Slashdot Mirror
Spyware in Audio Galaxy
LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.
I'm using the Linux version of the AGSattelite and have no spyware whatsoever. Sheesh. When will people learn?
Make even shorter URLs - 8LN.org
It isn't really a surprise to me about the spyware in Audio Galaxy, I've heard people talk about how it should be classified as a trojan rather than a piece of software. MusicCity's Morpheus is by far the best spyware free program, but unfortunately there is no linux version. The best part is that it runs on the same network as Kazaa, without the spyware (which doesn't matter since Kazaa has halted downloads of their software anyway). You can find any file you want on it, and I think it is even better than Audio Galaxy.
The future isn't what it used to be.
... that if J. Random Hax0r writes and distributes a piece of software that collects information clandestinely from computers on which it's installed, he gets his door kicked down and everything with a byte of RAM or potential for magnetic storage confiscated, his life ruined, and possibly sent to prison
but
when a barely legitimate distributor of file sharing apps produces a "product" with these same attributes, there doesn't seem to be a great presence of Federal law enforcement at its place of business?
Another proud carrier of the $rtbl flag
A system based on software libre (free speech software), on the other hand, is much less likely to have spyware. First of all, since there are "more eyeballs" looking at the source code, people who make libre software are less likely to add features to the software which the end user may not like. Second of all, the mindset behind making libre software is different than the mindset behind gratis software; there is more desire to give people features they want and less desire to make software which has undesirable features to increase one's bottom line.
While I do feel that propritary software works better than libre software for many things, such as video games, I am glad that I have a system that is over 90% libre software; this minimizes the chances that there is undesirable spyware on my system.
This may be why the editors are reluctant to post spyware stories; people using software libre instead of proprietary software do not need to worry about this kind of thing.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
This is interesting.... For a site dedicated to "news for nerds" and" stuff that matters" they hold a story back untill a slow newsday(night) to post it. Now as a Windows/linux/Beos user the Windows third of me wants to know when some program is installing what amounts to a data harvester on my machine, whether or not a story which followes the same path as this one has already been posted, I still would like to know what new programs are out there taking my info.
perhaps Slashdot should put up a bi-weekly "security update" in order to address these issues which do not warrent a full post.
Scott Cassaday
Agreed, this is a huge advantage that the linux desktop has that no one seems to mention.
...No one gives a shit about linux on the desktop.
If linux on the desktop held as many users as say, Windows, I can guarantee there would be just as many spyware and generally rude apps.
The only thing linux is relatively immune from (assuming you're not a dumbass that always runs as root) is viruses.
Linux is just as vulnerable to spies and trojans, it's just there are so few desktop linux users that it's not even worth it for someone to write them.
You're only immune because no one has targeted you.
C-X C-S
spyware/shareware
Spyware has nothing to do with shareware. You may not like the shareware business model but please do not associate it with spyware. Spyware can be distributed under all business models. Yes. Spyware could even be distributed as Open Source on a mass-market Linux distro since many users never recompile. If Linux is ever mass-marketed on the desktop by AOL, I expect to see such things happen. It will work because most users don't read security journals and won't bother to recompile.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Michael, in your "editorializing" on this submission, you managed to sum up pretty much everything that bugs me about Slashdot. Thanks for that.
Did you even read the Portal of Evil post? Apparently not. If you had, you'd realize this particular brand of spyware is installed without the users' consent. "When will people learn?"?!? When will Slashdot editors learn to read articles first, and cast their pompus, overbearing comments later? Like a lot later. Like maybe never.
This software affects Windows users, and therefore, not the sort of user that goes around compiling his or her own kernels on a daily basis. I believe this, and this alone, is the reason it upsets you so much. You're the kind of guy that will scoff at an everyday Windows user who accidentally opens a virus attachment, then goes on to pay his mechanic $500 dollars for what should have been a routine $50 repair without batting an eyelid. In short, you're a dick.
Comments like yours are typical of the smug, unbearable technodweeb -- the kind doomed to spend the rest of his life relegated to the back room with his precious computers, far away from those people who actually use them.
Do me a favor from now on. Post the damn story, and shut up.
Regards;
DaC
Spyware aside, shouldn't it be illegal to infect^H^H^H^H^H^H install software on someone's computer without their knowledge? My computer is MY private property, and sneaking little programs onto it is tantamount to trespassing.
I mean, would anyone put up with someone putting little "Buy Hood(tm) milk" ads in their refrigerator all the time? Or how about little spycams hidden away on your bookshelf? This case isn't much different.
[PowerPoint] is a tool for capitalist presentation
The whiny bitching about when will people learn is ludicrous. Wah wah Windows users ought to use Linux because it is a million times more better than everything. Fuck that. Alot of these shareware/spyware schemes are complete asshole tactics and could affect Linux users too if anyone gave a shit about them.
I recently rant into a nice little spyware program called winad (wnad.exe) which somehow ended up on the machine (nothing has been installed on the system in eight months) and would hook into IE and launch pop under windows at random when IE was sitting idle viewing a web page. My only guess is some ActiveX program loaded it onto the system from a website somewhere. This program disturbed me a bit because it got onto the system and though didn't do any damage it had the potential to. For elitist Linux users who think they're hot shit, the same thing can be done (though limited to a user's access privileges). It would annoy the piss out of alot of people to have $HOME rm -rf'ed. The whole invasion of privacy in the name of advertising crap is a blow to the whole freedom to roam thing the web is all about. Thinking you're a badass because you can compile a kernel doesn't mean you're somehow better than somebody else who doesn't compile their kernel. It gets real old real fast.
