Slashdot Mirror
Morpheus Hijacks Browsers For Affiliate Links
An anonymous reader submits: "According to this news.com article, morpheus (aka streamcast) has begun silently installing a browser plugin on its users' machines that basically hijacks the web browser even when not running Morpheus. An afflicted browser will sense if a user is going to visit a shopping site like Yahoo! or Amazon, and secretly send them to a different site instead and then redirect them from this site to the user's intended destination. The user will not be aware that this is happening... however the site doing the redirecting will benefit because they are set up as an affiliate partner and will get a commission on the backs of the user. On a horrible scale of 1 - 10 for sleazy business practices, I rate this a 9.
Comments?"
Trillian password files perhaps?
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
here's arstechnica's forum about it:p c&s=50009562&f=174096756&m=9220974704
http://arstechnica.infopop.net/OpenTopic/page?a=t
So this is based on zero knowledge, but I would guess that that violates the terms of referership (is that a word), considering that fact that that "partner" did not actually refer you to the site.
/.
I think a list should be compiled and reported, I would guess that places like yahoo and amazon could file criminal, if not at least civil, suits against such cheaters. It wouldn't surprise me if they did too, just to make a point, and to try not to jade users to the system....
any thoughts? that's a dumb question this is
http://monkeyserver.com --- weeeeee
It's free software after all, how else are the developers supposed to make money? Not that I approve...
Of course, and I highly suspect it, I may be talking out of my ass. -oqti
all i can say is that i'm utterly confused. can someone please shed some light on just what exactly is done here? the article doesn't make it sound nearly as frightening as the /. summary...
Now that Morpheus is just a hacked-up (or down ;-) version of Gnucleus, there's really no point in using it anyway. I don't see what it provides that Gnucleus doesn't, other than annoyance.
Don't blame me, I get all my opinions from my Ouija board.
it's funny because it points out how stupid those affiliate things are. why doesn't the user get a discount if they find the site on their own? it just takes advantage of those lame referral programs
you should expect this from install that morpheus crap. it doesn't even work under linux
its like theres lots of money being lost from users not being referred to sites, somebody should cash in
Oh this is promising, I load up this news article and theres a total of 3 comments posted under it, all of which are below my threshold, I assume all of which are first posts. But anyway back on topic.
I've heard of sneakyness not far off this already. It seems some of the other P2P file sharing programs also like to install sneaky plugins which do things from reporting your every url visited up to popping up windows with ads in them on encoutering certain keywords. Very nasty and can also incur a performance hit.
So Kazaa, the premeir FastTrack client, begun to bundle spyware.
Great, I can deal. I switch to Grokster.
Grokster begins to bundle spyware.
Fuck. Switch to Morpheus.
Morpheus bails from FastTrack, and switches to Gnutella.
Fuck again. Switch back to Grokster, use AdAware.
See that Morpheus, who explicitly claimed that it contained "No Spyware of Any Kind" engage in this type of practice?
I can only laugh at the pitiful wreck that the company/corporation-based P2P programs have become.
Business 101 - try really , really hard to piss off your customers
I'll think of a funny sig later on
The truth of it is this could be seen as a virus. It is just a profitable one. They will get smacked on this one as soon as it comes out in the light of day.
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
Let's see, they don't pay their bills and now they are hijacking browsers...Good business practices. Another one for the dot.bomb list.
-- Now more the mirth, scrape here in the face...
What you don't know can't hurt ya. Most people will still get up and go to work the next day. The crud is going to come down the line, when it waterfalls into a much bigger problems with worse results.
"i can never say no to anyone but you"
Man-in-the-middle attack is the only phrase that flash across my mind... I have no way to check the identity of the "referer".
You can call me a paranoid. Each time when I need to buy stuff online using credit card. I will reboot to a cleaner "environment" -- a clean copy of OpenBSD or something similar. God knows who the hell the various windows plugins are doing..
If this is a 9, I'd hate to see what the submitter considers a 10.
An afflicted browser will sense if a user is going to visit a shopping site like Yahoo! or Amazon, and secretly send them to a different site instead and then redirect them from this site to the user's intended destination.
The final destination is more or less the same. The difference is the intermediary. Morpheus isn't stopping me from going to Amazon by instead redirecting me to Borders.com...They're just stealing referral dollars.
Honestly, though...I wonder how long it'll be before these online vendors lock out Morpheus' referral IDs, or even worse, deny the connections altogether (since the most recent source IP will be Morpheus' proxy, not your own).
And I assume that if there's a pre-existing Referral ID, Morpheus will strip it out and replace it with its own. Doesn't this constitute actual monetary theft?
"Mod, mod, mod...and another troll bites the dust."
But I keep getting redirected to ZDnet somehow!
[PowerPoint] is a tool for capitalist presentation
That is horrible. Aren't these the guys that were installing the spyware with their filesharing app a little while ago? If not (and even if it is) then it's one more company to avoid. I'm starting to think that people should avoid all these file-sharing companies--they apparently can't be trusted.
Let's hear it for open source gnutella clients!
-David
There. Now go play some cool javascript games!
This belongs to a new breed of nusiance known as scumware. Check out http://www.scumware.com for more info.
It sounds evil, but it can't be bad, because its open-source, right?
More seriously, I hope the sites being hit with "fake" affiliates revoke the affiliate status of sites that Morpheus redirects thru.
It shouldn't be hard for EBay etc to load a copy and just try it and find out who is playing this game.
this is not a sig
Morpheus is totally fucked.
Thanks,
--
Matt
Honestly, I had the idea for this a while ago while talking with a friend. I've been waiting for someone else to implement it. Its not that much different than those sites that collect and list internet deals, in the hopes that you'll follow their links and they'll get the referer fee, Like this one.
While I personally see this as a bad thing, since they do it behind the users back, I would probably have no objection to installing something similar for slashdot. I don't exactly feel the need to subscribe, but I would have no objection to them collecting a referrer fee off of my internet purchases.
I guess this is why I entered cnn and ended up on slashdot.
money is to lie and do dirty stuff if your software is free?
Somebody needs to inform Redhat.. apparently nobody told them.
Or better yet: Company X is dishonest. Company X makes product Y. Therefore all companies that make product Y are dishonest.
You, sir, are a moron.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
This isn't that bad really for the user, Yahoo and Amazon will give a commision to somebody anyways. What really annoys me is that this hurts all the other websites in the world. If I give a legitimate referal from my site to Amazon, then I should get the commision, not Morpheus. If this becomes common practice, then it will effectively kill the way that business is done on the web, and in the process take out a ton of small websites that are struggling to stay alive out there.
feints within feints, wheels within wheels
Under "Tools" -> "Internet Options" -> "Advanced" deselect "Enable third party browser extensions" and reboot. Even if the .dll responsible for the redirection, bpboh.dll, is installed, it won't be able to run.
And what, pray tell, is a fucking 10?
I think someone is being a little um. . . friendly to these jerks. Not that the warez leech kiddies don't deserve it.
Bah
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
From what I can see on their website ..
If I were Amazon, why would I pay 10-15% margin to someone who has not really promoted the product, but has hijacked the links?
They also probably violate this portion of the operating agreement.
These folks really must think that they own the user once the user buys their product, becuase even a "respectable" company like Intuit doesn't seem to have any problem with monkeying around with the private parts of the user's computer for their own purposes. Certainly those icons are paid placements.
Bruce
Bruce Perens.
Doing this is similar to only crossing the street in a reflective jumpsuit wearing a helmet and kevlar motorcycle wear. Overkill. Not worth it. I highly doubt you have gone through every line of every open source program you run, what if there's some buffer overruns in there and your net access enabled computer gets hacked?!?!?! Obviously you have to take risks to go online.
adam
If I were Amazon, I'd be going after both the affiliates and Morpheus - this sort of thing is called fraud...
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
I saw something doing that (wierd long url and instant redirect) when I was browsing, esp. when I went to register.com.......I figured some piece of software I had was doing it (figured it was DivX 5 though).....now I know
I'm out of my mind right now, but feel free to leave a message.....
... I use Opera. Although if too many people start using it, I'll haveta find something else.
"Derp de derp."
I smell a class action
HOO
I am for re-e-eal
I know more than you drink.
"we're proud of not installing any spyware on your system", or whatever bull$hit they said on their download page... Good thing I've never used any of this adware crap. Usenet forever :)
I don't use the internet.
More evidence that people suck.
