Spyware Makers Resent Cleaned-Up Versions

Tri0de points to a ZDnet artcle on a programmer who's taken it upon himself to release spyware- and adware-free versions of popular file-sharing programs. "'He's done Grokster and iMesh. And he's not alone. His work, now available through the Grokster and iMesh networks themselves, joins that of other programmers who have previously "cleaned" programs such as Kazaa and Audiogalaxy in a campaign against "adware" and "spyware." Is the shoe on the other foot?'"

Of course! It's their $$

[Jon+Howard]

Where's the funding going to come from?

Be VERY wary

[grahamsz]

I'd be very suspicious of 'cleaned' applications floating about on p2p networks.

Whilst it's likely the author had your best interests at heart there's some chance he didn't.

It wouldn't be too hard to build a trojan into one of these, and if it were done well you could have your trojan version of kazaa send requests onto the network that immediately identify to anyone watching that it's an infected copy.

That'd would mean that the trojan wouldn't have to either 'phone home' or be detcted by randomly portscanning subnets.

however this still might be the lesser of two evils.

Re:Be VERY wary

[gwernol]

How is this Insightful?! If people don't know not to run untrusted binaries from untrusted sources, we need a serious wake-up call!

Come on people! This should be as obvious as...

Well just because its obvious to you does not mean its obvious to everyone. There are lots of people who are just learning to use P2P networks and sites like Slashdot. How are they supposed to learn the "obvious" things if we're not allowed to tell them?

Kazaa et al. are new services themselves. They've only been around for a couple of years, and they've been in the "mainstream" for considerably less time than that. Plenty of people don't work on Internet time, they don't rush out and adopt every new technology within a few days of its launch. And yes, a lot of these people (I'd guess) read Slashdot. Don't forget that the vast majority of Slashdot readers don't post; therefore posters like you and me are highly unrepresentative of readers.

I don't think we're anywhere near the point, even in the Geek community, where we can stop giving out these warnings because they are "obvious". So yes, I think this was an insightful post.

Re:Of course! It's their $$

[magicslax]

1)Create client for swaping music
2)?
3)Profit!!!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Personally..

[JippyNickers]

It wouldn't be too hard to build a trojan into one of these..... however this still might be the lesser of two evils.

Yeah.. I'd rather have a message come up on my screen once a month saying "You have been Own3D!!" then have any god damn popup ads over and over and....

=-Jippy

Re:Well whoopdie do

[nomadic]

In my own opinion, spyware makers have no right to complain. Is there something I'm missing?

They have every right to complain.

We have every right to ignore them.

Why didn't RIAA think of that?

[geophile]

I think it's very funny that it took another hacker to figure out that kazaa etc. could be disabled in this way. If the RIAA had any brains at all, they would have figured this out and ... uhh ... wait a minute, maybe Yuri == RIAA?

Re:Why didn't RIAA think of that?

[gnovos]

If the RIAA had any brains at all, they would have figured this out and ... uhh ... wait a minute, maybe Yuri == RIAA?

No Yuri!=RIAA... Come on guy, you answered you own question right there when you put "RIAA" and "had any brains at all" in the same sentence.

Re Hacked Spyware

[Archangel+Michael]

Why doesn't someone come up with a hack that fills the Spyware home Database with useless information? I mean the data fields that phone home should be easy to fill with meaningless information but seamingly valid data?

This would render any information gained worthless until scrubbed of the offending dirty data. And the scrubbing of dirty data would leave dirt, and/or scrub valid data.

Another option would be to Flood the home servers with pure junk traffic. Or maybe even both?

How about sending home a destructive payload? It should be easy to hack the data fields of the database so that it ends up running the DB server into the ground.

Any other ideas?

Self-interest

[Faust7]

Whilst it's likely the author had your best interests at heart there's some chance he didn't.

Some chance, but in my opinion very very little. Even virus writers and whatnot love P2P networks. Users are what allow these networks to exist, ergo, it doesn't make sense to attack them. I doubt someone would be willing to sacrifice access to music and warez just to see some trojan or virus succeed. And I don't think this is naive; after all, the networks haven't self-destructed thus far.

Brand-name damaged

[kindbud]

"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."

Yeah I can understand that. After all, consumers have associated the Kazaa brand with intrusive spy software. Removing the spyware does great harm the Kazaa brand, which everyone knows and expects to be full of it.

Re:Brand-name damaged

[djmurdoch]

After all, consumers have associated the Kazaa brand (TM) with intrusive spy software. Removing the spyware does great harm the Kazaa brand, which everyone knows and expects to be full of it.

You seem to think that the customers are the users. Wrong. It's the same funding model as broadcast TV: the customers are the advertisers. The users are the product.

Having a significant proportion of Kazaa users avoiding the ads damages its reputation with their customers, who can no longer trust their traffic reports as being surrogates for eyeball counts.

Re:Be VERY wary - Who do you trust more?

[Glorat]

That's hitting the nail on the head. Who do you trust more? Do you trust the original authors who hid the spyware in your program but are possibly giving some legal notice in the EULA (bleh), so they aren't completely rogue, but are ripping you off? Or do you trust the rogue programmer who claims to have fixed the spyware but maybe has slipped his own trojan in instead?

In the case of Kazaa Lite, I trust the rogue coder but I won't have that attitude on patched software for long. I think I would rather wait for my Slashdot peers to "beta test" these patched versions and find out if their computers die, before I even consider downloading patched up pirate software

Re:The irony is sweet

[Arandir]

Join the Great Slashdot Blackout [slashdot.org] April 21-27

Ummm, how can you reconcile that sig with your post dated 07:22 PM April 25th, 2002? I'm beginning to suspect that none of the MCAA bashers are going to boycott TAOTC either.

