Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware in Audio Galaxy

Posted by michael on from the private-eyes-are-watching-you dept.

LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.

16 of 373 comments (clear)

  1. License? by Phroggy · · Score: 3, Interesting

    Does AudioGalaxy's EULA have anything interesting to say about this? Like the license in Windows Media Player that says Microsoft has the right to erase your hard drive if they want?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  2. one more reason why open source is a good thing. by bluelarva · · Score: 3, Interesting

    I prefer Open Source because of this sort of trojan/spyware apps on closed source. I admit I don't examine every line of the source code before I compile it but I tend to trust it more just because everything is out in the open. I'm sure there has been cases where even open source app had some questionable hidden code but I bet it's exposed fairly quickly. I just think it's one more positive aspect of Open Source.

  3. And to get vx2 to disassociate your personal data by jesterzog · · Score: 3, Interesting

    ..from you, you can fill in this online form. Any volunteers? By the look of it, I don't think I'll personally be filling in that form anytime soon. :)

    This thing was really nasty with how much it spies on a user's everyday activities, and I was surprised that slashdot didn't report it sooner. There's the word of a very dubious company's word that they'll purge any bank account numbers that they accidently collect from keylogging your online forms to get them before you submit over an SSL connection, but they might as well be storing and mining all of the email you write to people.

  4. It was removed because of unpaid bills by jesterzog · · Score: 3, Interesting

    Well according to the Wired story given above, AudioGalaxy stopped including it due to unpaid bills of Onflow Corporation, who were including it in their third party add-in to AG Satellite. It wasn't removed because of any complaints, although perhaps there wasn't much opportunity to react to complaints anyway.

    If this is true then I guess it could mean that AudioGalaxy didn't know what they were including at the time, which I don't personally think is an acceptable excuse but it might explain why the installation opt-out screen allowed opting out of other third party spyware but didn't even mention this one.

    Luckily the story's not completely past its use-by date, since there are lots of people out there who still have vx2.dll installed. I found it on my windows partition the other day when I saw the story on k5.

  5. I've got a plan (HELLO LAWYERS) by sam_handelman · · Score: 4, Interesting

    And this time, it isn't "Let's get him!"

    Okay, I was just chatting with my teenage cousin on Kazaa, and that got me thinking. Her father is a lawyer (a defense attorney). She doesn't have Audio Galaxy, but I bet some lawyer, somewhere, has a kid who installed Audio Galaxy on their home machine; and I bet they sent work related web-based E-mail.

    If I'm right and if this person can be found, surely you can subpoena Mindset to get logs of what they did with the information. IANAL myself, could you do anything else to them? The guy at www.cexx.org evidently spraypainted Blackstone's entire server pink - is that evidence that your legal communications could have been compromised? Is this stuff that cexx found utterly inadmissable?

    Failing that, there are lawyers here. Set up a scheme to make Mindset/whoever they actually are defend themselves in court - if 100,000+ people really installed this software, they have to have something they're not remotely supposed to have.

    Anyway - read the last bottom of the cexx story - it has the missing pieces of the story on HellPortal.

    --
    The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
  6. vx2org@hotmail.com by footility · · Score: 2, Interesting

    If you want to find out where this users is, why not
    compose an html email containing an image on a
    server whose logs you can read. You'll be able
    grab the client IP address from his browser when
    the image is displayed.

    b

    --
    What f*ing box!?!?
  7. Re:The guy doesn't know how to do a whois lookup.. by nomadic · · Score: 3, Interesting

    A Las Vegas address with a Manhattan phone number? Weird...

  8. The worst is yet to come... by g00z · · Score: 2, Interesting

    Man, at least with Audio Galaxy you can remove the spyware with Ad Aware (From Lavasoft). Grokster and Kaaza have taken it to a new level and now require that the spyware exists on your system to run their client. Take out the spyware (like anyone with half a brain would do) and the client ceases to run.

    What worries me is that this is the beginning of new trend where all this adware will start this. I'm sure all the rest of the marketing departments in these scum factories will start to do this now.

    Ya know, I really wouldn't mind PAYING money for some of these clients (if it was reasonable), but to force someone to run sketchy software reporting back to god knows who with god knows what information is complete bullshit. As far as I'm concerned, all these companies that put spyware in their software are even worse than the RIAA/MPAA/etc. This revenue model is fucked, and I hope that if their is even the slightest hope for humanity that these companies go out of business with the quickness.

    BTW, I found out somebody put out a "crack" for Kazza to allow it to run without spyware. That makes me giggle. These companies get what they deserve.