I could see an advantage to Morpheus when it was on the fasttrak network. Not enough of one for me to install it, but I could understand why others would. Now that it's running on Gnutella (With Gnucleus specifically as it's client base) why would anybody install it?
Personally, I have Gnucleus up pretty much all the time, even when not downloading anything. High speed network, I can at least serve as a somewhat stable connection. However, since Morpehus invaded it's gone from bad, to abysmal. Gnutella has been hurting for a long time, but the 10k (or whatever) users added recently pretty much killed it.
Any sufficiently advanced technology is indistinguishable from a rigged demo.
Why is it that EVERY p2p client/protocol seems to eventually bow to the wishes and choose these really slimey advertisement strategies? I *HATE* Gator and its ilk. I realize that the advertising piggy-bank has dried up, the p2p is way worse the other advertisement driven technologies, and in my mind, use far less resources (eDonkey has a few people doing development and whatnot, their only bandwidth costs are for the client download and hosting some forums. Slashdot has how many people and what kind of bandwidth usage???)
(sigh) Even though Gnutella started open-source, the only usable clients seem to commercial (which campy I'll include Limewire since they did a dance with the gator crew)... Seems to be crying out for a truely open-source alternative...
If I were a user of Morpheus I'd be looking at filing charges for cracking my computer and using it for unauthorized activities. Companies conducting business like this need to be naild HARD. Teach them a lesson and make an example of them.
And what about the programmers who wrote this 'feature'? Who are they? I wouldn't be opposed to blacklisting them, or at least smearing their names across the headlines. This is sleazy and unethical and shouldn't be tolerated by the rest of us 'respectible' programmers.
Brian
Remember Lexington Green!
I used to work for a company that was developing software/hardware that would allow ISPs to do this for all traffic passing through them.
What was interesting was that you could not only add affiliate codes and redirects for links that didn't have them - but that you could also replace existing affiliate codes if you wanted to, basically hijacking the commissions.
They had lots of other ideas for doing similar things - and once the hardware/software is in place at the ISP, there's really not a lot the user can do about it except change ISP.
yeb, I heard someone sells service for some free software :-)
Reminds me of a report about KaZaA around the middle of last year. The TopText 'spyware'added yellow links to some words in Internet Explorer. I never dealt with it first-hand, but it sounded very annoying.
Is Morpheus' latest effort at all related? It seems to be based around thr same idea, however the idea of being redirected sounds worse. For exanple, does it work that if you type say, http://www.google.com, you arrive at AltaVista?
What is it with crappy (ex)FastTrack networks and I-can-believe-it's-not-trojan software?
I think the point is that the intent of the promo copy was not distribution. You can say its in the spirit all you want, but it wasn't meant for distribution. Period.
I don't think its fair the way artists get ripped off by the "value chain" involved in getting music to consumers. However I do think it is their artistic content and they should have the right to determine who can hear it and who can't. That's why they sign contracts. Sure they get ripped off, but that's the way the system is set up.
You want to change it? Me too.
I don't think "screwing the man" helps change anything. All you get is "the man" trying to screw you back. Everyone enjoying all those encrypted CDs that don't play on computers? Leave that crappy system alone. Show your support of artists that use alternate distribution channels, download and share free music all you want. Make the distributor feel the pinch by helping their competition. P2P is not their competition, its their enemy. There's a difference.
So check out the artists that provide their music for free. Some artist release their music for use on these P2P networks, and they should be supported. But in the end, it is their choice.
Dave Matthews (for example) released the first single of an album on Napster, essentially saying "Here is a song, enjoy. If you like it, check out the rest of the album." He didn't say "Here is a song, steal the rest if you like it."
It should be up to the artist to determine what happens to their creation. Support the artists that choose the other way and you might start to see changes.
Stealing won't do much other than break the law. And warp your morals to that of a lowly slug. But that's a story for another day!
On a horrible scale of 1 - 10 for sleazy business practices, I rate this a 9.
Almost as horrible as stealing Intellectual Property from musicians?
From what I gather, it's always a single hardcoded site that the user is redirected to. So I think the original poster is off the mark in thinking that this is a way for the website to make some quick bucks in referrals. However, the issue of secretly redirecting a users browser is still a fairly serious issue to consider, just on privacy grounds. If I type in a URL, I expect it to go that URL, and not to secretly start visiting other websites that I didn't want.
Anyone remember a while ago AOL was detecting URLs for the popular search engines and instead forcing the user to their own search engine page? Is that still going on? That was bad, but at least they were open about it. This case is much worse in that it attempts to conceal what's it's doing
If software which does this sort of sleezy tactic put as a clear, easily obvious disclaimer "You are indirectly paying for this by allowing us free reign over your PC", then I'd wager that about 5 people on the planet Earth would actually install it. Instead, however, companies that do this sort of tactic either sneak it in entirely unintended, or they hide the details 40,000 words deep into a EULA which they know that no one reads, all the while promoting their "free" software. Why stop at redirecting the browser though? I mean surely there's some worthwhile nuggets of information on that harddrive somewhere that could be sold to the highest bidder. All's fair in the land of free software, right? (Why say just free though? Using this "anything goes" justification, anyone who believes that they are providing a more valuable service than they are charging can go nuts)
.NET Framework supposedly offers this but I wouldn't trust it until its evaluated and proven) or a legal solution. It's obvious that a "Dirtier-than-thou" cat fight is taking place with every sleezy vendor out slimeballing the next.
This sort of activity is atrocious, and I don't see how these people aren't facing the same punishment as the Kevin Mitnicks and Melissa virus writers are. Without any doubt there is a serious need for either a technical solution (one could say that it exists by way of Java : Sandbox every application to ensure it has no rights outside of its little world. The
Morpheus is already dead. ever since they screwed up about two weeks ago by saying they released an update but not doing so screwed them over. It basically shut down the entire network killing their argument in court that their network couldn't be shut down. The company has also said they will no longer develop new software.
I posted another message on my take on the issue, but I don't think I put my perspective clearly enough. Given that it's a single website that the redirection is going through (at least, we can presume it is), it would be piss easy for a big outfit like E-Bay to detect the website name and not include it in any referral monetary program.
So the website is likely to be only usefull as intended - as a means of secretly counting how many Morpheus users visit a particular big site, without going to the trouble of having to enter into an agreement with the popular website owners to get the information. It's sneaky, it sucks, but I don't think that they're really trying to secretly make a few bucks.
go there, get your copy today! this has got to have some lawyers in a frenzy, but really when you're the crack dealer selling to HS kids, is someone really going to suddenly pay attention now that you're lacing it with some heroin?
just another reason to add to my list of why i haven't done any p2p since napster went away. simple kindergarden stuff here; if i can't trust, how can i share?
...Business 101 - try really , really hard to piss ON your customers!
You're using her as bait, Master!
This is the 1001 reason why you shouldnt use Internet Explorer, all the spyware targets it.
Sigs are for morons... Wait a minute...
What's worse is that it had somehow also managed to make it impossible to change his homepage from within IE (the fields were grayed out.) After a quick registry hack he was porn free
Anyway, as long as there's a way for people to make money off the swiss cheese that passes for software security, they're going to do it. The sad thing is most people don't know how to stop these things. The sadder thing is that most people don't remember a time when the internet wasn't about making money (when people were boycotting web sites with banner ads) and don't think there's much wrong with these tactics.
I should get some mod points for that subject :-)
Seriously though, the article says it can only affect IE. This makes sense, given that it's easier to do sneaky things in the registy and elsewhere which, while invisible to the user, will cause drastically different behavior in parts of the operating system, like IE.
Aren't you glad you use Netscape? Don't you wish everyone else did?
(apologies to the old Dial ads)
There is no sig, there is only Zuul.
While visiting astalavista to, um, get a serial number that I'd previously lost from a program I'd bought, I followed a link to a site http://www.cracks.am. When I clicked on the link to download the serial, a dialog popped up asking for my permission to install a program from C2 Media, and certifying that the program had a certificate from Verisign.
Stupidly, I clicked yes, and promptly regretted it. A whole day of browser abuse followed.
* My desktop got taken over by an 'affiliates' homepage
* My desktop got swarmed with icons for adult and gambling sites
* If a site took a long time to load, or got a 404, my browser would end up at the portal http://www.lop.com, part of the 'affiliates' network.
The program didn't leave a listing in the add/remove window. It wasn't in c:\program files.
It had buried itself deep into my windows folder.
Instinctively I searched my disks and registry for lop.com and removed all references. No cure. My browser still kept going to lop.com.
