Slashdot Mirror
Spyware Fights Back
sparcv9 writes "According to the latest issue of Spyware Weekly, the Radlight media player not only searches your hard drive for Adaware, but will uninstall it if found. How do they attempt to legitimize this? By including a clause in their EULA that reads: 'You are not allowed to use any third party program (e.g Ad-aware) to uninstall application bundled with RadLight. Such programs will be removed. If you want to uninstall them, you may do so via Add/Remove in Windows' Control Panel.' Yes, that's right. Not only do they say you are not allowed to use Adaware to remove their bundled apps, but they will forcibly remove Adaware for you to make sure you don't!" There's also a Newsbytes story.
Ad-Aware has released a new version that will prevent RadLight from effecting it. Of course, that's obviously not the point here.
Did anybody else notice the page that shows the first and last names of everyone who's registered? This company doesn't even respect the privacy of PAYING customers... now that's _LOW_
Radlight.net --
Server: Apache/1.3.19 (Unix) (Red-Hat/Linux) mod_perl/1.24_01 PHP/4.0.6 FrontPage/5.0.2 mod_ssl/2.8.1 OpenSSL/0.9.6
So apart from making it a little harder to open their server, this also shows that this company is using software generously donated by the free software community.
"over 750,000 copies of RadLight had been downloaded from CNET as of February 2002."
... will spammers go to spam us with their Ads? I mean that is all that this spyware really is - is another form of spam. Visit and Support sites like: http://www.scumware.com
They have a wealth of information on how to fight back against the Ad-ware, Spy-ware, Scum-ware or whatever we are calling it today!
Take care,
Brian
--
--
100% Linux based Web Hosting
Friendly Service and Knowledgeable support
Windows already overwrites your MBR if you reinstall on a dual-boot Linux system, doesn't it? So in a sense it already doesn't play well with others.
Your right to not believe: Americans United for Separation of Church and
http://216.194.92.96/phpBB2/viewtopic.php?t=226 (Radlight)
Here the programmer of Radlight handwaves a lot, claiming it was just to point out it was possible to do so (the removal of other apps while installing) and that if he hadn't someone else would.. geeee..
He's been caught redhanded, he ought to atleast apologise properly, and promtly stop doing it
Venlig Hilsen / Regards
John Hinge - shayera /
"Buffy I love you... Please God No!" S
Naw, the author of RadLight has superficially apologized after catching a lot of heat, so I don't think this is going to continue. He actually said, and I quote, "...the point was NOT to destroy the adaware [...] BUT TO SHOW WHAT COULD HAPPEN IF THE PROGRAMS START UNINSTALLING EACHOTHER [sic]." Friggin' hilarious. You can read more of his amusing ass-kissing excuses and lies at the Lavasoft forums.
here
here
here
or of course, do your own google search here
...with a new referencefile ( 108-23-04-02 ).
Download it from here.
I'll have something intelligent to add one of these days...
If you must use a separate divx player, i find this one to do the job just nicely
BSPlay
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
I've used a much earlier version when I started using divx ;-) However it was quickly given up for BSPlayer (yeah, great name :) which has done nicely until now. Apparently it's not spyware.
I think at the time the only advantage Redlight had was to do with subtitles but I could be wrong.
He who defends everything, defends nothing. -- Fredrick The Great
And how many people use Radlight media player?
answer: Fifty: As a matter of fact, here are all 50 registered users (fifty people, wow!).
Even better question: How many people have even *heard* of Radlight before?
PS:Somehow I don't think their servers are being crippled right now with thousands of slashdot readers trying to download a copy of radlight.
here I'm again. You have posted really good posts. There are intelligent reactions to my hints and I must admit that I have a bit underestimated how powerfull userbase Adaware has.
I'm sure that many of you ask, WHAT WAS THE REASON of KILLING adaware right after each start NOT looking into default directory (like some people think) but using the uninstall registry keys and uninstaller LOG file (this is a hint for adaware developers to make it invisible) ?
Actually, the point was NOT to destroy the adaware . This is almost impossible. BUT TO SHOW WHAT COULD HAPPEN IF THE PROGRAMS START UNINSTALLING EACHOTHER. As I believe that some of the "spyware" are just reguler legal programs I really feel for their authors to see how their program is being uninstalled. I WANTED ADAWARE TO SEE IT TOO and to revalue their pose to their "enemies". I understand that ads brought by some programs aren't doing the clean job and don't have approprietary uninstalling possibilites and they NEED TO BE REMOVED BY THE HARDEST WAY, but NOT all of them are such rude. When removing legal software (as you say now I remove adaware), having all what polite software should have (polite installer, EULA, Uninstaller and full description), it may be really VERY UNPLEASANT.
They put me on the MOST WANTED list ? Yes, that's what I expected. It is natural and if they didn't do that it would look STRANGE, wouldn't it.
They removed me from CNet ? Oh yes, again, I expected problems but you all must admit that adaware is a "remover" too.
They wanted to send me to all AntiVirus companies ? Heh, detecting a "virus" having EXEPath in regisry and no other files copied in any directory would be pretty easy, don't you think ?
You all are angry on me ? Yes, I expected it. But if I didn't do this and only started to talk about my opinions I would be just SOME ANOTHER GUY SAYING SOME BULLSHIT and ignored (my life-experience with many people). Generaly the people must see the acts first and then they will PERHAPS start thinking more.
