Slashdot Mirror
A New Low for Web Advertisers: Pop-Up Downloads
rizzmanix writes: "I thougt it was strange that I had been getting a lot of pop-up download prompts for the Gator software as I browsed around the web in the recent days. Why were all these sites requiring this Gator thing I wondered?
Well I wonder no more... as apparently advertisers hit a new low by running 'pop-up downloads' instead of pop-up ads. Sneaky, underhanded, nasty and vile."
www.scumware.com
-Styopa
Scares the hell out of me. Whoever does this should get their sites DoSsed immediately.
This is a major security issue, and clearly by default the only warning in MSIE is a dialog box, which you may already have set to just accept downloads automatically.
Yet another reason to use non-standard browsers and non Windows OS, so that you even if you end up with an executable it won't execute.
Conversion Rate Optimisation French / English consultant
What programs do this? I've never, ever seen a webbrowser that automatically installs stuff. At least not until you specifically specify for that site only (like MS Updates, or Station.Sony.com)
"But those horror stories are the exception. More typically, software makers are simply using the downloads to distribute legitimate products."
Legitimate products don't automatically download onto my computer without my concent.
Free Mac Mini
Since 0.9.4, mozilla users have had the ability to block onload and unload pop-ups/unders. I've had zero problems with this. It doesn't block pop-ups you request, just the ones you don't.
I've not seen a popup in months and months. It's fantastic.
In Soviet Russia...michael would be rotting in Siberia!
I've seen this thing before on pr0n sites... once again they're leading the way on the web. I never thought that traditional advertisers would stoop this low, though. I wonder what's next?
-Russ
Ooh, wait. What I meant was my FRIENDS have seen stuff like this and told me about it. Wait, I don't have friends that look at pr0n either... umm. I read about this sort of thing, yeah. That's it...
Me
Yet another reason to browse with Mozilla or Opera with onLoad (or all) popups disabled.
Most of these advertising techniques either rely on browsers (or users) who don't or can't disable popups easily. (read: 90% of the internet explorer population.) Or they rely on Internet Explorer specific techniques, e.g. windowless flash animations (transparent backgrounds) for shoshkeles, etc.
I think it's time the antivirus companies step up to the plate for the average consumer, and add blocking/filtering to the AV clients. Maybe it's overkill, but if you could tag these popup downloads as a potential virus (or at least unauthorized use of your computer) the world would be a better place. Or, create some add-ons to mozilla which filter popups against a database (ala the defunct spamcop) popupcop?
When something is sold as "advertising" but is nothing less than an attempt to trick or confuse a person into purchasing, downloading or installing your software, that's misrepresentation and/or fraud. Regardless of any 2pt fine-print at the bottom, or "user agreement" on the page. Hard to stop them, though.
What's interesting and revealing about Gator's approach is that the well-known Nimda worm spread by injecting popup download code into IIS-served web pages, exploiting a vulnerability in Internet Explorer that caused the user NOT to be prompted before the dowloaded program executed.
This happened last night I'm afraid...
I was completely shocked when the gator icon mysteriously appeared and greeted me. I removed the little bastard immediately. However, I let a long sigh as I realized it would come back shortly.
So last night I decided to go with mozilla and live with whatever problems it may bring.
The mozilla team should thank the gator software company and evil commie bastard marketing reps around the world.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
This kind of thing has been making headlines in Germany recently.
Many sites try to coerce users (especially kids) into installing
"high-speed" or "priority" internet dialers that in reality just change the default internet
connection to an extremely expensive number. By the time you
get the phone bill, it's often in the four-figures. The telco
doesn't want to be responsible since they just rent out the
numbers, and the companies that rent them are also mostly resellers with
with the final "customers" mostly being based outside Germany.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Does anybody actually like the software? I accidentally installed it once, before I had heard about "spyware" and "scumware" and I just found it completely annoying. Now that I think about it - I had to do a google search to find out how to remove it, and that's when I first learned about that sort of thing.
So my question is: Is there anyone who actually WANTS the software? Or are ALL copies there because someone accidentally downloaded it and doesn't know how to remove it.
