Slashdot Mirror
Fair Software Installation
Fair Software Installation These days, we all download and install software from the Internet. And that software is rarely written entirely by one entity; rather, components are combined to create the programs we want. There is an increasing and disturbing trend to ship components that perform-system level tasks and have system-level effects. These effects are magnified because many of these components are installed without adequate notification to the user (either by omission, or deliberately).
The NEW.NET domain resolution component is a good example. This component is installed by a number of freely downloadable Windows programs on the Internet. Some of those programs notify the user that they are going to install the NEW.NET software; others do not.
Installation of NEW.NET alters the basic functionality of your system: It causes your system to behave in a manner that is inconsistent with international standards. That this is done in a stealthy manner is unacceptable. The fact that NEW.NET is unstable besides is another issue that we will deal with separately.
If I am installing a program that calculates speaker enclosure volumes, I shouldn't have to worry about it redefining my network stack and destabilizing my computer.
What does a reasonable software program or component do? It should perform its defined, published task. It should not consume excessive resources. It should have a defined starting point and defined ending point. If it is defined to be a service, it should publish that fact and indicate the starting mechanism it uses.
Let me draw upon the realm of commercial software for an example of a program that is an offender. Creative's PlayCenter 2 application is used to move music to and from Creative Nomad MP3 players. It can also play media. When you run the PlayCenter application, you get the functionality you expect. When you start examining your system files afterwards, though, the picture changes.
PlayCenter installs a service, a disk detection system, and a news collection daemon. It does not attempt to inform the user that these daemon-level processes are being put in place. It does not offer the option to make them manually-startable. Worse, the news collection daemon would actually chew up all your CPU idle time.
I think creators of software have some basic obligations:
- Inform users when drivers, services, or daemons are being installed.
- Allow users to omit any of the above that are not strictly necessary for program operation.
- Ensure that during uninstallation, system-level components are accurately removed, "leaving no trace."
- System-level and daemon components must be subject to a higher level of quality control. It is possible that some level of legal liability should be present for the corruption of the system.
- Transmit no information from a component to any party unless specification notification to the user has taken place, and is renewed on a periodic basis.
- Collect no information on a user without prior agreement, and a renewal of that agreement on a periodic basis.
The little war I mentioned earlier is going to get nastier soon. Uninvited components like Cydoor and NEW.NET are sure to take steps to defeat Ad-Aware and programs like it. If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques. This cycle will escalate, with each side taking new steps to ensure its dominance. Users will pay the price in decreasing system stability.
I am hard-pressed to see the difference between NEW.NET and the Sub7 trojan horse. Both subvert a computer for the purposes of others; both do it in stealth. The good folks at NEW.NET will surely disagree; they'll say that those applications that install their software inform the user, and as such, it really isn't their responsibility.
I say it is. NEW.NET makes active use of the component on your computer; I think that they cannot duck their responsibility for its behavior. They are a not passive participants; they are not a library component being used by others.
I've been beating up on NEW.NET quite a bit in this article. I suppose it's because the deinstallation of their component trashed the IP stack on my Windows 2000 system and it took me a half day to put it back together again. What the hell were they thinking when they stuffed a buggy service deep into my IP stack without telling me? I think they should have to compensate me in some way. A $250 Small claims court action here in Virginia might be a way to do it.
The bottom line is, where does it end? Software installation programs should install components that the user expects. Full disclosure should be the order of the day. There will always be violators, though. There are a couple of remedies which could help:
- A legal framework for "allowable" system modifications during installation can be created. By adhering to the requirements of disclosure and stability, manufacturers can avoid liability. The thread of liability may be required (although capped) to enforce conformance and responsibility.
- A technical framework in the operating system can establish and protect secure boundaries around the system's core. Certain operating systems already do this (Unix), but the most widespread consumer OS does not.
- A "signed installation" program, run by known entities, asserting that a given program and its installation don't violate the rules.
Just think -- what if NEW.NET decided to start redirecting www.bestbuy.com to www.circuitcity.com? Is there a law somewhere or a technical remedy for this situation? I think there should be.
Slashdot welcomes reader-submitted features; use the story submission page if you'd like to submit yours.
In most cases they're gracious enough to let you keep doing things with it, but make no mistake about it.
It comes down to a question of how much you trust the person/company who wrote the software.
The thing about things we don't know is we often don't know we don't know them.
This is one area where open source software can really pull ahead of Microsoft. Provide excellent documentation of the software and the coding as well. That's all folks. As shoddy as Microsoft's image is regarding security, they won't be able to have it both ways. Not to pick on them, as there are plenty of other targets (AOL being another), but they do have a poor track record in this arena.
The most direct benefit of this initiative is well-written code. Well-written code that undergoes peer review from impartial others is the best thing we can do to further this industry.
"The NEW.NET domain resolution component is a good example. This component is installed by a number of freely downloadable Windows programs on the Internet. "
When you install something for FREE from the internet, you can't assume it will work as you want it to. Also, just because it works on your machine does't mean it works on everyone elses. this is pretty redundant IMO.
I am sorry the software screwed up your IP stack, but can you seriously expect to get money from them in small claims court for free software? Nobody forced you to put it on your machine.
Sent from your iPad.
... this has to do with Beowulf clustering. Can someone help me out, here?
Thank you.
First the software gives you a custom install option. Second it took me all of 5 seconds to turn off disk detector. Third how many average computer users will know what to do when reading a screen that tells them it has to install something. A while back Kodak thought 9 clicks to install it's software was too confusing for the average user. What about this?
And what is this new.net thing?
Software monsters tend to contain a lot of features which the user isn't aware of or ever uses. That's why ordinary users don't become suspicious when their system does something unexpected. They are used to not knowing everything about their configuration. Simple tools, created for precisely one task each, make it easier to recognize "additional functionality" software.
I was with the author all the way up until the point that he mentioned a legal framework for enforcement.
While all of those objectives are admirable, at the mention of involving governmental organizations in the enforcement of such standards I begin to get nervous. We live in a litigous society in the US as it is. Do we really want to enable a new class of lawsuits based upon violation of software installation standards.
Sure, publish some guidelines and get corporations to sign up agreeing to adhere. I'm just not sure I need or want legal protection to enforce it.
I certainly don't want to have my installation routines prescreened by the legal department before I can ship my code. Sheesh.
What the @##$% is new.net? Going to http://www.new.net doesn't reveal any obvious software.
It seems to me that "scumware" is starting to take on proportions very similar to "wormware"; as the author notes, there seems to be little difference between the subseven trojan and the new.net software (or, I might note, whatever that horrible program was which made yellow links pop up everywhere).
Since anti-virus software doesn't seem to scan for these, perhaps someone should create a product which operates similar to antivirus software but instead scans for a dictionary of scumware?
Tarsnap: Online backups for the truly paranoid
The other day I discovered that I couldn't burn CDs at 10x any more. In fact, I had to slow down to 2x in order for it to work.
This led me on a chase through my computer. Through a combination of Ad-Aware, Startup Cop, and Process Explorer I managed to get rid of a bunch of leftover or not wanted CRAP that was hogging up my system!
Quicken, for example, had two programs that started up every time my system started. There was a Lexmark printer application running, even though I no longer have the printer and had uninstalled the driver!
And don't even get me started on Real One...
What a pain in the ass...
Anyone? Anyone? Bueller?
A URL or something?
Google just points you to http://new.net/, which doesn't look like anything.....
I've long maintained that I do not think that information is property, and I therefore can't agree with things like Intellectual Property laws.
:)
This post raises some interesting thoughts: are my computer's CPU cycles and my system's stability my "property"? Do companies have a right to infringe on those things? Do I have a right to sue if other companies infringe on those things without my explicit permission?
Don't mod me up; I just want to see the discussion that ensues.
I don't make the rules. I just make fun of them.
Honestly, what do you expect when you install shitty software. Creative software is pure garbage, just use a free player such as winamp or sonique. I have never had to use ad-aware because I simply stay away from spyware infected software such as Kazaa and grokster. Consequently, my system is stable as hell and runs much quicker than expected.
Try running an OS that doesn't actively obscure installation routines. That empowers you to pick and choose the components you want installed. Half of the problem is that Microsoft uses the same techniques to change your configuration all the time. They lead the way with this kind of BS, installing one piece of software requires the installation of other pieces, like it or not, tell you about it or not. Media Player and IE are examples. DirectX, Visual Studio, ...
It used to drive me nuts!
"better ways of doing things eventually just replace the inferior things" - Linus Torvalds 09-08-07
I'm out of my mind right now, but feel free to leave a message.....
RIAA and MPAA have made huge strides to protect thier copyrights. But the same companies would see no problem with this type of deception. We really want the government to say away from regulating the computer industry, but untill they do this BS will continue to get worse. The average AOL user has no idea and are building a army of zombie DOS machines and now an army of zombie marketing harvesters....
Str8Dog
using System.Darkside; public
What about creating a shareware/freeware standards board? SW would be submitted for review, and the board would examine the software, and decide if the readme is honest, and if it does what it says it does (and not more...). After that, software could bear a 'seal of approval.'
This kind of thing is entirely contingent upon widespread use, and strict enforcement - perhaps download sites could ensure that SW they post bearing the 'seal' is legitimately approved.
Because software (esp. small programs, shareware, etc) is provided by so many different sources, it is impossible to rely on the provider's reputation - because most people will have no prior experience with them. The solution is a community one; an organization which is widely trusted, rather than more draconian measures...
Conduct like this is truly writing a virus in a pretty package. There needs to not only be monetary consequence but jail time if it can be proven they new this program would damage TCP/IP. Let's get serious about our right to privacy and start making these people pay for criminal acts. Whether it is invasion of privacy or funds lost from system damage. Symantec and McAfee need to start treating them like viruses too... when there are cases that the vendors have not explained their program sufficiently. What are some opinions... I'm a more than a bit biased and I'd like some ideas, not flaming or non-constructive criticism.
I installed Kazaa the other day at home, knowing it would attempt to install the BDE3 (I think) viewer. Since my hard drive is NTFS, I created the BDE directory under my second account, and used NTFS permissions to be only readable/writable by the "Administrator" account. I thought that would stop it from installing. I was wrong, however. The program simply installed inside of a different directory.
It doesn't run because I did the same thing to that directory, but it still installed when I took fairly advanced measures to prevent it. The fact that programmers are writing applications that users have no control over is a step in the wrong direction. I don't want the "3D Advertising Projector" on my system, yet it installed anyway. That to me sounds like something Norton should be protecting from...
I do write simple programs for personal use for myself. I have given a few to friends, but I never install a "Jeremy in 3D" viewer or anything like that. Note to programmers: If it is ABSOLUTELY ESSENTIAL to the operation of the program, go ahead and force installation, but tell the user what it is and why you need it. If it is not essential, simply put a check box to not install it. Or at least instructions on how to safely remove it.
I understand that Kazaa is trying to make some money by forcing ads, but when people won't even install their software because of the ads, they are shooting themselves in the foot. If they used simple HTML banners, I probably wouldn't go to the trouble to block them.