My only cure was radical action. I ran Win2k in a VMware box with disks set to non-persistent. Immediately before saying 'yes' to the installation, I ran the 'InCtrl' install tracker program. Thank God for InCrtrl - after the install was done, I had a list of all files added by this nasty piece of scumware, and had the utmost pleasure in removing it once and for all.
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
Now I've seen it all!
Appended to the end of comments I post? 120 chars?!
Screw subscription based system for Slashdot. Just make up interesting articles and put them in the headlines and get the company involved to pay for being a referrer. Slashdot viewers would see great articles like this: Windows XP Home Page: Which Edition Is Right for You? and Target's Deal of the Week. In return, Microsoft and Target pay $0.01 a hit or something. CmdrTaco could retire in a few days!
It's like hijacking hits, but with the slashdot effect.
---- The geek shall inherit the Earth.
oh god. why can't those people spending all they're effort trying to make mp3's illegal just make THIS stuff illegal?
Wow -- you're right on the money.
I was shocked to see how Morpheus is a VERY bad clone of Gnucleus. Well, Morpheus is off my system for good. No more damn pop-up ads either.
Good riddance.
-- We live in a world where lemonade is artificial and soap has real lemon.
Interesting idea, sort of a donation that doesn't cost you anything. Or, maybe that should be the subscription fee!!!!!
Wanna subscribe to Slashdot's extra features, just download this nice plugin.
We have to think about the privacy implications though. I personally don't care that Slashdot can track when and how often I go to certain shop-sites, but I know that many people will. But hey, if it's voluntary!
Besides, it remains to be seen whether sites like Amazon and others will accept this kind of thing. Basically, you're not actually referring, you're just bringing someone to a destination that they were going to already. Evildoers will have no problem with signing up for the referrer programs every time their id is cancelled (assuming that it's easy and automatic to sign up). Slashdot however will have to do stuff in the open.
On an other note, it just goes to show that people need more control over their computers. The system should make it obvious, that something is installing something that's going to interact with your browser.
The problem is easily solved in Linux (or any other *nix-like), just never run as root and make sure that the browser can't use your local plug-ins directory.
alt.binaries.erotica.hamster.ducktape
...both the original version and the preview. Good ridance.
Somebody really needs to file Federal criminal charges on this. This clearly "exceeds authorized access", as defined in the Federal computer crime law.
Buying the CD's and ripping them works well.
----
All of whose base are belong to the what-now?
And people expect what? Orginizations to be honest about what they do? Heck everyone's going to the ad-banner craze now. Thank god doubleclick went to /dev/null and I guess this will too. Everyone's trying to make a buck and they're going to do it regardless what is "right" "moral" or "ethical" I have been using LimeWire ever since it came out and I refuse to upgrade simply because I know that Limewire is starting to take stats on what people search for. If they can cause ads to popup or display within the Limewire program through the Java API that limewire runs in I can only imagine what someone could do with the Jave API anf Limewire itself! If people are worried about their browsers links being hijacked, then use VMware and build a virtural PC inside of your existing OS and ONLY use it for searching for files!
Remember, they CAN'T jack with/learn/save/report anything that YOU DON'T do on that box!
just my .02 (it's my 1st post, be gentle)
Partnership for an idiot free America!
Installing Bearshare also installs two secret spyware apps. One of them does a similar redirection, but is especially evil because it bypasses firewalls like ZoneAlarm. More information about this at cexx.org/newnet.htm and lots of related stuff at the root cexx.org
First, they took an open source app, Gnucleus, and repackaged it as their own, adding nothing while actually degrading the software by adding popup ads.
Second, they started banning from their chat room anyone who mentioned this fact and posted the url to Gnucleus.
Now, they're installing scumware in order to control your browser for their own profit even while you're not using Morpheus.
Anyone left who still wants to argue with me about whether or not Music City is a company of degenerate sleazebags? Anyone who still disagrees with me that the proper course of action is to delete Morpheus and install Gnucleus immediately? (at least until something better comes along).
I hoped the Morpheus name would help gnutella network along but maybe not...
... although I have installed this "Preview Edition" I ran a piece of software and could find no BHO files other than Norton's and Adobe's.
So... my question is where is the spyware?
Get your Unix fortune now!
This is like spammers embedding banner images in their spam and getting paid every time someone opens the email just because the banner was loaded. It's just running the meter and the entity being screwed is the website that is paying them a referral fee.
The article, in one part, reads: "Griffin said the technology is simply taking the old affiliate referral program to a new level. Most of the referrals will happen inside the Morpheus application itself after the new version is launched with a commerce section, he said."
Yeah, right. Most of the referrals will clearly be a result of their sneaky browser add-ons, not because anyone really pays attention to the commerce section of a P2P client. Heck, P2P users generally get as much as they can for FREE--not exactly the target market of much of anyone.
For you windows users, I noticed that Morphesus also installs a program called BDE under "\%Windows%\BDE", and it installs a Registry Key under:
r entVersion\Run".
"HKEY_LOCAL_MACINE\SOFTWARE\Microsoft\Windows\Cur
This key loads the program at startup. The program appears to be some sort of video codec/player.
The source code to Morpheus was made from gnucleus. I do not know the link to that, but it should be pretty easy.
The source code for morpheus is here. It is in a zip file, right from the site. I do not know how to program too well, but I do have a website, Xcompile.com in which I would gladly put anything made from the morpheus source onto my site, so long as this feature is removed, along with the advertisements.
From the News.com article:
"The company on Tuesday said it has begun installing a Web browser add-on that sends some Morpheus users on an invisible Web detour aimed at capturing data about file swappers' surfing habits."
I.e, so far it's only about collecting usage statistics. It's simple spyware, not stealing referrals from someone else.
A little further down, the article goes on to say:
"By invisibly inserting the redirect into Web surfers' browsers, StreamCast can make it look like it is referring traffic to shopping Web sites without the shopper ever being aware that the Morpheus technology was involved."
The keyword here is "can". It doesn't say they do it yet. It doesn't say how the referrals are inserted into the browser either.
Maybe Morpheus just makes your browser have an extra, annoying banner-line with referrals.
Or maybe, if there's a web page with the text "Britney Spears" it inserts a referral to the Amazon.com page where Britney Spears albums are sold if there isn't already a referral there.
If StreamCast was going to hijack other people's referrals, I doubt they'd be so open about it. I don't think StreamCast would ever try something like that, because it would be stopped by the vendors themselves faster than anybody can say "litigation".
More from the article:
"Most of the referrals will happen inside the Morpheus application itself after the new version is launched with a commerce section, he said."
Putting referrals inside the Morpheus application sounds pretty legitimate to me. There's just the issue about just how exactly the other referrals, inside the browser, are done.
After reading this article (and noticing redirects being performed on my system - i thought it was something else, not morpheus) I downloaded this utility: BHO Cop which is designed to search out these nasty browser-attached proggies and allow the user to disable them. I found the culprit: bpboh.dll put out by Wurld Media, who, according to their inadequite website, claim the primary goal of their business is to help companies be profitable (very ambiguous, don't you think?).
.dll w/ BHO Cop, relogged in (WinXP) and low and behold, when I go to amazon.com, I end up at the root page rather than a referal page deep in the system.
Well, I disabled the
So - download and run BHO Cop now! who knows what else you might find (Acrobat seems to have dumped something as well)
I'm out of my mind right now, but feel free to leave a message.....
Comment removed based on user account deletion
In the article, there's a link to a cnet download page that contains a BHO Cop....This is supposedly software that scans for and allows you to disable hidden browser plug-ins.
Has anyone used this before and can it be used to conteract such forms of internet theivery?
I'd hate to see Amazon lose even more money. Rob
Those who can, do. Those who can't, simulate.
Eh.. just uninstall Morpheus and use LimeWire.. It's the exact SAME network.. Gnutella!!..
And LimeWire has a nicer interface anyway..
I use that now.. it's better. yeah I do have that annoying ad bar at the bottom.. but I may just pay the $8.50 to have it removed permanently...
and since I use linux.. it doesn't install all that CRAP software like Bonzie Buddy!! (SPYWARE!!!!)