Re:Be VERY wary (how to roll your own kazaalite)

[shird]

In the case of Kazaa, its actually quite easy to make your own 'lite' version, there are plenty of sites with instructions on how to do this. Taken from a post to usenet:

/* Install KaZaa 1.6 */

1) Install the new KaZaa, then close the application when all finished.

/* Begin Brilliant Digital Uninstall */

2) In Control Panel, click Add/Remove Programs and find "b3d Projector".
Uninstall this application (make sure all browsers are closed or it won't
work)

3) Find a folder called "b3duninstall" located usually directly in your
Windows folder. Delete this folder.

4) Locate the following files:

> bdedownloader.dll
> bdedata2.dll
> bdefdi.dll
> bdeinsta2.dll
> bdeinstall.exe
> bdesecureinstall.cab
> bdesecureinstall.exe
> bdeverify.exe
> bdeverify.dll

They are usually located in your Windows/System, Windows/System32 folder.
Rename each file adding a ".bak" to the end. (or Delete them if you don't
care about backing them up)

-->Note to Borland users: Borland software creates files that start with
"BDE" as well, so be careful.

/* Brilliant Digital Uninstall done, proceed to Cydoor crippling */

5) Download the dummy cd_clint.dll package at
http://www.cexx.org/cd_clint.zip

6) Go to your Windows/System32 folder. Find "CD_Clint.dll" and rename it to
"CD_Clint.dll.bak"

7) Extract the "CD_Clint.dll" file from the package you got in step 5 into
the Windows/System32 folder (thus replacing the old CD_Clint you backed up
in step 6).

/* Cydoor crippled. */

Re:ummm yeah

[miguelitof]

"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."

Apparently the whole Brilliant fiasco didn't damange their brand name. Nor did getting delisted by Download.com. Nor did being accused of being unethical by most of the major tech news sources in the United States.

The Kazaa brand name apparently came out unscathed by all of this, but just may be damaged by people using Kazaa Lite. Apparently, having a better user experience is going to lessen Kazaa's value in people's minds.

I am sure I am missing something here, but I just don't know what.

Re:An embarrassment to open source / free software

[Rick+the+Red]

File trading networks seem perfect for distributing i.e. linux ISOs, taking the load off organizations like Debian that don't have the money and don't deserve to have to pay for a lot of bandwidth.

Interesting idea. IANAL, so anyone care to offer opinions on whether stating "The source is available on Kazaa/Grokster/gnutella" would meet the obligations of the GPL?

my file-sharing flamebait for the day...

[tempest303]

NEWS FLASH:

UpEvil.net reporters have just discovered a completely foolproof method for getting around adware and spyware in file/music sharing programs! Even better than the method described in this /. story, the UpEvil crew has unearthed the following three AMAZING new ways of fighting ALL current (ad || spy)ware!

Step 1: Uninstall all current file sharing progams on your PC

Step 2: When finished, simply start accquiring your music/movies through ethical and legal methods, like Emusic.com, or through an secret, ancient technique from the Far East called "Bu Yingt Hecd" (note from UpEvil medical staff: if you experience discomfort at the thought of supporting the corporate system through the given methods, we have found the best way to alleviate this pain is to cease the purchase/accquiring of corporate-produced music altogether)

(optional) Step 3: As an added bonus, install a Free operating system and avoid having to pay for Monopolyware too!

This has been your daily UpEvil "Kazaa-whores-are-a-bunch-of-cheap-whiny-fucks" post of the day. Thank you, and good night.

Re:Of course! It's their $$

[peddrenth]

It's quite unfortunate that they use this as an example of "without the advertising revenue [from spyware], people can't create free software any more"

They're right that "without this spyware advertising revenue, commercial advertisers can't continue giving their commercial software away without charge", but it's quite insulting to see it compared to free software

The delicious, unadulterated Irony of it all...

[NoMoreNicksLeft]

P2P companies complaining about their intellectual properties being infringed?!?!?

HAHAHAHAHA... LOL.

I'm still an atheist, but if God keeps things up like this, how will I have any choice but to believe?

Re:Well whoopdie do

[mindstrm]

What if I didn't install it? What if I disassembled the installer without going through the clickthrough agreement? At that point, only standard copyright law exists to protect the authors.

Re:Of course! It's their $$

[Broccolist]

Funding for what exactly? The FastTrack network (of which Kazaa is a client), being self-organized, costs very little to run. All they need to set up is a few login servers.

Furthermore, the company that developed the FT tech has, AFAIK, disbanded, and development is over. These guys were pretty bright: in order to avoid a Napster-type fiasco, they decided to just develop the software and make others take the risk of running the servers. Kazaa just licensed the software and is now attempting to milk it for cash.

Frankly, Kazaa is run by a bunch of sleazebags and I wouldn't want to give them money in any case. They've done amazingly unethical things. They're like the anti-Google. There's the obvious: installing of spyware, trying to run a distributed network behind people's backs, and basing their business model on running a piracy network (though this last point is not considered unethical by some).

But the worst is what happened to Morpheus. You may have heard of it: it was a FT client identical to Kazaa in every way (being the same licensed software). Although they tried to keep this under wraps, here is what seems to have happened: Kazaa, wanting to grab ad revenues from Morpheus, released an "upgrade" to Morpheus which had the effect of destroying it. Their trick worked, too.

This is $$$MAKE MONEY FAST$$$ level sleaziness here :). I hope Kazaa dies, and good riddance.

Re:Of course! It's their $$

[Oliver+Wendell+Jones]

How about charging some nominal yet affordable fee?

I'd gladly pay $1 - $3 to download a utility like Bearshare or Kazaa that is completely spyware free.

How much can the spyware people be paying per download?

I prefer to use Bearshare simply because they give the me the option to opt out of installing the adware... they make you feel guilty about it, but they give you the option.