God is real unless declared integer
Pretty soon we'll see pop-ups that say:
/tmp /tmp ./configure (For help with options, do ./configure --help)
Do you wish to install this file? YES / NO
If yes, please do the following:
- Download file and save to
- cd
- tar xvzf slashpopup.tar.gz
- cd slashpopup
-
- make
- su
- make install
....Finished!
I would think that this is partially illegal to install software on a person computer without that persons consent.
I would think that it's COMPLETELY illegal to do this. If the program that's getting installed were to wipe your hard drive, there'd be lawsuits galore and FBI people kicking down the doors of the company hosting the hostile download. Why exactly nobody's been able to convince a judge that this is the same thing is beyond me.
I got royally flamed in a mailing list for complaining about a site that tried to force gator on me. The admin's response was "it didn't try to install gator, it asked you first." My argument was "it only asked me because it tried, and my browser said 'no.'" Naturally, we got nowhere.
It's even worse if they find a way to install without prompting the user. Not only is that a wide-open door for serious viruses, but it ABSOLUTELY removes any semblance of authorization (and I'd argue that a user blindly clicking "yes" to simply make the damned download panel go away doesn't constitute informed consent, either).
Ah, DivX 5 Pro. Comes with "GAIN".
Keep in mind, it didn't exactly sneak on, they're quite open that it will install - unless you grab the normal version.
The Pro version has encoding-only advantages, which most end-users won't use. You either pay $30 or agree to install the adware.
Oh, and renaming the file won't work. If GAIN isn't running, you won't be able to encode with the Pro encoder.
See your own subject.
In some cases, people are not even asked whether they want the software. It just installs on the hard drive--a particularly troublesome tactic that some have dubbed "drive-by download."
Only the dead have seen the end of war.
"Do you accept this download?" If the consumer clicks "Yes," an application is automatically installed.
This clutter has created a haven for pop-up downloads because consumers find it hard to determine the ad's origin.
Gator isn't the only software maker using this tactic to add consumers.
"Consumers want control of their PCs," Gator President Jeff McFadden said in a statement.
Why am I a consumer just because I am accessing the Internet? The problem here is not the pop-up technology, but the unwritten assumption (perpetuated by the author of the report) that we are all just mindless "consumers of product" that need to be targeted by ads.
Only when this mindset is abandoned will we see an end to attention grabbing and demographic gathering.
As long as you're quoting the article you read, how about:
Why, gosh, the article you castigated the first poster for not reading says that sometimes you don't have to give your consent, just like the first poster said. So who didn't read the article?
Sig: What Happened To The Censorware Project (censorware.org)
To go along with the Opera folks out there, I've got to chime in and say I absolutely love being able to filter unsolicited popups. God I love that feature. It makes browsing pron sites soo much better. Also disable the window resizing shit. No longer will popup bastards resize a window beyond your screensize!
And PPC Linux binaries are probably out of the question...
What I'm listening to now on Pandora...
Wow, yet another "I didn't read the article, but I feel fully qualified to comment on it" response...
For you and others like you, it specifically states that a pop-up box appears and requires the user to accept the download, and they rely on the fact that 99.999999% of the non-slashdot population immediately assumes it is something they need and click "Yes".
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
Well, for those of us who are forced to deal with an Micro$oft environment, there is some good news. Remember Nimda? It operated in a similar way when it was spread through web-pages, by forcing a download. Internet Explorer had a weakness that allowed this to happen. Now, however, they have the fix in IE 5.5 SP2... might also want to get whatever critical updates there are from the Window$ update site. So if you have that, and the patch for Nimda you shouldn't be forced to do anything. Cancel should always be allowed.
And honestly, people, if you set yourself to automatically accept downloads, you're just asking for a trojan.
Now that you know the defense, let's talk about the offense. Some very respectable Hackers have already created programs designed to kill browser popups. Might I suggest as a new challenge for these ingenius few that a program be created that you can simply set an auto-cancel after a program asks you once to download it (like Gator)?