Another thing that annoys me greatly is the Real Player (whatever they are calling this version) notification program. It pops up ads and new version notifications near the systray. There is not an option ANYWHERE I can find to disable that function. They used to have the real icon in the tray that you could close. And they had an option to keep it from loading. How much of my system resources is it taking to check in the background for new updates/ads? There are a few things I need real for (unfortunately) or I would uninstall it and be done with it. If I try to play a stream that won't play with the version I have, I will upgrade on my own. I don't need a resource hog app telling me when to upgrade.
'nerd' in the windows sense is derogitory. i don't know why you would want to be identified as one.
you know the type. they walk around think they know computers. and then friends ask them for help, and they are all like 'you need to do blah and get new drivers, and reinstall this, and reinstall that'. it's really fake smartness. i'd refer to them more as jackasses.
Real Player: Real Player assumes that you want their "service" running at times. It assumes that you want it to be your default media player. You try and turn some of these off via there options screen. Sometimes it works, Sometimes it does not.
Weather Bug: This is another one. It just starts running and does not give an option to turn it off. I had to hack the registry to get rid of it.
Oh well... I am slowly converting to completly Linux...
new.net is a company who decided that instead of waiting for the new top level domains to be approved, they'd just start up their own root domain servers and sell the new top level domains themselves.
So if you want to buy sweat.shop, you can go to new.net and do just that.
The software in question is a "plugin" that "fixes" windows to use their dns servers when requesting a domain that ends in ".shop" or whatever.
For more info, don't be so lazy and click on the "About Us" button at the bottom of the new.net homepage
http://www.new.net/about_us_mission.tp
I submitted a story about this on slashdot long ago and, surprise! it was rejected. I'm sure I wasn't the only one who thought this site and company is worth discussing.
-- Punch the Monkey!
I'll have something intelligent to add one of these days...
I did a backup of my Win2k system and did a restore on different hardware. I didn't know what new.net was at the time but apparently it was on my system. However, new.net didn't work after the restore causing my TCP/IP stack to be unopperational too. It was looking for newdot~2.dll, when only newdot~1.dll existed. Apparently it doesn't take into account long filenames and uses the 8.3 character filename. I didn't know what it was at the time and just made a newdot~2.dll to get on the net. Of course I was even more unhappy to find out what it really was.
In fact, this is also why I avoid RPM's and the like, whenever possible, which is always...
Read the README; read the INSTALL; if necessary edit a couple files to taste; then it's
make
make install
These are your friends.
It's my computer.
I want to know what's on it, and where.
t_t_b
I'm on PJ's "enemies" list! Are you?
I'm switching to free software.
t_t_b
I'm on PJ's "enemies" list! Are you?
NEW.NET should be responsible for its clients actions (notifying users about the install process).
Napster should not be responsible for its clients actions (downloading copyrighted material).
daemons? what are those. I don't think they exist on windows. (;-)
On windows, they are "services". They give you exciting service. Way better than those unix daemons. They only talk to you in your head and tell you to burn things. Or at least, that's what they do to me. Maybe I'll post an "Ask Slashdot" to get further insight. Oh, maybe not, the voice in my head says that it will get rejected.
room101 -- how much can you stand before they break you?
(they always break you eventually)
and for those of us who apparently do not read:
"new.net is a company who decided that instead of waiting for the new top level domains to be approved, they'd just start up their own root domain servers and sell the new top level domains themselves.
So if you want to buy sweat.shop, you can go to new.net and do just that.
The software in question is a "plugin" that "fixes" windows to use their dns servers when requesting a domain that ends in ".shop" or whatever.
For more info, don't be so lazy and click on the "About Us" button at the bottom of the new.net homepage"
</blush>
t_t_b
I'm on PJ's "enemies" list! Are you?
I work tech support for the residence halls at my university and have seen this occurring more and more frequently. New.net is a perfect example because the only way to remove it is to hunt down uninstall instructions on various newsgroups, alt.comp.virus, if i remember correctly. Not only is this program on almost every users computer I touch, but its probably responsible for about 20% of the "my internet just stopped working, and no I don't know why" calls I receive.
Maybe its time for Symnantec, Trend etc... to add "spyware" detection to there AV products.
Take control back of YOUR computer with all the proper utilities. Go to onlythebestfreeware.com tto get the best free utilities to rid your computer oof unwanted items.
A package management system is the user's first and best defense against this type of thing. With it, a user can always determine which files are needed for which applications, and vice-versa. You can check what is going to be installed before you do it. While a malicious/ignorant software vendor could put malware into a package file, at least all of the files that make up that package can be determined later on. No other software management system can provide that information as easily. Not installer programs, and not even the sacred install-from-source routine.
First, EULAs have not been upheld by the courts. Especially when they "shock the sensibilities." That's why UCITA is trying to write enforceability into law.
Second, the EULA you saw focused on the main application being downloaded. It is unlikely that this EULA will discuss embedded applications with any depth, at most you might see a paragraph making vague references to third-party applications.
Third, one of the cornerstones of contracts is that it's an conscious, INFORMED agreement between multiple parties. One or more parties may decide to remain ignorant, but once one party begins to deliberately withhold pertinent information that another party wants it's a whole new ballgame. As the author points out, there is absolutely no reasonable way anyone could ever expect an application that computes the size of a speaker enclosure cause a critical part of the OS's network stack to be changed.
Finally, I think this situation is so outrageous that it's getting close to gross negligence, not just negligence. You can contractually limit your exposure due to negligence (you made an honest mistake), but you can't contractually limit your exposure due to gross negligence (you knew there was a problem, you know your inactions would cause harm to others, but you didn't give a damn).
A better analogy is that you bought a hot dog. Okay, this is a little iffy, but most people understand that some cheap hotdogs have filler and they'll pay more for a "100% beef" hotdog. But now you learn that you're now sterile because the hot dog producer has been dumping dangerous chemicals in the brew, but hey you agreed to this risk when you bought those cheap 'dogs.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Before you crap out an idea, maybe you can establish some context as what you're talking about. Try using a first sentence or a snippet from the main article to highlight the points that you are agreeing with, because I can't tell if you're accidentally posting in the wrong thread or if you're opinions are just stupid.
This is one area where open source software can really pull ahead of Microsoft. Provide excellent documentation of the software and the coding as well. That's all folks.
How would this make open source less susceptible to hosting a stealth component, or how would this prevent stealth components from piggy backing during an installation?
It seems that you think this is a security issue that can be solved like MS Outlook holes which allow scripts to propigate email. Unfortunately, all operating systems are susceptible to stealth code sneaking along with trusted software. There's really nothing you can do about it other than legal recourse.
"Communism is like having one [local] phone company " - Lenny Bruce
If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques.
If this begins (too late?) than I fully expect our friends @ NAI or Symantec to add this trash to their virus software. Anything that tries to protect itself from being removed is a virus. %insert_your_own_windows_joke_here%.
Ive been very happy with Ad-Aware, and as the author suggests, the first run on my own machine was a real eye-opener. I have some frineds in a local PC clone shop, and they run AdAware on almost all their repair/re-stage jobs -- they have been amazed at the numbers of Malware apps they have found running on people's PCs.
But this won't work, of course. Our favorite example is Microsoft, who blithely says, "It's all required; it's all part of the OS; either take the package or don't." Making choices confuses people, see, and we want to avoid that.
Without being elitist at all, some of what they say is true. One reason Microsoft has succeeded is that they remove those scary choices from the users. It's the software equivalent of "bread and circuses" - don't bother people with the details, wow them with flash, and they'll mostly ignore what goes on in the background.
This succeeds because it's what people want. My 72-year-old mother doesn't know about patches and updates and service packs, and for fuck's sake she shouldn't have to. For good or ill, most people view computers as slightly cantankerous, very expensive toasters. They have no idea that they have, sitting on their desks, a little machine that can do very nearly anything. They want to do a couple things, and they want those things to be easy.
I can see a couple ways for this to go:
- Special-purpose machines. Instead of one computer, you'll have a few little ones. A web pad in the kitchen that downloads recipies, a glorified word-processor in the study hooked up to a printer, maybe with accounting software. Most people will go to Office Depot and spend a few $hundred on a black box, kind of like a cell phone now days, then throw it away when a newer model appears. Microsoft is set to own this market.
- General-purpose machines. Geeks will still want a real, live computer that they can control. This is only going to get harder and harder. Twenty years from now, I bet there'll be fewer general-purpose computers than there were twenty years ago. The after-market parts business will dry up as copy-control gets more and more intrusive. I mean, I can build a box from a bunch of parts, but I can't build a fucking motherboard or hard drive.
Computers have to get easier to use while at the same time getting more complicated and doing more things. The only way to do this is to remove end-user control of the device. Fewer scary options, fewer things to screw up. For the most part this is a good thing. Most people using PCs today are basically helpless aside from a few well-known command sequences.The hard fight will be to retain control of real computers while consumer boxes get dumbed-down. What will make this possible (IMHO):
- No DRM. Period. This will kill general-purpose computing forever.
- More standardization. As the parts market shrinks and specialty boxes become more common, it'll be harder for ASUS (e.g.) to sell mobos into the after-market channel. There will be consolidation, but as long as #1 above is avoided it shouldn't be fatal.
- Concentration on software quality. The OSS community generally goes a better job of this than closed-source, but it will have to get better. Quality alons isn't enough; as we know, 500% better isn't better enough if you don't have good marketing.
This is a long, winding rant, and has gone a little off-topic. Back to the point: I don't think this situation will get better, or at least not in the way we hope. It's going to be incredibly difficult to hold software manufacturers liable for anything; it'll be even harder to hold them liable and let OSS off the hook.The best hope, I think, is operating system diversity, which at this point means forced licensing of the Windows source code. If you can use Microsoft Windows that basically bends over for any cute-looking virus or trojan, or (e.g.) IBM Windows that flat-out refuses to install anything that isn't digitally-signed and verified (assume, for the minute, non-DRM verified), what would you pick? What would your mom pick? What would you want your mom to pick?
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Some choice quotes from http://www.new.net/about_us_guiding.tp:
.com, .net, .org, .co.uk, and other top-level domains." (I don't consider having to install special software just to get to a URL "reliable", but maybe I'm narrow-minded.)
"New.net will seek to work with ICANN to ensure stability in the Internet, and we will attempt to work in the best interests of all parties to not interfere with anything that ICANN plans to do." (Clearly, the author of this article would argue with the use of the word "stability".)
"New.net is building a more open registry business that also will enable other parties to introduce new domain name extensions to the millions of users that have access to New.net domain names. New.net will determine which extensions to release in the future, applying the standards set forth below." (You call that open?)
"We are building a DNS infrastructure that is at least as reliable as the root servers that serve
Installing or modifying "system-level" components such as drivers, services, and daemons shouldn't be possible for anyone without administrative privileges. If the operating system fails to distinguish between normal users and administrators, then it's the OS that needs to be fixed, rather than the practices of innumerable software suppliers.
And if the user chooses to run always with administrative privileges, well, he deserves what he gets.
