Slashdot Mirror
First Worm with a EULA?
ErikRed1488 writes "There is a new virtual postcard from Friend Greetings, owned by Permissioned Media that prompts you to install their software to view the card. You are then presented with a EULA granting them permission to e-mail all the Contacts in your Outlook Address Book. Those people are presented with an e-mail from you telling them they have a greeting card to pick up. So, this thing spreads like a worm, but includes a EULA that 95% of users won't take the time to read. Symantec isn't detecting this as a virus, but does have information about it on their site. In addition to the worm-like way it spreads, it also installs spyware designed to deliver ads to your computer. You also give them permission to install further software any time they want. In my opinion this is completely nasty, but it's all clearly in the EULA that you must agree to before it installs the software."
I think this should actually shield the virus-writer from any sort of prosecution, shouldn't it? I suppose you could do all sorts of nasty stuff and be completely protected so long as you could prove the user clicked "ok" to the license.
Maybe this will be the tool which turns the tide on the EULA.
RIP: Senator Paul Wellstone.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Wait ... so you're saying that this ought to be illegal?
IMO, if you click "yes", you deserve exactly what you get.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
So what happens when two different EULA's claim 100% control of your machine?
I've been just waiting for this very thing to happen! My edge-of-the-chair suspense is finally climaxed with a barrage of laughter. Great stuff. :P
I thought of doing this quite a few times myself, but have always lacked the resources. This is pure genius, really. You get people to propigate the virus willingly, all the while having them agree to transmit it without their knowledge - despite the fact that they agreed.
This brings forth some fairly serious implications and issues involving EULAs. I'm not exactly sure what they are, but I'm sure they're there, and have probably already have been discussed in this or that post concerning MS's dastardly EULA garbage.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
i got an email a while ago (during the .com bubble) telling me that i got that email because somebody was romantically interested in me (i don't use dating services of any sort, online or not).
...literally.
... but the notable thing is that i started getting TONS of spam at that address (>20emails/day)
basically, here's the scheme:
a person likes another, but is too shy to ask him/her. this site allows a way to anonymously email that person. the message essentially says "guess who"
i was expected to guess the admirer by giving the site every email i could think of that might be the admirer. if there's a match, each party is informed. for all those non-hits, an email identical to the first was sent out; spam.
i happen to use unique email addresses and handed this address to only four people, two of whom were female, so i knew it was one of them or a friend
this type of ponzi-style scheme with unforseen problems seems to be getting popular now; EULAs often take complete advantage: people blindly give permission to have third-party software downloaded and installed, to become the source of spamming and/or propogation, or to allow use of spyware.
Use my userscript to add story images to Slashdot. There's no going back.
-
Under US law, storing personally identifiable information about children is [largely] illegal.
-
The EULA, as far as I can tell, makes NO mention about this product not being allowed for under 13s.
-
With its infection (uh, I mean, transmission) mechanism, it makes no attempt to discover the age of the user before beginning to log their personal information.
So, as soon as you discover your child has installed this program, sue them for failing to make any attempt to avoid violating their rights. Their EULA get out clauses don't work either as, being a child, they couldn't legally agree to the EULA anyway.Hopefully it'll spread better than they ever hoped. A class action lawsuit for every child in America would probably make a fairly clear point to anyone else trying this.
Yes, I know about Adaware, but average Sally or Joe computer user does not. They think that the copy of Norton bundled with their Gateway or Dell will protect them from everything bad and that it's okay to click on "Yes" when prompted "Do you want to install and run X by Spyware Inc.?"
This worm is no worse than the sites that have javascript to prompt you to install Cometcursor, Gator, Download accelerator, Bonzi Buddy and other spyware apps. I've already seen quite a few shockwave greeting card sites (with a Gator or other spyware install attempt) that ask you to "Send this card to a friend" and I've been sent links to these by my less computer-savvy friends. What's worse, you end up on more spam lists too...
Sooner or later, EVERYONE online ends up being prompted to install some kind of spyware. The companies that produce antivirus software need to include features to actively scan and disable spyware (with a default setting enabling scanning for spyware/adware, but an option to disable it if for some reason you want to). I've personally become sick of explaining to people that NO, their Norton or McAfee isn't going to catch the program that's been giving them all these popups and that they need some free program they've never heard of before (AdAware) to get rid of them.
While AdAware is great for power users, for the average population of PC users, automatic background protection like virus scanners provide for viruses is what is required. When a worm like this or a web page tries to install some new spyware, the user won't even be prompted - the antivirus software just says NO.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
The one that I loathe is the "hotbar" IE/outlook menu customiser (http://www.hotbar.com) which allows someone that has hotbar to send a card to a friend... but what the card does is download the hotbar and install it on the unknowning friends system...
It also contains some social engineering.. "Upgrade outlook - add COLOR to your Emails" link...
bah..
just had to remove these from about a gazillion corp machines... and the virus scanners dont see it as a virus...
even though it KILLS the systems efficency....
--
Time is on my side
It's the oldest piece of scumware like that that I'm aware of (perhaps Bonzi buddy is similar age).
... "Give me a woman who loves beer and I will conquer the w
...okay, so no one will read this at this late point, but for any and all software developers who are hunting for a useful product to build, why not create an EULA-distiller? Let it run in the background, and watch for installations. When it sees an EULA appear, it can display 2 or 3 bullet points that succinctly explain what the hell all the legal text means.
To get really tricky, you could create a Web site that allows users to upload the text of each EULA, and a distilled summary. Perhaps other people could even vote on the most accurate, most understandable summaries. Then your app could be constantly up-to-date. Perhaps by doing this, people who blindly click through these things will be made aware of what the real consequences will be.
My Greasemonkey scripts for Digg &