For those of us without that level of programming ability, I recommend giving these companies that do this a flood of email complaints, expressing just how much we detest the all-time low they have reached. Since so many of us are in the IT or helpdesk field, we're in a unique position in that people believe what we say. If Gator persists in these forced-downloads, then start letting every single one of your customers know that Gator stands a chance of royally screwing up their operating system and compromising their security. If they ask for specifics, look for any bug whatsoever that has been reported, or that you can find in the program, and exploit it like a cheap tabloid. If it crashed one persons system and made them reboot, then it -always- crashes systems... etc.
Of course, I myself would never result to any illegal means, but legal strongarm tactics are very effective when done in mass-quantity. If enough of us get together on this, and enough sand is thrown by enough people, advertisers will eventually get the hint.
Now who's with me?
-The Libra
"Maybe Lisa's right about America being the land of opportunity, and maybe Adil's got a point about the machinery of capitalism being oiled with the blood of the workers." - Homer Simpson
This Gator software you speak of is probably related to the new Divx ;-) 5. If you download the standard version, there are no ads, no nothing. The pro version however, is either A) pay for it or B) gain_trickler. If Divx pro can't find the gain trickler it wont run. The trickler sits as an idle process, but when you browse the web it watches you and throws targeted advertising at you. My solution was to use ZoneAlarm to block the gain trickler from accessing the internet, this way I get divx 5 pro for free, and no ads. adaware is also quite helpful.
The GeekNights podcast is going strong. Listen!
One thing that "society" tries to do is protect the average joe from the consequences of ignorance. Why do that, you ask? Why not let Darwin take his course? Because as our wealth grows and our world becomes more complex, everyone is ignorant about some areas of life. And today, everyone is ignorant about most things that keep us alive (dug your own well lately?).
So let's be careful here - just because Slashdotters know better than to click on that Yes doesn't mean everyone does or should.
sPh
I think we'll only be able to escape the constant bombardment of advertisments (And skript kiddie attacks and all the other comparatively recent crap) by establishing our own network on top of the internet. It's easy to do and we're technically capable of doing it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Add them to the Restricted Sites zone. That will (by default) keep them from running any code, including signed and unsigned ActiveX, and even cookies.
My dad called to ask if I could come over and 'fix' his computer. I'm always willing to come down and see dad and untangle whatever mess exists on his PC.
His dial-up connection was slow, he said. Indeed, every site I visited in his favorites was really slow and now wonder... everysite seemed to launch a couple of pop-unders that were consuming bandwidth downloading ads.
"Yeah, I've been getting that ever since I installed 'gator'"
"gator is something I got from yahoo that helps me fill in forms or something"
That rat-bastard gator had put hooks everywere, was a real pain to uninstall ("please stop the gator program before proceeding" - except to the ordinary user the concept of stopping a taskbar icon isn't very obvious).
The uninstaller launched a browser and loaded a page telling you why you shouldn't uninstall. Geez, go away already!
Yeah, my dad is pretty clueless - I reminded him not to download and install stuff unless he is pretty clear on what he is getting.
This software seems to exploit that cluelessness, posing as some innocuous, helpful utility when it's real purpose is far more invasive and it is relatively complicated to get rid of.
On the seedier side of the web, nothing new folks. Just now its spyware instead of trojans, thats all. (oh wait there is a difference. . . .)
A lot of japanese h-anime sites (the less artistic ones, yes there is artistic hentai, get over it and deal.) use a dial up program of some sorts that I am (assuming) dials some sort of toll number, but it only works if you have a dial up modem, negates the need for a credit card though.
Some of the seedier US web sites I have seen actualy attempt to automaticaly do this to you (ouch) luckily enough I have a cable modem and I uninstalled my regular ol' modem quite a while ago. ^_^
My Japanese Tutor actualy had a related problem, (didn't look at porn, damn thing managed to spread anyways, VERY annoying). One of these toll programs (one of the less respectable variety) got on the computer and refused to go away, hooked on to everything.
Nasty stuff.
Need help treating your acne? Come here!
I can only strongly recommend The Proxomitron. It's freeware and it allows you to block all sorts of nasties - popups included. Besides popups, it will also filter javascript, cookies and ads. If that isn't enough for you it allows you to create your own filters using regexps. The Proxomitron is very powerful.
It's actually better than what you are looking for, because it isn't one of those stupid Browser Helper Objects. It acts as a local proxy and filters the HTML before it hits your browser. This program is a godsend to anyone who wants to browse in peace. The default look of the program is a little zany, but don't let that scare you since it can be easily turned off (Config | Visuals | Don't use textures).
