this post was submitted on 23 Jul 2023
403 points (98.8% liked)

Today I Learned

17707 readers
232 users here now

What did you learn today? Share it with us!

We learn something new every day. This is a community dedicated to informing each other and helping to spread knowledge.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with TIL. Linking to a source of info is optional, but highly recommended as it helps to spark discussion.

** Posts must be about an actual fact that you have learned, but it doesn't matter if you learned it today. See Rule 6 for all exceptions.**



Rule 2- Your post subject cannot be illegal or NSFW material.

Your post subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-TIL posts.

Provided it is about the community itself, you may post non-TIL posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you vocally harass or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

founded 1 year ago
MODERATORS
 

In 2005, Sony BMG installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the software included a rootkit, which created a security vulnerability. When the nature of the software was made public much later, Sony BMG initially minimized the significance of the vulnerabilities, but eventually recalled millions of CDs, and made several attempts to patch the software to remove the rootkit. Class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.[32]

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 1 year ago (1 children)

That’s it. All you had to have done to be infected was to have ever popped a disc into a PC drive. Was surprised at the time that the backlash seemed so limited.

[–] [email protected] 6 points 1 year ago (1 children)

Autorun was never a safe feature for Windows or any other system to include. It's been a source of one attack after another over the years. Inserting media should never cause programs on that media to run.

[–] [email protected] 2 points 1 year ago (1 children)

I don't disagree with this statement in general. That days, I don't know how old you are and whether or not you were really around the home PC space when the auto run feature first came to be. I can sort of understand what Microsoft was trying to accomplish with it... the mid-90's were a wild, lawless time with regard to personal computing. There was a lot of heartburn on the end user side because things were changing so rapidly. Getting them to understand that what a "drive letter" was, how to get there, and how to run an application from it (let alone what an application even was) proved challenging even under the best circumstances. The ability to insert a CD into the drive tray and have it "just work" (also a big theme in Win 95/98) was a godsend for a lot of publishers.

Of course, in today's world, we look at that kind of feature and rightly say "yo, that's fucking crazy, why would you do that?", but in the old days it really did help. At the end of the day, it was a useful feature that, like a lot of windows legacy crap, was left in the OS after its usefulness had gone and just became another attack vector.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Thing is, security folks noticed autorun was a problem back then.

I can sort of understand what Microsoft was trying to accomplish with it… the mid-90’s were a wild, lawless time with regard to personal computing.

The "wild lawless time" was not the context in which Microsoft made those poor security designs; it was a consequence of those designs — which were noticed and criticized by security folks at the time.

Another entertaining example is the demythification of email viruses.

In the early 1990s, email viruses were a myth: the Good Times virus was a hoax that told people that they could get a virus by reading an email. At the time that hoax went around, this was not actually possible: email software just displayed text; unless you downloaded an attachment and ran it, you couldn't get a virus in email. Certainly not just by opening and reading an email.

But then along came Microsoft with Outlook Express, and security vulnerabilities that allowed the action of rendering an email, even in a preview pane, to inject malicious code.

Suddenly email viruses were not a myth anymore; they were everywhere.

[–] [email protected] 2 points 1 year ago

I kinda disagree with the context comment though. That era of computing was inherently wild - nobody had figured anything out yet beyond the most basic and general strokes, and security analysts (such as they were) had what would be considered a childish understanding of IT security by modern standards. Heck, Windows95 didn't even have the TCP stack enabled by default, so when these features were being designed, planned, and coded at Microsoft, there was no context for security on that kind of feature. Wikipedia says that Win95 was in the planning stage in 1992 - I take that with a grain of salt, but the concept is valid. Microsoft was writing the core features of Windows 95 before WAN was even really a thing. Like I said, I don't disagree with the idea that AutoRun was a terrible thing among many terrible things Microsoft is responsible for, but given the era in which AutoRun came out, it was a reasonable trade-off between security and functionality for the lowest common denominator of user. The whole thing should have been disabled (on 95 and 98) when Windows 98 came out since they should have known better at that point.