great way to get attention, but in the end it's generally the wrong kind of attention, rather anti-persuasive.

      • by causality (777677)

        Well the Yes Men don't try to get me to install stuff to my PC for one thing.

        If they succeed in getting you to download, install, and execute untrusted and unvetted code, that's your fault. I really consider any "threat" that requires my active participation to be a complete and total non-issue.

    • by selven (1556643)

      The fact that all copies of the software were deactivated remotely. It's a needless act of destruction, only somewhat justified by the fact that they themselves created it.

  • The Genie is out of the bottle. This has been an excellent learning experience. We now know of a couple of hundred utilities that will clean up some far away places in Windows. My personal thanks to those that made these programs.
  • Come on, this is good and easy fun. Pop it in IDA, trace it down to its fail point (calls to check the date?), replace critical code (i.e. jumps) with a fixed condition (i.e. jmp rather than jge), and done. The branch can be fixed; or the entire call/compare/branch can even be replaced with nop, nop, jump. It's even feasible to replace the 4 + 2 byte call with CMP %eax, %eax and a NOP, and the branch with a JZ branch (jump if comparison is equal/zero/etc).
  • Oh good, the site is down. Now we can all forget about what this moron's message was(whatever it was) and move on with our lives.
  • you are aware that it wont take long before some party comes up with a working DECAF after this point, right ?

    • by natehoy (1608657)

      How many people would be gullible to fall for it twice?

      Oh, wait, never mind. I must be new here. Continue with your countdown.

  • How amazing! (Score:4, Insightful)

    by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Friday December 18, 2009 @05:16PM (#30493284) Homepage

    In shockingly unexpected news, it turns out that a closed-source alleged anti-malware software was not trustworthy.

    Who would have guessed.

  • by twistah (194990) on Friday December 18, 2009 @05:17PM (#30493296)

    What DECAF giveth, DECAF taketh away.

To do nothing is to be nothing.

Working...