One of the thing that is impressive about applications that are written natively for OS X is the installation procedure: it usually involves a complex procedure called "copying". All hyperbole aside, it is that easy.
For instance, I installed MS Office on my laptop a while ago (still waiting on Sun & Apple to resolve their differences & build StarOffice for the Mac). The entire procedure was:
1. Insert Office CD
2. Drag-And-Drop a folder onto my hard drive
3. Start using it.
Installing applications from the Internet is even easier. I'm a happy registered user of OmniGraffle, a diagramming and graphical tool that makes other programs like it feel worthless. The installation process for that is:
1. Download the file, which unpacks as a disk image & it automatically mounted.
2. Drag & Drop the application.
3. Start using it.
Another nifty feature is that, to the high-level graphical interface, an application appears as a Bundle, and therefore it looks like a single executable file. To the regular user, this is a far more intuitive presentation of what an "Application" is. However, if you whip up a terminal & go poking around a bundle, you'll see that it's really a collection of every file the application needs to work.
Mark my words, the Winblows platform will be emulating this behavior within their usual UI 5 year lag.
--Mid
Installing software is IMO ridiculous. I really like the model used in most OS X programs, which is you drag over the self contained program to whereever you want and just run it. No registry bullshit and all config files are thrown in your home directory so you can upgrade it and not lose any settings.
There are some crappy OSX apps(like Office X and Maya) that use "installers" but I stay away from that crap.
yes it does if you use IE
A while back, my neighbors switched from Earthlink to Adelphia cable. Trying to be a good netizen, I spoke with them about getting a firewall, and set up a time to install Zone Alarm on their machine.
When I went over, they made a side mention about all the stupid popup ads they were getting on Adelphia, how they hadn't gotten them on Earthlink, and Earthlink had promoted, 'No ads with us.' I responded that we didn't get any more than normal popups, on either Linux or Windows.
So we installed Zone Alarm, and started up the cable link, again. First thing we see is a program out of an Earthlink directory attempting to contact the nameserver. Press the 'No', and the popups were gone. Apparently some piece of Earthlink software got in a tiff because the nameserver belonged to another ISP, and decided we needed to be punished.
The living have better things to do than to continue hating the dead.
It tells you everything you need to know. You can even install their software, if you're feeling self-destructive.
I know every thing on slashdot, linux zealot, blah blah, blah... but
The problems with software overextending its welcome is flat out why I use linux. It started out as a partition I put on to see what people were talking about, and has grown from there. I have not booted to anything else in the last 4 months. It is the attitude of the free software makers compared to the comercial shareware buddies.
Every app I installed always infected my system, it put stuff everywhere, changed my settings, changed my homepage. I have yet to see a linux app even try to touch my homepage. Every 2 bit app though it was worth $15, and it seemed like the author spent more time designing the nagging system than the aplication itself. All of the small app I used have linux equivalents that are free, that I can modify the code for, that have people working on them that care about making a good product instead of making 15 bucks off you.
Which are the programs that install this troyan ?
Can we make a list of companies to avoid ?.
OverLord
That's cool, except it's not what WHQL is, and hardly anything gets WHQL certified anyway.
Is it negligence to download and try a program that is promoted as a useful application? Maybe.
Is it negligence to cause a program to surreptitiously alter system files resulting in a loss of use of a computer? Yes.
Is it negligence to cause this loss on purpose or fail to correct it when notified. No, that is GROSS negligence.
Our forefathers have considered negligence something you can get a judge to rule on and justly use guys with guns, like a sheriff, to help collect a reparation. Sometimes it is bad enough merit imprisoning the culprit.
How, I ask you, how are corporations supposed to cater to your every whim without efficient and effective spyware? Do you just expect movies about Britney Spears and snowboarding to just appear out of nowhere? They can't waste time and money with "original" ideas; they need proven material.
And that's why I gladly install as much spyware as I can. That way I know that my opinions on everything, from linux to pornography all the way to pornography and linux, are recorded by internet tracking software.
Thank you, spyware, thank you. And thank you too, Britney.
Anything you can do, I can do meta.
I happen to be a control-freak when it comes to what's on my system. I started out with Linux on Red Hat 6.1, which I began to hate because I didn't know where RPM put things (often in non-standard places).
Now I never use package managers. I don't use a distro, but made a system from scratch. I always read what 'make install' does before a run it. Etc.
My system has far, far, less cruft then most others I see. Therefore, this is what I would recommend for others to do.
I think that just disabling the "startcenter" will get rid of most of your annoyances - if it isn't running all the time in the background, it can't pop up crap in your face all the time.
Your PC will also run faster.
Open up the preferences. I think it is a button on the "General" tab labeled startcenter. That opens up another dialog that allows you to disable it (top checkbox - uncheck it). It will pop up a message with a dire warning - just click Yes I really Want To Do This. That should be it.
All the startcenter is good for is preloading Real (so it starts up 3 seconds faster - big whoop) and poping up annoying messages.
Face the facts of computer usage (esp. Windows). There is no way that you are going to be able to download any random program and not run the risk of it hosing your computer. Unix has some security against this, it works well if you don't run as root. Windows 98 has no security, so you run that risk everytime you download an executable file. Win2k has minor ( less then Unix ) but still, it is fairly easy for a program to trash your computer. It's part of the way computers work. The only way around it is to use a limited device like an internet appliance.
You could also backup everyday. And use that to restore when you install a bad program.
Spyware is bad, crappy install programs are bad, central databases that system depends on can be bad. Many ways to start programs without the user's knowledge is bad (how many ways can a program be started automagically in windows?). The PC is a test bed for ideas and most ideas are bad. The good ideas are slowly being integrated into the next generation of computer appliances. While the bad ones are poluting our computers everytime a program is downloaded.
Civil libertarians need to realize that regulating speech that serves to hate or exploit does not lead to regulation of all speech. Regulation allows a fair playing ground for buisness to operate with individuals. Consumer rights involve regulation of that which is consumed.
Just because a program is free to download, this does not make it free (and I'm not talking about beer). If the author makes money through advertising, or allowing New.Net to invade your IP stack, there is profit being made. Therefore this is commercial software, and should be regulated. I don't think some free Linux utility needs the same level of regulation because it is non-profit, but still needs some acceptable level of regulation. This doesn't mean that you need to submit your application for a approval to some beurocrat, or that if it crashes you'll be sued. It just means that you can't write some trojan horse and distribute it as the latest version of bash and expect to get away with it.
Ok, how many people here choose the standard installation options and how many ALWAYS choose Custom just so they know what's being put in their system?
The programs that I've seen install that New.NET and SaveNow crap have always had them as customizable installation options. You just had to click a button and read the contents of one more screen during the install.
The software that crap comes with is free anyways. So what's the problem? Are you going to write your own software or take a trip to the store to pay for software (assuming it's retail) just so you can save yourself 10 seconds off your install time?
Why don't you go talk to Fritz Hollings and maybe he can work that fine idea into some worthwhile legislation for you. Or better yet go talk to gates about only installing software that the author has spent thousand of dollars having verified by windows quality labs.
Ive been running a Norton personal firewall that came packaged with my machine. Its amazing to see how much software tries to access the internet. Even better is the option to block it.
I run w2k, and whilst I havent tried this yet, Ive often wanted to run installers under seperate user account with limited privileges. The only problem is that a failed install can be worse than the install itself. Further, by default, w2k gives pretty much all priveleges to 'everyone'. Locking down w2k is a hit and miss afair, unless you know exactly what software needs what permissions. If you make a mistake, things just stop working, and its a bitch to figure out why.
It would be nice to have something like a personal firewall that alerts me anytime some software tries to permorm an action which it doesnt have permission to do. With a system like that, I could give permissions out on a single use basis, or on a permanent basis, or not at all.
In this way, I can adapt the security priveleges to each piece of software on a case by case basis, essentially running each proggie as a different user.
If I trust some software, I can move it to a more priveleged group, and kill any warnings that way.
The other thing I hate about software installers is that they always want to install thier software in a folder named for the company rather than the product. Who really remebers that 'WidgetFandagler32' is made by 'OneProductSoftware', and to look it up by that name in their folder list.
Now, not only does GPL'd software contain this clause, but practically any software. You accept a great deal of risk when you install software.
A $250 Small claims court action here in Virginia might be a way to do it.
thats a great idea. It's a good start to holding software companies responsible for the products they're putting on the market. I, on the other hand, didn't pay for my windows 2000, so I won't be taking action. Actually when reading that.. it was kind of an incentive for me to not only make well thought out purchasing decisions when im done uni, but the actual purchase of the software. It gives me the right to do that too.
In a big picture, I think technology is so encredible. How far it's come and how we can use it in our personal lives, but it's issues like this that are what really matters.
Right here, right now.
To ensure the future getting better. not worse. Your list of basic obligations that software creators should abide by (or strive for) is a good start. It's a good list.
and plz let us know the outcome of a small claims filing.
That's not really the same thing. WHQL is for hardware/drivers. It verifies that the hardware works with Windows, and the manufacturer does things the way MS wants them to (e.g. the BIOS can't have an option to disable ACPI, mentioned on Slashdot recently).
If would be useful if there were third parties who could test software, and certify it to meet certain standards. For example, an anti-spyware group could sign software that didn't include spyware. When you downloaded a program, you could check for the "no spyware" signature before using it.
Some companies (like MusicCity, which provides Morpheus) know that users hate spyware, and advertise that their products don't include any. They could probably be persuaded to participate in something like this. This idea could also be extended to other types of signatures, like a "non-intrusive program" signature (won't hijack file extensions, run itself on startup, put itself into the system tray or the top level of the start menu, etc.).
If the EULA you read for the software that installed NEW.NET didn't force you to waive liability from new.net, and new.net didn't give you a EULA that waived their liability, then you could claim they are liable for the destruction of data and software on your PC, since you never waived such liability.
Seriously. Check with a lawyer.
-Adam
Although .NET takes the automatic system change to a whole new level, we shouldn't forget that many widely used "free" programs do this already.
Both real player and QuickTime install themselves and then attempt to make them the default player. Additionally, they do it for types of files that they are clearly not the optimal player for, such as mp3s.
Besides this, they feel it is necessary to automatically place agents in your system tray, shortcuts in your startup menu, and icons on your desktop. All in an effort to make their program the foremost one on your system.
All of these "features" should be optional to install and much easier to disable. Instead, the programmers hide the preferences in the least accessible spot. .NET may be the worst, but it's most definitely not the first!
Shut up, Eric.
He made no attempt to gain the information through fraudulent means. He merely asked for it. Looks like you parent poster's point stands.
Windows users will not only tolerate, but pay for all of that. And they'll pay for it, as Microsoft well knows, because it's applications that sell Windows. So they'll ensure that application developers can fully commandeer your machine if they want to, because that's what application developers say they need to make the users happy.
Who would ever have imagined that such privileges can be misused and abused?
Now stop whining to the government to protect you from yourself and start making some forward-thinking decisions about the software you use and support.
I agree with the author that you should always be able to remove any program completely leaving no little surprises behind. However, notifying people that it is about to install a driver, service, or daemon might be too much. Most people won't even know what a driver, service, or daemon is, so what would you say to them?
