The Next Facebook Problem: "Liked" Apps That Trash PCs in [Market-Ticker]

Posted 2013-02-22 09:02
by Karl Denninger
in Company Specific

The Next Facebook Problem: "Liked" Apps That Trash PCs

Facebook has a whole host of problems on its hands, but this is one that is likely to get much larger -- and possibly explosively so.

My daughter is an aspiring (and quite good) photographer and graphic artist. She has also earned herself a number of Adobe certifications in school (in short, she could go to work right now with documented proof that she understands the entire Creative Suite -- not bad for a teen, eh?)

So what's the deal and how does this tie to the headline of the article?

Quite simple: I recently went to update her machine and got an ugly surprise -- a couple of Adobe applications refused to start with rather-cryptic error messages. Upon investigation I found the problem -- a download that is pushed as "helping" to grab video files, including those on Facebook, had damaged the primary x64 C libraries on the machine!

Now malware is nothing new. But this one is: It has 599,000 "likes" on Facebook on its page.

Download.com has the following to say:

Editor's Note: In its last evaluation of iLivid, the Download.com team decided that the software did not fully adhere to the Download.com Software Policies. We cannot recommend this software and do not provide a download link to it. Product data is presented for informational purposes only.

Uh, yeah. I'd say so.

Look, mistakes are nothing new. And I have not investigated whether some of the other allegations that have been raised around the net, including that this software likes to redirect searches and do other "fun" things once loaded, are true.

But there are multiple, and pretty-well-documented, reports that the installation of this thing destroys system file integrity, and it does so in a way that the usual system file scanner ("sfc") that Microsoft supplies doesn't detect it. It also doesn't trip virus scanners because, well, it's not a virus.

Oh, and de-installing this application doesn't put the system back the way it was either.

There is not much that a software designer can do when you ask someone's permission to do a thing (e.g. "can I install X") and the user says "Yes!" But it appears that the linkage between the breakage that I ran into with Adobe's professional software and this particular application which is being heavily marketed and "liked" on Facebook, is pretty solid.

There are workarounds to this problem but here's the really bad news -- they don't really fix everything. Like, for instance, the camera codecs that Microsoft has available (and which also magically stopped working on this machine.)

I'm in the middle of un-screwing the machine in question right now, and I'm not enjoying it one little bit. I want to know where to send the invoice for a couple of dozen man-hours, which is what I expect will be expended before the damage is completely eradicated.

This kind of crap, in short, is unacceptable in today's world: You simply do not screw with system files.

These sorts of things cannot happen by accident either. Windows 7 explicitly protects system files and their configuration and you have to go to quite a bit of trouble, none of which happens by accident either, to override that protection. But when you ask someone for permission to do a given thing and they consent, that protection is willfully circumvented. When that comes from an allegedly-trusted application and full disclosure of what you intended to do when you asked for that permission, who's responsible for the harm that later ensues?

Oh, the company's home page? It has a "Contact Us" link that doesn't lead to any means of contact.

If you have this piece of crap on your machine and suddenly find that some 64 bit applications refuse to start with cryptic error messages, now you know why. The bad news is that you may figure this out six months or more after you loaded this thing since the damage is rather subtle and as a consequence you may either find that you don't have a restore point that covers you any more or that the consequences of rolling back to it may be too severe to put up with (like a whole bunch of applications and work disappearing since you're rolling back to a MUCH earlier date.)

Why does this impact Facebook?

How do you think most people found out about this thing in the first place?

Now what happens to Facebook's reputation and user count when those people wind up having to do a system reload as a consequence of a piece of software that was touted and promoted on their site?

Oh, and here's the icing on the cake -- the thread up above referencing this on Adobe's forums documented where the damage came from dates to November 24th, my daughter's installation of this crap post-dated that materially and, most-importantly, the page and software are still on Facebook with their 599,000 "likes."

Needless to say, my opinion of this thing can be summed up thus:

smiley

Disclosure: No position in Farcebook.

