A New Low for Web Advertisers: Pop-Up Downloads

rizzmanix writes: "I thougt it was strange that I had been getting a lot of pop-up download prompts for the Gator software as I browsed around the web in the recent days. Why were all these sites requiring this Gator thing I wondered? Well I wonder no more... as apparently advertisers hit a new low by running 'pop-up downloads' instead of pop-up ads. Sneaky, underhanded, nasty and vile."

a followup link

[argStyopa]

www.scumware.com

Wow, this is lame

[Sc00ter]

"In some cases, people are not even asked whether they want the software. It just installs on the hard drive--a particularly troublesome tactic that some have dubbed "drive-by download."

What programs do this? I've never, ever seen a webbrowser that automatically installs stuff. At least not until you specifically specify for that site only (like MS Updates, or Station.Sony.com)

"But those horror stories are the exception. More typically, software makers are simply using the downloads to distribute legitimate products."

Legitimate products don't automatically download onto my computer without my concent.

Re:Wow, this is lame

[Violet+Null]

I've never, ever seen a webbrowser that automatically installs stuff.

IE will happily install stuff without prompting if that's the way the security is set up; eg, if you set the "Internet Zone" (or whatever) to "Low" security, it will automatically download any signed ActiveX control.

why mozilla rules here

[cetan]

Since 0.9.4, mozilla users have had the ability to block onload and unload pop-ups/unders. I've had zero problems with this. It doesn't block pop-ups you request, just the ones you don't.

I've not seen a popup in months and months. It's fantastic.

Re:why mozilla rules here

[bconway]

Preferences -> Advanced -> Scripts and Windows. I uncheck all except the last 3.

Re:why mozilla rules here

[Zathrus]

Look if you don't want to view a site's ads, then don't go to the site. It is as simple as that. Blocking certain portions of a site's content because you don't personally want to see it is definitely immoral and arguably illegal

What a load of horse pucky.

I understand that websites have to generate revenue, and that the current method is moving more toward pop-up/under ads. That's fine. That doesn't mean I have to subject myself to it. As an informed consumer I have the right to ignore the ads in whatever way I deem fit, whether that means closing the windows as they come up or telling my computer to not allow them to render in the first place.

Should a browser default to stopping pop-ups? Hell no. It breaks too many sites that use pop-ups for additional help/information windows, sites that load links in a new window, etc. But I should certainly have the option to kill pop-ups if I want to enable it (and preferably with a quick key to reenable them - like Popup Stopper has).

Want to argue otherwise? Go for it. You also watch every commercial on TV, right? No getting up to go to the bathroom/kitchen. No recording it to VCR or PVR and fast forwarding/skipping through the commercials. Because if you are then, by your own definition, you are immoral. Maybe even commiting a crime!

Oh, and do you read every ad in a magazine? Do you throw out those blown-in/tear-out cards in magazines before someone else can read them? Do you read every billboard that passes by while in a car? EVERY TIME?

I don't think so.

And yes, I know this was a troll. Congrats. But this kind of thinking might actually get some people that nod and drool "yes", and it's so abundantly stupid it needs to be shut down before hand.

Re:why mozilla rules here

[Fweeky]

> What's the current status with mozilla? Is it as usable as Netscape 4.x (I hate 6.x)?

It's been more usable than 4.x for months. Recent releases are very stable. Startup time is about on par with Opera here (~3s when cached, next to ~2s for Opera).

4.x lacks usable CSS (and this is very important for modern sites.. the only reason most sites still work is because most sites still use techniques from 1995; I don't), and has laughable table layout code (it was made with basic HTML-for-tabular-data in mind, not triple nested layout tables); these alone make it pretty much useless to me.

If I didn't use Opera, I'd probably use Mozilla; at least I can trust it to Do The Right Thing (usually) when I'm developing sites; then I can go add my IE5/6/NS workarounds afterwards.

> Does it do any nasty or weird stuff on some sites?

IE6 does nasty and weird stuff on W3.org/Style (fixed positioning isn't supported, but it still processes the position: fixed; directive, meaning you can't do "position: absolute;position: fixed;" like you're supposed to. Argh.).

