Slashdot Mirror
A New Low for Web Advertisers: Pop-Up Downloads
rizzmanix writes: "I thougt it was strange that I had been getting a lot of pop-up download prompts for the Gator software as I browsed around the web in the recent days. Why were all these sites requiring this Gator thing I wondered?
Well I wonder no more... as apparently advertisers hit a new low by running 'pop-up downloads' instead of pop-up ads. Sneaky, underhanded, nasty and vile."
It's a complete disaster, waiting for applications to forcibly download when you're trying to surf. It has to be the most invasive form of advertising yet.
Is it actually legal to put something on a user's machine without permission? Sounds almost virus-like.
If I weren't nailed to the penis, I'd be pushing up the daisies!
What's interesting and revealing about Gator's approach is that the well-known Nimda worm spread by injecting popup download code into IIS-served web pages, exploiting a vulnerability in Internet Explorer that caused the user NOT to be prompted before the dowloaded program executed.
This kind of thing has been making headlines in Germany recently.
Many sites try to coerce users (especially kids) into installing
"high-speed" or "priority" internet dialers that in reality just change the default internet
connection to an extremely expensive number. By the time you
get the phone bill, it's often in the four-figures. The telco
doesn't want to be responsible since they just rent out the
numbers, and the companies that rent them are also mostly resellers with
with the final "customers" mostly being based outside Germany.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Does anybody actually like the software? I accidentally installed it once, before I had heard about "spyware" and "scumware" and I just found it completely annoying. Now that I think about it - I had to do a google search to find out how to remove it, and that's when I first learned about that sort of thing.
So my question is: Is there anyone who actually WANTS the software? Or are ALL copies there because someone accidentally downloaded it and doesn't know how to remove it.
God is real unless declared integer
The problem is the advertisers are shooting themselves in the foot. The more irritating their advertisements, the more numb the readers become. If they shout all the time, people will learn to ignore shouting. I already am so used to killing the popups on weather.com that i know when they pop up and kill the windows with a swift keystroke before the ad image even loads.
---
Play Six Pack Man. I
I would think that this is partially illegal to install software on a person computer without that persons consent.
I would think that it's COMPLETELY illegal to do this. If the program that's getting installed were to wipe your hard drive, there'd be lawsuits galore and FBI people kicking down the doors of the company hosting the hostile download. Why exactly nobody's been able to convince a judge that this is the same thing is beyond me.
I got royally flamed in a mailing list for complaining about a site that tried to force gator on me. The admin's response was "it didn't try to install gator, it asked you first." My argument was "it only asked me because it tried, and my browser said 'no.'" Naturally, we got nowhere.
It's even worse if they find a way to install without prompting the user. Not only is that a wide-open door for serious viruses, but it ABSOLUTELY removes any semblance of authorization (and I'd argue that a user blindly clicking "yes" to simply make the damned download panel go away doesn't constitute informed consent, either).
As long as you're quoting the article you read, how about:
Why, gosh, the article you castigated the first poster for not reading says that sometimes you don't have to give your consent, just like the first poster said. So who didn't read the article?
Actually I just went to Gator's site to see what this auto-download looks like -- visit http://www.gator.com/download/msie.html -- and it looks like it is signed by Verisign. Maybe we can get their certificate revoked. What good is the certificate if it isn't protecting you from malicious code? Alternatively, can you create a list of certificates you will NOT accept? Just wondering.
rooooar
Why can I ONLY see a checkbox for "Always trust downloads from this company"
and NOT "Always MISTRUST downloads from this company" on the install dialog on IE?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
Well, for those of us who are forced to deal with an Micro$oft environment, there is some good news. Remember Nimda? It operated in a similar way when it was spread through web-pages, by forcing a download. Internet Explorer had a weakness that allowed this to happen. Now, however, they have the fix in IE 5.5 SP2... might also want to get whatever critical updates there are from the Window$ update site. So if you have that, and the patch for Nimda you shouldn't be forced to do anything. Cancel should always be allowed.
And honestly, people, if you set yourself to automatically accept downloads, you're just asking for a trojan.
Now that you know the defense, let's talk about the offense. Some very respectable Hackers have already created programs designed to kill browser popups. Might I suggest as a new challenge for these ingenius few that a program be created that you can simply set an auto-cancel after a program asks you once to download it (like Gator)?
For those of us without that level of programming ability, I recommend giving these companies that do this a flood of email complaints, expressing just how much we detest the all-time low they have reached. Since so many of us are in the IT or helpdesk field, we're in a unique position in that people believe what we say. If Gator persists in these forced-downloads, then start letting every single one of your customers know that Gator stands a chance of royally screwing up their operating system and compromising their security. If they ask for specifics, look for any bug whatsoever that has been reported, or that you can find in the program, and exploit it like a cheap tabloid. If it crashed one persons system and made them reboot, then it -always- crashes systems... etc.
Of course, I myself would never result to any illegal means, but legal strongarm tactics are very effective when done in mass-quantity. If enough of us get together on this, and enough sand is thrown by enough people, advertisers will eventually get the hint.
Now who's with me?