Discussion below (registration required to post)

Main Navigation

Full-Text Search & Archives

Archive Access

Blogtalk 3:30 CT Mondays

Items To Look At

Discuss The Capital Markets along with daily technical analysis with our Gold Donor program.

Where We Are, Where We're Heading (2013) - The annual 2013 Ticker

Links and Blogroll

Our policy on reciprocal links: Send us an email with your information and why you think your blog or news site would make a good addition - in most cases reciprocal link requests will be granted.

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Looking for "The Best of Market Ticker"? Check out Ticker Classics.

Visit the forum to discuss this and other investing-related topics; see the FAQ on the forum for information about Gold Donor status including access to our technical analysis video server.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Leads on stories of current economic and political interest are always welcome. Our fax tip line is 850-897-9364; please include contact information with your transmission.

User Info	The Next Facebook Problem: "Liked" Apps That Trash PCs in forum [Market-Ticker]
Shannonlk1 Posts: 112 Incept: 2008-12-02 Raleigh	Can I do a simple scan of iLivid to determine if its on my machine? ---------- Criminals thrive on the indulgence of Society's understanding. 2013-02-22 09:34:30 Permalink
Gweedo Posts: 100 Incept: 2010-11-12 Florida	Our clients get this iLivid crap on their PCs. I was wondering why they were downloading it. Nasty stuff... I'm wondering if they get it from other places other than Facebook as well... 2013-02-22 10:02:53 Permalink
Genesis Posts: 130803 Incept: 2007-06-26	Shannon, it shows up in the program list if it's there. But if it's there uninstalling it doesn't do ** for the damage it caused. Nor have I found the actual files it modifies. But it is utterly repeatable -- load that thing and you WILL break some x64 programs and extensions. Which ones break are impossible to determine in advance, but one of the known ones is Premiere. Oddly enough Photoshop x64 does NOT break. If this crap is on your machine you're going to have to AT MINIMUM do a repair install, you may have to do a COMPLETE reinstall, from scratch, wiping the machine. Since the company has no "contact" information on their web page I couldn't call them and ask "what the ?" nor try to find out WHAT they changed so I can un** it through less-intrusive means. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2013-02-22 10:08:24 Permalink
Wis/min Posts: 5364 Incept: 2009-08-14 On the border	I apparently installed it last July as it is in my program list. I do not remember the circumstances and have not noticed any unusual behavior. Any advice? 2013-02-22 10:20:31 Permalink
Johnny Posts: 1588 Incept: 2008-10-01 Kentucky	Quote: I do not remember the circumstances and have not noticed any unusual behavior. I suspect this will be the typical facebook users thoughts. 2013-02-22 10:26:05 Permalink
Stof Posts: 21 Incept: 2011-10-17 Ohio	I don't think the average FB user could even make the connection between what happened to their system and FB. They'll just have their geek friend fix it and party on. 2013-02-22 10:27:25 Permalink
Genesis Posts: 130803 Incept: 2007-06-26	If you have a 32-bit operating system (check in "System" in the control panel) you may not get bit by this. If, however, you have a 64-bit operating system and load a 64-bit application, you may get horse**ed as there are two files that are part of the "C" library in the operating system that will get misloaded. If that happens your application will refuse to run, and you will PROBABLY blame the application publisher of the app that won't work. There is a workaround but that doesn't un** your system, it just makes that one app work. And it's dangerous, as sideloading the DLLs in the application directory removes the ability of the system to police them for updates if there are security problems with them found in the future, which means you're setting yourself up for a virus or trojan horse at some unknown time in the future. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2013-02-22 10:33:19 Permalink
Stevehaney Posts: 4 Incept: 2012-07-27 Santa Rosa Beach, FL	Reinstall the OS? Is this 1996? Ever hear of "System Restore"? It was put there for this very reason - Microsoft knows it is highly likely that some application will bring down the house-of-cards called Windows eventually. 2013-02-22 10:33:21 Permalink