IE5 does nasty and weird stuff on every site that uses the CSS box model; it gets the sizes wrong on all boxes, meaning you need to exploit parser bugs to provide IE5 with tweaked sizes for it to work properly (and then provide Opera 5, which suffers the same parser bug, with real values).

NS4 does nasty and weird stuff when you specify an element should float: anywhere; it makes it completely unusable to use CSS layouts on it without spending months debugging an absolutely positioned workaround-nightmare.

Not seen Mozilla (or Opera) do anything this broken :)

PR0N

[rbeattie]

I've seen this thing before on pr0n sites... once again they're leading the way on the web. I never thought that traditional advertisers would stoop this low, though. I wonder what's next?

-Russ

Ooh, wait. What I meant was my FRIENDS have seen stuff like this and told me about it. Wait, I don't have friends that look at pr0n either... umm. I read about this sort of thing, yeah. That's it...

Re:PR0N

[laserjet]

You still go to pr0n sites? Man.. that is SO 90s!. Nowadays we use peer-to-peer file sharing and IRC to get our wares.
well, we've bene using IRC forever, but it is still a good source. :)

Yet another

[llamalicious]

Yet another reason to browse with Mozilla or Opera with onLoad (or all) popups disabled.

Most of these advertising techniques either rely on browsers (or users) who don't or can't disable popups easily. (read: 90% of the internet explorer population.) Or they rely on Internet Explorer specific techniques, e.g. windowless flash animations (transparent backgrounds) for shoshkeles, etc.

I think it's time the antivirus companies step up to the plate for the average consumer, and add blocking/filtering to the AV clients. Maybe it's overkill, but if you could tag these popup downloads as a potential virus (or at least unauthorized use of your computer) the world would be a better place. Or, create some add-ons to mozilla which filter popups against a database (ala the defunct spamcop) popupcop?

When something is sold as "advertising" but is nothing less than an attempt to trick or confuse a person into purchasing, downloading or installing your software, that's misrepresentation and/or fraud. Regardless of any 2pt fine-print at the bottom, or "user agreement" on the page. Hard to stop them, though.

Sounds like Nimda :)

[possible]

What's interesting and revealing about Gator's approach is that the well-known Nimda worm spread by injecting popup download code into IIS-served web pages, exploiting a vulnerability in Internet Explorer that caused the user NOT to be prompted before the dowloaded program executed.

Coming soon on Slashdot:

[Vic]

Pretty soon we'll see pop-ups that say:

Do you wish to install this file? YES / NO

If yes, please do the following:
- Download file and save to /tmp
- cd /tmp
- tar xvzf slashpopup.tar.gz
- cd slashpopup
- ./configure (For help with options, do ./configure --help)
- make
- su
- make install
....Finished!

Consumers?

[Stiletto]

"Do you accept this download?" If the consumer clicks "Yes," an application is automatically installed.

This clutter has created a haven for pop-up downloads because consumers find it hard to determine the ad's origin.

Gator isn't the only software maker using this tactic to add consumers.

"Consumers want control of their PCs," Gator President Jeff McFadden said in a statement.

Why am I a consumer just because I am accessing the Internet? The problem here is not the pop-up technology, but the unwritten assumption (perpetuated by the author of the report) that we are all just mindless "consumers of product" that need to be targeted by ads.

Only when this mindset is abandoned will we see an end to attention grabbing and demographic gathering.

thiefware.com on Gator Auto-install/ActiveX

[Seth+Finkelstein]

Take a look at this report about Gator at http://www.thiefware.com/info/data.gator.shtml

People are still complaining that Gator is getting installed on their computers with little advanced warning and in many instances, people do not know that Gator is being installed until the next time they turn on their computer. The user should always have the option to click on a download link but instead Gator partner sites use the automatic ActiveX download/installation program.

Sig: What Happened To The Censorware Project (censorware.org)

Mozilla

[macdaddy]

To go along with the Opera folks out there, I've got to chime in and say I absolutely love being able to filter unsolicited popups. God I love that feature. It makes browsing pron sites soo much better. Also disable the window resizing shit. No longer will popup bastards resize a window beyond your screensize!

