Slashdot Mirror
Spyware in Audio Galaxy
LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.
I'm using the Linux version of the AGSattelite and have no spyware whatsoever. Sheesh. When will people learn?
Make even shorter URLs - 8LN.org
Does AudioGalaxy's EULA have anything interesting to say about this? Like the license in Windows Media Player that says Microsoft has the right to erase your hard drive if they want?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
It isn't really a surprise to me about the spyware in Audio Galaxy, I've heard people talk about how it should be classified as a trojan rather than a piece of software. MusicCity's Morpheus is by far the best spyware free program, but unfortunately there is no linux version. The best part is that it runs on the same network as Kazaa, without the spyware (which doesn't matter since Kazaa has halted downloads of their software anyway). You can find any file you want on it, and I think it is even better than Audio Galaxy.
The future isn't what it used to be.
A parody of a classic troll. Now that's funny
AudioGalaxy's [audiogalaxy.com] software unfortunately now installs VX2 by default. We didn't know this when we installed AG, and were subject to a pop-up ad so frequently, it was unbelievable. At first, I suspected the sites we were visiting, but they were even coming up on Google!
The big throw was that the ads that were being served up always seemed to come from different places. One day, I decided to look into it, and discovered that all the ads were being downloaded from VX2 [vx2.cc].
VX2 is a very devious piece of sofwtare, logging every one of the sites you visit, and then popping an ad every once in a while. If you surf quickly, throttles itself; surf slowly, and it pops for every site. Quite devious, really.
I have AudioGalaxy 0.608W installed [Windows 2000] and don't have any of the files listed [vx2.dll, iehelper.dll, domlst.cch] on my hard drive, nor any of the related registry entries.
Hopefully Ad Aware (http://www.lsfileserv.com/index.html) will include it in their list soon, but until then it is an easy remove (http://www.vx2.cc/uninstall.html)
The VX2 software is a single program file in the system directory called VX2.dll.
To remove VX2:
1) From the Control Panel select ADD/REMOVE programs. Select "VX2 RespondMiter" and "Remove".
If VX2 RespondMiter is not present:
2) Close all internet explorer browsers.
3) Search your "C" drive for VX2.dll
4) Delete VX2.dll
If the system does not permit the file to be deleted proceed as follows.
5) Select "Start" and then "Run" and type "regedit"
6) Find the and delete the entry named "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}".
7) delete the {00000000-5eb9-11d5-9d45-009027c14662}entry.
8) Reboot computer.
9) Search your "C" drive for VX2.dll
10) Delete VX2.dll
It seems to just plug itself in IE, so as usualy Netscapers are pretty safe from this one....for now.
Cave, wreck, and deep diver.
... that if J. Random Hax0r writes and distributes a piece of software that collects information clandestinely from computers on which it's installed, he gets his door kicked down and everything with a byte of RAM or potential for magnetic storage confiscated, his life ruined, and possibly sent to prison
but
when a barely legitimate distributor of file sharing apps produces a "product" with these same attributes, there doesn't seem to be a great presence of Federal law enforcement at its place of business?
Another proud carrier of the $rtbl flag
This story is not very timely, as the entire issue has been resolved for at least a week now. Audiogalaxy did include the VX2 spyware in their application, was thoroughly lambasted for it, and finally gave in to user complaints and removed it. The current version of audiogalaxy available on their website has no spyware in it (or at least no VX2 spyware, and no mandatory-install spyware; it might still include Gator or something as an optional install, I haven't checked).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
OK,
- B
http://www.bradheintz.com/
- updated
The artice says it logged and reported any fields you filled out and submitted, what about choosing from drop boxes (as in expiration date)? Would this pass too or be unreadable?
A system based on software libre (free speech software), on the other hand, is much less likely to have spyware. First of all, since there are "more eyeballs" looking at the source code, people who make libre software are less likely to add features to the software which the end user may not like. Second of all, the mindset behind making libre software is different than the mindset behind gratis software; there is more desire to give people features they want and less desire to make software which has undesirable features to increase one's bottom line.
While I do feel that propritary software works better than libre software for many things, such as video games, I am glad that I have a system that is over 90% libre software; this minimizes the chances that there is undesirable spyware on my system.
This may be why the editors are reluctant to post spyware stories; people using software libre instead of proprietary software do not need to worry about this kind of thing.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
I prefer Open Source because of this sort of trojan/spyware apps on closed source. I admit I don't examine every line of the source code before I compile it but I tend to trust it more just because everything is out in the open. I'm sure there has been cases where even open source app had some questionable hidden code but I bet it's exposed fairly quickly. I just think it's one more positive aspect of Open Source.
I'm almost sick of hearing about all the "spyware", "policeware" and other [insert bad connotation here]-wares making their ways into consumer products. This can only lead to one thing, in my view, and that's eventually having all of our own belongings spy on us and rat us out. Why?
I strongly believe that the stronger "they" push for more control over our lives, the worst things will get in terms of "their" profits or whatever, because people will want to work around. It's like the parent telling their kid what not to do, so the kid does it just to be a rebel.
This is interesting.... For a site dedicated to "news for nerds" and" stuff that matters" they hold a story back untill a slow newsday(night) to post it. Now as a Windows/linux/Beos user the Windows third of me wants to know when some program is installing what amounts to a data harvester on my machine, whether or not a story which followes the same path as this one has already been posted, I still would like to know what new programs are out there taking my info.
perhaps Slashdot should put up a bi-weekly "security update" in order to address these issues which do not warrent a full post.
Scott Cassaday
Is it just me, or is Spyware a windows-only term?
I've seen Freeware for Linux, Shareware for Mac, and whatever-ware for every other system out there. But I've only seen Spyware mentioned with Windows. Has there been any sneaky "shareware" with popular Mac or *nix binaries? Obviously nothing open-sourced (unless with closed-source libs?)
Why don't we just call it Windows? AudioGalaxy, a full Windows program taking advantage of all Windows "features".
Agreed, this is a huge advantage that the linux desktop has that no one seems to mention.
...No one gives a shit about linux on the desktop.
If linux on the desktop held as many users as say, Windows, I can guarantee there would be just as many spyware and generally rude apps.
The only thing linux is relatively immune from (assuming you're not a dumbass that always runs as root) is viruses.
Linux is just as vulnerable to spies and trojans, it's just there are so few desktop linux users that it's not even worth it for someone to write them.
You're only immune because no one has targeted you.