"About to install a daemon in your system... Do you really want to do this? DO YOU!!"
hehe Ok maybe it wouldn't go like that but most people won't be sure how to respond. All they want is for the program to do the job that they paid their money for it to do.
Not telling people about installing spyware should be a crime. The fact that information is being passed out of my PC without my approval is theft. It doesn't matter if it's my credit card number or a list of sites that I visit. It should not be up to corporations to decide what is to be considered private information on my PC. I can handle that job, thank you very much.
The race isn't always to the swift... but that's the way to bet!
The problem with this is that Microsoft is the standard, and in order to be MS Certified software, you MUST use Microsoft's MSI installer (which is absolute SHIT!!!). And MSI isn't going to play nice in any of the ways you outlined, because MS doesn't want it to, and doesn't care.
The invisible hand job at work again. Wheeee!
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
You have the right idea, but WHQL is for hardware drivers, which is nice in and of itself. Rather, microsoft will sign software for you if you consent to pass a bevy of tests that determine whether or not you play nice with the OS, including not thrashing system files. Unfortunately, this kind of certification is VERY expensive, and not really an option for shareware authors. What would be nice is creation of an independent, cheaper organization that would supply similar certifications.
Yeah, I guess I could create a new user in Linux with just the permissions I want to give it for every program on my computer, then run the program with the appropriate user.
Or, you could write an installer application that you run to manage all other installations. Have this app create a new user for each program as it's installed, with these users members of the "installer" group. That way nothing you install later could overwrite anything else you installed.
If there's an insoluble technical reason why this wouldn't work, I'm sure someone will tell me. Problems I see:
I'm sure there are other problems, but at first glance I like the idea.
Nope, no sig
It's so nice not to have to worry about any of this crud...
No. WHQL is only for hardware drivers. It is not their job to sign off on installation programs for random application software you may be interested in.
It's really amazing to see how much cluelessness is going on in this thread. Spyware programs are becoming pervasive on the Windows platform (and they could be written for Linux too if the spyers felt the marketshare was large enough to care about). And it's not just free software doing it. Pseudo-free software like Eudora is a huge culprit of spyware. And there are an increasingly large number of commercial software packages that install spyware to one extent or another (and while Creative may allow you to not install it, other software doesn't). MOST of the spyware doesn't bother asking you if you want to install it, and doesn't make any evidence of itself being installed. Probably because nobody in their right mind would want it installed.
And, sadly, it's a case of "it's not illegal, so it must be legal" reasoning that's going on here. You might be able to make a case for theft of computer services and/or trespassing, but it'd be a stretch.
This is insanity, of course. Software installation priveleges should be restricted to one trusted program which checks the credentials of a package, warns of irregularities, and does the accounting necessary for uninstallation. It could even run as a daemon and process regular user requests for software installation.
Free software distributions need this more than commercial developers because commercial component makers have contracts to keep them in line. This is well-demonstrated by the extensive feature sets of .rpm and .deb formats.
Current security models place much emphasis on distrusting the user and no emphasis on distrusting the code. This will continue to trouble us for some time.
Let me rephrase... I meant to write
How would this make an open source operating system less susceptible to hosting a stealth component, or how would this prevent stealth components from piggy backing during an installation?
I can understand why an open source product may be less susceptible. Heck, Why would anyone even try to add a stealth component to an open source app? Why are you even answering the loosly phrased original question when the answer is obvious?
"Communism is like having one [local] phone company " - Lenny Bruce
nothing to see here, move along
Startup control panel
[http://www.mlin.net/StartupCPL.shtml],
a nice simple control panel applet to let you easily manipulate all 4 registry keys involving
services, as well as the Startup Folder.
Were that I say, pancakes?
I went to their main page. I have seen this from some spam stuff I have gone to.
ac
This is a problem that needs to be addressed. I sent this question to Lawarence Lessig when /. did the interview, of course there were better questions to anwser.
My whole argument started with pop-up ads. By going to a website, you are agreeing to that sites terms of use. The sites are using advertising as revenue to provide the service that we as a user request. Now enter pop-up stopper software. Is it legal for you to effectively block there only source income that most of these sites have?
So then we get into the this issue,
"Well, I didn't give that site permission to use my RAM, my CPU, and my HD space."
Also, the same arguement applies for the installed ad-tracking software. I didn't tell them that I wanted that salsa.
So, there is a shareware program called AdAware(made by Lavasoft, great piece of software. It goes through the Windows Registry and finds a bunch of these little programs. Double-Click is by far the worst at doing this, last time I ran the program, I had 69 little programs tracking my use of the net.
This raises this question, Should I as a consumer have to pay for software that blocks companies from abusing my rights?
I've been pondering these questions for a few months, and still haven't found resolve.
Intelligence is a matter of opinion.
They altered your computer without your permission by installing New.Net so they should have to pay for the damages, but authors of software should not be liable for bugs. If someone needs that kind of reliability let them pay also for an SLA
Eat at Joe's.
What's needed is a program that monitors installation programs and reports if they are attempting to do something shoddy.
Sort of a 'ZoneAlarm' for setup.exe files, which monitors nasty registry changes, DLL overwrites, etc.
It's not impossible for a Win32 'debugger' to control and watch an install program. I know there are trace programs, and Bounds Checker, but none seem designed for the person who just wants a button to kill and undo an installation that touches, for example, the winsock DLL.
The only problem is morpheus does install spyware so that invalidates that point doesnt it.
I'm an installation speciliast. That is, I write installers for many different platforms. One of my biggest complaints about software is installers written by amatures. Typically, the manager tosses a copy of InstallShield at the junior programmer and says, "why don't you deal with this when you have a moment". This is usually said a few days before the release date. The result is a mediocre installer that runs ok most of the time, but often the installer will have a basic flaw, such as replacing important system files with an old version.
On Linux/Unix platforms, it's even worse. The installer is almost always a horrid shell script that has been hacked on by a dozen different people over several years. No one really knows what that script is actually doing. The script works great, so long as you are running RH 7.1, because that's the distro the programmer uses.
As for standards, they do exist on Windoze platforms and people familiar with writing installers deal with them. In the Linux/Unix world, it's a free for all. There are some general standards, but all too often they are ignored.
When it comes to "stealth" installing, I wouldn't do it. If the component isn't necessary to run, then it is an option with a checkbox. If it's pretty good idea to install it, it will be checked by default. If it's just eye candy, it will be unchecked. If the primary software won't run without it, it will not be an optional component.
In summary, hire the right person for the right job. Stick to standards where they exist, fight for reasonable standards where they don't. Never forceably install unecessary components. Most important, don't ever change basic system functionality.
-- Will program for bandwidth
EXACTLY!
Popularity breeds these kinds of scumware. Linux isn't popular ergo it doesn't have to deal with it. After all, why waste the time & money creating scumware with the end goal of generating revenue when the target is so miniscule as to be a certain dead loss?
In the Unix world we dealt with this a decade ago, although, of course, back then there were virtually no commercial interests driving stealthy software installation practices, so the issue was much less charged.
/usr/bin and other such locations, rather than /usr/local or /opt or similar locations, and on top of that not allowing you to change the default locations.
:-) ) have knowledgeable sysadmins who will detect abuse and object, whereas most Windows and Mac boxes are upgraded by unsuspecting users, administrator accounts under modern Windows versions and OSX notwithstanding. And monetary interests and pressures have multiplied a millionfold...
Anyway, back then sysadmins were making a big ruckus about software packages placing bits and pieces into
The result today is that an unwritten code of conduct exists: Most Unix packages I deal with (biomedical science, both open source and commercial SW) state clearly what is going into your system, where it is going to go and offer choices to alter all of this. If system-level stuff is changed, say inetd.conf needs to be amended, then this is also clearly stated, and the operator is usually given a choice as to whether modifications should proceed automatically or be deferred pending manual intervention.
In the Windows world, and to some extent in the Mac world all this seems to be sadly lacking. I have a suspicion that software suppliers generally assume that users are dumb and anything can be done to them or with them.
The difference between Unix and the desktop OSes is that many Unix installations (I am being cautious here
Even so, the current practice cannot be justified and should not be tolerated.
UNIX and Linux instructions:
p
http://www.new.net/download/instructions_unix.t
Wild.
Of course you know pr0n brings people together. There is more and more evidence of this every day.
Today's lesson is that XxX is spelled the same in every language.
I hope you all feel better knowing this.
Limewire is opensource and yet they add stealth components to it. I nearly shit a brick after seeing all the spyware they install. Fuck them.
The Tom Clancy games are another villian in this regard. The one's I've installed for my kids made no attempt to see what version of DirectX I was running. They just proceeded to stomp all over it and install DirectX 5. Pissed me off, especially considering the hell I went through with the upgrade from DirectX 6 to 7. I've told my kids (and the games's publisher) that I will not buy any more of their games until they promise me that they will stop that. Naturally, I have gotten no response...
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
I just removed Macromedia software from my system. Most of the content it runs is ads. Unfortunately they defaulted it to autoplay. Play could not be shut off while it was loading content. Many ads would end in some kind of animated GIF that still ran even with play and loop unchecked. It would only stop after unchecking loop, play and rewinding the annimation. Too bad they tried to satsify the content providers (advertisers) instead of the end users. All it would have needed was a configuration that a user could set up to not run flash automaticaly. A simple play button on a annimation would have been nice. It was the lack of configuration options that convinced me to remove Macromedia completely.
The truth shall set you free!
RealPlayer is a bad one. It runs all the time. Go through and pull it out of the registry so that it doesn't run all the time. Then use it once to listen to anything, and it will re-create all those registry entries. My computer crashes much more often when RealPlayer is running.
Microsoft outlines policies for "well behaved" installations in Windows Logo Policies - Overview for Software.
This is similar (but not exactly like) to WHQL certification for hardware.
I fully agree that the stealth installation of unintended software is wrong and, I have had many of the same experiences you have had. I hate it. They are in a very real way, unwelcome tresspassers on your property. They make a mess and you have to clean up after them.
Is it bad enough so that we should lobby congress to pass laws? Would it do any good or would these creeps just move their base of operation to someplace like India?
Are there laws that exist that could help us? And if so, would a class-action lawsuit be one possible solution to try?
Ad-busting software is only a partial solution and, the thing that bothers me about it is that it too uses your resources. But, I'll agree that it has gotten to the point where it may be a necessary evil.
Here is an idea: I have not tried it but I think it may be helpful. When you discover an application that has installed this trash on your system call the support number for the software (or use whatever support resources are available) and insist that they help you remove (not just disable)the stealth-ware from your computer. Support costs companies money and if enough people demand this kind of help, perhaps it would cause the companies to rethink their position on these things.
Finally, maybe a lobbying effort of somesort could cause these stealth applications to be classified as a sort of virus. This would allow AV vendors to detect and clean (or prevent the installation of it).
