Slashdot Mirror
An interview with Ad-Aware's Nicholas Stark
Andrew Leonard writes: "In the wake of the Ad-Aware/RadLight spyware vs. anti-spyware showdown, Salon has an interview with Ad-Aware's Nicholas Stark, who explains in no uncertain terms Lavasoft's determination to match every move by the spyware developers."
In order for a contract to be valid there must be:
1.) a valid offer
a. must be serious
b. must be specific
2.) A valid acceptence
3.) exchange of consideration
As far as I'm concerned, not telling someone that the contract allows them to delete information on your computer, that's not very specific.
As for taking this to court, a remedy would probably be for damages or recission(null) of the contract.
all we need now is someone pissed enough to take this damn company to court.
Chicago2600.net more than a lifestyle, its a survival trait.
Well, except that's *not* what Ad-Aware and similar products do. They *don't* make a clear connection between uninstalling 'spyware' and decreasing functionality of a program.
I've worked personally on both sides of this fence, with one of the companies named in the interview. I can't tell you how many times I had email exchanges with users that ran like this:
USER: Suddenly my version of [Product] won't work! I get a message it's missing [filename]; what happened?
RESPONSE: You may have installed a program that "removes spyware" that has removed that program element. Programs like that are designed to remove advertising software from your computer. You're welcome to do that, but if you don't want to see ads, the free version of [Product] is not for you. You should try [Pay Version of Product] or some other product that is not ad sponsored.
USER: But I don't understand! The program said it would get rid of evil viruses and bad programs! It didn't say it would remove parts of the programs I use. Why doesn't it say your programs might not work any more?
RESPONSE: We suggest writing to the support address of the "spyware removal" program with your concern. Maybe they will change their documentation to make that more clear.
I myself was *personally* responsible for making sure that software that included ad components had clear, readable EULAs. The software had to all but slap the user in the face with the information -- it had a first line that said, in all caps, that the program was AD SUPPORTED and would DISPLAY ADS. It urged, in all caps, that users *read* before they agreed. I fought with developers who wanted to make the EULA less visible, to ensure that it couldn't be dragged off the desktop or otherwise avoided.
The bottom line is that it didn't matter. I could explain to a user in simple plain language what was going on, and the user would still *ignore* the whole text.
I've become increasingly frustrated by the topic of late. From what I can tell, there are people who feel justified in robbing others of income by repackaging software to remove advertising components. For almost all advertising supported software I'm aware of, an ad-free version is offered for a cost. If you don't want ads, or don't want "spyware", pay for the software. It's that simple. But to actively take income from people simply because you don't approve of their business model is heinous.
Actually, now that I think about it, this is not the first instance of this sort of activity. I remember a developer with a popular product which was ad-supported that used to check for ad-removal programs and bring up a popup window that said something like:
"[Anti-adware program] has been found on your system. It may remove files that this software needs. Do you want to remove [Anti-adware program]?"
A pretty nice bit of turnaround, I always thought.
Regarding the problem of spy ware uninstalling another program, perhaps it is a technical problem which there is a solution. Not an easy one but a system can be made to prevent such a thing.
;)
1. First, software installation should be passive. On Windows (as well as other OS), you download some binary executable and run them. This foreign binary essentially has full reign over your system. Instead it should be a compressed package file with instruction embedded in it that describes what and where the package manifest should be installed. This package should be signed by the originator so that the package is tamper resistant and has some privilege to modify package that was originated from same source. This way the OS and user is in control rather than untrusted binary running amok on your system.
2. This is more difficult one to implement. I think application should have some levels of access on your system and they should be disabled by default. For example, multimedia player should not be allowed to delete files or initiate outgoing network connection. Even file read can be made more granular by restricting the file mime type that an application can read. Multimedia player has no business reading any other files than ones that it knows what to do with. This sort of sandbox could make it harder for application from whacking competitor's application.
Ultimately an implicit trust should be abandoned and implementing mandatory security may be the solution. Unfortunately this is not something that can be easily added easily but rather it must be designed into the underlying system itself.
Disclosure: I'm writing this at 6:00am after staying up all night writing code so I'm sure lot of loopy ideas are leaking from my brain at the moment. This may be one of them. Then again even a broken clock tells right time twice a day.
---
jk
I think that as more spyware programs take tactics like that bundled with Radlight, a boot-disk image version of Ad-Aware is going to be needed for it to run properly, just like Virus scanners allow you to create a rescue disk. Eventually spyware programs are going to kill the ad-aware process as it starts. A boot disk version would allow you to run Ad-Aware (or similar) without interference from the spyware.
I see lots of people talking about how Radlight doesn't inform the user (except in the EULA) that it will remove Adaware. They common arguement is that no one reads the EULA and it's not clear what is goin on, because the EULA is confusing. Is this much different than what Adaware does? IT just gives me a list of files it thinks are "offending" and asks if I want to remove them. It doesn't tell me what they are (outside of a name of the "spyware"), what they do, or any consequences of removing them. If I run Adaware and remove Cydoor, it doesn't give me any indication that it will stop Kazaa from working, and the average person has no idea that would be a consequence. Putting the notice in the EULA is not a good tactic as it somewhat obfuscates what is going on, but is Adaware not telling you the consequences of uninstalling the "spyware" (most of which isn't spyware, it's just software that shows ads) that mucg better?
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
The problem I see is that you are not TOLD about the advertising software upon installation of certain software. I'm sure there are a few people who are willing to put up with some ads, or donate a few CPU cycles, in exchange for something free, but, I am not. However, I was not told about that fact and allowed to make my decesion based on the fact that program XXX would also covertly install advertising and distributed computing apps as well.
:)
:)
In sort, it's MY computer, _I_ should be the one who decides what is on it. Not only for my own desires, but also to be polite to other people on the 'net. What if one of these spyware programs were to catch (or come with) a virus? My computer would (without my knowledge) spread this virus to other people....
Of course, I run Linux anyway so this does not *really* apply to me. That is, until some large corporation buys the rights to Linux and starts releasing an adware-enabled version...
Bringing up eth0 [OK]
Downloading new artwork and features [OK]
Installing new ads [OK]
Oh the horror...
Excuse the brain wanderings, I've been up all night coding...
-RickTheSleepyWizKid
I suppose the issue is what one considers "related". The quote from the Lavasoft developer referring to whether one package should remove "unrelated" software is likely to be a technical reference. And technically, Ad-Aware and Radsoft's offering ARE unrelated. But you are very correct in the link politically.
But that's a problem. Just because one has a political dislike for a piece of sotfware, it does not mean one should use one's software as a platform to remove the offending application. We don't have Mozilla removing Internet Explorer (whether that be possible or not)... just to pick an example out of thin air.
One other comment - sure, Radsoft chose to bundle a piece of spyware with their application. But that bundling and installation is often hidden from the user. Even worse, removal of that software is often difficult. Yet the system still belongs to the user. Ad-Aware gives the user the ability to identify and remove undesired software despite spyware's attempt to resist identification and removal.
If Radsoft wishes to ensure all software bundled with their package remains installed, then they should take steps to check that said software has not been removed. Even better yet, perhapse they should level with their users and alert them as to what is being installed and why. They certainly shouldn't be removing software that has not been included with their package.
As a freeware developer, I now have to invest extra time to get the latest list of targeted filenames by Ad-Aware and similar software.
Ad-Aware is simple-ware with a noble cause - I can't fault it for that. Perhaps it needs to do more fuzzy searches, such as "expected registry keys", "expected support files", "exe file size greater than 2mb (to catch patched exes)" to ensure a positive match, and report the results "98% chance it's a positive match.".
Where is this cold war taking us?
Morph-ware: The ability to change the signiature of your software dynamically - filesizes, filenames, icon pixel color variations, title bar text manipulation, and randomizing the internal exe identifiers for windows.