C-X C-S
I work as Senior Tech Support, and its not really any big suprise that audio galaxy has spyware... We've known this in the Tech Support world since it came out. Usually the spyware also has a nasty habit of screwing with your TCP/IP stack and associated registry keys that results in the loss of your connection, until you rebuild the registry keys. Post news in slashdot, not stuff that people in tech support know.
spyware/shareware
Spyware has nothing to do with shareware. You may not like the shareware business model but please do not associate it with spyware. Spyware can be distributed under all business models. Yes. Spyware could even be distributed as Open Source on a mass-market Linux distro since many users never recompile. If Linux is ever mass-marketed on the desktop by AOL, I expect to see such things happen. It will work because most users don't read security journals and won't bother to recompile.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Michael, in your "editorializing" on this submission, you managed to sum up pretty much everything that bugs me about Slashdot. Thanks for that.
Did you even read the Portal of Evil post? Apparently not. If you had, you'd realize this particular brand of spyware is installed without the users' consent. "When will people learn?"?!? When will Slashdot editors learn to read articles first, and cast their pompus, overbearing comments later? Like a lot later. Like maybe never.
This software affects Windows users, and therefore, not the sort of user that goes around compiling his or her own kernels on a daily basis. I believe this, and this alone, is the reason it upsets you so much. You're the kind of guy that will scoff at an everyday Windows user who accidentally opens a virus attachment, then goes on to pay his mechanic $500 dollars for what should have been a routine $50 repair without batting an eyelid. In short, you're a dick.
Comments like yours are typical of the smug, unbearable technodweeb -- the kind doomed to spend the rest of his life relegated to the back room with his precious computers, far away from those people who actually use them.
Do me a favor from now on. Post the damn story, and shut up.
Regards;
DaC
HAHAHAHAHAH
This spyware was about 300 times more sneaky than the usual DoubleClick bullshit us windows users can with AdAware when we must absolute HAVE a spy-ware loaded program for some reason or another.
Pretty nasty really...but naturally, all we're going to see posted here is, "DUH THIS IS WHY LINUXXX IS BETAR" and "HAHA WINDOWS USERS R DUM".
If you're unfortunate enough to be running Windows. You will need to protect yourself.
Lavasoft is helping you wage your war against the marketing droids. Support them! Let them, and the rest of the world, know that you won't stand for these kinds of privacy intrusions.
Support lavasoft in their mission, buy their stuff!!
[Disclaimer: I do not work for them, I just like my rights granted by being human.]
This thing was really nasty with how much it spies on a user's everyday activities, and I was surprised that slashdot didn't report it sooner. There's the word of a very dubious company's word that they'll purge any bank account numbers that they accidently collect from keylogging your online forms to get them before you submit over an SSL connection, but they might as well be storing and mining all of the email you write to people.
Hey slashdot, lets remove this Kitt user. Total garbage.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
If pop-ups were a Windows feature, the Linux group would have much more to rejoice about...!
People write this sort of crap for Windows because 1) it's ubiquitous and 2) a lot of Windows users have gotten used to "next, next, next, okay" to install a program. It doesn't matter if the installer installs "Privacy Killer 1.0" as long as that person gets what he/she downloaded (in this case, a file sharing program.) I don't think you can blame Microsoft for the fact that people write crapware for their OS.
Simpli - Your source for San Jose dedicated servers and colocation!
Spyware aside, shouldn't it be illegal to infect^H^H^H^H^H^H install software on someone's computer without their knowledge? My computer is MY private property, and sneaking little programs onto it is tantamount to trespassing.
I mean, would anyone put up with someone putting little "Buy Hood(tm) milk" ads in their refrigerator all the time? Or how about little spycams hidden away on your bookshelf? This case isn't much different.
[PowerPoint] is a tool for capitalist presentation
I love slashdot. Stuff like this is just pure comedy gold "Frankly, we're kind of bored by all these spyware/shareware stories..."
You guys have been doing this job too long. That sounds so elitist... I guess I can understand why you'd be tired of this stuff if you only take the full story from reader submissions, but if Slashdot actually had reporters that investigated the story before telling the whole world, maybe things would be different. Instead we get poor, amateur reporting and bitter quips like this. For joy.
I'm tired of this. New for Nerds? Yeah, nerds who don't give a crap about good reporting.
http://www.somethingpositive.net Funny + bitter = comedy gold
Looking up "Maurice O'Bannon" in Google, we find that name associated with a major Internet fraud case in Nevada and California involving $37 million of phony credit card charges which resulted in jail time for some of the participants.
Uh oh. Spyware from people involved with credit card fraud is big trouble. This needs to be followed up with law enforcement.
I think the music industry is bribing all of these companies to add this crap so people will lose faith, and stop using the service.
i'm using Sputnix (AudioGalaxy client for OS X), and spyware is not an issue! of course, historically there has been no spyware in Mac software... heh heh, life is and always has been very good without wintel. btw, what is a virus? hooooo ha. (yes, i realize that with the advent of OS X that Macs are more vulnerable to virii. still, heh heh.)
The whiny bitching about when will people learn is ludicrous. Wah wah Windows users ought to use Linux because it is a million times more better than everything. Fuck that. Alot of these shareware/spyware schemes are complete asshole tactics and could affect Linux users too if anyone gave a shit about them.
I recently rant into a nice little spyware program called winad (wnad.exe) which somehow ended up on the machine (nothing has been installed on the system in eight months) and would hook into IE and launch pop under windows at random when IE was sitting idle viewing a web page. My only guess is some ActiveX program loaded it onto the system from a website somewhere. This program disturbed me a bit because it got onto the system and though didn't do any damage it had the potential to. For elitist Linux users who think they're hot shit, the same thing can be done (though limited to a user's access privileges). It would annoy the piss out of alot of people to have $HOME rm -rf'ed. The whole invasion of privacy in the name of advertising crap is a blow to the whole freedom to roam thing the web is all about. Thinking you're a badass because you can compile a kernel doesn't mean you're somehow better than somebody else who doesn't compile their kernel. It gets real old real fast.
I'm a loner Dottie, a Rebel.
Well according to the Wired story given above, AudioGalaxy stopped including it due to unpaid bills of Onflow Corporation, who were including it in their third party add-in to AG Satellite. It wasn't removed because of any complaints, although perhaps there wasn't much opportunity to react to complaints anyway.
If this is true then I guess it could mean that AudioGalaxy didn't know what they were including at the time, which I don't personally think is an acceptable excuse but it might explain why the installation opt-out screen allowed opting out of other third party spyware but didn't even mention this one.