WHQL stands for windows HARDWARE quality lab, in other words it certifies that HARDWARE (actually the drivers that drive the hardware) meets certain Microsoft defined guidlines for stability and ease of installation.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
A lot of free ware is written because person A had a problem and wrote some code to solve that problem. Then, some other person (we will call that person "person B") saw this solution and said "I would like to use that." So, based on that, person A says "I see that there are more people who have struggled with the problem that I solved. I will be benevolent and share this software."
Now you come along, and say "nonono... before you can share your solution, it must tell everyone everything about it." But that is absurd. They already did the creating of a solution, why is it their job to further tell you what the app is doing?
General rule of thumb: DO NOT INSTALL UNKNOWN APPS ON YOUR COMPUTER WITHOUT TESTING THEM ON SOMEONE ELSE'S FIRST.
hehe... that said, be careful. It is your fault if you screw up your computer. Free software (especially software with a disclaimer saying "This program comes with no guarantees... etc") is free. Thank the author for sharing his limited time with you, and move on. If the app messed you up, think of it as a learning experience and move on.
What's the difference between a big corporation putting software on my computer without my knowledge to sniff me out or add unwanted functionality, and a cracker doing the same thing? I don't see it. I really wonder if you couldn't apply some of the recently tightened cybercrime laws to the case, essentially fighting one evil with the other.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Well, stop bashing microsoft and look at the security inplemented in .NET framework.
Yes, despite every warning I've heard, there was a .ram format video that I really wanted to watch, and so I thought it would be okay to install RealPlayer just briefly. And now, I am living a nightmare.
My Windows 98 box, which was none too stable to begin with, is having serious problems with blue screen crashes and registry errors. RealPlayer auto-loads things on startup, most notably a scheduler that goes out and checks for updates once a week with no way to turn it off. It's taken over dozens of file types, even ones that it apparently doesn't handle. And -- most annoying of all -- it has no Uninstall option, which I would expect of any professional software. I think I've pulled all the auto-loading parts of this demonic software out of my startup scripts, but to really be rid of this evil thing I'm looking at a full reformatting of my hard drive.
No software package should ever put a system in that kind of state.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
Yea, a war on my PC. It's not like I haven't noticed all these proggies f@cking the file associations, web apps, and placing links into my web/file browser (whatever it is these days).
:(
And I pay money for this treatment.
How would you like it if you got new tires installed and...a few extras.
Everytime you turn on the radio, you hear an ad for tires and other crap your not interested in.(this increases over time)
Driving home but mysteriously you end up at McDonalds!?
You briefly pass by the classical station on your radio and you receive a flurry of snail mail from the Boston Pops.
You drop 5 miles to the gallon.
You start receiving tickets but have not seen any cops.
Would this be considered legal?
If you are going to use Windows software from untrusted (i.e. most everyone, especially M$) sources you must take steps to protect yourself. First, trust your gut. Does the developer "smell funny"? Is the software from a startup company with no visible means of revenue? I tend to trust programs created by individuals or small teams that demonstrate some passion for what they do (EAC, or LAME for example)
Then, get Technological on their ass. Start with a personal firewall that monitors all outgoing traffic. Zone Alarm is the one I trust - gut feelings, and I've read some negative things about Black ICE. Amaze and astound your friends as you block requests from RealPlayer, Windows Update, and other "legitimate" programs that like to access the net without asking permission.
Then get Ad Aware and get that sinking feeling as you see the total number of unauthorized programs, components, and services on your system.
Finally, install Proxomitron to make make your browser behave a bit more politely by re-writing the html it sees before it sees it (and find yet another reason to love Shonen Knife. They're way kawaii!)
Forewarned and fore-armed (hairy ones, even), you stand a much better chance of maintaining control of your system.
ceci n'est pas un 'sig'
Remember the trials and tribulations that was Win 3.x and 286 before it? These complaints have been around since the inception of the PC, except that in the darkest days users were demanding and not getting something as simple as UnInstall.
heuristic algorithm seeks stochastic relationship
This confused me too.
.NET, but is instead talking about the alternative domain name root at http://www.new.net/
I don't think he's talking about Microsoft's
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
If you signed up with PACBELL as your ISP, you got 200 registry settings scatttered all over hell and no uninstall that would clean them up. Unless you were smart enough find them all somehow and reset them, you could forget about using that computer with any other ISP.
One of the things I really like about Linux is packaging formats like RPM and DPKG. The approach is that your system is to be built from modular pieces that can be tracked, updated, queried, and removed.
/usr/local or using an installer that doesn't let the package management system know it exists. Case and point: Perform a server-class Redhat installation. Install XFree86 from XFree86-distributed binaries then try to use something like an official xterm RPM and your system will say you need to install X11.
/usr/local. Things like new.net installers don't cut it over here.
Now the problem, and source of frustration for some users of RPM, is that these management systems do not respond well to circumvention. IE, compiling an application outside of
An interesting approach to this is that of Debian's in that you will have an official package available for just about anything you could want. Browse debian.org's unstable software archive to see. Conversely apt will handle dependencies of packages for you as a result DPKG/Apt is *more* tempermental about being circumvented.
Though I wish people would respect the original ideas of RPM and DPKG, I think the concept is great, and avoids the tomfoolery of mucking with nasty-3rd party installers if done correctly. When you can't or don't want to use a package, go with
> 1. Insert the CD. An install window opens automatically.
:)
> 2. Click Yes.
It's click Yes "20 times"...
(Sorry I *had* to write this)
"There's a little war going on in your computer..."
No there isn't. There is no proprietary software on my computer.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
If they want to install crap and spyware, they will. The fact that installation on OS X is just drag-and-drop is quite nice, but it doesn't change the uncaring attitude of these developers.
, by Lessig, famous law professor of the internet. One interpretation of that quote is that if you want to enforce behavior on a computer system (give it a "law"), this should be done in software.
.spec) that informs the operating system of the package's abilities.
.MP3, read .JPG, browse the web, send email). All of the constant whining of "Warning- some of Realplayer's associated filetypes have been removed! Do you want me to automatically rewrite the system settings everytime I start up?" could've been elminated.
That is, don't TELL application developers what their gui should look like, where they should install to, and which system services they should hook into- MAKE them do what you want, by providing code for them to call which has the proper behavior. Not only is the correctness more enforcable if they're calling your supplied code libraries, but also the development effort required to comply with the regulations is reduced.
The microsoft software-installation routines (introduced with Windows95 I think) are a great example of how violation of this principle really hurt users. Microsoft TOLD developers how software should install, but they didn't provide code to do this. Any individual product could use entirely its own routine. Programmers quickly tired of rewriting installers again and again, and soon about 50% of products were using the "InstallShield" libraries- meaning that each time you downloaded a 20k shareware system extension, the package came with 600k of installshield runtimes, which you'd already downloaded before with 10 other products.
The Installer-Wars described in this feature are another problem that could've been avoided if Microsoft Windows-95 had provided a centralized installer system. Instead of allowing and encouraging each product to come with its own installer that selects what filetypes to associate with, and what system DLLs to override, the products should just come with a machine-readable file (much like a redhat package manager
Then the operator can go to a neutral application (Control Panel) and decide which programs get to perform which common tasks (read
Opportunities to secretly install spyware would be seriously reduced also.
Some windows users think that because installing software gives them lots of pictures and buttons, they're somehow better off than typing "apt-get install gizmo-tron".
To summarize- yes, there should be a framework for how SOFTWARE installs on a COMPUTER- but it should be enforced by SOFTWARE on a COMPUTER, not a bunch of government gunmen in blue suits.
This is prob redunant and mark it as such ...
But go install Quicktime, Real Audio and Microsofts Media player and then see the war that breaks out on your box.
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
Before you can install the software, they require you to surrender all your rights before installation. If you say, "No, I don't agree" they will stop the installation. This is really disturbing where you buy a computer, take it out of the box, and Windows puts you through this.
Fight Spammers!
that we are having software programs installed on our computer that were are not aware of? my god... i didn't realize it, time to cut off all communications to the world... good bye slashdot... but i cant take the risk of unknown software being installed on my syste, arg.. ug, *cough* *cough*
--disconnected--
'Go for the eyes, Boo, go for the eyes, aaarrrrrrrr!' -- Minsc
LOL
I guess it does give some insight into what "the moderators" are thinking.
Anyone who's administered Windows machines knows that Windows programs, in their never-ending quest for convenience, routinely install taskbar "daemons". I find that you can gauge the naivete of a user as directly proportional to the number of small icons next to the clock.
The point is that Windows application writers are so used to running a resident process in support of their dinky programs that it seems to me to be too late to change the practice. Of course, some programs are more intrusive than othes (Real Player, anyone?), but it seems like the developers of just about every dinky little app seem to think they won't be taken seriously unless their program loads SOMETHING at bootup.
Of course, I shouldn't complain. I make good money doing PC consulting work; a good percentage of my calls are people whose machine is so clogged with TSRs that it has become unusable.
Why are you even answering the loosly phrased original question when the answer is obvious?
:)
Mostly because I was very bored, and felt like circular banter
I think I agree with you, though.
It's always up to the user to watch for piggy-backing. And with open-source, there is a chance they'll notice it *before* installation... but in the real world, those odds are pretty tiny.
I must admit, in linux as it is today, this extension requires more paranoia than I can muster today.
I think that's the bottom line. Currently installation requires that you delegate to the program writers (or packagers) the same level of system access that you have yourself. This doesn't even count the packages that must be installed as root.
As more commercial software is released, the only viable options I see are to become paranoid about what rights you grant to an installation, or to simply refuse to install anything except from source.
Nope, no sig
WHQL Certification.
Since WHQL stands for Windows Hardware Quality Labs, it's not actually all that useful for verifying SOFTWARE installations on Windows. Hardware and Drivers, yes, but not Software.
Perhaps you're thinking of their code-signing stuff for ActiveX?
Just because it's not criminal, however, doesn't mean you can't pursue civil damages, and small claims court might just be the way to do it. Either that, or collect similar experiences to boost the loss to over $1000 and press criminal charges.
Nice comments on a problem, but does any one know how to detect this piece of trash on their machine???
What if something else depends on that component which you say no trace should be left of?
The post that started is actually mildly "funny". The others are mostly on-topic, since they point to the weakness in the basic assumptions in the article: if you have a M$ box, how can you expect to control the software installation process? Haven't all the legal proceedings against them been enough to convince everybody that the Windows API is undocumented enough to be dangerous to your system stability? After reading so many "experts" state that "Windows 2000 is the stablest Windows ever", why is it that I'm not surprised at all to read that a simple software installation can trash the IP stack?
A horse is simple to use.
It requires no feul, just grass.
It will not crash into things if you drink and drive. (at least not at a speed that will kill you)
It requires no roads.
It requires no special equipment.
ETC, etc....
It seems to me that owning a car is much more complex than a horse..polution...parking...drivers license...insurance..mechanic...gas...etc
But the car rules today!
There are VCR's today wich are harder to program than routers, and most people are able to program these VCR's. The more we ask of the computer the more comlex everything gets. I would prefer to have one or two systems which would replace all these boxes which clutter my home...ie 3 VCR's, SNES, N64, Answering system, Sound system, house alarme , thermostat, microwave, stove(clock), alarmclock...all of which have there own way of being programed.