The non-adaware-killing RadLight was compiled 5 seconds after the adaware-killing version. I thought that people would find it out immedieately but it took more than a week until they noticed. It will be released immediately and no more software-removing actions will be taken. I can only hope that Lavasoft will think about the reasons why this happened.
I know i will loose many of users who will ignore my player but It will at least solve my server problems and I may rest for a while.
I can apologize now
" I apologize to LavaSoft for all inconviences that happened by my RadLight software when removing the ADAWARE application silently and without users request.
I apologize to all RadLight users who may be disappointed or hurt by these events.
I apologize to all ADAWARE users whose adaware was removed when launched RadLight.
Your indignation is an evidence for me that I succeeded and now, at least the people who read messages on this forum understand how does it feel when YOUR SOFTWARE is being removed.
With friendly regards,
Igor "RadScorpion" Janos
_________________ Non Progredi Est Regredi
I think that means, "all your base are belong to us." ;)
RadLight, on the other hand, has an entirely unrelated purpose. If it's removing random files without asking the user for permission to do so, it's either (a) buggy, (b) malicious. I'd argue that their mention of this in the EULA (as opposed to README or BUGS or a similar file) indicates that this was intentional on their part, which IMHO moves them from the category of "spyware" and into the category of "trojan".
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
Disclamer: IANAL
To me this whole thing raises a point about the legality and enforcability of EULAs:
Everyone seems to agree that EULAs are legal in as far as they are enforcable (just like any other contract). When a EULA cannot be enforced by a company directly, it is up to a court to decide if the EULA will be enforced by the government.
So if a EULA says, "If you want to use our software, you have to give up your first born son", and you click on the Agree button (because you are stupid), then you have agreed to give up Jimmy. But when it comes time to give up Jimmy and you don't, the company then tries to get the EULA enforced by going to court. The court says, "Sorry company, we aren't going to enforce this contract because the right to keep Jimmy supersedes the right to enforce a contract" (or something like that), and the company is screwed out of yet another first born son.
But when the writer of the EULA can enforce the EULA, then it is perfectly legal and fine.
These Radlight people have come up with a way to enforce their EULA. You wanna use their software, then you can't use Adaware, and we will remove it for you. If you agree to the EULA (because you are still stupid), then they remove Adaware, and you have no reason to whine.
"I like to wear big boy pants."
They need to be formally, finally, and legally declared null and void. Like any other transaction, all terms and conditions need to be agreed to by both parties prior to the transfer of goods.
And No, I don't know how a website determines that the downloader is, or is not, a minor and or otherwise has the legal authority to agree to anything prior to download. I guess software companies that require any sort of legal commitment from their customers can't make it available for download. That's the suppliers problem, and if they can't figure it out then it doesn't bother me a bit.
If I buy retail software, I am NOT licensing that software. I'm buying it (just like a book, CD, or any other product that happens to be copyrighted). I guess if a company cannot gaurantee that a downloader can legally agree to a license they either have to a) not make it available for download, or b) consider it a sale at $0, with no obligation on the receiver. Without a contract, it can be no other way.
The guy posts by the name of DAvenger.
WHOIS info on radlight.com:
Agentura Sociologickych Expertiz (template COCO-1106387)
davenger@radlight.net
Pusta 7
Bratislava 4, SK 841 04 SK
Admin Contact:
Machacek Ladislav (COCO-1227589) machacek@stonline.sk
+421 2 65422859 (FAX) +421 2 65422859
Technical Contact, Zone Contact:
Machacek Ladislav (COCO-1227590) machacek@stonline.sk
+421 2 65422859
CORE Registrar: CORE-71
Record last modified: 2002-03-14 08:29:54 UTC by CORE-71
Record created: 2001-08-23 11:29:58 UTC by CORE-71
Record expires: 2003-08-23 05:27:49 UTC
Domain servers in listed order:
ns1.tera-byte.com
ns2.tera-byte.com
Database last updated on 2002-04-24 21:44:27 UTC
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
while(true); do wget http://216.194.92.96/download/skins/RadSkin.rpk -O=- > /dev/null; done
Monday is a horrible way to spend 1/7 of your life.
That can't be busted by the DMCA (because you're not circumventing their copyright, you're only circumventing their attempts to delete AdAware!):
/home and AdAware would be ownership set to root.root with r+x-w perms set.
;)
1. Change ownership on AdAware to Administrator and run Radlight as a lesser-privileged user. Also, change permissions to read+execute, no write (this assumes an NTFS partition, i.e. Win2k or XP).
2. Create a 0-byte file called "AdAware.exe" and see if that's the first (only?) thing that gets deleted.
3. Keep AdAware on a CDR (or CDRW as long as Windoze doesn't automatically try to burn to it, i.e. delete AdAware when Radlight finds it). Let's see Radlight delete something off a read-only media!! HAHAAHAHA!!!
4. Setup an SMB share with AdAware on it and make the share directory read-only. Radlight won't be able to delete something across your network when the perms are read-only...
In short: THINK UNIX! How would *nix handle shit like this? Well, Radlight would be isolated to some weakling lUser in
...so, why not do the same thing if you're running NT/2k/XP?
I know this may be a bit much for your typical Windoze luser, but I know you MCSE dudes can do it!
According to simtel.net the latest version (rl3r52a.exe) does not un-install Ad-Aware. Think the damage has already been done to Radlight's reputation now, though :)
Ad aware doesn't automatically remove the spyware.
It searches your computer and compiles a list of all the spyware on your system.
It is up to the user to select what to delete, or select 'delete all'.