Slashdot Mirror
An interview with Ad-Aware's Nicholas Stark
Andrew Leonard writes: "In the wake of the Ad-Aware/RadLight spyware vs. anti-spyware showdown, Salon has an interview with Ad-Aware's Nicholas Stark, who explains in no uncertain terms Lavasoft's determination to match every move by the spyware developers."
"You are not allowed to use any third party program (e.g. Ad-Aware) to uninstall applications bundled with RadLight."
As far as I know a license statement should only apply to when one is using software, I think legally a court would uphold that a license cannot tell someone what hardware or other software they can or cannot use.
The interesting thing with this is that the are forcing users to comply with a license which is probably not even legal.
As for uninstalling software without any other warning, wouldn't this be on the same level as a destructive virus? I sure as hell wouldn't pout my name on a virus.
Also it never states that the software will be removed. It says you cannot use other applications to uninstall their spyware. So you can have anti-spyware installed on your computer without breaking this (probably illegal) license.
I would think the company is liable for criminal damage to property much like a virus writer would be.
Chicago2600.net more than a lifestyle, its a survival trait.
In order for a contract to be valid there must be:
1.) a valid offer
a. must be serious
b. must be specific
2.) A valid acceptence
3.) exchange of consideration
As far as I'm concerned, not telling someone that the contract allows them to delete information on your computer, that's not very specific.
As for taking this to court, a remedy would probably be for damages or recission(null) of the contract.
all we need now is someone pissed enough to take this damn company to court.
Chicago2600.net more than a lifestyle, its a survival trait.
That's what he's been doing to them - so why the big ho-ha when he gets a bit of his own medicine?
Simple, because that is what is his users ASK of him. Most people download spyware don't know that it's there. When was the last time you intentionally installed Cydoor? When was the last time your version of p2p software said in big letters "This software will install spyware now Yes/No"?
Now if he packaged ad-aware inside of kazaalite and didn't tell anyone what he was doing, THEN he'd be getting a taste of his own medicine. This, however, is completely different.
"Your superior intellect is no match for our puny weapons!"
Doesn't Ad-Aware remove the SaveNow bundled with the software? This wouldn't specifically stop Radlight from working, or even intefere with its use. Its affecting the spyware bundled, so removing Ad-Aware without the users express intent is illegal.
Think nothing is impossible? Try slamming a revolving door.
Dude, while I agree in general with you, who says this needs to go to court? Think of it this way...
Someone writes a "contract" that says if you happen to walk across a particular stretch of sidewalk, not only will they keep that sidewalk clean for you, but you agree to give them 50% of your salary for the next year. Then they post a copy of it well off the sidewalk, where it isn't easily read (not without binoculars). So, curious, you walk across that sidewalk up closer to it, so you can read the "sign"... is there any reasonable person that would contend you agreed to this contract?
If the dumbass that pulled the stunt took you to court for breach of contract, would the judge even hear it, or would he toss it out, only after chastising the plaintiff's lawyer?
How is a EULA any different?
We do offer an enhanced version of Ad-Aware called Ad-Aware Plus, [which costs $15]. But money is not the primary goal and has never been; it's mainly used to pay the server and bandwidth costs. We all have "regular" jobs or are students, and do this in our spare time (although it uses up a lot).
Perhaps if they included some sort of advertising program with ad-aware, they could make some real money!
Well, except that's *not* what Ad-Aware and similar products do. They *don't* make a clear connection between uninstalling 'spyware' and decreasing functionality of a program.
I've worked personally on both sides of this fence, with one of the companies named in the interview. I can't tell you how many times I had email exchanges with users that ran like this:
USER: Suddenly my version of [Product] won't work! I get a message it's missing [filename]; what happened?
RESPONSE: You may have installed a program that "removes spyware" that has removed that program element. Programs like that are designed to remove advertising software from your computer. You're welcome to do that, but if you don't want to see ads, the free version of [Product] is not for you. You should try [Pay Version of Product] or some other product that is not ad sponsored.
USER: But I don't understand! The program said it would get rid of evil viruses and bad programs! It didn't say it would remove parts of the programs I use. Why doesn't it say your programs might not work any more?
RESPONSE: We suggest writing to the support address of the "spyware removal" program with your concern. Maybe they will change their documentation to make that more clear.
I myself was *personally* responsible for making sure that software that included ad components had clear, readable EULAs. The software had to all but slap the user in the face with the information -- it had a first line that said, in all caps, that the program was AD SUPPORTED and would DISPLAY ADS. It urged, in all caps, that users *read* before they agreed. I fought with developers who wanted to make the EULA less visible, to ensure that it couldn't be dragged off the desktop or otherwise avoided.