Imagine everything connected to one system. You only set the clock once after a power outage. You would not have to learn a new interface/programing language with every appliance you bought. I think this is where we are going...and will not be simpler...it will get more complex..
It's Friday and it has been a loooong week. I hope this rant makes sense to y'all...
DRM? No thanks, I'll just get it somewhere else...
My first try is always to massacre the component that is causing the ads - sometimes its just a nice .exe or .dll file that literally screams "delete me"...
If that doesnt help, I usually get pis... erm... agitated enough to add their adserver(s) to my hosts file (127.0.0.1 :p)
And if it still doesnt behave I just block their ad IP(s) with my firewall - nothing more satifying to see all their ads die the ping timeout death :)
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
When you don't compile everything from source yourself. Down with binaries!
Oh wait, does compiling and reading code actually take work?
Years ago, when I still created MS-Windows programs, I bought the whole "Andrew Schulman Programming Series", published by Addison Wesley. It was a set of several books written mostly by Andrew Schulman and Matt Pietrek, about "internal" and "undocumented" features in Microsoft products.
Anybody who pored through those books knows that it's entirely Microsoft's fault that they always leave so many hidden hooks inside their API's. A casual user who is not a top programming expert, or who has no time to devote the same attention that Schulman et alii. did to those details, will have no way to know what he is stepping into. However, anyone who has the right tools and expertise, and time enough in his hands, can find some point where he can plug some malicious piece of code.
To say that Microsoft is not to blame is like saying Ford was not to blame if someone crashed one of those exploding Pintos.
You should have known better than to install something you hadn't vigorously researched first. What kind of moron downloads software off the Net from unknown sources?
"because commercial component makers have contracts to keep them in line."
REALLY? And how much did M$ pay you for losing your data when their POS system crashed after 72 hours of use?
The only one to protect you and your interests is you. Stop using crappy systems and crappy software.
I believe that is what the parent commentor was referring to. Programmers could stop using (or use less of) the DLLs and compile almost everything statically, thereby generating only an .EXE file with perhaps a few "settings" files in addition.
The DLL hell is created when program "B" replaces a DLL used by program "A" with an incompatible version. Eliminate installing new DLLs (by statically linking) and you eliminate most of the hellishness. Or if M$ would follow their own API rules it wouldn't matter which revision of XXXX.DLL you have and every other program wouldn't feel compelled to overwrite the DLL.
Steve Gibson does a good enough job of avoiding this for the apps that he givs away. He writes everything in assembly, even the windows apps, and all you need to do to install is copy the program to wherever you want it. Granted they are rather single minded things, but they work well for what they are intended, and are extremely small in size. On the other hand I have seen many other programs of equal single-mindedness that install half a dozen DLLs and/or require that you install the latest Run-Time for VB-whatever (which installs even more potentially corrupting DLLs).
--777
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
No. If Morpheus was found to contain spyware, it would not be signed (the whole point is that a group checks for spyware, and only signs files that don't contain any - it would also be a good idea not to sign any software that automatically updates itself without notifying the user). The signature could be revoked if it had been accidentally signed.
Morpheus was just an example. Do you have a link showing that it installs spyware? I couldn't find anything other than rumors. They once had a picture showing "no spyware" on their website, but I can't check that now because the site is broken (the server sends 248 bytes of binary garbage labeled as "Content-Type: text/html").
"Intellectual Property" was OK, as long as it was about giving incentives for artists and inventors to do creative work. Because of that, full disclosure is required. In order to get a patent, the inventor has to describe the workings of his invention, with enough detail to let anyone duplicate it. It is not possible to copyright the contents of a closed box. This ensures that the creation will live after its creator.
Today, most patents and copyrights are owned by corporations. They maintain recording studios and research labs and expect to get profits from that. It's OK to get profits from the work of others, of course, all corporations do that. Without some financing scheme, the large laboratories and studios needed for much of the modern scientific and artistic cration could not exist. Many countries that tried outlawing corporate profits just disappeared, others are desperately poor.
But that's not why patent and copyright laws were created. One cannot guarantee the survival of new ideas, if the basic working principles are hidden. Therefore, the only legal action needed is going back to basics: no copyright should be granted on "code" that is not understandable by a human person. In order for software to get a copyright, full disclosure of the source code used for developing it should be required. Companies unwilling to do that should get no copyrights, and should depend on some sort of copy protection to preserve their intellectual property.
The Windows Media Player 8, shipped with Windows XP "phones home" to check on DVD titles, etc. This was reported a couple of weeks ago. Blatant spyware.
However, this isn't "free software from the Internet", it was shipped with the OS or pre-installed on the computer. Did you read the umpteen pages of legalese before installing XP or clicking "I Agree" when your new computer first booted up?
http://computerbytesman.com/privacy/wmp8dvd.htm
What are your options in this situation. "Signing" of the code doesn't mean a thing, as all code belongs to MS.
This is the main reason laws like UTICA are bad -- they legitimize "click thru" agreements and such nonsense.
Something like this was addressed, sort of, before with Windows Return Day -- when people noticed the clause in the Windows EULA telling you if you don't agree to take the software back to the vendor for a refund.
Until someone actually sues a major company -- and wins -- this sort of thing will go on. Liability is how the new world spells Responsibility. (God, I hope I spelled both of those correctly!)
Learning HOW to think is more important than learning WHAT to think.
First off let me provide some background information regarding our software.
Below is the list of all of our present and past distribution partners (download partners have always been clearly listed on the New.net website):
Present Partners:
BearShare
KaZaA
iMesh
Past Partners:
Go!Zilla
Babylon
Cydoor
GDivx
WebShots
Each one of our current and previous distribution partners is required to provide disclosure during installation that our software is bundled. We in no way install in a "stealthy manner", since it is the responsibility of the user to read the install screens that are provided during an installation.
In light of these recent comments regarding disclosure, we are working with each of our distribution partners to improve awareness of the New.net bundle in the install process.
New.net's software provides a service to its customers as well as its users that want to gain access to domain extensions that our sold on our site. In order to provide resolution, our software adds itself to the TCP/IP stack. There are other methods to resolving our domain extensions such as adding "new.net" to the domain suffix search order or adding our DNS servers in the DNS server search order in the network configurations. You may also append ".new.net" to the domain extension in the address bar of the browser for resolution. Our software is our "user friendly" way of providing such access. Manually changing network configurations requires a reboot whereas our software can install in seconds and provide resolution immediately.
Our software is not "unstable" in anyway unless a user tampers with the configuration to a point where it makes Windows unstable. This is consistent with any other software that adds itself to the TCP/IP stack. If someone were to just randomly start deleting files on their system that are referenced in the TCP/IP stack, without first checking to see if there is an uninstall in Add/Remove Programs, then of course you would expect nothing less than an unstable or corrupt system with network issues.
"The little war I mentioned earlier is going to get nastier soon. Uninvited components like Cydoor and NEW.NET are sure to take steps to defeat Ad-Aware and programs like it. If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques. This cycle will escalate, with each side taking new steps to ensure its dominance. Users will pay the price in decreasing system stability."
Let's be clear on this point: New.net does not create or distribute any kind of stealth software in order to avoid signature files for Ad-Aware. In fact, Lavasoft had determined that our software is not "spyware" and discontinued removing our software since August 2001. I welcome anyone to contact Lavasoft directly for further information. There are still mirror sites out there that list New.net as a component that is removed by Ad-Aware; but I assure you that these sites reflect information prior to August 2001.
"I've been beating up on NEW.NET quite a bit in this article. I suppose it's because the deinstallation of their component trashed the IP stack on my Windows 2000 system and it took me a half day to put it back together again. What the hell were they thinking when they stuffed a buggy service deep into my IP stack without telling me? I think they should have to compensate me in some way. A $250 Small claims court action here in Virginia might be a way to do it."
The New.net client is clearly listed in Add/Remove Programs like the majority of all other software and when the correct procedure is used then the software is properly uninstalled. If someone decides to remove software "their way" as opposed to the correct way then you can assuredly expect problems. Please explain your procedures of "deinstallation" that lead to a "trashed IP stack," this may be useful to the New.net QA team.
Leonard Amabile
Director of Customer Support
New.net, Inc.
In the case of software like this, I agree that it's annoying, maybe even troublesome. I also think that if users can't handle keeping their system clean, they deserve the results.
If you don't know how to work something, don't use it in any great capacity until you have learned.
Not words to live by, per se, but my take on this particular subject.
Error 404 - Sig Not Found
I could create a new user in Linux with just the permissions I want to give it for every program on my computer, then run the program with the appropriate user.
In VMS you can choose from a set of "privileges" which ones you want to grant to each user. It's as if the "rwx" flags for each system command could be set separately for each user.
Unfortunately, this feature wasn't enough to keep Digital in the market. They were absorbed by Compaq, which itself is being taken over by HP, which means DEC is going through a second generation take over.
In particular, by default, neither the installer nor the actual application software should be able to replace system libraries, install executables with pre-existing meanings, or even access files that are of types different from the ones it is intended to operate on.
Unfortunately, none of the installers on any of the common platforms enforce much of anything. Installers usually can run arbitrary scripts, and once installed, applications are free to do whatever they want. And specifications of what an installer does are also incomplete, even in systems like RPM and Debian.
Use regedit and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and RunOnce and the same keys under HKEY_CURRENT_USER and delete anything which looks evil, ie anything where the path has the word real in it. You should find yourself disturbed by real one somewhat less often.
Some companies pick this up and use embedded Linux, but we should mostly count that as a miracle - OSS has to be so much better than MS even to make a dent because MS has such a huge warchest to throw at marketing.
Not in embedded space.
In a lot of ways, QNX is a more serious competitor to embedded Linux than WinCE is. The desktop mindshare that Microsoft has goes out the window when you start talking embedded space; for all their marketing wind, Microsoft isn't even as competitive as Wind River -- and in embedded space, where most of the old timers are folks who were around long before the rise of Windows and looong before the existance of WinCE, Microsoft genuinely needs to compete on its merits.
In some things, it can do this. WinCE is in some respects not a bad operating system. In others (saay, its networking performance) it falls flat on its face, and products like TrollTech's QPE really do provide a credible alternative to the WinCE interface.
I work for MontaVista Software. We have clients using Linux for set-top boxes and other little single-purpose machines (networking hardware, PDAs, lots o' stuff) -- not because of idiology but because it's far more cost-effective. If we were in desktop space, Microsoft would be the 900lb gorilla towering over us. We aren't, and they aren't, and our customers know it, and everyone (except maybe Microsoft) is happier this way.
True, when you do a "./configure; make; make install" you have to get root to make install, so you can even get a new kernel in the process. And, although the make is usually verbose, this is not absolutely necessary, so someone could set the Makefile to do something silently.
But I meant a more insidious way of doing unwanted things that Windows allows. Imagine if, after installing an rpm package, you did an "rpm -ql" and some of the files you just installed weren't shown. Imagine if the "find" command had a hidden feature that let the installer software keep some files secret from a "find / -mmin -10" command. Windows is like that.