Anyway.. just download Ad-Aware and have it remove the SPYWARE from your system.. (I bet it'll probably remove the Morpheus one too!) Oh and once you remove the spyware you'll notice your system runs better too and doesn't crash (as much).. (I did this on a friends system and WOW no spyware=more stable system, still not as stable as Linux though)
I was talking to a friend today. He runs an ftp here at my school and is a good computer programmer. We got on the subject of operating systems* and he asked why i didn't run winXP, as it is provided free to all CSE students. I explained that it didn't run some games/apps (notably abandonware like the Cmdr Keen which I did pay for back in the day) and I told him that XP reports a lot of what you do back to MS. yay. gettin' monitored. I run windows 98SE for games. Now with a good version of Xine in my new OS, i don't need 98 for movies any more.
My friend blew off hte privacy issue, and that worried me. I mean, this guy trades warez, he has illegal movies, pirated MS office, and he doesn't worry about MSspyware XP. sigh. and this guy is supposed to be a computer-smart CS student.
*i mentioned how i was soon going to install mandrake 8.2, which btw, is beautiful, and i love you mandrake-linux. its just so...good...
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
goto http://www.Lavasoft.com and download ad-aware and the latest ref update and have it remove all your spyware from your computer..
Limewire is good. But don't download its Windows installer- that has spyware in it! Instead: install a JVM on your computer, then go to Limewire's page for alternate OS downloads, select "other" as your operating system, and run it using the JVM, without all the crap they bundle in. Most spyware is Windows-specific.
Yeah, it's a shame that P2P only became popular recently, in the age of the MP3. If it had been invented 10-20 years earlier, with RFCs, and had the stature of, say, FTP, people would be thinking of it as a fundamental part of the Internet. Instead we have this horrible situation, where anyone who uses a P2P client is presumed to be a freeloader or a criminal. P2P deserves better than a bunch of spyware-loaded clients that block each other's users from their own networks.
The new Morpheus marketing program is based on a technology called browser helper objects (BHO), which attach themselves to Microsoft's Internet Explorer browser
.dll that will be loaded every time your Internet Explorer starts. It is registered in the windows registry.
.dll file) and then deactivate it.
The Morpheus spyware is just a
So this bho spyware can be removed by using bhocaptor . Bhocaptor displays all bho that are registered within windows registry. So, what you need to do is to select Morpheus bho(a
As bho is an Internet explorer technology, those who are using netscape or mozilla should be immune to this spyware.
This like you asking a guy for directions to the "Stop and Rob", but he gives you directions to his brothers store, "Grab and Run". His brother lets him live in the basement of his house, because he sends lots of business to the "Grab and Run".
You wanted to get some YooHoo but the "Grab and Run" doesn't have any, and you were going to shoplift it anyhow.
Doubly pissed, you report the "Grab and Run" to the authorities (you saw a rack of VCRs in the back room, making copies of Asian snuff films.) The cops come and arrest the owner and throw his ass in jail.
After looking up the address of the "Stop and Rob", you head over there. The brother of the now jailed owner sees you, beats you to the ground, and takes your wallet. In your wallet is an I.O.U. from your boss to an employee that works in the same row of cubes as you. Your wallet is gone, and so is your mugger, so you get up and run over to the "Stop and Rob".
You ask to use the phone, and while the clerk is hitting on some drunk chick with a feather boa, you steal your bottle of YooHoo.
The only reason Morpheus and the other sites exist in the form that they do is because they've learned from the Napster experience. It's evolution, they're faster, smarter, and nastier than Napster, and their way of doing business is the direct result of the entertainment industry's failure to see beyond extending their stranglehold onto the internet.
The recording industry has demonstrated conclusively that a pure, straightforward way of doing things like Napster's leads to schools of lawyers swimming your way to protect the entertainmnet industry's right to fix prices without interference by consumers exchanging files on the internet. By destroying Napster, they left an ecological niche for the bottom feeders to slide into.
Now, the Dinosaurs of industry won't be happy with the stuff they can't block and we won't be happy with having to either go underground or risk using spyware to exchange files we've already paid for.
Stupidity and greed have failed to yield happiness. Why is anyone surprised?
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
Developers: Finally Real P2P With Brains
admittedly, they are using their powers for evil, but if they get rich off everybody warezing, more power to 'em.
And to think I actually -owned- streamcast.org for a while. Yeesh.
Bowie J. Poag
I saw this on a co-workers computer yesterday. IE (and the rest of his system) were virtually unresponsive - especially when it came to network operations. Turns out he had just installed Morpheus on it. Grabbed a copy of Ad-aware, ran it, and all his problems went away. Nasty stuff though...
Accept Eris as your Fnord and personally sate her
Taken from download page of Morfeus:
"This ad-supported software includes technology that will serve banner advertisments through the program interface. Morpheus also includes BuyersPort, a shopping portal that may log your IP address, track surfing habits online, and share aggregate user information to third parties. For more information, please refer to BuyersPort's privacy policy."
Ok, we know that morpheus is spyware. Would anyone mind telling me how to find that out? I have a few programs that i would like to test and see if they are whispering behing my back
The next stage of this could be fun, double click on the My Account icon installed on my desktop, and my account is moved from Lloyds to TSB.
:-)
Wow, I should not post when knackered.
I admit, I'm being a bit extreme with the title of this comment, but please consider this point, which I don't think has been brought up, yet:
.sig) runs. It's a very simple setup: you click through, buy stuff, and the nonprofit of your choice gets most of the commission (the parent company makes money, but hey, it's not like Amazon would give me the money back if I went straight there).
.sig, and subscribing to its shopping service.)
Shopping sites in general, as well as many other public sites that depend on referral revenue to operate will lose money as a result of this, and if this practice becomes common, will eventually have to shut down or change revenue models.
While you may not think that has a real impact on sites you personally visit (does Slashdot really depend on revenue from its click-through links to bookstores?) there are some good causes that stand to be hurt by this.
One highly-visible example of how hijacking referrals would be a real problem for a good cause is the shopping site that the parent company behind The Hunger Site (linked in my
Obviously, if Morpheus has a way to hijack referrals, that means it's now outright fraud. And yes, in situations like the one I just outlined, money that would otherwise have trickled to, say, a humanitarian organization that feeds starving kids, would instead go Morpheus (Not to mention that there might be some laws about using computer resources without permission).
Most people don't use the shopping site I mentioned, but they do use other sites that depend at least in part from referral revenue. You should find out what your favorite sites' (Anandtech, Sharky Extreme, Ars Technica, Slashdot, Everything2, just to name a small number that might) revenue sources are, and if any of them rely on referrals, you should consider whether another file service might fit your needs better.
(p.s. No, I don't have any formal relationship with the Hunger Site or its parent company, unless you count clicking its URL when I remember to, putting its site up as my
Get off my launchpad!
And you have installed Morphous on your net-unaware computer? :)
Wow, I should not post when knackered.
I have sent the following message to Robin Gross of EFF.
Dear Ms. Gross
I am writing to express my concern that my attempts to financially support EFF have been stolen by Morpheus and similar companies. I have long been careful to use the Amazon Affiliate Button on your front page for all of my book purchases. I have felt that doing this combined to support what I believe in simply and effectively. Since my purchases have been well over $1000 per year for at least the last two years, I know that it has to have been worth at least some money to EFF.
It has recently become apparent that Morpheus et al. have been placing software such as TopText and other scumware on users machines. These programs have the sole purpose of rewriting affiliate links. This effectively redirects the financial benefits of these links to the scumware operators. To put it bluntly, this is theft, no different than if they had taken the affiliate checks and written their own names as payee.
I have supported the EFF for years. I supported Morpheus partly because of EFF's support of them. But I am frankly disgusted by this turn of events. As the Director of the Campaign for Audiovisual Free Expression, and a staff attorney for EFF for Fair Use and Intellectual Property, I believe that you may well be the single best person to let them know they have gone too far. To take a principled stand on Fair Use is one thing. To pump ads to users while using the software is also perfectly legit. To actively steal revenue from other people, companies and organizations, even after the user has supposedly removed the software, without notice is simply beyond comprehension.
Sincerely
Walter Williams
Seen this? http://www.project-insomnia.com/grokster.html
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
The article said that StreamCast will:
1. Redirect users to another site to collect usage statistics before sending them to the site they wanted to go to. This might be seen as invading people's privacy, but no personal data will be collected, merely usage statistics.
2. Put up a shopping section in Morpheus. That sounds perfectly legitimate to me.
3. Put referrals to online stores inside the browser window in some unspecified manner.
Please note that 1) and 3) are two separate points. They won't redirect you to another site when you're trying to go to Amazon.com, and then claim the referral bonus. The redirection is only for collecting usage statistics.