I'm a loner Dottie, a Rebel.
What controls 90% of the desktop market?
I don't mean what do you think should control 90% of the market but what actually controls it? Like it or not Windows is out there. The average Windows user doesn't understand what is running on their machine.
Also, following the purchase of a MS product (!!!), it is far easier to develop for Windows than other platforms like Linux and Beos. If you disagree then build a full Visual Basic program from scratch on Windows and the same program on Beos/Linux etc... If you think it's easier on other platforms then you have never built a reliable and properly bugtested program using VB. I'm not trolling - it's very much the truth - Microsoft have done some great things with their API and in my opinion its very very sharp HOWEVER I am not ofcourse dismissing the shortcomings that are inherent in an MS operating system.
MS have very useful features available for Spyware programs. Every part of the PC, be it data, configuration or otherwise is easily accessable (which would be forbidden in the case Linux's more stringent - and more mature - permissions system - this is a GOOD thing!!).
You have to think like a competitor - if you aim to target the majority of your user base who are you going to develop your spyware for? Linux users? Beos? MacOS? Be realisitic. You are trying to MAKE money. I'm not saying that money can't be made out of the others but Windows HAS a large established user base - which ofcourse is why they are scared of any alternatives. If you are a major contender in the OS business then sure - Linux support is important - but if you are a services provider etc.. where is YOUR market?
This is some food for thought - think about why Windows has more spyware... think about operating as a true commercial entity. Again - I'm not trolling - I'm being realisitic. If I direct my company to make software for large distribution my choices are clear and simple - PostgreSQL/MySQL Linux backend OR comparable other product/OS and VB Client frontend - there is no way my frontend at this moment will be written in anything else (except maybe Java - but that depends on the user base).
User base is virtually EVERYTHING if you are trying to EAT.
Begging pardon, but the issue hasn't been resolved until (a) there are no longer people whose form submissions and other data silently leeching off to an unknown 3rd party, and (b) the legal ramifications of what's been going on are tested in court. Judging by the number of Code Red hits I'm still getting on a daily basis, I'd say Joe Windows User will obliviously exist with this illegal spyware for some time to come.
And don't say that nobody's broken any laws here. Minors aren't held responsible for for small type warranties and disclaimers in the United States. All that's needed to take this to court is proof that one minor ended up installing something that sent his daddy's VISA number to a spyware company, or proof that personal information about a kid under 13 was sent as a result of the spyware, even if the kid knew exactly what he or she was installing.
It's not so much the fraud possibility that concerns me, since I think it's at least reasonable to assume that most companies won't go out of their way to break the law so obviously.
I'm more worried about the fact that they might be storing it at all. Whenever another company stores personal information about me, it means that I'm required to trust someone else to look after it properly. For every other entity who has personal information about someone, there's another entity that it can be stolen from.
VX2 has been trying hard to go unnoticed but even if they hadn't, why should anyone have to assume that the security on their system won't be cracked? Even if it does seem that they're taking reasonable precautions, nobody should feel obligated to trust them.
All it takes is for one wrong person to get bulk personal information and do a little data mining, and five years from now your name, address and estimated income could be on a regionally sorted list being sold on the black market.
I've just run Ad-aware on my Windows configuration,
and I'm just glad that I don't seem to have caught
anything.
This kind of spyware is at least as dangerous as
any worm or virus I've heard about. I think Norton
and McAffe will have to extend their products /
product lines.
Someone PLEASE sue these jerks for wiretapping.
It's defined as someone who:
Knowingly intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire communication
Since the information they are aquiring is information which is sent out over the web, (I.E. a URL, albeit represented in a slightly different form) this kind of suit should stick.
This kind of behaviour sticks of wiretapping to me. Please sue.
-me
I wonder, since they admit that it is possible to send private data to them, is the stream to their server encrypted (SSL or something)? I mean, even if I DID trust them, I am not sure I trust EVERYONE along the way to their server.
Good thing the AG/Linux does not spyware, I hope....
No, you don't.
Get that fact through your head and you'll understand everything much more clearly.
Computers are not like oil or steel or cotton. Computers have loyalty. A comupter is owned by whoever wrote the software making it run. You can only trust a computer as far as you can trust the person (or people) who wrote the software that runs on it.
This is one of the reasons why allowing a single, for profit corporation to own a monopoly on proprietary software is orders of magnitude worse than allowing a single, for profit corporation to own a monopoly on something like oil or steel.
You purchased the hardware, you pay for the electricity to run it, you provide the real estate where it sits, you pay for the air conditioning to keep it cool, and you pay the parts and labor when it breaks. But as soon as it starts running someone elses software, it will start doing what that other person want it to do. There's no reason for them to respect your wishes once they own your computer.
So ask yourself: Who wrote this software? What was their motivation for writing it? Was it about money? And where is that money coming from? What is their cause? And do you want to contribute to their cause?
Then choose your friends carefully.
A new kind of meat designed to appeal to vegetarians.
Now THAT'S quality journalism.
Speak truth to power.