Luckily the story's not completely past its use-by date, since there are lots of people out there who still have vx2.dll installed. I found it on my windows partition the other day when I saw the story on k5.
Comment removed based on user account deletion
but I'd really like to see somebody sue these bastards! It seems to me that my personal information (and anyone else's for that matter) should be copyright to me! This is a clear violation, because they didn't even say what or how much they were collecting. That's not a contract!
Also, if they have EVER sent information about me back while in "secure" mode (https).....that's also a violation of the DMCA too, isn't it? That seems to be decryption/circumvention of digital security measures.
All of these rules that the lawyers have created must be put to good use!
".....command, I need a heavy lawyer bombardment on my current position. Drop all the suits you got!"
Comment removed based on user account deletion
I got much more info back than him. Just have to use the correct whois server.
Registrant:
vx2 (VX52-DOM)
po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
Administrative Contact, Technical Contact, Billing Contact:
vx2 (D25000-OR) vx2org@hotmail.com
vx2
po box 27103
Las Vegas, NV 89126
US
212 255 1008 fax: 123 123 1234
Record last updated on 05-Oct-2001.
Record expires on 31-Jul-2003.
Record created on 31-Jul-2001.
Database last updated on 26-Jan-2002 12:04:00 EST.
Domain servers in listed order:
NS1.VX2.CC207.246.124.6
NS2.VX2.CC207.246.124.7
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
And this time, it isn't "Let's get him!"
Okay, I was just chatting with my teenage cousin on Kazaa, and that got me thinking. Her father is a lawyer (a defense attorney). She doesn't have Audio Galaxy, but I bet some lawyer, somewhere, has a kid who installed Audio Galaxy on their home machine; and I bet they sent work related web-based E-mail.
If I'm right and if this person can be found, surely you can subpoena Mindset to get logs of what they did with the information. IANAL myself, could you do anything else to them? The guy at www.cexx.org evidently spraypainted Blackstone's entire server pink - is that evidence that your legal communications could have been compromised? Is this stuff that cexx found utterly inadmissable?
Failing that, there are lawyers here. Set up a scheme to make Mindset/whoever they actually are defend themselves in court - if 100,000+ people really installed this software, they have to have something they're not remotely supposed to have.
Anyway - read the last bottom of the cexx story - it has the missing pieces of the story on HellPortal.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
I can't believe any of this is news.
I stopped using AudioGalaxy about six months ago because anything worth downloading had been blocked. Long before that (the first day I downloaded it) I knew there was spyware in it and removed it with adaware. Lots of other people knew about it and posted so on forums on the site. This is old old old news.
We know nothing about VX2," Merhej said. The VX2 program file (called vx2.dll) was part of an advertising graphics enhancer made by the Onflow Corporation, he said. Audio Galaxy offered the Onflow program as part of its software package from Oct. 1 through Nov. 4, 2001, Merhej said. The partnership was cancelled due to unpaid bills.
Onflow is the worst company I have ever dealt with.
Our company (which shall remain nameless) used onflow technologies in our product for about 2 years. They paid us for the first few months of operation, but when they owed us a total of about $30,000, we received a letter claiming they had lost overseas investments, and they couldn't pay us.
Funny enough, it look like they are still in business.......
What controls 90% of the desktop market?
I don't mean what do you think should control 90% of the market but what actually controls it? Like it or not Windows is out there. The average Windows user doesn't understand what is running on their machine.
Also, following the purchase of a MS product (!!!), it is far easier to develop for Windows than other platforms like Linux and Beos. If you disagree then build a full Visual Basic program from scratch on Windows and the same program on Beos/Linux etc... If you think it's easier on other platforms then you have never built a reliable and properly bugtested program using VB. I'm not trolling - it's very much the truth - Microsoft have done some great things with their API and in my opinion its very very sharp HOWEVER I am not ofcourse dismissing the shortcomings that are inherent in an MS operating system.
MS have very useful features available for Spyware programs. Every part of the PC, be it data, configuration or otherwise is easily accessable (which would be forbidden in the case Linux's more stringent - and more mature - permissions system - this is a GOOD thing!!).
You have to think like a competitor - if you aim to target the majority of your user base who are you going to develop your spyware for? Linux users? Beos? MacOS? Be realisitic. You are trying to MAKE money. I'm not saying that money can't be made out of the others but Windows HAS a large established user base - which ofcourse is why they are scared of any alternatives. If you are a major contender in the OS business then sure - Linux support is important - but if you are a services provider etc.. where is YOUR market?
This is some food for thought - think about why Windows has more spyware... think about operating as a true commercial entity. Again - I'm not trolling - I'm being realisitic. If I direct my company to make software for large distribution my choices are clear and simple - PostgreSQL/MySQL Linux backend OR comparable other product/OS and VB Client frontend - there is no way my frontend at this moment will be written in anything else (except maybe Java - but that depends on the user base).
User base is virtually EVERYTHING if you are trying to EAT.
heh - the Audiogalaxy Gold sofware doesn't install any spyware..... (to the best of my knowledge). Guess something good came out of supporting an excellent service instead of just freeloading like the rest of the world.
btw: this wouldn't matter if one was using mozilla... it appears that the hooks only go into IE.
slashdot username - at - email.domain.name
I run the audiogalaxy satellite inside a chroot jail.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
This is a pretty weird coincidence. I couldn't find a song I was looking for on Morpheus, so I went to download AudioGalaxy just about half an hour earlier. It wouldn't let me log on to the server...it said the program was old and I needed to upgrade (though I went and got the newest version from the offical site). I gave up, uninstalled AG, then came to Slashdot where I was greeted by this!
Guess it's a good thing it wouldn't let me use it after all...
Oops!
And can you go ahead and use 90% of the other apps out there? Yeah, thought so. I mean, goddamn it, I want my Castle Wolfenstein!
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
If you want to find out where this users is, why not
compose an html email containing an image on a
server whose logs you can read. You'll be able
grab the client IP address from his browser when
the image is displayed.
b
What f*ing box!?!?
A Las Vegas address with a Manhattan phone number? Weird...
There is a reference to joshua@abram.com on the ;-)
"contact" page at vx2.cc. This is the whois
from vx2.org. coincidence? I think not.
go get him
Registrant:
Abram, Joshua (VX54-DOM)
444 east 57th street
New York, NY 10022
US
Domain Name: VX2.ORG
Administrative Contact, Billing Contact:
Abram, Joshua (FSQYHRRZLI) joshua@abram.com
444 east 57th street
New York, NY 10022
US
212 255 1008
What f*ing box!?!?