The bottom line is that it didn't matter. I could explain to a user in simple plain language what was going on, and the user would still *ignore* the whole text.
I've become increasingly frustrated by the topic of late. From what I can tell, there are people who feel justified in robbing others of income by repackaging software to remove advertising components. For almost all advertising supported software I'm aware of, an ad-free version is offered for a cost. If you don't want ads, or don't want "spyware", pay for the software. It's that simple. But to actively take income from people simply because you don't approve of their business model is heinous.
Actually, now that I think about it, this is not the first instance of this sort of activity. I remember a developer with a popular product which was ad-supported that used to check for ad-removal programs and bring up a popup window that said something like:
"[Anti-adware program] has been found on your system. It may remove files that this software needs. Do you want to remove [Anti-adware program]?"
A pretty nice bit of turnaround, I always thought.
Shouldn't spyware be illegal? Most of it operates as trojan horses, which are similar to viruses, and those are illegal. They mess up the normal functioning of computers and are unauthorized. Maybe they have privacy policies saying that this is ok, but would these policies stand up in court? Often these policies are only made as such so that the consumer won't challenge them, and they are probably questionable legally. You can't take away rights from the consumer that they can't give up.
I mean, if a virus had a license agreement, would it be ok to use it then? And what if the virus attached on to another program with a license agreement that you probably wouldn't read? That is really what these scumware programs are doing. It is an outrage!
Although I couldn't find a definition for the term trojan horse on CERT's website, a link was provided to the comp.virus FAQ. According to it, a trojan horse is:
What RadWare's software is doing makes it perfectly clear that spyware should be treated as a trojan horse (with legal implications where applicable), beacause that's what it is.
Regarding the problem of spy ware uninstalling another program, perhaps it is a technical problem which there is a solution. Not an easy one but a system can be made to prevent such a thing.
;)
1. First, software installation should be passive. On Windows (as well as other OS), you download some binary executable and run them. This foreign binary essentially has full reign over your system. Instead it should be a compressed package file with instruction embedded in it that describes what and where the package manifest should be installed. This package should be signed by the originator so that the package is tamper resistant and has some privilege to modify package that was originated from same source. This way the OS and user is in control rather than untrusted binary running amok on your system.
2. This is more difficult one to implement. I think application should have some levels of access on your system and they should be disabled by default. For example, multimedia player should not be allowed to delete files or initiate outgoing network connection. Even file read can be made more granular by restricting the file mime type that an application can read. Multimedia player has no business reading any other files than ones that it knows what to do with. This sort of sandbox could make it harder for application from whacking competitor's application.
Ultimately an implicit trust should be abandoned and implementing mandatory security may be the solution. Unfortunately this is not something that can be easily added easily but rather it must be designed into the underlying system itself.
Disclosure: I'm writing this at 6:00am after staying up all night writing code so I'm sure lot of loopy ideas are leaking from my brain at the moment. This may be one of them. Then again even a broken clock tells right time twice a day.
---
jk
I think that as more spyware programs take tactics like that bundled with Radlight, a boot-disk image version of Ad-Aware is going to be needed for it to run properly, just like Virus scanners allow you to create a rescue disk. Eventually spyware programs are going to kill the ad-aware process as it starts. A boot disk version would allow you to run Ad-Aware (or similar) without interference from the spyware.
Its pretty simple. Radsoft's package can function perfectly well with Ad-Aware also installed. They have nothing directly to do with each other.
Granted, the politics and business of the two clash. I could understand that Radsoft feels threatned by Ad-aware. And it wouldn't be suprising if they took measures to protect their revenue. However, I would expect them to take steps to ensure all installed components remain installed for their application to function.
Of course, Radsoft has done a great job at displaying their attitude towards their users. Not only does their revenue apparently depend on the questionable (and apparently unappreciated by users) practice of spy-ware, but they take the same attitude to underhandedly remove software with which they have a political axe to grind.
One final point. Ad-Aware is considerably different in intent and attitude than any of the software it targets. First, the Ad-Aware user actively selects what components (including applications, libraries, registry entries, and cookies) to remove. Secondly, it is widely supported as it provides even fairly non-technical users the ability to discover hidden software installed on their systems and remove it despite the great lengths that software goes to hide and resist being removed.
If Radsoft and their clients, as well as the apparently growing number of like-minded business and applications developers, dislike the power provided by Ad-Aware then they should seriously re-examine their business plan. There is considerable resistance towards their methods. And simply attempting to remove Ad-Aware does little more than reveal their contempt for their user base.
I see lots of people talking about how Radlight doesn't inform the user (except in the EULA) that it will remove Adaware. They common arguement is that no one reads the EULA and it's not clear what is goin on, because the EULA is confusing. Is this much different than what Adaware does? IT just gives me a list of files it thinks are "offending" and asks if I want to remove them. It doesn't tell me what they are (outside of a name of the "spyware"), what they do, or any consequences of removing them. If I run Adaware and remove Cydoor, it doesn't give me any indication that it will stop Kazaa from working, and the average person has no idea that would be a consequence. Putting the notice in the EULA is not a good tactic as it somewhat obfuscates what is going on, but is Adaware not telling you the consequences of uninstalling the "spyware" (most of which isn't spyware, it's just software that shows ads) that mucg better?
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
pictures of themselves on ebay and donate the procedes...
With my geek physique, they shouldn't hold their breath waiting for the funds.
The truth shall set you free!
The problem I see is that you are not TOLD about the advertising software upon installation of certain software. I'm sure there are a few people who are willing to put up with some ads, or donate a few CPU cycles, in exchange for something free, but, I am not. However, I was not told about that fact and allowed to make my decesion based on the fact that program XXX would also covertly install advertising and distributed computing apps as well.
:)
:)
In sort, it's MY computer, _I_ should be the one who decides what is on it. Not only for my own desires, but also to be polite to other people on the 'net. What if one of these spyware programs were to catch (or come with) a virus? My computer would (without my knowledge) spread this virus to other people....
Of course, I run Linux anyway so this does not *really* apply to me. That is, until some large corporation buys the rights to Linux and starts releasing an adware-enabled version...
Bringing up eth0 [OK]
Downloading new artwork and features [OK]
Installing new ads [OK]
Oh the horror...
Excuse the brain wanderings, I've been up all night coding...
-RickTheSleepyWizKid
I suppose the issue is what one considers "related". The quote from the Lavasoft developer referring to whether one package should remove "unrelated" software is likely to be a technical reference. And technically, Ad-Aware and Radsoft's offering ARE unrelated. But you are very correct in the link politically.
But that's a problem. Just because one has a political dislike for a piece of sotfware, it does not mean one should use one's software as a platform to remove the offending application. We don't have Mozilla removing Internet Explorer (whether that be possible or not)... just to pick an example out of thin air.
One other comment - sure, Radsoft chose to bundle a piece of spyware with their application. But that bundling and installation is often hidden from the user. Even worse, removal of that software is often difficult. Yet the system still belongs to the user. Ad-Aware gives the user the ability to identify and remove undesired software despite spyware's attempt to resist identification and removal.
If Radsoft wishes to ensure all software bundled with their package remains installed, then they should take steps to check that said software has not been removed. Even better yet, perhapse they should level with their users and alert them as to what is being installed and why. They certainly shouldn't be removing software that has not been included with their package.
This issue is one of the reasons I started studying linux. Control of my machine.
/etc and a few other locations which in any event are well known, or easy to figure out.
/etc files you modify in your post install config in another directory (again, off of the root partition), and have a script that copies each file to its proper place on the root partition.
3 91 2
The only real way to be sure you are free of viruses and trojans is to wipe the hard disk and reinstall your operating system and personal software.
With linux, it turns out to be simple to arrange things so that even with a lot of complicated, customized software installed on a machine, you can reformat your root partition, reinstall linux, and have your non-standard software installed and configured in under an hour. This makes it feasible to do every few weeks for your home computer.
The main reason is that most of the software configuration consists of ascii text files in
Keep your compiled software directories on a separate partition and write a script to descend into each of them and run a "make install". Then keep copies of all the
When it comes time to reinstall, reformat the root partition, reinstall linux, and then run your 2 scripts and you are back where you started, minus any viruses and trojans and exploits that managed to infest you since the last time you did this.
I wrote up an article with more detail on this on rootprompt at:
http://www.rootprompt.org/article.php3?article=
As a freeware developer, I now have to invest extra time to get the latest list of targeted filenames by Ad-Aware and similar software.
Ad-Aware is simple-ware with a noble cause - I can't fault it for that. Perhaps it needs to do more fuzzy searches, such as "expected registry keys", "expected support files", "exe file size greater than 2mb (to catch patched exes)" to ensure a positive match, and report the results "98% chance it's a positive match.".
Where is this cold war taking us?
Morph-ware: The ability to change the signiature of your software dynamically - filesizes, filenames, icon pixel color variations, title bar text manipulation, and randomizing the internal exe identifiers for windows.