    --
    "The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
  9. Negligence at AG, not understandable by StrawberryFrog · · Score: 4, Interesting
    I can assure you its not the case that they meant to bundle this

    So how is that relevant? If I drive my car into someone and kill them, but I was asleep at the wheel, does that mean that I am therefor innocent of any wrongdoing? Nope.

    After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy.

    I say judge them by their deeds not thier intensions - Audiogalaxy is in the business of distibuting software. How the crap can they not know what they are distributing? And if that is truly the case, it is thier problem.

    --

    My Karma: ran over your Dogma
    StrawberryFrog

  10. Re:And to get vx2 to disassociate your personal da by Vulture_ · · Score: 2, Interesting
    I, too, find it extremely difficult to believe that they'll just throw away all of the data they've collected on you just for asking. The amount of money that could be made with this kind of information is huge -- especially bank account numbers, which can be used to defraud a lot of people of a lot of money (and then the VX2 people would move to Switzerland or some such place and retire). Selling all that email information to spammers could also be quite profitable. Oh, and they'd have gotten credit cards, too, so they can also commit credit card fraud, writ large.

    *Whistle* Pretty bad...

    --

    The only way the typical /.er can pick up a chick is with a forklift. -- AC

  11. since you will be the only person to read this.... by bdavenport · · Score: 3, Interesting

    i submitted this story to /. last sat (1/19)...no story, ended up rejected. no loss to me. karma caps are there for a reason.

    i checked my machine, but wasn't infected. i figured as much since i run ad-aware occasionally.

    i forwarded the info to my buddies (mostly non-tech guys, music lovers, etc.): guess what - 3 out of 5 of them were infected and had no clue what "spyware" was.

    "Stuff that matters" can be interpreted many ways, not so narrowly to "matter" only to people who understand root and have a linux box.

    the elitism on this site sometimes gets real, real old. thanks Palaptine for your post. you are correct and the rest of these people are trolls.

    kinda sad, huh?

    --
    /* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
  12. Just say no!! by debber · · Score: 2, Interesting

    The installer asks you if you wanna install that spyware proggie. Well, just say no. I agree that many people may not know this and always press the 'Yes-Ok-I Agree-I don't care' button. My advice: 'Read the dialogs'

  13. No surprise, as long as windows is the way it is.. by Kjella · · Score: 3, Interesting

    I mean, any program I run will have right to do pretty much *everything* (Since I'm lazy I usually run as admin too, shoot me). The problem is there's an all-or-nothing mentality in Windows that creeps me out. I wish Windows had some kind of "learning mode" just like my firewall, not just a run/don't run program. I know I could create a unique user for that program, with mostly the rights I want, but it's not nearly enough.

    I want to control what directories it can act on (I.e. limit them to C:\Program Files\, limit their registry options (deny takeover of extensions, allow changing other programs' editions) etc etc., if it can steal focus, talk to other programs, go fullscreen, how it can talk to other machines on the net (ok the winxp firewall might be a start). And I mean in real-time, not having to set up all in advance and have the program crash on me if it's not enough. And this doesn't have to be default or anything, I just wish that us powerusers could assist windows in not getting fucked up.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  14. AG: "We didn't know!" by Legion303 · · Score: 3, Interesting
    People have been bitching about VX2 on AG's forums for at least 4 months now. If you still think AG didn't know about it, I have some wonderful waterfront property in Florida you should buy.

    -Legion

  15. Re:No surprise to me... by robhancock · · Score: 2, Interesting

    I agree, 128 isn't enough for playback on a decent stereo, but 320 really is excessive. Especially considering that there have been double-blind listening tests done with 256 kbit MP3s where it was found people couldn't distinguish them from the original, 320 is just a waste of space.

    If you want higher quality with smaller space usage, you can use VBR, that way those high bit rates are only used for the parts of the song that actually need it.

  16. Re:No surprise to me... by Anonymous Coward · · Score: 1, Interesting
    Also, the point at which humans stop hearing the difference in bitrates is around 192, kbps, I believe. Any more than that, you're wasting space.


    I am no "golden ear", but i know from experience that is not true. In the early days of mpeg audio (94-96) i worked designing mpeg audio hardware. For the business i wound up sitting in the Philips "sound room" where we had a CD feed that went to an mpeg audio encoder which then fed digitally into an mpeg audio decoder. The encoder allowed you to switch bitrate/sample rate/stereo/etc on the fly at the push of a button. **Every** change was noticable to the ear when presented back to back.


    I say again, i am no golden ear, and even i could tell the difference. That being said, i encode all my stuff at 128kbps because in most environments i can't tell the difference.