And the referrals inside the browser window have nothing to do with the redirection.
There's nothing in the article saying that StreamCast will hijack other people's referrals.
There's nothing in the article saying that StreamCast will pretend to refer people to sites (like Amazon.com) when they go there themselves.
rm -rf Morpheus/
Somehow the word "conceivably" did not make it through the filtering into the final comment. That is, the corrected sentence above should read "Obviously, if Morpheus has a way to hijack referrals, that means it's now conceivably outright fraud."
I guess I typo'd the EM tags... I would hate to be sued for slander simply because I didn't couch this in properly oblique terms. Watch me be the next Morpheus scandal to hit Slashdot...
Get off my launchpad!
www.ebay.com
links to http://www.qksrv.net/image-280514-220264, which has an instant redirect to pages.ebay.com. I played with this in netscape 6.2 and lynx, and they still directly put me towards www.ebay.com. There is definitely redirection occurring here.
www.amazon.com
links to http://www.amazon.com/exec/obidos/subst/home/home. html/104-9801158-34639, while netscape and lynx go similar (but not the same) page in the same sub-directory tree. I'm not sure if there's a url redirect occurring here.
www.barnesandnoble.com
In IE, goes to http://service.bfast.com/bfast/serve?bfmid=2181&so urceid=21425507&categoryid=rn_home, then redirects towards a barnesandnoble.com redirected address. Netscape and lynx still go straight the low level barnesandnoble.com address. There is also definite, blatant redirection occurring here.
So, there you have it- out of just three simple checks, Morpheus went and screwed with two of them. I'm getting this crap off my machine and installing a better gnutella client.
Wow, it's so tacky that it's funny :)
These guys are going to be out of business soon. MusicCity is going down the poop hole.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Exactly. Why the hell are people using it anyways? Go here to download the spyware free and opensource version.
However, according to the News.com article, they are merely detouring people to collect usage statistics.
They'll also put referrals inside the browser window in some unspecified manner. Maybe this will take the form of some annoying extra ad banner, or maybe they will put a link to the Amazon.com page selling Britney Spears stuff every time the phrase Britney Spears appears in a web document. But that's only annoying, not "sleazy business practices".
More specifically, there's nothing in the article saying they'll hijack other people's links. See my other post, #3192878.
If you don't have it installed on your Windows system, then do so RIGHT NOW. Heck, these guys are heroes.. best of all it's free! :)
Never email donotemail@WeAreSpammers.com
Didn't Morpheus' just recently (as in last month) contain a prominent "no spyware" logo?
That sure didn't last long.
The plugin is likely to be found in the directory: /u filename and then delete it from the dir.
\winnt\downloaded program files\
where al the IE plugins are stored. I don't know the correct filename, but you should first de-register it from the registry by using regsvr32
Never underestimate the relief of true separation of Religion and State.
Download IEradicator and get rid of that POS for good.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
TopText is KaZaA's version of this mess so I assume Streamcast is doing basically the same. Specifically, it reads the HTML coming through and does two things. First, any link to an affiliate program it recognizes gets rewritten so that the referal ID is TopText's NOT the site which provided the link and content. Second, the text is searched for keywords which are then rewritten to be links again with a refer ID for TopText. This is the source of the so called Yellow Text links.
/. subscriptions, how bad would it be if all the ad revenue disappeared because Morpheus and KaZaA stole it? Now think about all of the free sites out there trying to live off the referal ads. They will all die if scumware like this becomes standard.
The first one is theft pure and simple. The people like me who write the site are trying to get paid by putting the link there. KaZaA, Morpheus etc are simply stealing scarce and hard earned money from others. The second activity might barely be legit but not likely. For example, if I linked "Buy your books at BN" with my referal ID and TopText then grabbed "books" to point it at Amazon, I have still been robbed.
If my sites didn't make at least some money off the links, they would disappear when the hosting bills come around. For all the screaming about
"Shopping sites in general, as well as many other public sites that depend on referral revenue to operate will lose money as a result of this,"
What utter nonsense. A business is supposed to make money by selling a legitimate product or service. If a significant portion of your revenue comes from "referrals" and not from the sale of a legitimate product or service, then you deserve to go out of business.
Since when is this not a legitimate service?
By saying that referrals are not legitimate services, you're saying that the site that Greater Good runs, (the one that gives most of the revenue to nonprofits that I mentioned earlier) should go out of business. You're also saying that all of those 1-800-DENTIST or whatever lines should go out of business; they do the same thing, except for profit. And you're definitely saying that all the little if-you-find-my-program-useful-please-click-here-a
Get off my launchpad!
Gnucleus runs perfectly under WINE btw.
there are native gnutella clients that run natively under nearly every operating system.. its kinda dumb to run one under wine when you can run it natively.
kchhrr.
To hell with the idiots downloading porn or warez.
This affects website owners. Many small websites make ends meet by their affiliate links. This will steal that money away. This is one of the few way small webmasters can make money - short of begging.
And aren't we all sick of the virtual begging cup by now? Don't let the last legit way for sites to make money be destroyed. Sites that don't have traffic for banner ads sales, need these sales. They need this income. If this takes off, it will wipe out small sites everywhere.
As an example, look at http://www.gonegold.com
Informative helpful website. IGN pays them squat. But they do make money on their affiliate gaming links. Take them away and who will pay the site's bandwidth? That is the real issue, that is the real fight. And for some smaller sites, this really is a fight for their survival.
By the way- what is the implications that the only thing you have to agree with when installing morpheus is the gnu license. their is no mention of this spyware(even though it is installed).
Chet
eSafe, ( http://www.esafe.com ) was my cure against IE paranoia while I had to use it.
They do sort of "proactive sandbox security" so eSafe alerts you if some sort of "scum" added to IE 's special helper apps.
Even it watches startup folders and registry continueusly.
Program is kinda problematic on some machines and *sigh* no more totally free, like 1 month of nag free trial now.
Ah, they are proud that none of their customers/users was infected with ILOVEYOU virus before it was known even.
ah found the word, its "behaviour blocking".
One of the guys at work had this on his PC, but after the weekend I came in and our IDS had reported shitloads of snarky portscans aimed at him. So he took it off again.
Just don't go there....
PS. EMI report today that due to falling profits, they're laying off 1800 people. That's eighteen hundred people who have lost their jobs, because of shit like Morpheus allowing easy piracy..
Don't forget that. Music theft costs ordinary people their livelihood.
"Information wants to be paid"
So what do we call this new kind of undocumented feature? What is the software now? Ad-aware killed off (almost) anything that could be classed as spyware, so I guess this is now redirectware, or something. What a lot of people don't realise, or remember sometimes is that not everybody has their own computer, and morpheus is probably stored on a family computer where lots of people are using the internet for different needs. Software like this could potentially do any number of harmful things. What was that software that "saved you time" by keeping your form details, or that other one that was catching browser inputs and archiving them. I think just the email addresses alone would be worth a few hundred dollars ;)
...that comes up all the time, particularly with reguard to virii and warez. If you can't trust the software - don't install it. When you run any .exe in Windows, you accept that you do not know that it is going to do - at all! It may format your hard-drives, and mail all your porn to your mother.
/usr/local for others, so I never need to log in as anything but that unpriviledged user.
So, if you don't want all the crap, don't use software you can't trust. How do you know if you can trust it? Well, you could audit the source code and compile it yourself. You could write the software yourself. Or you could get the software maker to sign into a legally binding contract which says that their software will not do anything but its primary intended use (for Morpheus, this would be stealing music), and that they must disclose everything that it's going to do to your computer. Fat chance of that.
What do I do? I run Linux. I only login as a unpriviledged user (I have access to my home directory, that's all.) All the software I install I only install into my home directory (again, as the unpriviledge user.) I'm the sole user of my machine - I don't need to be putting it in
The security then isn't perfect, but strangely enough, most open source projects don't include spyware/scumware of any sort. So I don't worry about it.
Running any priviledged executable is the ultimate shrinkwrap EULA, saying, "I give you permission to do what ever you want to my computer." We'd all be a little better off if people were more paranoid about their computer - but if they don't mind untrusted software messing around, who am I to stop them? Maybe we'll get lucky, and the next version of Morpheus or Kazaa will automagically lock out any user that downloads it. That would provide a nice lesson. Would it be a virus? Well, you chose to download it and run it yourself. So, I say no.
What do you think?