I could go on and on and on, but the conclusion is clear. Windows is not an option for any one who seeks a professional OS with high performance, scalability, stability, adherence to standards, etc.
Actually, I think what's completely clear is that You Don't Know Dick about filesystems .
You especially don't know anything about FAT, FAT32 or NTFS.
spectecjr (posting anonymously)
The point you're apparently not getting is Lavasoft doesn't help you in two simple but significant ways:
1. Lavasoft is proprietary. You can't trust it won't do something harmful to you because what it's doing is hidden. You can't fix the damage of one proprietary program by running another proprietary program.
2. By the time you run Ad-Aware it's too late. The spyware has already been installed and executed so it may have already done some damage. What is the extent of the damage? Nobody but those who had a hand in developing the software can know.
I know what you're thinking, "But I want to do what this proprietary software lets me do!". Then help develop a free substitute. Learn to value your software freedom and you won't be tempted away by the lure of proprietary software again.
Funny? I was serious. I didn't intend that as a joke, just see me try... buahahaha...
Make even shorter URLs - 8LN.org
Spyware that transmits anything you put into a form (web-based e-mail, credit card information, address information) back to its parent company, as well as the usual tricks of recording every webpage you visit and adding banner ads to webpages you visit bores you?
I would've thought that a program attached to a major P2P program that records your credit card data and sends it to a shady company that no one knows anything about would be sort of important. If it were a group of self-described crackers that did this, it would probably be really big news. But because it's a corporation, just like all the others, it gets passed over?
Every small Microsoft security hole that no one has even exploited yet is big news, but corporations stealing credit card numbers and reading every bit of a person's e-mail apparently does not mean much. It wasn't even mentioned in the /. blurb.
2002-01-24 22:44:37 AudioGalaxy Installing Spyware? (articles,news) (rejected)
uh...yeah, right...sure you do.
You just better hope Linux never becomes a popular OS.
Huh? The most common reference to FAT I've seen used refers to what are (now) known as FAT12 and FAT16 - the predecessors of FAT32. These are hardly beta, and were adequately suited to their original intended purpose: storage on a single-user, non-multitasking system.
...unless this is something new in WinXP (which I have avoided like the plague), I don't know what else you could possibly be referring to.
The other proposed 'solution', NTFS, is nothing more than an ugly hack to put journaling into the file system. All the drawbacks of the ancient FAT32 file system remain in NTFS, for the sake of 'forward- and backward compatibility'.
Once again, I wonder if you have any idea what you're talking about.
NTFS predates FAT32 by several years, and the two have many functional differences. About the only thing NTFS and FAT32 have in common is that they are file systems used by Microsoft.
As for the "forward- and backward compatibility", you are wrong there as well, since NTFS isn't backwards compatible.
On top of that a lot of them spit out the most childish and unprofessional messages, indicating that they were created by 14-year olds with too much time, no talent and a bad attitude.
Strange... I was thinking the exact same thing about your message...
Posts like yours give Linux users a bad name. Do the rest of us a favor and shut up and go away.
--The Rizz
"Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." --Mark Twain
On kuro5hin, the story is discussed. On slashdot, one of the editors posts it with what he thinks is a snappy comment, and everyone makes fun of his stupidity, poor grammar, spelling, general ineptitude, zealotry, etc.
Guess which site gets more page views?
Once he gets so many posts modded down (probably happened already), his IP will be banned for a few days.
Man, at least with Audio Galaxy you can remove the spyware with Ad Aware (From Lavasoft). Grokster and Kaaza have taken it to a new level and now require that the spyware exists on your system to run their client. Take out the spyware (like anyone with half a brain would do) and the client ceases to run.
What worries me is that this is the beginning of new trend where all this adware will start this. I'm sure all the rest of the marketing departments in these scum factories will start to do this now.
Ya know, I really wouldn't mind PAYING money for some of these clients (if it was reasonable), but to force someone to run sketchy software reporting back to god knows who with god knows what information is complete bullshit. As far as I'm concerned, all these companies that put spyware in their software are even worse than the RIAA/MPAA/etc. This revenue model is fucked, and I hope that if their is even the slightest hope for humanity that these companies go out of business with the quickness.
BTW, I found out somebody put out a "crack" for Kazza to allow it to run without spyware. That makes me giggle. These companies get what they deserve.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
Dude, that post is a joke. It's a mockery of the well known Linux troll post. Exchange Fat32 for ext3.. :)
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
Having worked at Audiogalaxy this past summer, I can assure you its not the case that they meant to bundle this, it had to have happened by accident.
Its bundling goes against their views of making all bundled software opt-in, meaning the user must check a little box to opt-in otherwise the default setting is to not install bundled stuff.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy. The spyware mentioned is just one little file vx2.dll. Since it came with onflows advertising software, To the guys at AG it must of looked like it was a dll that onflow dynamically linked their code to. It just goes to show you how sneaky companies like vx2 are. I bet spyware companys just try and sumberse themselves further like the parasite they are, and just go tag their BS onto legit dll's.
Knowing how the folks at AG are they'll be taking a fine comb thorough their bundleware to maintain that opt-in philosophy.
I noticed that the /program files/company name/product path is actually encouraged by installshield. Sifting through the make-installer-wizard it prompts you to enter your company name for the programe files/folder name . At least it did last time I had to make an installer.
This is a whole new level in what the spyware types have attempted. It's not serving you more ads, or even (as that @#$@# webhancer does) tracking the URLs you vist, and how long you spend -- this thing actually harvests data off web forms and sends it in.
/. rejected it all week long as I (and many others) tried to send in submissions that adequately conveyed why this is so interesting.
It's like a security alert, privacy violation, and alarming new trend, all rolled up in one, and
-- q
You'll have to excuse him, he's an aol user.
I think its more important to mention this wouldn't happen in Free Software, not because "more eyeballs" or different mindsets. Its because real Free software or software libre, allows you to make modifications and re-release the modified code freely. Thank you RMS.
This VERY important, perhaps defining characteristic, of "free software" would be a direct reason preventing wide-spread spyware. Say a GPL'd program had spyware built in, someone might not even see the source, run a binary, notice the wierd behavior or network activity. After its brought to peoples attention that could definately motivate someone else to modify the code, re-release it, and then as word got out people would be downloading the privacy ensured version instead. Making the spyware version pointless even to the people spying since they have no one to spy on.
So how is that relevant? If I drive my car into someone and kill them, but I was asleep at the wheel, does that mean that I am therefor innocent of any wrongdoing? Nope.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy.