-The Libra
"Maybe Lisa's right about America being the land of opportunity, and maybe Adil's got a point about the machinery of capitalism being oiled with the blood of the workers." - Homer Simpson
I think we'll only be able to escape the constant bombardment of advertisments (And skript kiddie attacks and all the other comparatively recent crap) by establishing our own network on top of the internet. It's easy to do and we're technically capable of doing it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
On the seedier side of the web, nothing new folks. Just now its spyware instead of trojans, thats all. (oh wait there is a difference. . . .)
A lot of japanese h-anime sites (the less artistic ones, yes there is artistic hentai, get over it and deal.) use a dial up program of some sorts that I am (assuming) dials some sort of toll number, but it only works if you have a dial up modem, negates the need for a credit card though.
Some of the seedier US web sites I have seen actualy attempt to automaticaly do this to you (ouch) luckily enough I have a cable modem and I uninstalled my regular ol' modem quite a while ago. ^_^
My Japanese Tutor actualy had a related problem, (didn't look at porn, damn thing managed to spread anyways, VERY annoying). One of these toll programs (one of the less respectable variety) got on the computer and refused to go away, hooked on to everything.
Nasty stuff.
Need help treating your acne? Come here!
Hear, hear! In almost all cases that I have seen, JavaScript stuff could have been replaced with ordinary HTML and been made cleaner and easier to use. There are a few cases where client side scripting is useful, but most are just stupid abuses, like the one on this high school page that makes an annoying message appear in the bar where link destinations are normally shown.
Perhaps this is just my paranoid fantasy, but this is what I predict we'll be complaining about this time next year.
...
This sort of technology married with something like Passport of PayPal or other private information store.
You innocently buy a book from the web and unknowingly register your credit card information with a service that will do you a favor and make it 'simple' to order things by simply clicking a link from a member site, etc. They'll sell it as secure, convenient, cutting edge goodness and you'll figure 'what the hell'.
From now on, they automatically send you merchandise you never asked for, but they think you'll be interested in. You opted in. This is YOUR problem, now. They send you books, CD's, new credit cards, address labels, elbow pads,
The burden is on you to remove yourself from their lists, now. But they have a policy that you didn't read - to opt out now, you owe them a fee for terminating the contact. You are embarrassed because you got yourself into this mess and just want it to end. You spend an hour or so a week returning goods that you never ordered. Just praying that they will credit your account. You'll later find that every return was 'lost' or received damaged. You can't prove that the goods were okay when you sent them back. And you didn't insure them because it didn't seem necessary for a $20 book that was being shipped on your dime.
If you are lucky, by the time it ends you are out about 200 bucks. Not much in the grand scheme of things. But the hassle was a GRAND pain. You briefly think about a lawsuit, but you are too embarrassed to admit your stupidity to a lawyer and judge, so you rack it up to a life lesson.
If you were to sue, you'd simply find that the criminals packed up shop. There are no phone numbers, no addresses. Any numbers you saw before were likely fakes.
So talk about writing new laws or shutting this shit down. You try that while I sit back and laugh as I get rich off your technically un-savvy aunts and uncles. As they stupidly march with blind trust straight forward. I'm fat and happy on caviar. Fucking lemmings. God bless you.
Comet Cursor was a popup download on many sites, most annoyingly doonesbury.com. I'm sorry to see that they didn't learn their lesson back then...
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
Try my host file project remember.mine.nu
:
Your hosts file project? Much of the text under your linux section is ripped verbatim from a web page that I have had up for nearly two years and wrote entirely myself.
I don't claim to have invented the process, but I sure didn't steal anyone's text, either. You obviously added some content to your site that did not exist on mine, but stealing the linux section was quite the heinous act.
Compare this section on your site:
Linux users note
If your Hosts file is not in the above locations , then you will need to find your existing hosts file. If it is completely empty, you can replace it with this Hosts file. If it is not empty, which will probably be the case, you will want to be sure to save any information that is in there is safe and/or make a backup copy of your current hosts file.
If there are currently entries in your existing hosts file, then open this Hosts file. Copy the text from it to add to the bottom of any existing text in your current hosts file. This will ensure that your current entries will still work for you, and that you do not corrupt your network properties.
Try one of these solutions to enable
Try logging out and logging back in first.
Do a "killall -hup inetd" (without the quotes) while having root privileges, which will restart the inetd process and you should not require a reboot.
In BSD or Mandrake (or your Linux distro), you can try opening a console window and using these commands (no quotes):
"telinit 3", to switch from runlevel 5 to runlevel 3
"telinit 5", which will restart many daemones en route to putting you back in runlevel 5 and into the GUI
If none of those work, then you may have to reboot for the file to take effect.
... with this section of my site. Notice any similarities? What a thief you appear to be.
Also compare these two pages:
Your site.
My site.
You also ran into a problem by quoting an old page on my site that incorrectly referred to the problem service as the "DNS Server" rather than the "DNS Client."
Quite a few people have reported that there is no Win2k service called DNS Server. They report that it should be the DNS Client service
Perhaps if you had asked to link to my site you would now have the correct information on yours?
Kindly remove any and all portions of your site that you apparently so blatantly stole from mine.
Can you say, "busted?"