Jake
Dating: while( 1 ){ call_girl(); get_rejected(); drink_40(); } return 0;
I'm a sysadmin in a large call centre which used to tolerate a certain amount of personal use of it's computers. One of the main helpdesk requests to the IS department had was for ghosting's of computers which had been so f**cked up by various bits of spyware. The worst offender by far was Save Now, getting it to uninstall was a pain and even when you did think it was gone, it would reappear sooner or later. We firewalled the Save Now website and any addresses the app connected to to and rather than die after 2-3 attempts the plugin would thrash the firewall contiuously trying to make a connection. We also came across a particular nasty spyware app which had no visible front end but would randomly redirect you to a porn site, thankfully we had Super Scout installed which blocked 99% of porn sites. However this didn't help the poor employee who unknowingly had this crap on his PC as he though he was going to be sacked for looking at porn (we have always had a very, very tough line on porn).
Most of the spyware on the computers was not intentionally installed which is what made it worse. The last straw for us was when we discoverd a Win98, 1ghz Pentium with 256mb RAM and a fast hard drive taking 15 minutes to start as it was loaded with so much spyware/plugins/rubbish and they all wanted to start simultaneously, running a packet sniffer on that particular machine showed that spyware was using over half the bandwidth available. We locked down the network after that barring access to anything known to inolve file sharing, plugins, spyware etc. However there is an interesting side note, we had a retained lawyer with IT specialisms, aparently the UK Computer Misuse Act makes it illegal to alter the contents of a computer without getting the users authority, which was interesting.
It's bad enought these spyware app's stealing money from deserving small websites and let's face it users as well. You just need to see the damage they can do to networks and computers as well, I can see a lot of sysadmins becomming very angry if these sort of applications get more sneaky and nasty in the way the operate.
Aren't Lloyds and TSB the same people these days?
Yeap :)
I could not think of a diffent bank.
Wow, I should not post when knackered.
Joe average user just think "I wish PCs were easier to use, I sure as hell won't switch to Linux, Windows is hard enough for me!"
Sent from my ASR33 using ASCII
What about the /real/ referers? Can they claim damages?
-- 'The' Lord and Master Bitman On High, Master Of All
Gee, a company that makes money off of helping people steal is doing something else sleazy? Who would have thought!
Has anyone ever known a company to be honest in it's business practices?
I have played with a couple of them.
Limewire has spyware/adware hardwired into the program, at least in the Windows version. Re-apearing Reqistry keys shows this.
Seems to be possible to run BearShare without all the snooping. But 3rd party crap is included and you must be careful not to get it installed..
A bit offtopic but still on the subject of spy/adware.
Now even my Logitech comes with a lot of crap that when you try to install their drivers, you have to read carefully right to the end what the diaglog boxes says and even after avoiding all their "helpful" programs there seems to be one or two programs running in the background that you can remove without it having any impact on the functions of the mouse like the webwheel etc. witch by the way will have a date with my packet sniffer one day, I'd be surpriced if they didn't do some monitoring.
That Logitech was really too much, they REALLY tried to shove a lot of junk down your throat. Which made med loose the last ounce of respect for the company. I am a user who knows what to look out for, but I'll bet that 99% of the mouse buyers just answers yes to it all.
this is a horrible pratice. the real question is how can it be stopped and how many other services are doing the same thing?
"My heart is in the work." - Andrew Carnegie
From here, which is from your link:
BHO Cop 1.0
I ran it this morning and don't seem to have bee infected by their fraud so I don't know what the BHO looks like that belongs to Morpheus, but this app looks pretty helpful.
I'm the big fish in the big pond bitch.
As I've said before, 95% of the readers of Slashdot are just wanna-be Linux users, who use Windows cos, Oh, using Linux on the desktop is just too tricky in todys world.
Can't someone port it to KDE/Gnome?
If your such a real hardcore linux geek, and better than 95% of the slashdot readership then surely you would be able to port it to linux yourself.
A web browser or an ftp client allow you to steal music and porn. Blank paper and a pen allows you to steal sheet music, books etc.
There is nothing illegal or wrong about p2p software, it's just another way of transferring information.
graspee
If they're "hijacking" affiliate codes then they're not the first people to do so. eBates is a company that uses affiliate programs to get 10-15% commissions on sales and then gives the customer back like 3-5% or whatever. They have a piece of software called Moe Money Maker which apparently tracks every click you make, and if you visit a site that has an affiliate program (through linkshare, etc), when you land on, e.g. http://www.moviesite.com/product?title=blabla&sku= 123-131,
it redirects you to http://www.moviesite.com/siteID=ASDFKLAAKIAIRTHAI (the eBates referrer code) so eBates gets a commission - regardless of whether or not the user used eBates to find the store. I work for a company that's had this happen a couple of times and we really hate it, but we let it slide because we'd rather sell the item than not. The only solution is to block eBates as an affiliate, which we don't really want to do.
It's most annoying when the user comes in through a search engine that we've paid Overture to list us on. Some of our overture keywords are over $1, so we have to pay overture $1 plus we have to pay eBates the 10-15% commission. Very annoying, but still better than making no sale at all.
rooooar
People in glass houses shouldn't throw stones.
The way the P2P "companies" are working lately makes me wonder if the RIAA hasn't already taken them over and are secretly running them into the ground to teach the users a leason. Now that's a business plan. ;)
Or you could get the software maker to sign into a legally binding contract which says that their software will not do anything but its primary intended use (for Morpheus, this would be stealing music).
Just a nit: if the subject matter of the agreement is illegal (ie. stealing music), there is in fact no contract. So if I sign a contract with you to whack your neighbor, I can't legally enforce the contract in the courts. (And not just because they'd arrest both of us for murder; the "contract" doesn't exist.) This is why you see "alternative" methods of enforcement for such agreements.
The Daily Build
Yes, it's truely ashame that companies don't make more money off of the Internet. If I had a nickel for everytime someone clicked my link , the world would be a better place. I mean, imagine people enjoying the Internet with out referer fees and dynamic redirects. What a horrible thought.
BTW did you click my link yet? How about my link now? I have no vested interest if you click my link . NO really, I don't; in fact whatever you do, don't click my link . Please, for the love of God, DON'T DO IT!!!! my link
I've found an easy solution to avoiding Spyware... VirtualPC. Simply install virtual PC, throw a copy of Win9x on it and install any questionable programs on that, such as Morpheus. It's the perfect setup... I can keep my real system spyware free, while using every app I want, no matter how much spyware it contains... all of the crap simply stays on the Win9x VirtualPC, where I could care less since it doesn't get any real use for web browsing or anything else...
Another reason I use Opera.
The only thing that this doesnt do is replicate to other computers. The Morpheus Borg is here.
I work support for an ISP and gets LOTS of calls abou not being able to browse because of these types of apps, like webhancer....webhancer shows as a running program whagent...how do I see if a customer has this new marketing helper installed/running?
at the end of the day, it's great to go home and fire up my mozilla browser, sometimes it feels real good to be unsupported.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
There's a difference, though.
In Intuit's case, they're trying to be helpful with targetted ads ("If you need a tax program, maybe you need a bank -- try this one") and they're obviously being open about it. Shortcuts on the desktop do not bug me. Highlight - click - drag - delete. (And ideally, this should be lowering the price of the software... fine by me.)
What does bug me is when a program silently installs something named 'cdload.exe' or some other important driver-sounding thing in the background which randomly pops up IE windows every 30 minutes or so, and really confuses the heck out of me (especially when I didn't have IE running in the first place!).
To me, "monkeying around with the computer" really means surreptitiously installing boot-time-start daemons which consume resources and spy/spam/etc actively, not just throw a few links around....
That's the difference between scumware and just selling "sponsored links".
Why not? Bill Gates = richest man in world = pissing on customers is clever business strategy.
QED.
-Styopa
On a scale of 1 - 10 for sleazy business practices I would rate this as a 11 or a 12 !!! The nerve of these people to hijack your browser and send you somewhere else. I have heard about sneaky plugins that detect the keywords you type in to a search engine and pop up banner ads to you. But, this takes the cake! We should all file a class-action lawsuit against them. When will advertisers learn that they are not "above the law" !?!?
See Fair Software Installation here on SlashDot. This is just the tip of the iceberg -- many, many applications will do this kind of thing. You CANNOT rely on the "good will" of software authors any more. There must be a technical and legal framework in place to prevent these kinds of abuses.
I would like to see a nice decoded packet trace so we can see just what the plugin does. It's not important enough to actually install a M$ OS on one of my computers though.