I say judge them by their deeds not thier intensions - Audiogalaxy is in the business of distibuting software. How the crap can they not know what they are distributing? And if that is truly the case, it is thier problem.
My Karma: ran over your Dogma
StrawberryFrog
That's what I thought too... you fucking idiot, why don't you do a whois on your own domain and see how much info it returns? Nothing, hmm? You trying to hide something? Not all conspiracy theories are true, sometimes it can be explained by stupidity on the part of the theorizer. Lots of info is out there, you just have to know how to find it.
*Whistle* Pretty bad...
The only way the typical /.er can pick up a chick is with a forklift. -- AC
Unfortunately the free has two meanings in english, one to do with money, and one to do with free-dom.
Free software is about the free-dom part, but coincedentaly most is also very free as in money.
This probably has more to do with the fact that of who is developling free software right now, but if more companies developed business models around
free software, this distinction would be easier seen.
I think its very possible to make money releasing free software, but conservative companies aren't going to take risks, and people aren't getting creative enought to find the business opportunities. Sounds a lot like how the PC started, less to do with previous business models adapting to a new idea, and more to do with people with BALLS and creativity making it happen.
"respondmiter" is the name of the program vx2 tell you to remove in "Add/Remove Programs", so i did a search:
e r+
http://www.google.com/search?hl=en&q=RespondMit
interesting stuff?
B3d projector just plays 3d animations. For something to be spyware, it has to spy on you somehow. There's no indication that this program does. What makes you think otherwise?
It's not so much the fraud possibility that concerns me, since I think it's at least reasonable to assume that most companies won't go out of their way to break the law so obviously.
I'm more worried about the fact that they might be storing it at all. Whenever another company stores personal information about me, it means that I'm required to trust someone else to look after it properly. For every other entity who has personal information about someone, there's another entity that it can be stolen from.
VX2 has been trying hard to go unnoticed but even if they hadn't, why should anyone have to assume that the security on their system won't be cracked? Even if it does seem that they're taking reasonable precautions, nobody should feel obligated to trust them.
All it takes is for one wrong person to get bulk personal information and do a little data mining, and five years from now your name, address and estimated income could be on a regionally sorted list being sold on the black market.
I've just run Ad-aware on my Windows configuration,
and I'm just glad that I don't seem to have caught
anything.
This kind of spyware is at least as dangerous as
any worm or virus I've heard about. I think Norton
and McAffe will have to extend their products /
product lines.
I had never seen the original, so I had no idea that this was a reference/parody of something else.
why the hell your quoting this here is a mystery.
Because I was responding to a post in this thread. It seems that the post I was responding to has fallen below your viewing threshold - which seems to cause slashdot to put it as it's own post, rather than a follow-up.
--The Rizz
"I used to think that the brain was the most wonderful organ in my body. Then I realized who was telling me this." --Emo Phillips
Well, it's the first time I came across it. Thanks for letting me know where it comes from.
Odds are I'm going to get modded down for not recognizing it in the first place... oh well... next time I'll just ignore it.
--The Rizz
"Dawn, n.: The time when men of reason go to bed." --Ambrose Bierce, 'The Devil's Dictionary'
http://www.infoanarchy.org/story/2002/1/24/1761/25 534?op=comments&sid=2002/1/24/1761/25534&cid=1#1
:-)
Check it, its interesting... For sure!
It may be bad popping up ads when you're surfing the web, but what about just whenever. That's what happened on my system.
I, like Chet & Eric of the linked article do support programs having internal ads to support themselves as free software. However, monitoring users behavoirs is another story -- that's your computer and most contracts (as I have heard from a lawyer friend) cannot "sign" that away; for example your landlord cannot include a clause stating he has the right to monitor your mail, who you talk to, etc. and by living in the property he owns, you forfeit those rights, and if you do not agree with them you cannot live there. Well, folks, this is exactly what most of these programs are having you agree to. The fact is, they're illegal contracts. You cannot gather personally identifiable information (it's identifiable because they are able to deliver targeted advertisement thus they must have a system to know who you are) if you signed the rights away or not.
I have accepted that companies do this and there really isn't a way of getting around it (heck, I don't really care what they do with the info, I'm not going to buy something from any ads they use and that'll be my contribution). So I have tolerated these commercial bombardments. That is until something strange happened.
All of a sudden while I would be at my desk in the same room (this is at work mind you), I would notice activity on the monitor. Going over to look at it, I would notice an ad window had mysteriously popped up, when no programs were running and I hadn't been using the computer for hours. In the morning I typically had several windows to close after the nights ad-popping fun.
Thinking it was a web site which some how introduced a popup delay, I dismised it at first. But it got worse. It was impossible to work on a Word document without having an ad popup and steal focus from my document. I also came to the realization when you close a browser window, its process ends and thus a delay javascript wouldn't work.
I finally decided that it must be some program launching these ad windows. Searching the running process list, I noticed an interesting program happily running. Savenow was the culprit. This program was actually popping up windows on my personal desktop, on my computer (yes, I do own it) and collecting web browsing data in the background, even when its associated product wasn't running! Deleting the savenow executable, I was free of the ads yet outraged of how this company violated my privacy and my computer, and also comprimised the security of my employer. What if they could learn something about our project based upon my web browsing habits and sell that to another company?
After that incident, I went in with a resource editor on every single ad-supported program on my computer and removed the ad resources. I also installed ad-blocking software. Still though, I do occassionaly get ads and various brandings. I have since persuaded my boss to let me put my Linux box on the network, but still, how long until we see these ads and tactics on Linux? How long until these ad programs start embedding ads in your paid for software, or interfacing with your printer driver to print a banner ad out on every page?
The point I'm trying to make is I am all for advertising and realize it does support free products quite nicely, but when it invades my privacy and makes me sign illegal contracts, I get angry. Anyone would. And something should be done about it. I don't have the resources, I can only not buy the products they force on me and put a dent in their success rate thus no ads. But someone with the resources and time should go after these bastards.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Here our small numbers are a blessing for us. No one is ever going to care enough to make spyware that will thwart the average computer geek when they can get the rest of the population with much less effort. The difficulty and limited effect of such an endevour are enough to stop any company that has a bottom line to worry about.
Someone PLEASE sue these jerks for wiretapping.
It's defined as someone who:
Knowingly intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire communication
Since the information they are aquiring is information which is sent out over the web, (I.E. a URL, albeit represented in a slightly different form) this kind of suit should stick.
This kind of behaviour sticks of wiretapping to me. Please sue.
