Forgot your password?
typodupeerror
Bug Mozilla Security Technology

Mozilla Wrongly Accused Sothink Addon of Malware 59

Posted by CmdrTaco
from the sorry-bout-that dept.
eldavojohn writes "Mozilla has admitted to wrongly accusing Sothink of distributing a video downloader with a trojan virus as a Firefox addon. From their official blog: 'We've worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware.' Before you go download that addon, however, keep in mind that Sothink has come under fire before for GPL violations and dishonesty."
This discussion has been archived. No new comments can be posted.

Mozilla Wrongly Accused Sothink Addon of Malware

Comments Filter:
  • ie * (Score:1, Troll)

    by MrShaggy (683273)

    Ms has also have been found guilty of misleading customers.

  • Trojan Virus? (Score:3, Insightful)

    by Anarke_Incarnate (733529) on Thursday February 11, 2010 @10:33AM (#31099304)
    Not more of this shit again.... A Trojan Horse is NOT a virus. It IS malware, but a virus tends to replicate and trojan horses do not, on their own. A trojan horse is just a program is the infection (In that it does something other than wanted or specified, and does so intentionally)
    • Re:Trojan Virus? (Score:5, Insightful)

      by mamer-retrogamer (556651) on Thursday February 11, 2010 @10:43AM (#31099424)

      You are waging a losing battle my friend. Just as the distinction between the terms "hacker" and "cracker" has been lost upon wider usage, "virus" has now come to mean any type of malware.

      • by multisync (218450)

        And "computer" is the monitor, and "hard drive" is the box on the floor, and "download" is anything you do on the computer (as in "I downloaded my printer to my hard drive but I still couldn't make a program").

        Pointing out that malware can be a trojan or a virus but normally isn't both seems like a fair enough comment to make on Slashdot. I'm frankly surprised eldavojohn would use that phrase; maybe he hadn't had his coffee yet ;)

        • by Low Ranked Craig (1327799) on Thursday February 11, 2010 @11:48AM (#31100244)
          All I know is the Internet is that little blue roundish e thing on my desktop.
          • that little blue roundish e thing on my desktop.

            That's an ecstasy tab, dude! Paaaarty at Low Ranked Craig's place!!!!

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          Perhaps but when I talk to my family guess what THEY DONT CARE about the distinction. They know their computer is screwed up and that a 'virus' did it. Because after the fact the results are the same to them. Their computer is messed up. They do not care that they did it or someone other program did it automatically. I then tell them if they did it to themselves or not and how to avoid it in the future. It is my job to make the distinction. You need to talk their lingo to figure out what happened if

      • Re: (Score:3, Insightful)

        by Hurricane78 (562437)

        What gave you the idea, that we care what the general public thinks about our area of expertise?
        Are you so weak, that you bow to a stream of loud idiots saying that 2+2=5?

        We define what a virus is. We define what a cracker and a hacker is. Like professionals in any other profession.
        There is no battle, so we can’t lose. I’m still calling anyone calling a cracker a hacker somebody who got no fuckin’ clue. Including you, if you do so. Period.

        • True, but if you use words properly whilst knowing the people you are addressing will completely misunderstand you then you are being plain stubborn. ie. I doubt you'd put that you do lots of linux hacking in your spare time on a resume...
      • I think it helps to call them all viruses. Having a thousand different names just makes things inefficient and confusing. It also helps antivirus makers sell you an antivirus and an antispyware, when there should just be one product.
    • combined with the fact that trojans can be just a layer.
      Simple trojan infects a machine, on it's own it does nothing but execute arbitrary code on the target.
      Trojan downloads code from it's controller which is an actual virus or code for a botnet etc etc...

      it's not really an important distinction since the lines have become more blured as virus writers have tended towards hybrids or outsourced different parts of the infection process to others.

    • Re: (Score:2, Interesting)

      a virus tends to replicate and trojan horses do not, on their own.

      How weird... I recently dealt with an infected system where a trojan (2 different ones, in fact) copied itself onto an USB stick, without user intervention.

      IIRC a virus usually tries to replicate itself without user action, or the user noticing. A trojan OTOH 'rides along' with another program that is intentionally run by a user. So the virus may come in on its own, the trojan arrives in 'useful' program+trojan packages. After infection, the trojaned program may place executables on the system that behave l

    • Re:Trojan Virus? (Score:5, Insightful)

      by Spad (470073) <slashdot@NOSpam.spad.co.uk> on Thursday February 11, 2010 @11:08AM (#31099688) Homepage

      These days you've got malware that is a trojan (to get onto your machine) and a virus (to spread itself to all your facebook friends, email contacts & embed itself on your USB key) and a worm (to spread itself around your LAN), which will zombie your machine to send spam and conduct DDoS attacks, keylog to steal your bank and WoW credentials and try to get you to buy fake AV software to get both your cash and personal info.

      To say the lines between trojans, viruses, worms and spyware are blurry is a serious understatement.

      • Re: (Score:1, Troll)

        by cerberusss (660701)

        These days you've got malware that is a trojan and a virus and a worm, which will zombie your machine.

        At the risk of sounding like a Linux/Apple fanboy, "I couldn't care less".

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          At the risk of sounding like a Linux/Apple fanboy, "I couldn't care less".

          At the risk of sounding like the voice of reason, "It's still possible to get rooted by a worm on a Linux/OSX box"

        • Yes, pretending nothing could possibly happen to your machine is the very best security model I have ever heard. Run, don't walk, to the patent office and patent your idea immediately. I suggest calling it the "Ostrich Method of Securing a Computer System".

          Keep your head buried down in that sand man! Ignorance is bliss!
      • Whoa whoa whoa. Stealing WoW credentials is enough to get even the most complacent geek to take notice.

    • by Ihmhi (1206036) <i_have_mental_health_issues@yahoo.com> on Thursday February 11, 2010 @11:23AM (#31099920)

      In my day, a trojan horse was a goddamned wooden tank full of angry ninja soldiers.

    • I don't care what people call it just as long as they start taking better care to protect themselves from any vulnerability.
  • In spite of everything, I still believe that people are good at heart. -- Ann Frank

    Her name is Anne Frank.

    • The Nazis hauled away her "e" in the middle of the night. Nobody has heard from it since.
    • by arth1 (260657)

      Her name is Anne Frank.

      Still offtopic, but her name was Annelies Frank.
      Ann Frank and Anne Frank are both valid spellings of her pet name, although we know her by the latter.

      • Ann Frank and Anne Frank are both valid spellings of her pet name, although we know her by the latter.

        Jonathon can be “Jon” or “John”. Brooklyn can be either “Brook” or “Brooke”. Annelies can be “Ann”, “Anne”, or “Annie”.

        Having multiple ways to spell a nickname doesn’t make all of them correct. As far as I know, Anne Frank spelled it with the e at the end.

  • by canajin56 (660655) on Thursday February 11, 2010 @01:14PM (#31101276)
    Whenever you use the downloader, it goes to their website to display a "Download Started" page, and passes the URL you downloaded as a parameter. Do they have logs enabled on their webserver? I dunno. Better safe than sorry though. Just use FlashGot, the GPL plugin they stole all their code from.
  • It's even worse when a major anti-virus/internet protection application named after a pioneer of MS-DOS utilities throws a false positive and declares your CSS to be malware.

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...