Tm22721 Posts: 976 Incept: 2008-01-09	IMO the only way to defend against crap software is to periodically save an image of the computer. ---------- The country is terminally ill and IT JUST WANTS A PILL. The only way up is down. 2013-02-22 10:34:16 Permalink
Genesis Posts: 130803 Incept: 2007-06-26	System Restore is not all that useful if this thing has been on your machine for six months and you've loaded other software since then. Using it does what the name implies. The same is true for a backup. A repair install is likely less-destructive. System Restore is VERY useful if you catch the damage in a reasonable amount of time. It's utterly worthless if the damage happened months ago. The system in question here has both restore points and backups that can be restored, but they're a couple of months old and rolling back to them horse***s far too much for that to be a practical answer. ---------- I don't care if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* Last modified: 2013-02-22 10:36:01 by genesis 2013-02-22 10:34:55 Permalink
Wis/min Posts: 5364 Incept: 2009-08-14 On the border	I don't think I got it from facebook Johnny. I may have been looking for a video downloader at the time to download youtube clips. I don't recall ever using it. There is short cut on my desktop. Unfortunetly I am running Win 7 64 Last modified: 2013-02-22 10:37:54 by wis/min 2013-02-22 10:35:46 Permalink
Genesis Posts: 130803 Incept: 2007-06-26	It doesn't matter if you used it. If you LOADED it you're ***ed. ---------- I don't care if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2013-02-22 10:36:25 Permalink
Sparticlebrane Posts: 287 Incept: 2009-08-25 Banned	This is the only time I've been happy that IT installed Windows 7 32-bit on my 64-bit machine... Also, a nice 'video grabber' tool as an add-on for Firefox is "Flash Video Downloader". Works great. 2013-02-22 10:40:26 Permalink
Genesis Posts: 130803 Incept: 2007-06-26	That's all fine and well until you want to run a 64-bit only application. There are an increasing number of them showing up, particularly when it comes to professional applications. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2013-02-22 10:45:21 Permalink
Pattonme Posts: 37 Incept: 2011-09-27	It is the height of unforgivable behavior to alter any System DLL on a box. yet for decades Windows programmers have been doing this. And I can't fathom why. Next to bankers, I'm all for sending SWAT teams to each offender and burning their company to the ground. If there is a critical bug in a MS-shipped DLL then you can supply your own 'fixed' version in your program's directory. In the Linux world we use LD_PRELOAD and LD_LIBRARY_PATH to override system libs if needed. MS has a similar mechanism but it seems nobody uses them. 2013-02-22 10:48:33 Permalink
Rjazz117 Posts: 17803 Incept: 2007-09-11	whew No iLivid here. System Restore is a gem of a feature...when it fixes the problem...but I wouldn't rely on it. Karl is very (and sadly) right when he suggests a complete system re-installation as a final solution. Sometimes, that's all that's left, and sometimes it is the only thing that works. ---------- To compel a man to subsidize with his taxes the propagation of ideas which he disbelieves and abhors is sinful and tyrannical. Thomas Jefferson 2013-02-22 10:53:00 Permalink
T_wheeler Posts: 14 Incept: 2010-10-29 Frisco, TX	Karl, I suggest you look into using VirtualBox or VMWare or some other virtualization tool. While they aren't a "silver bullet" (nothing is) against viruses/trojans, they are sure handy when it comes to things like this. Since disk space is so cheap, it's trivial to take a snapshot before installing new software on the VM instance, or once per week, or prior to startup.... If (when) the VM gets borked you just do a binary search to find the most recent good snapshot. Hopefully it's fairly recent and you have a minim of effort to bring it up-to-date. HTH, and hope your get your daughter's machine un-borked without too much more trouble. 2013-02-22 10:57:47 Permalink