"Smaller number of available applications"

[Otter]

Yeah, this where the "limited number of applications" available for MacOS pays off. We have Excel and Quicken and IE and Quake, but they never seem to port any of the parasite-ware that comes with your video card drivers. And I'm guessing we won't be getting this stuff, either.

And PPC Linux binaries are probably out of the question...

Re:And for those still on dialup

[Oliver+Wendell+Jones]

Wow, yet another "I didn't read the article, but I feel fully qualified to comment on it" response...

For you and others like you, it specifically states that a pop-up box appears and requires the user to accept the download, and they rely on the fact that 99.999999% of the non-slashdot population immediately assumes it is something they need and click "Yes".

How to Guard Yourself and Then Strike Back...

[TheLibra]

Well, for those of us who are forced to deal with an Micro$oft environment, there is some good news. Remember Nimda? It operated in a similar way when it was spread through web-pages, by forcing a download. Internet Explorer had a weakness that allowed this to happen. Now, however, they have the fix in IE 5.5 SP2... might also want to get whatever critical updates there are from the Window$ update site. So if you have that, and the patch for Nimda you shouldn't be forced to do anything. Cancel should always be allowed.

And honestly, people, if you set yourself to automatically accept downloads, you're just asking for a trojan.

Now that you know the defense, let's talk about the offense. Some very respectable Hackers have already created programs designed to kill browser popups. Might I suggest as a new challenge for these ingenius few that a program be created that you can simply set an auto-cancel after a program asks you once to download it (like Gator)?

For those of us without that level of programming ability, I recommend giving these companies that do this a flood of email complaints, expressing just how much we detest the all-time low they have reached. Since so many of us are in the IT or helpdesk field, we're in a unique position in that people believe what we say. If Gator persists in these forced-downloads, then start letting every single one of your customers know that Gator stands a chance of royally screwing up their operating system and compromising their security. If they ask for specifics, look for any bug whatsoever that has been reported, or that you can find in the program, and exploit it like a cheap tabloid. If it crashed one persons system and made them reboot, then it -always- crashes systems... etc.

Of course, I myself would never result to any illegal means, but legal strongarm tactics are very effective when done in mass-quantity. If enough of us get together on this, and enough sand is thrown by enough people, advertisers will eventually get the hint.

Now who's with me?

-The Libra
"Maybe Lisa's right about America being the land of opportunity, and maybe Adil's got a point about the machinery of capitalism being oiled with the blood of the workers." - Homer Simpson

Re:Question about Gator specifically

[romkey]

I started using Gator because Ebates suggested it... I like Ebates a lot and they were suggesting (not even pushing) Gator because of its form-management and password remembering functions, which weren't commonly available in browsers at that point. At that time, Gator was more of a helpful tool than a malignant advertising injector.

As Gator has evolved it's become more and more malicious; popping up ads when I'm browsing is the most annoying, but also it's started placing its own ads over banner ads on web pages - that doesn't annoy me any more than the banner ads would but I think it's a pretty evil practice and I don't want to support it.

The only reason I've kept using Gator is that I have a large investment in terms of the passwords I have stored in it, but there are other, better ways to take care of that problem. At this point I run Gator with it completely blocked by firewall software, so it can't update itself and it can't download ads or offers. If you delete everything in C:\PROGRAM FILES\COMMON FILES\GMT\BANNERS you'll get rid of the ads it's already downloaded.

Re:And for those still on dialup

[sphealey]

Wow, yet another "I didn't read the article, but I feel fully qualified to comment on it" response...

For you and others like you, it specifically states that a pop-up box appears and requires the user to accept the download, and they rely on the fact that 99.999999% of the non-slashdot population immediately assumes it is something they need and click "Yes".

Most human groups nowadays have this little thing called "society", which is generally formed in an attempt to mitigate the worst aspects of the "dog-eat-dog" model of life/social organization. It one of the things that are generally believed to seperate "humans" from "lower animals".

One thing that "society" tries to do is protect the average joe from the consequences of ignorance. Why do that, you ask? Why not let Darwin take his course? Because as our wealth grows and our world becomes more complex, everyone is ignorant about some areas of life. And today, everyone is ignorant about most things that keep us alive (dug your own well lately?).

