Smiley's Life

A little while ago, I visited a site which apparently uses browser exploits to infect PCs. Someone who tried to visit it got a notice from his AntiVirus, saying the virus was “JS/Exploit.Pdfka.NXM Trojan”. A short search has shown this is common among PDF files. Luckily, I had Adobe’s “Reader” plug-in disabled in Chrome. If it wasn’t, I may’ve had a virus right now. (Just in case, a virus scan is currently running in the background.)

Cases like this prove just how unsafe plug-ins can be. I suggest to disable any plug-ins you don’t use in your everyday life. It helps lighten the load on your system and lowers the chance a website could infect your computer (without downloading and installing something). To do this on Chrome, click the wrench icon at the right border of the toolbar, and click “Options”. Then switch to the third tab - “Under the Hood” (“Under the Bonnet” for me) - and click on “Content Settings…”. Pick the tab or list item “Plug-ins” (depending on Chrome’s version), and click on the link “Disable individual plug-ins…”.

I suggest disabling the following:

• “Chrome PDF Viewer” and “Adobe Reader 9” - I don’t like to be surprised with PDFs in my browser. If I want to view a PDF, I’ll just download it like any other file and then use a PDF viewer application to view it. PDF plug-ins tend to take a while to load, plus if you don’t disable them, you can be surprised with carefully-crafted, malicious PDF files.
• “Microsoft® DRM” - What the hell is this thing? I certainly haven’t used it until now, so why should it be enabled?
• “Java 6” - Java takes a while to load and allows embedded Java to run like a native app, making it a security risk. I barely use Java anyway, so if I ever run into a case where I absolutely need to use Java, and the widget is safe, I’ll enable it.

Plug-ins can be dangerous and pose a security risk due to various exploits that keep getting discovered every now and then. That is why it is recommended to disable those you don’t or won’t use. (Or ones that are more vulnerable to hacks than others, like PDF plug-ins.)

An hour ago, in the supermarket, I saw a cereal box advertising this flying game inside. What caught my eye was small, bold text under the ad saying you need to agree to a legal release form and a End-User License Agreement to use the game. This seemed odd, and because the form was on the back, I started reading. Here’s a rough translation of what I found: (Text was in Hebrew. Bold parts were not originally emphasized.)

From the moment you insert the disc into your optical drive, you agree to waive your legal rights against the publisher, should it damage your optical drive. […] By using this computer program, you confirm you are aware any computer program may contain a computer virus (“infection”) or any form of malicious code. All possible actions were taken to make sure the disc will not have any defects or errors. However, you agree to waive your legal rights against the publisher should the disc contain any defects, errors or malicious code. […] The application may gather information about your computer and use of the software and send it to the company’s servers, should you contact technical support. You agree to have the application gather information about your use of it, your computer and its configuration.

It “may” damage your drive? It “may” contain malicious code? It “may” watch what you do and tell its creators? Awesome!

I’ve read about cases where a license agreement was tricky and had some bad parts, and we all know about SecuROM, a known “legal computer virus”. But this is just too much. You’re basically agreeing to not take any legal action against the developer/publisher or even complain if the game turns out to be a malicious spyware-like virus! Earlier cases and the legal release form above (Yes, the game also comes with an additional EULA you must agree to. Crazy!) emphasize the fact a user should NEVER install software without thoroughly reading the attached agreements.

Welcome to the 21st century’s revision of the “Buyer Beware” rule.

I recently handed in my PC for a disc drive repair, and it ended up that one of their USB pen-drives, which was used on my computer, was infected with a autorun.inf virus. They also apparently disabled my antivirus’ behavioral scanner, which enabled the unknown virus to act. So far the only thing it has appeared to do is spread by making an autorun.inf file on every USB stick, and I’ve managed to track it down to a Services group in Windows. To investigate, I disabled all but the basic and antivirus services and am now scanning with various other ones (Mine, BitDefender Antivirus 2009, couldn’t find it even then.). I may even contact BitDefender support for help and attach the infecting file for them to investigate, but it seems I may need to format and reinstall. Fortunately, I only set it up 9 months ago and clearly know what I need to backup and what I can simply redownload.

My mom and I already decided we will buy our future computers from a known OEM like HP when the time comes again, because of the amount of times we’ve been burnt by their bad parts and lousy support. As of now, I’ve replaced my old PC’s motherboard about 3 to 4 times, changed the power supply twice, and on my new PC that is only 9 months old, I changed the power supply 4 times and replaced the disc drive once (now). And my mom’s new PC’s disc drive is defective and can’t read any discs’ last sectors.

Given the new development, once my mom comes home from Beijing (she’s on a trip to Beijing and Tibet) we’re going to send a letter to the CEO of Ivory Computers, only ship the parts we know are bad to Ivory requesting a replacement according to our warranty agreement and if necessary, take the computer to a different branch for repair, since my uncle uses Ivory PCs and has not come across an issue like ours.

I’m sick and tired of these troubles that I didn’t even have anything to do with. I just want to use a normal, working computer. If this continues I’m sure my mom will agree to buy new HP PCs already and reuse the graphics card if the troubles continue. Trust me, the gas used to drive there all the time may actually cost the same.

This is doing wonders to my ongoing depression.