Genesis Posts: 130803 Incept: 2007-06-26	Quote: It is the height of unforgivable behavior to alter any System DLL on a box. yet for decades Windows programmers have been doing this. And I can't fathom why. Next to bankers, I'm all for sending SWAT teams to each offender and burning their company to the ground. If there is a critical bug in a MS-shipped DLL then you can supply your own 'fixed' version in your program's directory. In the Linux world we use LD_PRELOAD and LD_LIBRARY_PATH to override system libs if needed. MS has a similar mechanism but it seems nobody uses them. Windows 7 makes it VERY HARD to overwrite things in the system directories. You can't do it from a regular installer at all, and while you CAN if you manually copy something from an administrator account you get a separate and rather-explicit warning that pops up -- and the source must be a local disk as well (it won't allow it from a network drive!) However, "xcopy" apparently doesn't pay attention to those protections if run with administrator privileges, and this is how the installers are getting around the restrictions. So this was not an accident, it was a deliberate action, as it can't be done accidentally. Nor is it ever necessary, as you can always load your own copies of these DLLs for a given image in the application directory or alter the search path in your app and it will be honored. This sort of ** is malicious and unforgivable -- and once it happens you're in deep ** because your attempt to reverse it may require use of said altered DLL, unless done "offline" (e.g. as a reinstallation.) Worse, the original file is gone -- assuming you know what it is, which is a further problem when it's in the system libraries as there are several versions and a switch framework that selects the right one. If that's tampered with you're in big trouble. As for running VMs I have 'em loaded around here on my machines -- but that's totally impractical for a system used by someone like my daughter. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* Last modified: 2013-02-22 11:11:17 by genesis 2013-02-22 11:09:29 Permalink
Grunwald Posts: 262 Incept: 2012-06-01 Seattle	Gen, you could take them to small claims court just for ***s and giggles. I know that monetarily it is not worth it, but sometimes the principle of getting some payback is worth more than the cash involved (or lost due to time lost). 2013-02-22 11:13:57 Permalink*
Ktrosper Posts: 1500 Incept: 2010-04-06 ft collins co	iLivid - "LIVID" is right... Freakin POS cost me a few man hours over the last few days, too. I think I've got my boys machine running ok now, but had to resort to an entire system restore, effectively rolling back his machine to a point before the install of iLivid. ---------- The unexamined life is not worth living.-Socrates The only stable state is the one in which all men are equal before the law.-Aristotle Liberty exists now in the spaces government has not yet chosen to occupy.-Doc Zero I anticipate that 10 Dallas Cowboys Cheerleaders will blow me this evening.-K.D 2013-02-22 11:14:16 Permalink
Azusgm Posts: 2430 Incept: 2010-12-02 East Texas	When I searched my computer for iLivid, a java installation window popped up. Not sure if this is related, but Java has been implicated in security problems lately. Last modified: 2013-02-22 11:49:06 by azusgm 2013-02-22 11:29:28 Permalink
Johnny Posts: 1588 Incept: 2008-10-01 Kentucky	I got it from a European site I was trying to watch a ballgame on that I was blackedout for. I had to download their player and thought I was careful... 2013-02-22 11:45:48 Permalink
Ruaslave Posts: 109 Incept: 2012-06-30 Republic of Texas	Did not come up in a search on mine, thank God. I don't know nothing about birthing no babies, I mean fixing computers. I barely can follow you guys when yall talk that technical stuff. ---------- Math is a Bitch and she don't care. - R.U.A. Slave My idea of non-partisanship is not that there are politicians who just have different ideas of what is best for the country. My non-partisanship is they are ALL crooks and liars. 2013-02-22 11:48:18 Permalink
Antone Posts: 7692 Incept: 2008-02-03 Seditionia, USSA	Don't go to NBC.com. It was hacked and is distributing malicious software. http://nakedsecurity.sophos.com/2013/02/.... I just got an email from work that they blocked it along with many other companies. A number of people were affected by it. ---------- As if anything has changed: Wir sind gefickt. 2013-02-22 12:06:17 Permalink

Quote:

Quote: