Slashdot Mirror
Spyware Makers Resent Cleaned-Up Versions
Tri0de points to a ZDnet artcle on a programmer who's taken it upon himself to release spyware- and adware-free versions of popular file-sharing programs. "'He's done Grokster and iMesh. And he's not alone. His work, now available through the Grokster and iMesh networks themselves, joins that of other programmers who have previously "cleaned" programs such as Kazaa and Audiogalaxy in a campaign against "adware" and "spyware."
Is the shoe on the other foot?'"
Where's the funding going to come from?
I'd be very suspicious of 'cleaned' applications floating about on p2p networks.
Whilst it's likely the author had your best interests at heart there's some chance he didn't.
It wouldn't be too hard to build a trojan into one of these, and if it were done well you could have your trojan version of kazaa send requests onto the network that immediately identify to anyone watching that it's an infected copy.
That'd would mean that the trojan wouldn't have to either 'phone home' or be detcted by randomly portscanning subnets.
however this still might be the lesser of two evils.
Great. Spyware makers resent cleaned up versions. But guess what? CONSUMERS RESENT SPYWARE!
In my own opinion, spyware makers have no right to complain. Is there something I'm missing?
1)Create client for swaping music
2)?
3)Profit!!!
P2P networks complaining that their software has been ripped off, and that pirates -- ermm, users -- aren't treating their intellectual property fairly. Har.
Comment removed based on user account deletion
between ad-ware and spyware.... especially since the spyware in RadLight uninstalls Ad-Aware. Sure there's something saything that it will disable Ad-aware buried somewhere in the EULA, but we all know how long and complicated those things are.
It wouldn't be too hard to build a trojan into one of these..... however this still might be the lesser of two evils.
Yeah.. I'd rather have a message come up on my screen once a month saying "You have been Own3D!!" then have any god damn popup ads over and over and....
=-Jippy
These companies are trying to advocate that it is fair use to take something you paid for, rip it into another format (removing some of the superflous data), and trade it on their networks... [personally i agree with that]
Yet it is wrong to take something you paid for (remember they provide it FREE - they dont provide it in exchange for spying on you and stealing your cpu cycles - they say FREE), rip it into another format (removing some of the superflous data), and trade it on their networks.
Get real, this is going to cause more damage to their legal cases than anything else.
Now if only someone would write an integrated client that works across all the p2p networks.
I think it's very funny that it took another hacker to figure out that kazaa etc. could be disabled in this way. If the RIAA had any brains at all, they would have figured this out and ... uhh ... wait a minute, maybe Yuri == RIAA?
Why doesn't someone come up with a hack that fills the Spyware home Database with useless information? I mean the data fields that phone home should be easy to fill with meaningless information but seamingly valid data?
This would render any information gained worthless until scrubbed of the offending dirty data. And the scrubbing of dirty data would leave dirt, and/or scrub valid data.
Another option would be to Flood the home servers with pure junk traffic. Or maybe even both?
How about sending home a destructive payload? It should be easy to hack the data fields of the database so that it ends up running the DB server into the ground.
Any other ideas?
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Get mozilla. It has popup filtering built in. Trust me, it is a *godsend*
Whilst it's likely the author had your best interests at heart there's some chance he didn't.
Some chance, but in my opinion very very little. Even virus writers and whatnot love P2P networks. Users are what allow these networks to exist, ergo, it doesn't make sense to attack them. I doubt someone would be willing to sacrifice access to music and warez just to see some trojan or virus succeed. And I don't think this is naive; after all, the networks haven't self-destructed thus far.
The coolest voice ever.
"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."
Yeah I can understand that. After all, consumers have associated the Kazaa brand with intrusive spy software. Removing the spyware does great harm the Kazaa brand, which everyone knows and expects to be full of it.
Edith Keeler Must Die
That's hitting the nail on the head. Who do you trust more? Do you trust the original authors who hid the spyware in your program but are possibly giving some legal notice in the EULA (bleh), so they aren't completely rogue, but are ripping you off? Or do you trust the rogue programmer who claims to have fixed the spyware but maybe has slipped his own trojan in instead?
In the case of Kazaa Lite, I trust the rogue coder but I won't have that attitude on patched software for long. I think I would rather wait for my Slashdot peers to "beta test" these patched versions and find out if their computers die, before I even consider downloading patched up pirate software
Well, if spyware is illegal in your country, don't use Kazaa. Simple as that. Porn is probably illegal in some countries, so should that nation sue and sue and sue because its citizens can have access to unregulated porn online? No. What you do with programs/information/porn is your own choice.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
This is actually what happens in some industries: publishing, film and the like. That especially in the lower levels, people are willing to work for free or close to it, so that it becomes impossible to make a living in it. (How do they do it? More often than not, the ranks of publishing houses and indie film studios are filled with trust-fund kids and rich kids whose folks are willing and able to underwrite the first few years of their careers. The publishing industry in particular is ripe with rich girls who are keeping busy until they get married.)
In the case of Kazaa, its actually quite easy to make your own 'lite' version, there are plenty of sites with instructions on how to do this. Taken from a post to usenet:
/* Install KaZaa 1.6 */
1) Install the new KaZaa, then close the application when all finished.
/* Begin Brilliant Digital Uninstall */
2) In Control Panel, click Add/Remove Programs and find "b3d Projector".
Uninstall this application (make sure all browsers are closed or it won't
work)
3) Find a folder called "b3duninstall" located usually directly in your
Windows folder. Delete this folder.
4) Locate the following files:
> bdedownloader.dll
> bdedata2.dll
> bdefdi.dll
> bdeinsta2.dll
> bdeinstall.exe
> bdesecureinstall.cab
> bdesecureinstall.exe
> bdeverify.exe
> bdeverify.dll
They are usually located in your Windows/System, Windows/System32 folder.
Rename each file adding a ".bak" to the end. (or Delete them if you don't
care about backing them up)
-->Note to Borland users: Borland software creates files that start with
"BDE" as well, so be careful.
/* Brilliant Digital Uninstall done, proceed to Cydoor crippling */
5) Download the dummy cd_clint.dll package at
http://www.cexx.org/cd_clint.zip
6) Go to your Windows/System32 folder. Find "CD_Clint.dll" and rename it to
"CD_Clint.dll.bak"
7) Extract the "CD_Clint.dll" file from the package you got in step 5 into
the Windows/System32 folder (thus replacing the old CD_Clint you backed up
in step 6).
/* Cydoor crippled. */
I.O.U One Sig.
Apparently the whole Brilliant fiasco didn't damange their brand name. Nor did getting delisted by Download.com. Nor did being accused of being unethical by most of the major tech news sources in the United States.
The Kazaa brand name apparently came out unscathed by all of this, but just may be damaged by people using Kazaa Lite. Apparently, having a better user experience is going to lessen Kazaa's value in people's minds.
I am sure I am missing something here, but I just don't know what.
--- Biffster.org
"Bite my shiny metal ass."
sure is funny how the p2p application owners are whining about protecting their IP and copyright when their software is used, primarily, for the sharing of the same type of material.
now they know exactly how the MPAA and RIAA feel.
But as the hacked software movement grows, it is being forced more deeply underground. Already Dr. Damn's ISP has told him it will no longer host his files. He's looking for another provider.
:-)
He could put it on the P2P network
But then, who can tell if the source is trusted? If I do a search and would receive a reply with "Hello Friend, Use This To Strip The Adware Of Your Client", I wouldn't download it in a million years.
But then, why keep all these attachment-viri floating around?
Edwin
bash$
I think he was saying that as long as programs include spyware, someone else will be there to release a castrated version.
- Free tabletop fantasy gaming! Grey Lotus
If all this should have a reason, we would be the last to know.
UpEvil.net reporters have just discovered a completely foolproof method for getting around adware and spyware in file/music sharing programs! Even better than the method described in this
Step 1: Uninstall all current file sharing progams on your PC
Step 2: When finished, simply start accquiring your music/movies through ethical and legal methods, like Emusic.com, or through an secret, ancient technique from the Far East called "Bu Yingt Hecd" (note from UpEvil medical staff: if you experience discomfort at the thought of supporting the corporate system through the given methods, we have found the best way to alleviate this pain is to cease the purchase/accquiring of corporate-produced music altogether)
(optional) Step 3: As an added bonus, install a Free operating system and avoid having to pay for Monopolyware too!
This has been your daily UpEvil "Kazaa-whores-are-a-bunch-of-cheap-whiny-fucks" post of the day. Thank you, and good night.
The Free desktop that Just Works
Mozilla is _free_. Opera is free with ads. hmmm. ads? what?
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
Prevent email address forgery. Publish SPF records for y
"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."
if anything, their brand is being enhanced. i for one would never use a piece of software i knew to be spyware...
It's quite unfortunate that they use this as an example of "without the advertising revenue [from spyware], people can't create free software any more"
They're right that "without this spyware advertising revenue, commercial advertisers can't continue giving their commercial software away without charge", but it's quite insulting to see it compared to free software
I installed Kazaa Lite recently, having never installed a file sharing program since I got my new hard drive. Although most of the ads have been removed, and I don't see any suspicious processes in the background, Kazaa will randomly pop up a web page on its own. Fortunately, I have Pop-Up Stopper, so the pop-up is closed immediately. :)
So it's not 100% ad-free, but all of the really egregious spyware stuff appears to be gone.
For more information, click here.
Quite, but what is Kazza if it is not a network for rippers who want to get toons for free. The whole Kazaa business model is to help people take the property of the music industry for free. So just why do these guys get suprised when their not-so-honest customers decide to deprive them of their revenue stream as well? Like just why did they ever think there was a business to be had out of infringement-ware?
The legalistic approach is somewhat humorous, while they might have a case it would be interesting to see how they would intend to bring it. The problem is that it is rather difficult to bring a suit in a jurisdiction while you are simultaneously evading a suit in the same jurisdiction.
Another problem they may have is that there is a longstanding principle that the courts do not arbitrate disputes between criminals, nor do they get involved collecting gambling debts or resolving a host of other issues. The defense might well be able to argue that the courts should not intervene in this type of dispute as a matter of public policy. Kazaa is arguably a program to facilitate contributory infringement for which there are no (or marginal) legitimate purposes. So it is iniquitous for the US taxpayer to arbitrate a dispute in which Kazza is attempting to protect its illegitimate revenue stream.
If the RIAA had a clue they would be in there handing the court an amicus brief.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
What would happen if someone were to release a version that created bogus and unreliable information making their data collection unreliable and worthless?
The data would have to be indestiguashable from real data or at lease hard to distiguish and yet provide enough noise to make the current collection of data unreliable
Play Command HQ online
Can't be all that difficult in this economic climate. As I understand it, they are parasites who use the distribution method of paying the file-swapping networks $ to carry their programs... well, where are the spyware companies getting the $ from -- is their ad revenue really enough to sustain them?!
I'm hoping not, and that therefore, they will soon wither and die, just another dot-com casulaty.
There's 10 types of people in this world, those who understand binary and those who don't.
P2P companies complaining about their intellectual properties being infringed?!?!?
HAHAHAHAHA... LOL.
I'm still an atheist, but if God keeps things up like this, how will I have any choice but to believe?
I don't think that you should forever distrust those that insist on reinventing the wheel, after all, everyone does this to learn, at one time or another.
That said, why in the hell would anyone ever share files this way? Unix and its relatives have devised any number of ways to share files, complete with a multi-user/security foundation that despite its few flaws, is unparalleled.
Sure, they have a cool way to index files, but why not implement this as a seperate service? Oh, I forgot. Windows.
Nevermind.
But I think that, for the most part, that no one will disagree that there are people using p2p networks for the wrong reasons. The spyware makers have absolutely NO RIGHT to complain. Here's a simple analogy: Guy meets girl with boyfriend, guy steals girl, girl cheats on him, he gets upset. I've got one thing to say to the people who write the spyware for kazaa, you want to swin with the sharks prepare to get bitten.
I'm the big fish in the big pond bitch.
Kazaa's agreement, for example, states: "Except as expressly permitted in this License, you agree not to reverse engineer, de-compile, disassemble, alter, duplicate, modify, rent, lease, loan, sublicense, make copies, create derivative works from, distribute or provide others with the KaZaA Media Desktop Software in whole or part or transmit the application over a network."
are NOT your friends.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
1. get Debian CD. 2. boot result of step 1 3. follow directions and liberate XP, w2k, w9x encumbered machine. 4. enjoy a virus free, ad free computing environment.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Hi, I work for the Free Software Foundation on copyright and licensing issues. "The source is available on Kazaa/Grokster/gnutella" would not meet the obligations of the GPL.
Become a FSF associate member before the low #s are used
For those interested, there's an interview conducted by Zeropaid of Dr. Damn. In related news, Zeropaid recently added several interviews, including: Pablo from Blubster, John Marshall creator of Gnucleus (victim of Morpheus PE rip off), the Limewire Team, Team XoloX, and Travis Hill of MediaEnforcer. Interesting read, a while back Zeropaid also reported on Sharman Network's attitude towards Kazaa Lite, the spyware-free Kazaa by Yuri.
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
Actually this is easy to answer. Crackers are less likely to include malware in their products than commercial vendors.
Cracker groups release thousand of key generators and patches every month. MS wants you to believe that these are full of trojans and whatnot, but afaik there has never been a single reported case of a scene group deliberately releasing an infected crack.
All the shit that people are getting is coming from legal software, either as spyware or through outlook.
I noticed that after running the newest ref file from Ad-Aware that Kazaa Lite stopped working. It gives the message: "You have uninstalled a part of Kazaa that is required to run". I thought my system was clean until the latest update where it found more BDE stuff. I assume that's what made Kazaa Lite stop working. So, it appears that the Lite version isn't as ad/spy-ware free as I thought.
Jason
"FORMAT C:" - Kills bugs dead!
I'm pretty sure that very shortly after Music City released the "preview edition" of the new Morpheus after being reamed by Kazaa they made the source code available for it (as I remember, a face lifted gnucleus). So how did they steal source for a month ? You don't have to release source until you release the binary. And if you don't release the binary you never have to release the source.
NZ Electronics Enthusiasts: Check out my Trade Me Listings
Or you could just go with IRC (obligatory link for newbies) and screw all that schmansy luser "p2p" crap. :)
Yeah, this would be really cool for Debian, I think. Hook some P2P goodness into apt-get, and serve out debs you have cached in return. Yummy.
For everybody who jumped on the bandwagon about the evil in the replacement dll for cydoor I went and did a little research..the code is distributed with the binary and all it is is the Cydoor SDK implemented except all the functions just do nothing or return 1. (www.cydoor.com/sdk helped them out on this one)... If your really that worried about this then just recompile the DLL on your own. The source is in www.cexx.com 's ZIP file of cl_clint.dll... The only thing I've found is that the version of KaZaa I have crashes if I try to use the DLL althought I haven't tried compilig it myself yet... They refer to this as the "AdWare Condom"
If religous zealots don't believe in Evolution, then why are they so worried about bird flu?
It includes the source, and you don't have to be an elite C++ programmer to realize that functions which are either empty or only have "return 1;" in them aren't going to |-|@xx0r j00.
Tim
Omnia vestra castrorum habetur nobis.
They are pretty much looking for blue-blooded smart-but-not-bookish ivy-league comes-from-a-good-family globe-trotting outdoors-going art-savvy second-home-in-the-Hamptons liberal-yet-sensible sons-of-the-American-Revolution. Trust me, almost no one posting on this board would qualify. I definitely don't, and I suspect I might be closer to it than most.