If any of you use this sh-- do us a favor and sniffit so we can see the GET requests. Nothing like the horses mouth to get accurate information. Or maybe it's another part of the horse w/ M$?
BTW: Just in case there is still a M$ user that reads the page, you'll be happy to know that pcap, tcpdump, and ethereal have been ported over to the lesser OS. This means that you can sniff the wire like real men. Do a google search for winpcap, windump, and Ethereal. You won't have to steal any license keys either.
In the world that gave us the Bhopal disaster, the Sonny Bono Copyright Extension act, and the conditions of migrant farm workers, I have trouble rating browser redirection more than a 4.
> No fucking Linux version.
./configure and make under Nix.
So? What's wrong with supporting one platform well rather than many platforms poorly?
It's not as if the world is short on Gnutella clients; use one of them; do you want me to whinge because x *ix Gnutella client isn't available as a Win32 native app?
> Can't someone port it to KDE/Gnome?
Sure; you. You seem to want it so badly, go right ahead. Have fun replacing all those Win32 API calls with Unix equivilents, and testing it on 20 different platforms, while keeping it in sync with the original version.
> Anyone using Sourceforge should have to make their stuff
Why? Last I looked SF was for open source projects, not open source *ix projects.
I guess you're going to go and whinge for a Linux version of Descaler next.
(Score: -1, Dumbass)
Yet you beleive this does not mean your point 1 (the invisible re-directs) and point 3 (the referrals) are related? That is explicitly what the article says. (What's the opposite of FUD?)
Raisinettes are my raison d'etre
I installed the latest version of Morpheus, and like the bad Internet citizen I am, I did all I could to limit file sharing. In fact, I deleted every directory off the shared directory list. Yes, I fully admit to being a hypocrite who downloads stuff and doesn't share his own.
So what happens? After running Morpheus for a couple of days, I note from Zone Alarm that I've uploaded about 600Mb through Morpheus. How? The hell if I know. Maybe by deleting all of the shared directories Morpheus decided I wanted to share my entire hard drive.
What was uploaded? I have no idea. If were paranoid this would frighten me.
An now someone says that Morpheus can redirect my web browser. Shudder.
144l. ph34r my 133t l3g4l 5k1lz!
Fuckin' picky judges! The Morpheus people work hard on this, and still you leave them with bitter disappointment. What does it take to get a perfect ten?!?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Read the license closely - you agree to have your search page, your home page, and your favorites HiJacked when you install that crap! In my case the ActiveX applet was NOT signed by a cert that my browser trusted. Needless to say I skipped their "download applet" and went elsewhere. Lot's of P0rn sites are popping up dialogs asking to be made your home page - on one case I saw the dialog had been modifed to say "click yes to proceed". I didn't fall for it but I know someone who did...
A woman I know who has several young kids did a search for "puberty" and when following a link she got into a pop-up site. She must've hit "yes" to one of the dialogs because her homepage was now smut - not that the "Yes" button has default focus. She was in tears by the time I got her straight, she was deathly afraid her kids would see that crap before she could get it fixed. (sigh) Some of this stuff is REALLY sleazy and it's getting worse...
I now use Serials2K instead of going to Asta when I need a number. It has the added bonus of allowing you to input your own serials and store them in an encrypted format. Can be ported to a Palm too!
Build it, Drive it, Improve it! Hybridz.org
Documentation on Browser Helper Objects (BHOs) at MSDN.
S
Just use Qtella. Is that so hard?
Hey kids, there's only 5 days left 'til Yak Shaving Day!
sounds as bad as the problem which let morpheus users browse any file on your computer! oh wait, that was fake, too... sometimes I wonder if "The Industry" fabricates/leaks info like this to dissuade people from using such software.. of course, everythings a conspiracy and if it's posted on the Net it's true, right ? :)
If you associate with criminals and thieves you can expect some rough play.
Don't tell me this isn't about thievery, that's bullshit. When we find the "P2P File sharing service" that isn't ***primarily*** about enabling the unauthorized distribution of copyright and otherwise encumbered works then we can talk about legitimate.
I was a senior UNIX admin at Napster for a year, this doesn't make me an IP expert but I sure did spend a lot of time very close to this issue and some of the principle people and events. Not to mention my own collection which is about 50G ripped from my own CD's.
Morpheus/Kazaa/whatever. Why are you alarmed to find out they've got a knife at your back? They're crooks!
It's worth noting that the new reference list for Lavasoft's Ad-Aware identifies this.
"Moderate drinking can help prevent amputated limbs" -- Abigail Zuger, NYTimes, 12/31/02
of redirect since I installed the preview client.
BHO Cop as well as Ad Aware do not find anything.
There were a couple of things I replied no to and I did a custom install.
errr....umm...*whooosh* *whoosh* Is this thing on ?
See, this is what gets me. We'll call a practice like this "sleazy," but never mind that everyone's using the softwear in the first place to steal and pirate music, movies and software.
That's freakin' rich.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
WARNING: any product not purchased through a physical location and highly overpriced is and should be considered "contaminous-opensource-unstable-hacked-cracked-il legal-nazistic" and god will kill a kitten if you use it. :)
Ave Molech Setting
Well, maybe that's because they effectively do own the user? Operating systems are still designed around the idea that any application has all priviledges the user running it has. This is a good idea if you have small tools -- e.g., cat may read all the files that I have read permission on. When you have larger applications, like a complete office suite, this solution is somewhat less good. Once the user installs software from the internet, this design is a fundamentally flawed one.
Users expect that e.g. on a UNIX system, cat will only read files, and therefore it is a perfect idea to let cat read all files that the user has read permission on. The user's perception will be "I may read this file," when technically it is actually "software I run may read this file."
As soon as the user installs software that does things they don't expect, because the software doesn't advertise all of its functionality, this model breaks. Most users won't even find out, and if they did, they'd probably ask "why is Morpheus allowed to do this?" The user will no longer have the perception that he is doing things, and will have to realize that actually it is the software doing things. The operating system however is still designed around the idea that everything the sofware does was intended by the user. (No, I don't have an idea for a better design.)
Sig (appended to the end of comments I post, 54 chars)
It is http://furthurnet.com Sorry.
The desktop is a "private part" of the user's computer? Not hardly. And, yes, they're paid placements for companies with whom they have a financial relationship. I don't have a problem with that.
Are there any Linux clients that support multi-source downloading other than that hideous blob LimeWire?
:)
:)
That's my main reason for trying to get Gnucleus working under Wine
Speaking of which, Bartok, how'd you get it to work? Did you have to copy any native DLL's, etc? I can get Gnucleus to come up, but the search bar is missing... It's not much use without that
"People that quote themselves in their signatures bother me" - athakur999
this all brings to light IS THE FORCED DOWNLOAD OF A "PLUG-IN" OR "AFFILEATE" PROGRAM ILLIAGE? think about it.... its sollisitaion. if you buy one thing you CAN get this other thing free. on the net it's you must unclick this box and read 5 pages of legeal BS so you dont.......o and we researve the right to over-turn your unchecking of that box beacuse it our software......but were giving it to you free so you shouldnt grip you ungreatfull slave. is it me or does this sound like the "company store" to anyone else.
Careful what you say around me.. I will assume you mean it.
Callum, Spouting off because he thinks he's smart, not cos he's right. Ass
Quick to jump to conclusions aren't we?
I think you're wrong about slashdot readers. A good part of them are wanna-be Linux users, and most of the rest are wanna-be knowledgable Linux users who pretend that because they can install a big-name distro all by themselves everyone will believe they're really intelligent. And then there are those few of us who don't have a juvenile mentality, and are comfortable enough with our Unix skills to not be afraid to mention Win32 software when it's relevant.
I didn't make the point because I frequently use either Morpheus or Gnucleus. When Morpheus made the announcement I tried both of them--curious to see how far they'd forked the Gnucleus code, and what they'd added.
My observation is just that there is no value in extending GPL software if your strategy is to only add shitty non-features.
Don't blame me, I get all my opinions from my Ouija board.
It's not even a clone - it's a fork. They didn't even bother to rename the directory in which the source is - it's called gnucleus2 or something:P
0x or or snor perron?!
Uh... any competent network admin would be using the 98 administration kit to lock down all client machines on the network so that no software cannot be installed and run without the admins permission (The IEAK works the same way for IE).
I hear of "networks" having this problem and I'm flaberghasted. Whose running these things? This is a non issue if the IT department actually did their jobs!