-me
Now I feel there is no excuse for RedHat users such as myself not to help fund RedHat.
In praise of 100% GPL-focused RedHat
RedHat, despite what you might think of their distro or business-side tactics, funds probably the greatest number of 100% GPL software developers (since VA no longer does). I cannot stress enough the importance of this fact. Every distro enjoys the fruits of RedHat employee labor, and not just Gnome developments either.
Imagine the number of developers that could be hired
For every 2,000 people who sign up for the service, that's $120K/year for RedHat. Figuring half of that goes to upgrades to their network infrastructure to support the additional downloads, that leaves $60K to fund another developer on-staff. If all 2 million RedHat sysadmins (my estimate is 2M, which equals ~20M installs, ~10 installs/per sysadmin on average) coughed up $60/year, that's $120M/year for RedHat. That could equate to adding $60M for developers, or about a thousand employees!
Personal note
I've been a total RedHat leech here. Although I have worked for various companies who have paid for Cygnus tools (Cygnus is a division of RedHat), I've pretty much only bought the boxed sets on every .2 release (and I haven't bought 7.2 yet). I've been running RedHat on this system
(through various hardware upgrades) since 4.2, only re-installing once to move to XFS (RedHat 7.0.92 + XFS 1.0 betas was a "clean" install).
I've installed RedHat on close to 500 systems now, and I'm sure well over half of those are still in use. So that amounts to about $0.10 per system I've installed. Definately not enough IMHO. I want to change this. This is a great avenue to do so.
-- Bryan "TheBS" Smith
Independent Author, Consultant and Trainer
that almost all closed source P2P clients are spyware, and all open source ones aren't?
How about an article that compares all the various clients around, but based on privacy issues instead of the usual zillion of users/files?
Any volunteers? By the look of it, I don't think I'll personally be filling in that form anytime soon. :)
Why not fill it out many times? As John J. Smith, George Bush, etc. That database might taste a bit better with some salt after all.
i submitted this story to /. last sat (1/19)...no story, ended up rejected. no loss to me. karma caps are there for a reason.
i checked my machine, but wasn't infected. i figured as much since i run ad-aware occasionally.
i forwarded the info to my buddies (mostly non-tech guys, music lovers, etc.): guess what - 3 out of 5 of them were infected and had no clue what "spyware" was.
"Stuff that matters" can be interpreted many ways, not so narrowly to "matter" only to people who understand root and have a linux box.
the elitism on this site sometimes gets real, real old. thanks Palaptine for your post. you are correct and the rest of these people are trolls.
kinda sad, huh?
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
The installer asks you if you wanna install that spyware proggie. Well, just say no. I agree that many people may not know this and always press the 'Yes-Ok-I Agree-I don't care' button. My advice: 'Read the dialogs'
OS X with it's standard Unix system would be much more difficult for a Virus to infect, as opposed to OS9, and prior, which let any app spawn all over anything in memory...
autopr0n is like, down and stuff.
Actually, I remember seeing someone port Melissa to Linux as a shellscript (rather then a VBscript) on k5 a while back. Sure, the user would have to manually save it and run it, since most Linux mail apps wouldn't do it for you, but the code was still there.
Also, there have been a few viruses on Linux, to say otherwise is the height of idiocy. Just do a damn google search.
As far as spyware goes? Yeh, there is none (that we know off...) But that doesn't mean that there won't be in the future. There's no technical reason why it couldn't be there.
autopr0n is like, down and stuff.
I wonder, since they admit that it is possible to send private data to them, is the stream to their server encrypted (SSL or something)? I mean, even if I DID trust them, I am not sure I trust EVERYONE along the way to their server.
Good thing the AG/Linux does not spyware, I hope....
But. A policy of including stuff in your product when you Don't know what it does is just wrong and exposes you to liability.
My Karma: ran over your Dogma
StrawberryFrog
Now THAT'S quality journalism.
Speak truth to power.
I've been using it for several years, and it does pretty good job filling out forms and remembering passwords. All personal data is stored locally, encrypted and easily exported or imoprted. After each install I go through little procedure to "pull Gator's teeth"
1 Uninstall "Offer Companion" from Control panel
2 Open Regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn
3 Change servers URLs to 127.0.0.1
After this I never see a banner.
Downside:
1 Gator runs two memory-hungry processes
2 I don't know if their encryption for my data is any good
You can start throwing rocks at me now.
Are you guys kidding? You intentionally sat on a story about spyware because you were "bored" with that type of story??? This has to be the outrageous thing I've seen the /. editors sayso far, which is saying a hell of a lot.
I tend not to install much shareware for precisely this reason - so I've tried Ad-aware a number of times over the past year. Crashes on Win2K like clockwork. Differnet machines, installs, etc - Always crashes - not sure if its Mozilla, or what. But the only computer I ever got it to run on was a Win98 box (my kids machine) and it found little. Anyone else seem to have torubles like this?
Top Most Bizarre/Disturbing Error Messages
regedit32 -u vx2.dll in the directory it's located in. then delete it.
regsvr32 -u vx2.dll
That is what pissed me off about this. In the version of the install that infected me - there was no option and the user agreement made no note that there was spyware - except if I checked a link mentioned, that would discuss the spyware.
So the notice of spying was not in the agreement and it was not an option. AudioGalaxy to be complete pricks, then changed the package after some period of time to include two new items with warnings, but never changed their package number. I think this was on purpose to discredit people complaing about the spyware install.
Chet
Pay attention people! You there, in the back, is that gum in your mouth?
I mean, any program I run will have right to do pretty much *everything* (Since I'm lazy I usually run as admin too, shoot me). The problem is there's an all-or-nothing mentality in Windows that creeps me out. I wish Windows had some kind of "learning mode" just like my firewall, not just a run/don't run program. I know I could create a unique user for that program, with mostly the rights I want, but it's not nearly enough.
I want to control what directories it can act on (I.e. limit them to C:\Program Files\, limit their registry options (deny takeover of extensions, allow changing other programs' editions) etc etc., if it can steal focus, talk to other programs, go fullscreen, how it can talk to other machines on the net (ok the winxp firewall might be a start). And I mean in real-time, not having to set up all in advance and have the program crash on me if it's not enough. And this doesn't have to be default or anything, I just wish that us powerusers could assist windows in not getting fucked up.
