Spyware Makers Resent Cleaned-Up Versions

Tri0de points to a ZDnet artcle on a programmer who's taken it upon himself to release spyware- and adware-free versions of popular file-sharing programs. "'He's done Grokster and iMesh. And he's not alone. His work, now available through the Grokster and iMesh networks themselves, joins that of other programmers who have previously "cleaned" programs such as Kazaa and Audiogalaxy in a campaign against "adware" and "spyware." Is the shoe on the other foot?'"

Of course! It's their $$

[Jon+Howard]

Where's the funding going to come from?

Be VERY wary

[grahamsz]

I'd be very suspicious of 'cleaned' applications floating about on p2p networks.

Whilst it's likely the author had your best interests at heart there's some chance he didn't.

It wouldn't be too hard to build a trojan into one of these, and if it were done well you could have your trojan version of kazaa send requests onto the network that immediately identify to anyone watching that it's an infected copy.

That'd would mean that the trojan wouldn't have to either 'phone home' or be detcted by randomly portscanning subnets.

however this still might be the lesser of two evils.

Re:Be VERY wary

[gwernol]

How is this Insightful?! If people don't know not to run untrusted binaries from untrusted sources, we need a serious wake-up call!

Come on people! This should be as obvious as...

Well just because its obvious to you does not mean its obvious to everyone. There are lots of people who are just learning to use P2P networks and sites like Slashdot. How are they supposed to learn the "obvious" things if we're not allowed to tell them?

Kazaa et al. are new services themselves. They've only been around for a couple of years, and they've been in the "mainstream" for considerably less time than that. Plenty of people don't work on Internet time, they don't rush out and adopt every new technology within a few days of its launch. And yes, a lot of these people (I'd guess) read Slashdot. Don't forget that the vast majority of Slashdot readers don't post; therefore posters like you and me are highly unrepresentative of readers.

I don't think we're anywhere near the point, even in the Geek community, where we can stop giving out these warnings because they are "obvious". So yes, I think this was an insightful post.

Re:Of course! It's their $$

[magicslax]

1)Create client for swaping music
2)?
3)Profit!!!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Personally..

[JippyNickers]

It wouldn't be too hard to build a trojan into one of these..... however this still might be the lesser of two evils.

Yeah.. I'd rather have a message come up on my screen once a month saying "You have been Own3D!!" then have any god damn popup ads over and over and....

=-Jippy

Re:Well whoopdie do

[nomadic]

In my own opinion, spyware makers have no right to complain. Is there something I'm missing?

They have every right to complain.

We have every right to ignore them.

Fair use?

[grahamsz]

These companies are trying to advocate that it is fair use to take something you paid for, rip it into another format (removing some of the superflous data), and trade it on their networks... [personally i agree with that]

Yet it is wrong to take something you paid for (remember they provide it FREE - they dont provide it in exchange for spying on you and stealing your cpu cycles - they say FREE), rip it into another format (removing some of the superflous data), and trade it on their networks.

Get real, this is going to cause more damage to their legal cases than anything else.

Why didn't RIAA think of that?

[geophile]

I think it's very funny that it took another hacker to figure out that kazaa etc. could be disabled in this way. If the RIAA had any brains at all, they would have figured this out and ... uhh ... wait a minute, maybe Yuri == RIAA?

Re:Why didn't RIAA think of that?

[gnovos]

If the RIAA had any brains at all, they would have figured this out and ... uhh ... wait a minute, maybe Yuri == RIAA?

No Yuri!=RIAA... Come on guy, you answered you own question right there when you put "RIAA" and "had any brains at all" in the same sentence.

Re Hacked Spyware

[Archangel+Michael]

Why doesn't someone come up with a hack that fills the Spyware home Database with useless information? I mean the data fields that phone home should be easy to fill with meaningless information but seamingly valid data?

This would render any information gained worthless until scrubbed of the offending dirty data. And the scrubbing of dirty data would leave dirt, and/or scrub valid data.

Another option would be to Flood the home servers with pure junk traffic. Or maybe even both?

How about sending home a destructive payload? It should be easy to hack the data fields of the database so that it ends up running the DB server into the ground.

Any other ideas?

Re: Popup ads == Evil

[geoffsmith]

Get mozilla. It has popup filtering built in. Trust me, it is a *godsend*

Self-interest

[Faust7]

Whilst it's likely the author had your best interests at heart there's some chance he didn't.

Some chance, but in my opinion very very little. Even virus writers and whatnot love P2P networks. Users are what allow these networks to exist, ergo, it doesn't make sense to attack them. I doubt someone would be willing to sacrifice access to music and warez just to see some trojan or virus succeed. And I don't think this is naive; after all, the networks haven't self-destructed thus far.

Brand-name damaged

[kindbud]

"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."

Yeah I can understand that. After all, consumers have associated the Kazaa brand with intrusive spy software. Removing the spyware does great harm the Kazaa brand, which everyone knows and expects to be full of it.

Re:Brand-name damaged

[djmurdoch]

After all, consumers have associated the Kazaa brand (TM) with intrusive spy software. Removing the spyware does great harm the Kazaa brand, which everyone knows and expects to be full of it.

You seem to think that the customers are the users. Wrong. It's the same funding model as broadcast TV: the customers are the advertisers. The users are the product.

Having a significant proportion of Kazaa users avoiding the ads damages its reputation with their customers, who can no longer trust their traffic reports as being surrogates for eyeball counts.

Re:Be VERY wary - Who do you trust more?

[Glorat]

That's hitting the nail on the head. Who do you trust more? Do you trust the original authors who hid the spyware in your program but are possibly giving some legal notice in the EULA (bleh), so they aren't completely rogue, but are ripping you off? Or do you trust the rogue programmer who claims to have fixed the spyware but maybe has slipped his own trojan in instead?

In the case of Kazaa Lite, I trust the rogue coder but I won't have that attitude on patched software for long. I think I would rather wait for my Slashdot peers to "beta test" these patched versions and find out if their computers die, before I even consider downloading patched up pirate software

Re: tech people work for free

[Lemmy+Caution]

This is actually what happens in some industries: publishing, film and the like. That especially in the lower levels, people are willing to work for free or close to it, so that it becomes impossible to make a living in it. (How do they do it? More often than not, the ranks of publishing houses and indie film studios are filled with trust-fund kids and rich kids whose folks are willing and able to underwrite the first few years of their careers. The publishing industry in particular is ripe with rich girls who are keeping busy until they get married.)

Re:The irony is sweet

[Arandir]

Join the Great Slashdot Blackout [slashdot.org] April 21-27

Ummm, how can you reconcile that sig with your post dated 07:22 PM April 25th, 2002? I'm beginning to suspect that none of the MCAA bashers are going to boycott TAOTC either.

Re:Be VERY wary (how to roll your own kazaalite)

[shird]

In the case of Kazaa, its actually quite easy to make your own 'lite' version, there are plenty of sites with instructions on how to do this. Taken from a post to usenet:

/* Install KaZaa 1.6 */

1) Install the new KaZaa, then close the application when all finished.

/* Begin Brilliant Digital Uninstall */

2) In Control Panel, click Add/Remove Programs and find "b3d Projector".
Uninstall this application (make sure all browsers are closed or it won't
work)

3) Find a folder called "b3duninstall" located usually directly in your
Windows folder. Delete this folder.

4) Locate the following files:

> bdedownloader.dll
> bdedata2.dll
> bdefdi.dll
> bdeinsta2.dll
> bdeinstall.exe
> bdesecureinstall.cab
> bdesecureinstall.exe
> bdeverify.exe
> bdeverify.dll

They are usually located in your Windows/System, Windows/System32 folder.
Rename each file adding a ".bak" to the end. (or Delete them if you don't
care about backing them up)

-->Note to Borland users: Borland software creates files that start with
"BDE" as well, so be careful.

/* Brilliant Digital Uninstall done, proceed to Cydoor crippling */

5) Download the dummy cd_clint.dll package at
http://www.cexx.org/cd_clint.zip

6) Go to your Windows/System32 folder. Find "CD_Clint.dll" and rename it to
"CD_Clint.dll.bak"

7) Extract the "CD_Clint.dll" file from the package you got in step 5 into
the Windows/System32 folder (thus replacing the old CD_Clint you backed up
in step 6).

/* Cydoor crippled. */

Re:ummm yeah

[miguelitof]

"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."

Apparently the whole Brilliant fiasco didn't damange their brand name. Nor did getting delisted by Download.com. Nor did being accused of being unethical by most of the major tech news sources in the United States.

The Kazaa brand name apparently came out unscathed by all of this, but just may be damaged by people using Kazaa Lite. Apparently, having a better user experience is going to lessen Kazaa's value in people's minds.

I am sure I am missing something here, but I just don't know what.

Re:An embarrassment to open source / free software

[Rick+the+Red]

File trading networks seem perfect for distributing i.e. linux ISOs, taking the load off organizations like Debian that don't have the money and don't deserve to have to pay for a lot of bandwidth.

Interesting idea. IANAL, so anyone care to offer opinions on whether stating "The source is available on Kazaa/Grokster/gnutella" would meet the obligations of the GPL?

my file-sharing flamebait for the day...

[tempest303]

NEWS FLASH:

UpEvil.net reporters have just discovered a completely foolproof method for getting around adware and spyware in file/music sharing programs! Even better than the method described in this /. story, the UpEvil crew has unearthed the following three AMAZING new ways of fighting ALL current (ad || spy)ware!

Step 1: Uninstall all current file sharing progams on your PC

Step 2: When finished, simply start accquiring your music/movies through ethical and legal methods, like Emusic.com, or through an secret, ancient technique from the Far East called "Bu Yingt Hecd" (note from UpEvil medical staff: if you experience discomfort at the thought of supporting the corporate system through the given methods, we have found the best way to alleviate this pain is to cease the purchase/accquiring of corporate-produced music altogether)

(optional) Step 3: As an added bonus, install a Free operating system and avoid having to pay for Monopolyware too!

This has been your daily UpEvil "Kazaa-whores-are-a-bunch-of-cheap-whiny-fucks" post of the day. Thank you, and good night.

Obligatory Opera v. Mozilla comment

[Dave_bsr]

Mozilla is _free_. Opera is free with ads. hmmm. ads? what?

Brand names

[FattMattP]

This line was classic!

"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."

LOL! Your brand has already been shot to hell by your deceptive spyware bundling. Someone give this clueless "CEO" a cookie.

Re:Of course! It's their $$

[peddrenth]

It's quite unfortunate that they use this as an example of "without the advertising revenue [from spyware], people can't create free software any more"

They're right that "without this spyware advertising revenue, commercial advertisers can't continue giving their commercial software away without charge", but it's quite insulting to see it compared to free software

The delicious, unadulterated Irony of it all...

[NoMoreNicksLeft]

P2P companies complaining about their intellectual properties being infringed?!?!?

HAHAHAHAHA... LOL.

I'm still an atheist, but if God keeps things up like this, how will I have any choice but to believe?

Re:Well whoopdie do

[mindstrm]

What if I didn't install it? What if I disassembled the installer without going through the clickthrough agreement? At that point, only standard copyright law exists to protect the authors.

You know

[jgerman]

... regardless of whether or not file sharing is WRONG. It's certainly illegal. Always has been regardless of whether the file is stored on a hard drive or tranferred to a cassette tape or cd. I'm not going to get into a huge debate about the subject, mainly because my opinion on the matter changes from day to day ;)

But I think that, for the most part, that no one will disagree that there are people using p2p networks for the wrong reasons. The spyware makers have absolutely NO RIGHT to complain. Here's a simple analogy: Guy meets girl with boyfriend, guy steals girl, girl cheats on him, he gets upset. I've got one thing to say to the people who write the spyware for kazaa, you want to swin with the sharks prepare to get bitten.

Re:You know

[Planesdragon]

The act of duplicating a file from one computer to another computer is not illegal, nor will it ever be.

Allow me to qualify.

"The act of duplicating a copyrighted file without permission from one computer to another computer is illegal, and always has been, save only for fair use."

Fair use claims also have to be made in court, btw. :) Good luck.

(see http://www.copyright.gov/title17/ for more information. IANALBIPON/.)

You forgot the most useful steps of all.

[Erris]

1. get Debian CD. 2. boot result of step 1 3. follow directions and liberate XP, w2k, w9x encumbered machine. 4. enjoy a virus free, ad free computing environment.

Re:Be VERY wary - Who do you trust more?

[Cryogenes]

Actually this is easy to answer. Crackers are less likely to include malware in their products than commercial vendors.

Cracker groups release thousand of key generators and patches every month. MS wants you to believe that these are full of trojans and whatnot, but afaik there has never been a single reported case of a scene group deliberately releasing an infected crack.

All the shit that people are getting is coming from legal software, either as spyware or through outlook.

Kazaa-Lite Still Has BDE?

[JLester]

I noticed that after running the newest ref file from Ad-Aware that Kazaa Lite stopped working. It gives the message: "You have uninstalled a part of Kazaa that is required to run". I thought my system was clean until the latest update where it found more BDE stuff. I assume that's what made Kazaa Lite stop working. So, it appears that the Lite version isn't as ad/spy-ware free as I thought.

Jason

Re:Kazaa-Lite Still Has BDE?

[SlimySlimy]

Ooops.

Ad-aware removes some files that are part of KaZaA Lite that are meant to fool the modified KaZaA into thinking that the spyware is still there. You probably removed the "dummy files" that need to be in place to fool the KaZaA in KaZaA Lite.

You probably didn't have spyware afterall, but ended up crippling KaZaA Lite with Ad-Aware :-)

Anyway, why are you using that proprietary, closed source P2P tool anyway? Check out Gnucleus for Windows, a GPLed Gnutella client with swarming and SuperNode support, and tons of users without spyware, limits, or the RIAA on its tail: (http://www.gnucleus.net)

Re:Be VERY wary (how to roll your own kazaalite)

[Bitsy+Boffin]

I'm pretty sure that very shortly after Music City released the "preview edition" of the new Morpheus after being reamed by Kazaa they made the source code available for it (as I remember, a face lifted gnucleus). So how did they steal source for a month ? You don't have to release source until you release the binary. And if you don't release the binary you never have to release the source.

Just buy LimeWire - or use IRC

[Sean+Clifford]

Not to be a troll, but just pop $8.50 for LimeWire Pro (warning: annoying pop-ups on site). No damned pop-ups or stealthware (that I'm aware of anyway) and they have it for every platform we're likely to use: Linux, OS X, MacOS, and Microsoft Windows(TM).

Or you could just go with IRC (obligatory link for newbies) and screw all that schmansy luser "p2p" crap. :)

Re:KaZaA

[Istealmymusic]

A few months ago I downloaded someone's resume and homework off FT (I don't remember the name but I'm sure it wasn't yours). There's a lot of interesting documents (as opposed to media) on kazaa, instantly available to anyone. FastTrack could become the next cheatmonkey/schoolsucks/allclasses if people would "accidently" do this more often.

By the way, try searching FT for "Tracy Mandeville" for documents. Apparently, she unintentionally shared her whole my documents collection. There's tons of homework questions, essays, and general school stuff there.

Re:Of course! It's their $$

[jtdennis]

What most of the /. and *nix community in general tend to forget is that for the rest of the world free software is just that, software they don't pay money for. So for example, while AnalogX's programs are 100% free for me to use, they don't fall under a small minority's definition of "free software" just because it's not open source. Everyone needs to realize that software isn't free because it fits under the GNU "perfect world," It really is "free software" because the end user wasn't charged anything for it and that is not degraded in any way. I would say a good definition of free software is any software that's free to use and has no ads.

Re:Of course! It's their $$

[Broccolist]

Funding for what exactly? The FastTrack network (of which Kazaa is a client), being self-organized, costs very little to run. All they need to set up is a few login servers.

Furthermore, the company that developed the FT tech has, AFAIK, disbanded, and development is over. These guys were pretty bright: in order to avoid a Napster-type fiasco, they decided to just develop the software and make others take the risk of running the servers. Kazaa just licensed the software and is now attempting to milk it for cash.

Frankly, Kazaa is run by a bunch of sleazebags and I wouldn't want to give them money in any case. They've done amazingly unethical things. They're like the anti-Google. There's the obvious: installing of spyware, trying to run a distributed network behind people's backs, and basing their business model on running a piracy network (though this last point is not considered unethical by some).

But the worst is what happened to Morpheus. You may have heard of it: it was a FT client identical to Kazaa in every way (being the same licensed software). Although they tried to keep this under wraps, here is what seems to have happened: Kazaa, wanting to grab ad revenues from Morpheus, released an "upgrade" to Morpheus which had the effect of destroying it. Their trick worked, too.

This is $$$MAKE MONEY FAST$$$ level sleaziness here :). I hope Kazaa dies, and good riddance.

Re:ok

[ComaVN]

That's probably because all the author did was replace the dll with one that just does nothing.
AD Aware just checks if the dll exists, and voila, you got a hit.

Re:Of course! It's their $$

[Mr_Silver]

but it's quite insulting to see it compared to free software

In a world where the vast majority of individuals have never heard of GNU, Richard Stallman etc.etc. this product is free.

Yes it's free as in "free beer" and not "free speech" but the reality is that the masses don't give a flying fuck about the "free speech" bit.

For them, the criteria for something being free is:

1. Do I have to pay for it?
2. Am I prevented from making copies of this and giving it to my mates?

If both answers are "no" then it's free. Period.

Whereas we like the idea of having the source code, being able to modify it and pass it on, your joe sixpack just wants to know if he's going to get the police come chasing after him if he gives it to a load of mates. He doesn't care about the source code (mainly because he can't read it and wouldn't know what to do with it) and he's certainly not interested in making any modifications and redistributing it.

Under this, the following products (and many more) are considered free:

• Internet Explorer
• Kazaa
• Winamp

and so on and so on.

So the point here is that although it's not "truely free" it can and will still be considered "free".

And until the GPL is known to the majority of the people in the world, this is the way "free" is always going to be considered.

Biological Response to Unwanted Intruder

[eer]

This is a great example of the 'net acting like a biological organism...routing around censorship, and developing its own defensive mechanisms against unwanted intruders. The image of the Internet community as a giant "blob", slowly flowing over, bypassing, and eventually making irrelevant the obstacles created by others reminds me, too, of a volcano - locally powerful, representative of tremendous potential.

Re:Of course! It's their $$

[Oliver+Wendell+Jones]

How about charging some nominal yet affordable fee?

I'd gladly pay $1 - $3 to download a utility like Bearshare or Kazaa that is completely spyware free.

How much can the spyware people be paying per download?

I prefer to use Bearshare simply because they give the me the option to opt out of installing the adware... they make you feel guilty about it, but they give you the option.