Windows find doesn't search every file on the harddrive?...Since when?
all operating systems are susceptible to stealth code sneaking along with trusted software
Apparently, the amount of susceptibility is proportional to the amount of stealth code in the OS itself.
What the hell were you thinking when you chose to use an operating system which allows third-party vendors to replace critical system libraries with their own libraries, rendering said operating system more unstable as time wears on? Instead of blaming others for your own ignorance, you need to take a good look at how much blame you have to bear for your own predicament. Nobody here will be able to help you with that one.
The first version of NEW.NET borked my Windows 2000 installation because I was not connected
to the internet at the time of install. For whatever reason this caused the component to be configured incorrectly and prevented DNS from operating correctly on my system. Uninstalling the offending application and doing a repair install of Windows 2000 failed to fix the network stack. After 2 days of troubleshooting I was forced to do a clean install.
This is on par with installing a new CD player in an automobile and having the CD player surreptiously reprogram your ignition timing in a manner that prevents your car from running... software makers that do things like that should be held legally accountable for their poor programming practices.
Personnally, I don't have this kind of problem. I suppose the root of the problem here is the author's choice of OS.
:wq
Okay: offtopic, but burn my karma:
I'm planning to install lycoris (redmond linux) on my sister's PC when she gets it, but I've never seen it myself. But you say you use it. So can I be cheeky and ask you for an opinion of it?
I've never read much in the way of reviews for this distribution, so can you give me any tips on how well it works, and how good it might be for a newbie (even to windows) to use?
As I say, offtopic, but it would be nice to hear from a real lycoris user. lyc@blibbleblobble.co.uk if you want to email
Windows find doesn't search every file on the harddrive?...Since when?
I don't know since when. But I did this simple test in my dual boot machine: (1) Do a "locate file" command in the Windows Explorer. (2) Note which files are reported. (3) Boot in Linux. (4) Do a "find" in the same directory. (5) Do a "diff" between both answers. You will be surprised about how much information, particularly about your web-browsing habits, is hidden in files which Windows doesn't tell you about.
OK, yes, I know you are being funny/ironic, but some readers may believe you are serious...
"it's free, whaddaya expect?"
The analogy for this would be:
You go to Mexico on vacation. Do you PAY for bottled water, or do you get it for free from that old lady with 3 teeth missing. Hmm...
Sorry, I use Windows and I am not a slave of these machines. Get you head out of your ass and look around. You're a nerd. Do you think normal people care if you use Linux or Windows? You use a computer, that's enough.
He's right. As soon as I run downloaded software I'm giving up full control over my system.
If I cannot analyze the software running on my system, or have not written it myself I have to trust the programmers that they do it right.
Given the trend in copyright law development my influence over the system is pushed back to the user interface. What's lying beyond is not my domain anymore.
There are only two options left:
I realize, that the reply I reply to is written partly in jest. But there is a truth behind this. Remember, the computer is an automaton with exchangeable behaviour. Running different programs on "my" computer makes it a different machine.
Everytime.
-Arnulf
XP doesn't seem to search through temporary internet files unless specifically told so.
My family's computer started acting weird lately. I didn't have a clue what it was, sometimes it would randomly freeze and other times the desktop icons would never load. Once in a while I would get an error message containing the words "NewDotNet." I asked my family if they installed NewDotNet? And they all said "duh what?" (Luckily I have my own computer.) So I finally uninstalled the damn "program" and everything seemed to go back to normal.
I still have no idea where this NewDotNet virus came from. Yes I said virus! This code is intentionally installed without the user's knowledge or consent (I bet Bill Jones is now claiming that "Spyware is innovative.")
New.net claiming it "isn't their responsibility" is a bunch of BS. Look, "free" programs like KaZaA need to make money somehow, so they use spyware. In order for KaZaA to get money they need to get it from companies like New.net. So New.net pays KaZaA to exploit their users. Clearly New.net is responsible.
I'm just glad that I haven't seen any of this filth on Linux, BSD, etc. It seems Linux software programmers have a lot more respect for their end-users, but what's stopping from companies cashing into the 'Linux craze'? If AOL ever buys RedHat, I pray to god they won't ruin it like they did with Nutscrape. Having all these AOL Free Trial! Icons all over the desktop and installing AIM. Imagine having a kernel message stating "Subscribe to AOL now!" every 30 minutes.
The point I was trying to make is that the components included by, say, Windows are all written by Microsoft or one of their partners.
Therefore, internal politics and contractual wrangling could substitute for proper trust management. I'm not saying anything about contracts with the end user. Oh, hang on, you're a troll, aren't you?
Of course...
./configure --prefix=~/foo
you could do a
and then make install as yourself to check out what its doing. Tho I imagine that anyone adding stealthy stuff like kernel mods to an install would be smart enough to check the UID before trying to install them
Tho... you can read the code...and there are people who read code, or would notice this sort fo trickery and you can bet that there will be a BUGTRAQ advisory out right quick if such a peice of software got wide distribution.
-Steve
"I opened my eyes, and everything went dark again"
Lycoris is very good if you want a fully working Desktop linux - its a simple lizard install and comes with lizard as the installer. Finds everything in 5 machines so far including 3 dell laptops. Div-x runs immediately and has real video and all extras installed. Comes with Koffice and Mozilla and all works fully.
It doesnt have some of the libraries and would need a bit of modifing for some things to work but as a simple and easy to use OS for a beginner to use linux or for someone who just wants a simple solution to a fully working OS with nothing extra.
I ran it primarily because i wanted an OS for div-x and multimedia on my notebook and i couldnt be bothered messing around for hours to setup all the software and drivers. It works.
Samba automatically found my Winxp Shared Internet connection and talks natively to my Windows Shares with built in samba, also talks to a Windows NT4 and Windows 2000 Active Driectory domain.
worht the download, give it a go.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
We have what we have to settle for because there is no other choice.
...
Sorry, but neither of those options appeals to me.
That is a choice! I have used nothing but Linux for nearly three years now. Before that, I dual-booted, but between the improvements in the available software for Linux, the improvements in Wine, and my aquisition of a playstation (later upgraded to PS2), I stopped. My new machine has never ever had Windows of any flavor anywhere near it.
I'm not saying you're wrong for your choice (choice tends to be a personal matter), but the fact that you made one choice does not mean that the other choices aren't choices. They're just choices that you have rejected.
When you install something for FREE from the internet, you can't assume it will work as you want it to.
:p
Or go where you expect it to. Programs like Morpheus cram Bonzi-Buddy, Gator and other programs all over the place when you put it on the computer. And crimminy, all those registry entries*! Okay, so I'm a Windows user. But since Windows is the dominant operating system and most programs for it aren't open source, Windows closed source programs are the best example for this conversation.
I think that most problems with this kind of software could be solved by programmers putting on some sort of standard 'seal of friendliness' on software they produce. This would be a promise to the user that:
a) New files and directories will only be installed within the directory the user specifies, and no shortcuts to any program will be installed in any location without giving the user a checkbox not to install it.
b) The user will be told how many entries the install program will be put in the Registry and why each of them is necessary.
c) A promise that the program will attempt to send no information onto the internet unless the user has authorized it.
d) Any promotional offers included with the install will be strictly 'op-in' only, and no annoying pop-up boxes will warn the user what a great deal they are missing out on if they decide to pass them up.
e) The user is given the choice of the program starting by default upon logging in during the install.
f) Programs will uninstall cleanly, merely deleting it's own files and every registry entry it had made. If the user decides to bypass the uninstall process it should give them no trouble when the directory the file is in is simply deleted. No webpages will pop up automatically when you try to install or uninstall a program.
Something along those lines, at least. Granted, there are programs that can't follow these rules, ones that require certain DLLs or other files to be installed in a certain system directory, and they simply won't meet the standard. But I don't think that these requests are unreasonable at all. Look at Irfanview and Enzip -- great programs, no dishonest crap. And although we could initially only expect hobby freeware creators to follow such a standard, who knows how far it could go? If users like us start demanding that companies adhere to such a standard before we will use their programs then things may start to change. Even programs like Morpheus and Limewire could still make their advertising profits and collect user data while following these rules.
I'll be looking into making more of this on my own. Perhaps it's time to make another useless web award.
* Interesting note: Morpheus Preview Edition puts a key in your registry called 'Gnutella' -- it seems they took the Open Source Gnucleus code and modified it very little before putting their own wrapper over it. The parent company isn't exactly advertising this, either, for obvious reasons.
Remember "Bring 'em on"? *sigh
As another reply to this message says, have an installer group which all installed progs are members of and create a new user for each program. The only real issue I see is running out of users. Programs would have to be designed so that if the need to update shared libraries, they ASK you (and can't do anything with out your authorization)! This idea is almost good enough for me to try write scripts to impelement it. After all, I just had my windows computer get trashed by installing the gamespy software for xbox net-gaming.
This SHOULD be the next generation of RPM!
Female Prison Rape in NY
The difference between scumware and hackerware is whether its created by a 'trusted company' or evil hackers.
Contrast Microsoft's SMS and Back Orifice.. One is an evil trojan, the other is a valuable administration tool. The difference, a few hundred bux a seat and the authors name.
Same thing.. If you wrote as yourself, some program that installed New.Net as a hidden feature during the installation, you'd probably be called an evil hacker. If your program installed your own clone of new.net, then you'd probably be called a cracker.
This is just more 'the standards that apply to people don't apply to corps' type behaivor.
A war other than Humans vs Orcs?
...does not compute.
I'm working for a startup (hopefully not a start down) That is working in this area for Linux/Unix. The objective is to make installation of software as easy for Grandma as it is for Grandaughter. Along these lines we have adopted the following credos
1. The users box is none of our business. We don't snoop, store data on or in any way check out the users box beyond simple checks to see if dependencies are met. Even when we do that it's never "written down" anywhere we can see it.
2. The removal of software should not leave behind "droppings" of unused code or binaries.
3. Standards exist for a reason. As such we follow them. User apps go in usr/local. etc. Spraying a users box with code and binaries is a sure way to piss them off.
4. If you have to do something unique to the user s box (install a daemon or a server for example) TELL THEM BEFORE they install it.
5. Instructions and info should be available before you install the app not after.
6. Users should be allowed to be productive with applications not to applications Don't burden them with endless options and cryptic configuration files.
7. You own your computer. We don't. As such when our software goes on your box, we are a guest, and should be willing to act accordingly.
James Sparenberg
Director New Product Development
Open Country Inc.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
Very simple.
In Win98:
Run msconfig at Start/Run... select startup tab, deselect realtray and anything else you don't trust. If you don't recognize something, do a google search for it FIRST to make sure what it is.
Or find the exe, right click on it, choose properties, and see if theres any company info in the version information.
This is also a nice way to disable the annoying "Critica Update Notification!!!" from popping up in the middle of a Counterstrike / Tribes2 tournament. Uncheck "mstask", and visit windowsupdate.com whenever you feel the urge. Note: it will reset itself to on after an update, so repeat the procedure.
Note that msconfig doesn't work on XP / 2000.