Kjella
Live today, because you never know what tomorrow brings
If you really wanna know, I used HTML quotes.. didn't work too well
Live today, because you never know what tomorrow brings
One word: Gnucleus!
it's for Windows, and if you want, you can compile it yourself! :)
My wife installed AudioGalaxy last summer, and we just went looking for any signs of this vx2 software on her machine and found nothing. I wonder if there's any data on what the window was that it was being bundled with AG?
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Yes, there is a linux version. Ask around for it though, it seems that KaZaA has taken it off their website. It was called "KaZaA Media Shell 0.4"
//pcable
-Legion
KazAa is even worse as it installs a lot of ad-ware and stuff in the registry. As explained on this site, it installs multiple things that are very nasty to remove afterwards, including the onflow thing discussed in other posts.
The worst part is the newdotnet thing.
Just do a "kazaa spyware" search on google and read.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
<form METHOD="post" ACTION="mailto:vx2org@hotmail.com? subject=delete page" ENCTYPE="text/plain">
Somehow sending all these requests through a Hotmail account, of all places, isn't very reassuring.
~/AGSatellite0520> ./AGSatellite &
[4] 19664
~/AGSatellite0520> Files scanned: 2663 NewFiles: 1
http://www.audiogalaxy.com/betatest to login
So sorry, what's all the fuss about again?
Editor Emeritus and Senior Writer, TeleRead.org
Someone should try to take their domain name via WIPO. If they don't respond to the paperwork, they lose the domain! I would think the sleazes behind this would come out of the woodwork in that case.
When I was a kid, we only had one Darth.
Yeah, and a whois on onflow.com which he was trying to link to these guys turns up a company located in California with a real address (not a shady PO Box), a real name, and at least one legitimate-sounding email address:
Registrant:
ONFLOW CORPORATION (ONFLOW-DOM)
160 Pine Street
SAN FRANCISCO, CA 94111
US
Domain Name: ONFLOW.COM
Administrative Contact, Billing Contact:
ONFLOW CORPORATION (XT27-ORG) no.valid.email@worldnic.net
ONFLOW CORPORATION
160 Pine Street
SAN FRANCISCO, CA 94111
US
415 477 9300 fax: 415 477 9303
Technical Contact:
THOENNES, JOSEPH (JT14258) j.thoennes@ONFLOW.COM
Onflow Corporation
160 Pine Street Ste 300
SAN FRANCISCO, CA 94111
415 743 9130 (FAX) 415 477 9303
Record last updated on 31-Jul-2001.
Record expires on 30-Apr-2003.
Record created on 30-Apr-1999.
Database last updated on 26-Jan-2002 23:43:00 EST.
Domain servers in listed order:
DCA-ANS-01.INET.QWEST.NET 205.171.9.242
SVL-ANS-01.INET.QWEST.NET 205.171.14.195
The two companies could surely still be connected but Onflow at least appears much more above-board than vx2.cc.
Liberty in your lifetime
A known Google Tech says that, "Sometime in the next few days, I think we're going to put a promo line on our home page. It will say something like "Google does not show pop- up advertising." That just might raise the ante.
The Nevada Secretary of State Corporation Search gives us.
- President:MAURICE O'BANNON
Checking "vx2.cc" with Network Solutions WHOIS:Address: PO BOX 27103
LAS VEGAS NV 89126
- vx2 (VX52-DOM)
The post office box addresses match, so the Nevada VX2 Corporation is the correct business.po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
212 255 1008 fax: 123 123 1234
"Maurice O'Bannon" is mentioned in several legal documents related to the J.K. Publications scam. In that case, O'Bannon was on paper an officer or director of several dummy Nevada corporations which were fronting for a multimillion dollar phony credit card billing scam operated by Kenneth Taves of Malibu, CA. (Mr. Taves is currently Inmate #12289-112 at the Los Angeles Metropolitan Detention Center). O'Bannon, though, appears to be some guy in Nevada who just signed whatever was put in front of him. In the judge's words [large .PDF] "Maurice O'Bannon had an informal agreement with Nevada Corporate Headquarters, Inc., an incorporator, to act as a nominee for their client-corporations and sign whatever documents Nevada Corp wanted him to sign."
The judge was bothered by O'Bannon's actions, but the FTC didn't have enough evidence that he had control of or profited from the scam to put him away.
The J.K. publications scam involved obtaining a database of 3.6 million valid credit card numbers and charging them small amounts each, supposedly for use of a porno site. The mess involved offshore bank accounts in the Cayman Islands and Vanatu, but much of the money has been recovered. Company names involved were JK Publications, Inc., MJD Service Corp., Netfill, N-Bill, Webtel, Billing On Line, Fun On Line, and Discreet Bill.
We're not at the bottom of this yet, but it looks very suspicious.
you'll never get them to dissasociate your data with a form. Now a 30-odd-6 might work a little better. If only they had a valid whois.
If they have debts, you have the right to place a lien on their property and get an order to get the sheriff to go in and seize their property. Or, you can literally sell their debt to a collection agency at 2/3 of the value and let them have the fun at getting at their asses.
The Audiogalaxy windows client installs a piece of software called "Bonzi Buddy" without telling you, certainly not giving you the chance to opt out. How does this jive with their opt-in philosophy?
I think its very possible to make money releasing free software, but conservative companies aren't going to take risks, and people aren't getting creative enought to find the business opportunities.
hahahahahahahahahahahahahahahaha!
I worked for a company basically trouble shooting peoples computers and installing programs for them, getting them signed on to the network, etc.
Every single computer I went to that I hadn't already been at, I would have to spend about 15 minutes disabling 5 or more auto running programs, removing sneaky things from the start menu and registry, killing that stupid paper clip that everyone despises, and various other things that are required in Windows to get an uptime greater than a few hours.
I think about 50% of the computers I got sent to work on were generic "windows keeps crashing on me" problems. Half the time cleaning out all the auto-run shit from the registry would fix it, but a lot of times there was even more screwy stuff going on behind the scenes causing problems. Way too often I would have to reformat+reinstall to get the system stable again.
hey fuckers, this aint news. kuro5hin had it a loong time ago. way to go.
People known to have been affiliated with Dash include Dan Kaufman, CEO, and Rob Goldman, "Executive Vice President of Customer Experience".
What did Dash do? "Dash.com is a mobile shopping and advertising portal that surfs the Web with consumers, bringing them real-time offers from merchants." Sounds a lot like VX2.
More later.
Here's a plug for AGstreme, which I switched to after I heard about this latest round of spyware nonsense. It's a GPL AudioGalaxy client replacement, which a boatload more features. My favorite: it can read CDDB entries and then request download of one or more tracks from a given CD. Pretty darn cool:
http://www.ractive.ch/gpl/AGStreme.html
Can your IM do this?
save this on you desktop. If anyone doesn't follow it, sue.
tou(terms of use for my computer)
By acessing this computer I agree to the terms of the owner of the computer.