So let's be careful here - just because Slashdotters know better than to click on that Yes doesn't mean everyone does or should.

sPh

You Are a Minority

[Greyfox]

Most of the people on the internet are in fact consumers. The mindset will not be abandoned because more and more consumers are getting on the net every day, which means us techies are becoming an increasing minority.

I think we'll only be able to escape the constant bombardment of advertisments (And skript kiddie attacks and all the other comparatively recent crap) by establishing our own network on top of the internet. It's easy to do and we're technically capable of doing it.

Re:Popup warning dialog

[shyster]

Why can I ONLY see a checkbox for "Always trust downloads from this company" and NOT "Always MISTRUST downloads from this company" on the install dialog on IE?

Add them to the Restricted Sites zone. That will (by default) keep them from running any code, including signed and unsigned ActiveX, and even cookies.

Just saw this yesterday on Dad's puter

[Jburkholder]

My dad called to ask if I could come over and 'fix' his computer. I'm always willing to come down and see dad and untangle whatever mess exists on his PC.

His dial-up connection was slow, he said. Indeed, every site I visited in his favorites was really slow and now wonder... everysite seemed to launch a couple of pop-unders that were consuming bandwidth downloading ads.

"Yeah, I've been getting that ever since I installed 'gator'"

"gator is something I got from yahoo that helps me fill in forms or something"

That rat-bastard gator had put hooks everywere, was a real pain to uninstall ("please stop the gator program before proceeding" - except to the ordinary user the concept of stopping a taskbar icon isn't very obvious).

The uninstaller launched a browser and loaded a page telling you why you shouldn't uninstall. Geez, go away already!

Yeah, my dad is pretty clueless - I reminded him not to download and install stuff unless he is pretty clear on what he is getting.

This software seems to exploit that cluelessness, posing as some innocuous, helpful utility when it's real purpose is far more invasive and it is relatively complicated to get rid of.

Re:Question about Gator specifically

[poulbailey]

The only reason I've kept using Gator is that I have a large investment in terms of the passwords

Grab RoboForm instead. It's freeware and it doesn't have any ads nor does it contain spyware. It'll even let you import all your Gator passwords. There's absolutely no reason to keep using Gator.

Re:And for those still on dialup

[sqlrob]

For you and others like you, it specifically states that a pop-up box appears and requires the user to accept the download

I've seen sites (cardcentral.net) that use JavaScript to put their own dialog over everything but the Yes/No buttons on the download box. The dialog box appeared to be something along the lines of "Security warning: You are infected with a virus. Clean?"

Legitimate site designers don't use ...

[Animats]

With all this hostile code running around, legitimate site designers have to assume that many web features will be firewalled or disabled. So, if you're responsible for any web sites:

• It has to work with JavaScript turned off.
• You have to test with a filtering proxy, like WebWasher. Your site has to work behind such a proxy. We'll probably see more proxies and firewalls in corporate environments.
• It has to work with cookies turned off, or at least produce useful error messages. Endlessly recycling the user to the wrong page because a cookie wasn't found is out.
• It has to work with IE in its most restrictive security mode. Among other things, this means don't use Active-X controls. You can't even assume the user runs Flash.

This isn't too restrictive. Big players, like Amazon, Yahoo Store, and the major search sites, all work under these restrictions. If your site doesn't, your site is broken.

Re:Legitimate site designers don't use ...

[ShavenYak]

Can I have an Amen, brothers and sisters?

There's no need for a bank's web site to require Javascript, pop-up windows, and ActiveX just so I can view my account balance. And I sure don't need all that crap to buy a CD. Tie your site to your ordering system on the server side, and send my browser plain, standard-compliant HTML. If you want to use javascript for form validation, fine, but make sure your site still works if I have it turned off (ie, validate again on the server). If you really want to display something in a pop-up, use <a href="whatever.html" target="_new">.

A Wonderful Tool for Spyware

Not too sure if this has been said yet, but this is an amazing tool that will clean all the spyware from your system. You will be amazed at how much you have on there. It is called AdAware and can be downloaded free from the link below.

http://www.lavasoftusa.com