By the way, try searching FT for "Tracy Mandeville" for documents. Apparently, she unintentionally shared her whole my documents collection. There's tons of homework questions, essays, and general school stuff there.
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
What most of the /. and *nix community in general tend to forget is that for the rest of the world free software is just that, software they don't pay money for. So for example, while AnalogX's programs are 100% free for me to use, they don't fall under a small minority's definition of "free software" just because it's not open source. Everyone needs to realize that software isn't free because it fits under the GNU "perfect world," It really is "free software" because the end user wasn't charged anything for it and that is not degraded in any way. I would say a good definition of free software is any software that's free to use and has no ads.
-- "Freedom is the right of all sentient beings" -Optimus Prime
Disclaimer: I don't use Kazaa.
You have to make the source available from wherever the binaries are available from. So, if you provide the binaries from your box, and you provide the source from your box, then you would be OK, provided that the package containing the binaries mentioned that the source was available from there, and that it was easily possible to find the source. Does Kazaa have "addresses" like URLs? If not, how will the downloader find the source code?
Become a FSF associate member before the low #s are used
Furthermore, the company that developed the FT tech has, AFAIK, disbanded, and development is over. These guys were pretty bright: in order to avoid a Napster-type fiasco, they decided to just develop the software and make others take the risk of running the servers. Kazaa just licensed the software and is now attempting to milk it for cash.
Frankly, Kazaa is run by a bunch of sleazebags and I wouldn't want to give them money in any case. They've done amazingly unethical things. They're like the anti-Google. There's the obvious: installing of spyware, trying to run a distributed network behind people's backs, and basing their business model on running a piracy network (though this last point is not considered unethical by some).
But the worst is what happened to Morpheus. You may have heard of it: it was a FT client identical to Kazaa in every way (being the same licensed software). Although they tried to keep this under wraps, here is what seems to have happened: Kazaa, wanting to grab ad revenues from Morpheus, released an "upgrade" to Morpheus which had the effect of destroying it. Their trick worked, too.
This is $$$MAKE MONEY FAST$$$ level sleaziness here :). I hope Kazaa dies, and good riddance.
Yeah, sure, I'm gonna be flamed. But how is it possible for "the original authors" to be "ripping you off"? They wrote the code. Not you. How is it a rip off? Do I have a serious logical gap? It seems to me that the reverse is true. I don't like spyware/adware/whateverotherinsidiousnameyouwantto callitware. So I use linux and avoid such program completely. It seems to me that people using programs like adaway/adaware/whatever are in fact ripping off the original programmers. As are the people who designed said programs. If you don't like what these companies (e.g. the Kazaa people) are doing with their software, don't use it. The chief principle of the GPL is almost entirely that. If you don't want to use it as they say you can, you cannot use it. If someone violates the GPL there's a general uproar. Yet someone violates a different software license and people are complaining about the writers of that license? Stop and think about what I'm saying for a minute before I get mod'd to never-never land. That's all
You should try popnot
I really hate Dan Patrick.
That's probably because all the author did was replace the dll with one that just does nothing.
AD Aware just checks if the dll exists, and voila, you got a hit.
Be wary of any facts that confirm your opinion.
How is it a rip off?
I was referring to embedding extra features (aka spyware) into their product without making it clear that they are doing so (except in a EULA less clear than a tax form). I consider a rip off is when you don't get what you bargained for and that is how I view Kazaa today
In a world where the vast majority of individuals have never heard of GNU, Richard Stallman etc.etc. this product is free.
Yes it's free as in "free beer" and not "free speech" but the reality is that the masses don't give a flying fuck about the "free speech" bit.
For them, the criteria for something being free is:
If both answers are "no" then it's free. Period.
Whereas we like the idea of having the source code, being able to modify it and pass it on, your joe sixpack just wants to know if he's going to get the police come chasing after him if he gives it to a load of mates. He doesn't care about the source code (mainly because he can't read it and wouldn't know what to do with it) and he's certainly not interested in making any modifications and redistributing it.