You should also look at the IE security settings. Basically you need to turn everything off in the default Internet zone.
You're forgetting something about IE (and maybe Moz too?): The file is downloaded in the background while waiting for the user to accept or deny the download, so you're still wasting time and bandwidth by receiving a file you probably don't want. For broadband users, it's not such a big deal (but it does eat up more bandwidth of the scum that uses such a technique), but for modem users it will slow things to a crawl.
Pax, Ardax
I've seen sites (cardcentral.net) that use JavaScript to put their own dialog over everything but the Yes/No buttons on the download box. The dialog box appeared to be something along the lines of "Security warning: You are infected with a virus. Clean?"
This isn't too restrictive. Big players, like Amazon, Yahoo Store, and the major search sites, all work under these restrictions. If your site doesn't, your site is broken.
Not too sure if this has been said yet, but this is an amazing tool that will clean all the spyware from your system. You will be amazed at how much you have on there. It is called AdAware and can be downloaded free from the link below.
http://www.lavasoftusa.com
Not to mention the possible security problems! If a cracker setup a phony web-site to trick users into install some software to give them access to the system to use in DOS attacks and such. I think the site that use this type of advertising will eventually feel a backlash from the public on this because it's too dangerous.
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
Even more useful, you could track when these files are being called, which may help you figure out how to eliminate them entirely.
a tion,System.Diagnostics.EventLogEntryType.Informat ion );
Something like this, which just writes the path of the executable to the windows event log. (C#)
namespace ExeSource
{
class Class1
{
[System.STAThread]
static void Main(string[] args)
{
System.Diagnostics.EventLog evLog = new System.Diagnostics.EventLog("Application");
evLog.Source = "ExeSource";
evLog.WriteEntry( System.Reflection.Assembly.GetEntryAssembly().Loc
}
}
}
Mozilla can get even more ad-free.
I've added this to my personal style sheet (automatically applied to every page):
object, embed {
display: none;
}
This keeps all Flash etc. invisible. On some platforms you can just uninstall the Flash plugin, but that doesn't work in the Linux Mozilla. (The ", embed" part is probably not necessary.)
The file to change is "userChrome.css", and can be found in the "chrome" directory wherever Mozilla keeps your personal settings, mail, etc.
And then, whenever you see an ad that is an ordinary image, you can right click on it, and check if it comes from some server that probably only serves ads. If so, right click again, and choose "Block images from this server".
Using all these tricks, you can get rid of a lot of ads and other annoying material.
Most of this should work in Netscape 6 as well.
Most importantly, no image file ever came with a security hole that allowed a third party to hijack the computer that downloaded it. I do not have the same confidence in software written by an ad agencies out to make a buck by hijacking my computer in the first place.
Sure, in a sense it's just another HTTP request, no different than the one that brought the HTML itself. But then again a bullet is just another projectile, no different than a tennis ball really.
There is a world of different between downloading simple data like text or images and downloading executable code. Clue yourself in.
Build stuff. Stuff that walks, stuff that rolls, whatever.
Comet Cursor was a popup download on many sites, most annoyingly doonesbury.com. I'm sorry to see that they didn't learn their lesson back then...
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
I guess you didn't read the whole article yourself. :-) Check this quote:
Granted, anybody who has this happen automatically can only blame themselves for allowing any ActiveX program to download and run without requesting permission, but note that it *is* happening. Some of those poor dialup users are definitely getting nailed.GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
Prediction: You're so circumspect, thoughtful, and slow to jump on the bandwagon that your extinction from Slashdot is guaranteed.
personal attacks hurt, especially when deserved
Wow, some balls posting C# on /.
:-)
While a big hosts file might be simpler, something more like junkbuster is a much more elegant solution to block ads and filter cookies. You can choose what to block with regular expressions, so that you don't have to block an entire site to not get ads, nor do you have to block each and every different site that serves ads.
This combined with Mozilla's anti-pop-up capability make browsing the web an almost enjoyable activity. I haven't changed my blocklist in many months and have yet to see a single ad.