I = person acessing my computer. not the owner!
1. I will not disclose information about this computer.
2. I will not hack in to this computer.
3. I will not delete files without permission from the owner.
4. I will not send spam to this computer.
5. I will not use this computer to harm the owner in any way.
6. I will not use CPU cycles without permission from the owner
7. I will not use this computer to make a profit.(unless you pay me.)
I can't find VX2.DLL on my Win2K box.
and ZoneAlarm alarm isn't reporting any
unusual activity with AGSattelite.
Is this specific to a particular version?
You can't assume that this company is American. Slashdot has readers across the world. I am writing from Australia. In Australia, you can't just call up a guy to start seizing property because you think someone owes you money. We don't know the full story of this issue submitted by an anonymous coward.
In fact, in some countries, I bet they can get into serious trouble for trying to seize other people's goods.
If the pattern goes 9am, 10am, 11am, why isn't noon 12am?
It gets better, it's a shady corporation with a disconnected Manhattan phone number, whose servers are located mostly in the midwest. The investigation I did on this company after reading about it on two other weblogs is enlightening. Whoever these guys are, they don't want to be found.
Marxism is the opiate of dumbasses
netpal.dll
vxsystem.dll
hi5.dll
hi6.dll
favboot.dll
kernellos.dll
reg3322.dll
ofrg.dll
(the ones I know of, anyway). The extras do such things as hijack your start page at intervals and overwrite your bookmarks with Amazing Deals and Special Offers.
Caveat Emptor is not a business model.
I've heard many stories about the evil Slashdot Effect, so I'm counting my blessings--granted, randomly pulling up Slashdot one day and finding your homepage on the front cover is a unique experience, but so is finding that huge bandwidth bill in the mail the following week. (Not to mention the angry letters from all those people you're sharing a server with <g>) Actually, so far the first-page-of-/. effect is only raining down about 1/2 as much pestilence as the 2nd-page-of-Wired effect. I'm disappointed.
Caveat Emptor is not a business model.
Some friends and I had a lot of fun poking around in VX2's (Blackstone's) server in November-December 2001, adding our own ad campaigns, etc., after they were nice enough to provide the server's master password on a publicly-available set of VX2 testing instructions. (Stumbled on it during a Google search, scout's honor!)
No users' personal information was obtained, but we did walk away with some VX2 code signers, private key and some bad marketing materials as consolation prizes. (And of course, peeks at some unrelated crap they're working on.)
Caveat Emptor is not a business model.
I don't know about ya'll but the VX2 web-site http://www.vx2.cc/ is not allowing me to view it. Nor is the uninstall page.
VX2 Corporation
PO Box 27103
Las Vegas, NV 89126
US
Another report indicates that the Blackstone Transponder is connected with Mindset Interactive. And, sure enough, there's a press release from Mindset boasting about it:
-
IRVINE, Calif.--(BUSINESS WIRE)--July 20, 2001--Mindset Interactive Corp. (OTCBB:MSIA - news) has just completed development of a new software application which provides advertisers with the ability to deliver an ``instant message'' to a consumer as they are purchasing a product or service from another site.
Mindset Interactive currently offers a full suite of ad units that include:
That's the VX2 feature set, all right. Note that Mindset admits it snoops on what you type into forms, so it can monitor your search engine usage. Of course, there's no guarantee that that's all they do with the information.Keyword targeting: Whenever a consumer types in a keyword search on any search engine, Mindset's software can deliver an instant message to that consumer (i.e. if a consumer types ``cheap airfares'' into any search engine, the software reacts with an ad for low fares from an airline.)
URL Targeting: When consumers visit a Web site Mindset has the ability to deliver a targeted ``pop up'' instant message. In this manner, an advertiser such as any automobile manufacturer can select to run instant response advertisements to consumers visiting car buying or leasing sites.
Multiple message units (MMU): Imagine being able to serve pop up ads anywhere on the Web to consumers who are shopping in your product category. Mindset MMU's give you multiple impressions and allow you to control the order in which consumers view your messages.
And, for confirmation, we check Mindset's latest 10QSB filing with the Securities and Exchange Commission. They're not doing too well; they lost $247,000 in the last quarter, on sales of $252,000, and just had a layoff. They mention the "transponder", but call it "Net Pal":
-
"Net Pal" - The "transponder" Net Pal software is a proprietary software
application Mindset Interactive has acquired that will be downloaded onto a
user's browser. The software will launch advertisements based on the contextual
content of the website the user is currently visiting. The various features of
the Net Pal software allow corporations the ability to market "on-line" directly
to their client and prospect base.
So Mindset Interactive is the company behind VX2.-
This software product enables Mindset Interactive, Inc. ("MINDSET") to collect user information ("INFORMATION") directly from the user's computer.
By installing the software, the user understands and agrees that information is collected and disclosed to MINDSET automatically via the software and without user's completion of forms,
questionnaries, etc. The range of information collected by the software will depend on the configuration of the user's computer at the time of installation. The information includes, but is ont limited to, previous web pages visited by the user, search engine query terms and other personal information stored on the user's computer.
PLEASE REVIEW THE SOFTWARE LICENSE SECTION ENTITLED "THE BLACKSTONE SOFTWARE" FOR MORE DETAILS REGARDING THE TYPES OF INFORMATION COLLECTED BY THE SOFTWARE.
(Actually, the original is all in upper case, but Slashdot considers that too lame to post.)Of course, if you inadvertently installed this spyware as part of someone else's product, that "license" doesn't apply. If, for example, you agreed to AudioGalaxy's EULA, that doesn't release Mindset from any liability. Releases don't pass through to "affiliates", even if they say they do. (This is called "privity of contract" in law; if A contracts with B and B contracts with C, A has no contract with C as a result.) So you can probably sue Mindset.
Hey, at least as long as AudioGalaxy times out when I try to connect to their servers I'm safe from their spyware!
[insert witty comment here]
Cygnus makes money don't they.. I think there are many standard software types that could follow a free software model. I'm not so sure it would work in every single situation. But surely theres many companys who center themselves aroudn proprietary software, and whose to say they couldn't work a free software model. But I'm going a little further than that, and I'm saying that many of the companys that come to mind could manage under some other free-software model that
just needs a little thinking and hard work implementing.
So I think its settled they're still as opt-out as I said.