Under this, the following products (and many more) are considered free:
and so on and so on.
So the point here is that although it's not "truely free" it can and will still be considered "free".
And until the GPL is known to the majority of the people in the world, this is the way "free" is always going to be considered.
Avantslash - View Slashdot cleanly on your mobile phone.
This is a great example of the 'net acting like a biological organism...routing around censorship, and developing its own defensive mechanisms against unwanted intruders. The image of the Internet community as a giant "blob", slowly flowing over, bypassing, and eventually making irrelevant the obstacles created by others reminds me, too, of a volcano - locally powerful, representative of tremendous potential.
Here's a response I was given to an email I wrote the Ad-Aware team about the issue:
"We have taken steps for this, Please update your reference file for AdAware.
Current Version
AdAware 5.0 release 5.71 build 2899
Current reference file 108-23-04-02 This update targets Radlight"
Remember "Bring 'em on"? *sigh
Excellent point. I haven't explored gnucleus yet, but I'll give it a shot.
Be aware that Ad-aware will hit on the new cydoor stub - don't let ad-aware remove it or your new, fixed, kazaa won't work.
Tough diggity, my EULA states that people owe me money for reading posts. But I can't enforce that anymore than they can. I can (and occasionaly do) dissasemble or edit installers to remove or alter the EULA. Therefore, since I don't agree to the EULA, and in fact was never presented with the EULA, I'm not bound by it, only by normal copyright law. Fair use entitles me to make copies of the software for my own use, including copies in RAM.
Build a "phone-home" trojan into a modified p2p program and distribute it? To me, that sounds like a job for the Copyright Police.
In the version 1.0, they get rid of the spyware and open the door to later infection and shutdown when the evildoers decide to walk into their underground command center (directly under RIAA headquarters), and push the "shutdown" button.
If my business model was threatened by technology and I wasn't smart enough to adapt and sell what the customer wants, I might be motivated to attempt this "replace spyware with virusware" as a desperation tactic. It might keep my investors happy for 3 to 6 months.
How about charging some nominal yet affordable fee?
I'd gladly pay $1 - $3 to download a utility like Bearshare or Kazaa that is completely spyware free.
How much can the spyware people be paying per download?
I prefer to use Bearshare simply because they give the me the option to opt out of installing the adware... they make you feel guilty about it, but they give you the option.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
Yeah.
I used to use patches from various 'rogue programmers', or 'rogue groups', until I learned how to do it myself.
Equip yourself with a decompiler, a hex editor, and knowledge from the various FRAVIA'S REVERSE ENGINEERING LAB mirrors.
Go fishing and stop asking for fish anymore.
I believe the "Citizen" thing the poster was referring to was the establishing of United States Citizenship via the 14th amendment (as opposed to citizenship of individual states).
As I understand it, the major reason this was done was because many states refused to grant citizenship to freed slaves and other non-whites. There were no laws that said that the states had to, since at the time we had a very different political configuration (the Federal Government was _MUCH_ smaller, and less intrusive), so the Federal government saw an opportunity for a power-grab and created a second-class "Citizen" (National citizen) which technically is not afforded the specific protections of the Constitution that would be afforded to the state citizens - inalienable rights aside, of course.
From that point on, all people who have not specificaly petitioned for, and been granted state citizenship after denouncing their federal citizenship are under the 14th amendment's Citizenship from birth, or the age of 18, I don't recall which.
Anyway, my memory isn't the best, don't take my word for it - go read the 14th amendment.
Where did you get the idea that reverse engineering software is illegal? (I assume that is what you mean by 'not quite legal')
It's completely legal to reverse engineer anything, unless you have some contractual agreement to the contrary.
You may be thinking of the clean-room techniques used to reverse engineer, then re-engineer software to build a competing product... but that's another story altogether. Those results are simply to show that none of the original work was copied. You have one team rip something down into a spec, then a totally different team build a product from that spec. And that's legal.
Patents can get in the way of course....