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Internet Explorer has run a redirect through Microsoft's site since at least version 5.0. They claim it is to inform you of "Product Updates", but they still get to see where you were trying to go.
DRINK DUFF (responsibly) DRINK DUFF (responsibly) DRINK DUFF
I want plugins that will display content that the basic browser does not. The browser should pass unrecognized content to the appropriate display engine and provide it a wondow to draw into and the plugin should display the content in the window.
WHY CAN THE PLUGIN ALTER BASIC BROWSER FUNCTION?
This has got to be a huge security hole just waiting to be exploited.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
If it looks like c|net is taking a stand in this article, perhaps it's because c|net's reporters will lose their jobs if c|net can't generate income through affiliate links. Note that many of the banner and button ads you see on c|net and other web sites (probably including Slashdot) are actually affiliate links -- the site is not getting paid unless sales are generated and tracked to the content site.
When Morpheus or any other app checks the URLs and replaces other affiliate codes with its own, Morpheus is trying to take revenue from someone else, without providing any benefit to the consumer or anyone else.
The good news is that most affiliate managers refuse to pay commissions to any "affiliate" who uses "predatory methods" like this. The affiliate managers realize that smart affiliate sites won't do business with any merchant who pays the "hijackers" in this situation.
The bad news is that if the hijacker replaces the affiliate link, even if the hijacker does not get paid, there is no way for the sale to be credited to the "real" affiliate. The hijacker is also likely to mis-manage the multiple redirects that often happen when a link passes through two or more ad servers (common with affiliate links that look just like paid banner or button advertising).
In the end, if these predatory software tools become more pervasive, content providers will lose all incentive to provide "free" content on the internet.
This issue is not unique to "predatory browser add-ins." Other content providers are threatened with loss of "the benefit of their bargain" in other ways. For example, that the TV networks have battled hard to discourage marketing of TiVo and ReplayTV as "commercial skippers" because if too many people find ways to skip TV commercials, then the advertisers won't pay the rates, and the networks eventually won't be able to spend $10 million on the next episode of "E.R."
Maybe, in the end, we just won't have advertising-supported content like we do now. Certainly, the current revenue model isn't working to pay the salaries of content producers: even with intrusive pop-up and pop-under advertising, and rows of banners and buttons, big content sites often earn net rates of a few pennies per thousand visitors, and some earn only a few mils (tenths of a cent) per thousand visitors. Those earnings might be enough to cover the server and bandwidth costs, but not to pay a single part-time reporter's salary.
So maybe in the end, the only free content will be sponsored directly by big corporations, who have good reason to pay to control the content and viewpoints of the news we read.
Or maybe some of us will break down and start paying for web content, if only someone would come up with some workable mechanism to allow micropayments (payments of a few mils or a penny to view a web site for a day, or to read an article).
-- http://www.MarkWelch.com/ Pleasanton California
That bloody Bonzy buddy is as annoying as the paperclip...
No sig
This is tantamount to theft and fraud. Musiccity.... what a bunch of pr0n-ad-spyware warez-mongers. Then again, blame the people that install these closed-source spyware progs. As they say, know what you're installing lest you pickup a virus.
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
Yah, I guess they need to take a lesson from little kids in China and South America, etc., and learn to make clothes and toys for rich Americans and their kids if they want food and stuff... right?
Get off my launchpad!
10: fucking over billions of people (living and yet to be born) by sacrificing their only habitat for short term financial gain
...
9: torturing people and supporting psychotic murdering tyrants
much, much lower: some scum suckers leaching a few dollars with a Trojan horse
Does anyone else realize that is is similar to the tactic that IE does nowadays?
Type in "www.asdfasldfjkasdklfjas.com" in an Internet Explorer window and watch it take you to "autosearch.msn.com".
And people wonder how MSN could claim to be more popular than google.
But please note, the article only says the redirects can be used to get referrals, not that StreamCast actually plans to use them that way. StreamCast says that most referrals will happen inside the shopping section of Morpheus, and that Morpheus will use the redirects merely to collect usage statistics:
"Most of the referrals will happen inside the Morpheus application itself after the new version is launched with a commerce section, [Griffin] said."
"The company on Tuesday said it has begun installing a Web browser add- on that sends some Morpheus users on an invisible Web detour aimed at capturing data about file swappers' surfing habits. [...]
Those separate servers, run by marketing companies including Be Free, count how many times Morpheus users stop by."
I keep ending up at The Onion when I type in slashdot.org!?! I didn't noticde at first.
"The big question in our lives is how to be at the same time a hedonist and in a hurry" - Alain Ducasse (?)
All destinies are final. That's what it means. If you haven't gotten where you're going, you aren't there yet.
"With sufficient thrust, pigs fly just fine." -- RFC 1925
gtk-gnutella is really good.
chris@xanadu:~$ whatis /.
/.: nothing appropriate.
The article says that they are not pretending to refer people *now*, during the testing phase, and are merely collecting usage statistics. But from the article, it sounds like this is the intention when the marketing tool *officially* launches:
... By invisibly inserting the redirect into Web surfers' browsers, StreamCast can make it look like it is referring traffic to shopping Web sites without the shopper ever being aware that the Morpheus technology was involved. "
"When the full marketing program launches in April, Griffin said the affiliate program that sends Morpheus users to participating shopping sites will provide them with some reward in return.
Caveat Emptor is not a business model.
For who, Microsoft? Maybe you could take your fingers out of the poison-dusted candy jar of IE-forced HTML extensions and back off on your 'Artistic vision' far enough to let all the OTHER browsers work with your site?
Or maybe you're happy with MS forcing their standards on the internet?
We do use the lockdown kit and have done for quite a while, initially to randomly monitor client machines for dodgy stuff then later to lock machines down. Unforunately it just does not work! Plus there is the social engineering of this scumware which takes advantage of users naievity to make them think the app is of real benefit to them and mentions phrases such as "Will work behind most firewalls" or "This plugin can bypass you network security setting which sometimes blocks innocent programs like this". The sad fact is scumware programmers write their software to bypass security mechanisms sysadmins put in place. We now simply rely on a good old fashioned firewall and signed agreement that says if you install unauthorised software you'll be out the door.
You seem to be operating under the impression that the competent network admin is the entire IT department. It's really easy to crucify the IT department as a bunch of bumbling incompetent fucks, but I can just about guarantee that the techs will want your head after they have to personally service every special request from every user to get this or that item installed. You can sit on your righteous high horse all you like, but once you try to force it into reality, you'll learn real fast that policy decisions have real and unintended consequences.
Admining a couple linux boxes does not make you an IT division.
I've finally had it: until slashdot gets article moderation, I am not coming back.
I have the newest version of lavasoft and it didn't detect it. Morpheus' little redirect fairy wreaked all kinds of havoc on my comp when I used norton firewall to restrict access of the website they send you to- www.inmotiongolf.com. Once I restricted it, xp froze completely and after rebooting, it would freeze everytime once imapi.exe loaded. After a few hours of figuring out what the hell just happened, I reinstall my firewall, uninstall the superevil morpheus, delete c:\windows\bpboh.dll, c:\windows\rdxr020305.dat, and c:\windows\system32\rdxr020305.dat. System clean, no more spyware, no more crashes, and I hope whatever ad wizard decided to throw that little component into the new Morpheus drowns in a pool of his own vomit or better yet stops by my place so I can beat him about the head and neck with my keyboard.
The two programs it installs are called MDM.exe and is something else that does the same thing. They both run silently in the background, popping up windows and banner ads whenever you visit sites. Its annoying as hell. Of course, you could just use Moz and disable pop-upwindows and then uninstall Morpheus.
-Vic
Go here: http://support.microsoft.com/default.aspx?scid=kb; EN-US;q298931
Rapidweather's Linux Screenshots.
I got the latest version of Morpheus installed, ran the BHO Cop mentioned in Cnet that should be able to track and disable the BHOs. (link to BHO Cop: http://download.cnet.com/downloads/0-3364664-100-5 930345.html )
Results:
- Morpheus-related BHOs found: none
- Adobe Acrobat related BHOs found: one
So I'm asking you people raving here, have you verified if that article is true at all?
-jaaba-
There is a page at this site dedicated to browser hijackings, and how to remove them. There is also a good size thread on the forum. Hijackings are becoming more and more prevalent, with lop.com (don't go there! ;) ) being the latest up and comer.
http://www.SpywareInfo.com/hijacked.html
Runz -- you are so gay! --Drives