Anonymous Coward...hmmmm.....
who said I was Windows-bashing? I use XP almost exclusively, mostly because the industry apps I need are not available for linux.
I'm out of my mind right now, but feel free to leave a message.....
Yes, I know that WHQL is for hardware drivers. I was using it as an example of the type of system he wanted. Yes I know most stuff doesn't get WHQL certified, and thats mostly because developers dont want to take the extra time and effort to guarrantee that their components don't interfere w/ anyone else's.
Point is, WHQL works when people actually comply with it. If a software standard like it was implemented, it wouldn't solve the problem, because no one would take the extra time for the development. Or, they would do it for their first release, but not subsequent upgrades and patches (NVIDIA's detonator XP drivers?)
As much as I might feel that governmental regulation and litigation is the only way to enforce anything these days, it depresses me because of the precedent it sets, and because it seems our entire society is transforming from the original "American Dream" of working hard to get a better job, house, etc. to a new "American Dream" of sue and litigate if something goes wrong. Its a symptom of work ethic falling by the wayside to greed and laziness.
I'm out of my mind right now, but feel free to leave a message.....
But what if your neighbor borrows your car when you're not using it? Assume, for sake of argument, that your neighbor only borrows your car when you wouldn't be using it, returns it whenever you ask for it, doesn't use any gas or other tangible good, and doesn't induce wear and tear on the car. You can still turn around and sell it at any time, with zero interference. In that case, you wouldn't be deprived of any property. The fact that your neighbor is borrowing your car has absolutely no impact on you.
That's a stupid analogy on its face, but it's a pretty good one for considering the case of a software vendor "stealing" clock cycles from your computer. No matter what's going on under the hood, you're not being directly deprived of any property. Your computer isn't magically worth less because it's running somebody else's code.
No!!! Try this one:
The other day, while I was at work a plumber visited my house to fix some pipes. While he was there, he borrowed my wife and gave her incurable sexual diseases....
I'd feel the same way if he fixed my computer by installing M$. Yes, it would be worth less because it does less for me. These companies that break your poor little Windows box so that they can send you adverts are really repulsive.
But I love them. Yes, I love the fact that all of these companies like Creative, M$ (by the EULA) and others treat their users like total crap. It shows everyone why they should be using FREE/A software. You trolls are great, you really are, thanks for taking the time to show how much you care.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I thought removing Macromedia software would make the anoying problem go away.. Wrong. After removing Macromedia software, viewing the news on every about 5th page of Yahoo provides a popup Microsoft security warning.. Do you want to install macromedia 5 and do you want to trust content from this site? Funny they don't include a don't ask me again check box. I doubt it was a simple oversight. It looks like I have another box is scheduled to get Linux! I wonder if Netscape for windows has any improvement in this department? It isn't taking long to convince me I need to replace the software that came with my nice shiny new machine.
The truth shall set you free!
Its now a routine to do an external ad-aware scan along with our virus scans. I'd say damage from the two are almost equal in commonality and magnitude. We've found registry hacks (cexx.org) to repair new.net's extremely common winsock curruption (resulting in complete loss of internet). As for anything else, if an uninstall or ad-aware scan doesn't fix it, it gets fdisk'd.
I think it will only be a matter of time before Symantec packages an ad-ware clone in their Norton Internet Security package. Until then, the badware is paying my bills. :)
It's like the shareware principle but without the annoying nag screens. If you're broke, if you can't pay, yeah whatever.
And use the right installer for the job, too, not just the one that's handy or that you've already bought and paid for.
Many a time I've gone to install some state of the art program -- only to find it uses an antiquated version of InstallShield. Even some relatively modern 32bit WinApps are still using the old 16bit InstallShield, which doesn't quite grok long directory names and tends to create uninstall logs that are invalid under Win32, and occasionally gets confused by >2gb partitions.
I know InstallShield isn't cheap, but you wouldn't use TurboC v3.0 to compile a 32bit program -- so why should you use an installer that's not up to the job either?
Side note: I recently installed Corel WordPerfect 2002. The installer not only let me control every component it installed, it also logged =every= change it made (so at worst, if an uninstall failed I could manually undo everything it did). And it installed only about a dozen files into \windows\system, and version-checked every one first.
~REZ~ #43301. Who'd fake being me anyway?
You could also backup everyday. And use that to restore when you install a bad program.
Yessiree Bob! I'll take that option..
I use PowerQuest's Drive Image 5.0 whenever I get a bad case of the "freebies" and it takes about 4 or 5 minutes to completely re-image my Win2K partition... it's a kludgy way to remove the spies, but so far 100% reliable and generally quick enough.
Obviously this solution sucks when I've got two or three big apps (that I want to keep) installed without an image update..
Hope that's somehow useful.
--you have been trolled--
It allows for undoing... and makes it clear
what's changed, so that any new untoward
behavior can be connected with installation
changes that preceded it.
Simple, eh?
PS Perhaps the operating system could write
that log (ie, so that an installation tool
couldn't "forget" to enter any changes..)
/Really/ expensive - it's almost invariably SRAM, which requires 6 transistors per cell, as opposed to DRAM's 1 transistor and one capacitor. That adds up to /way/ more cost.
/extremely/ important.
Putting 256kB to 512kB of cache on a modern x86 core seems to be the sweet spot, price wise - more cache makes a difference to a smaller and smaller subset of programs, and costs more and more, so it just isn't worth it.
Minimising the memory footprint of your code is
himi
My very own DeCSS mirror.
Cats: How are you gentlemen !!
Cats: All your base are belong to us.
Cats: You are on the way to destruction
Anything that needs more privileges than that is considered a "system modification", and should be identified as such. In a corporate environment, installing a system modification probably would require the approval of the IS department. But "applications" could be more freely installed.
Someone into Windows tools might write this. Corporate IS departments would like it.
./configure /tmp/somerandompath
make
TARGET=/tmp/somerandompath make install
ls -lR
pretty easy. -dqlprndmp seems kinda stupid to me, then i dont have to check scripts/blah/blah
blah. i like to know where everything on my system is too.
though i use debian, why am i b*tching?
This is new? TV advertising has been rampant with catering to the avertiser for decades. Simple economics and capitalism have proven that those with resources decide the content, so long as they pay for what we 'want'.
And the lesson is: so long as we remain passive robots who stare at what we given, without questioning, others set the agenda and format.
Includes a sticker that says "Don't steal music" , and a firewire cable.
We don't need any more laws. We already have far too many silly laws that never get enforced anyway. Furthermore, there is already a body of law that covers this kind of thing: tort law.
The concept at play here is called trespass to chattels. A chattel is a concrete possession that is movable, such as a car or a computer. Land, or a home, for example, are not chattels, because they are not mobile. Trespass to chattels is when one interferes with the use of an object by its owner. In this case, the specific tort might be conversion. Conversion is when someone wrongfully exercises control over, or "converts" the object in question for their own purposes.
The real tricks are a) trying to convince a judge that a trespass or conversion has occured, and b) showing damages to which one should be entitled.
But before any of that can happen, someone has to sue the software author/vendor. Is it worth their time? Maybe... but probably not. That's why this crap goes on so much.
And that's not just for internet or even computer business. The most powerful force the consumer has is the ability to demand and make use of labelling. It doesn't necessarily need to be enforced. If an independant body(no not M$, their standards are only ever going to be self serving) rates products on relevant features - for software, say privacy, reliability, advertising issues etc. - and allow manufacturers to display their logo if they display the relevant labelling. A critical point is that the logo must be heavily advertised in order to make it well known. Once consumers get into the mindset that they can only trust software with that logo then everyone has to get it on their product. If everyone gets it on their product they are forced to disclose the fact that their software is spyware etc. or become an untrusted and quickly unprofitable company. This is simple, you don't need to know what a .dll is or a registry setting, you just need to know that your chosen piece of software was cleared as a reliable install.
This is not just good for consumers because it gives them confidence in the software they install, it would be a massive boon to the shareware/small commercial software industry. I work for someone who takes every opportunity to pay through the nose for MS software simply because he trusts it. Breaking the MS monopoly relies on consumers being able to have confidence in non-MS software - what I'm saying is that good software vendors would find it in their interest to support and even pay for such a standard. And no doubt their already exist a number of shareware standards of practice but they need to achieve visibility and credibility and then things could be different.
There are many reasons for this mess, all sides are a little guilty:
1) users, because don't know how computers/software/operating systems/networks/internet work and cannot decide what they need. But should they be required to know this? No. I don't think so. They should be protected from badly written code by the internal fetures of the operating system, which should make it possible to install/uninstall components and aplications with a single mouse click. It is possible, although it does require a bit of extra work.
2) software authors, because they still think that their application is going to be the only application the user will ever install. They need to think global and make their software behave. Also, software authors should take a trip to Kodak or other consumer products companies and learn about usability.
3) operating system authors, because they fail to provide a mechanism for easy installation/deinstallation of components and applications that doesn't break the system, doesn't break other applications, is easy to use for application developers and end users.
A legal framework would never work, because either no software would be ever released before lawyers finished their battles (or before hell freezes over, whichever is sooner) or software companies would add a disclaimer that says 'you are installing this software on your own risk' (hey, that's what they do today!).
A solid techical framework that prevents one application from messing the whole system up is a much better idea.
Jacek Artymiak
freelance consultant and writer
master of many a page
Just think, Next time your computer crashes, you take a rifle to the computer store or the software house.
I think we'll sick the lawyers on 'em instead, shall we?
Litigation's a pain in the membrane but its better than hacking off the limbs of the infidels.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Hmm.. ad aware has only 3 cows at tucows.. conspiracy?
NEW.NET should not be responsible for the notification, the problem implied is that too many other programs DO NOT notify that they are installing other applications to do something additional. Or at the very least, that the other application is necessary and vital for the functioning of the initial program.
Consider some other, more reputable programs, as in some Adobe IIRC, or maybe some games, or even my VooDoo3 3500 TV AGP video driver installation program, which needs to install an additional program, and which calls a second installer (namely the new program). Then it is the second installers responsibility to say "Hey! These are my options," and it is the assumed responsibility of the first program to make sure that the user aknowledges that the second program is necessary.
In regards to VooDoo3's video app, I may not be thrilled that I have to install some sh!tty M$ app (namely Micro$oft WebTV), however, 3dfx has gladly acknowledged that they use the WebTV api's to run my program, and that by not installing, the video driver's will not function properly.
Another problem with the initial post is that A LOT of the program's that are being installed are not allowing individual options to be turned off.
- begin one sentence rant -
features like "Run in as many processes as often as possible" should be reserved for sysadmin to enable, which I realize that most systems do not have a sysadmin to enable or disable these options, and so they decide to run by default, but for cryingoutloud scumware developers, can't you figure out we dont want your stinking options the way you do???????
- end one sentence rant -
-author's note, i apologize now for any misspellings or forgotten punctuations/capitalizations, and true sys hackers should realize intentional left-outs vs unintentional missings
--drach out
2^3 * 31 * 647
heleny645354332@netconnect.com.au
gfdssxdf@bigpond.com.au