Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Hacks Subscribers' Computers

Posted by michael on from the he-who-has-the-gold-makes-the-rules dept.

ctwxman writes "If you're running a recent vintage version of Windows, and connecting to the Internet with an IP address reachable from the outside world, you've probably seen them. They're rectangular boxes that pop-up out of the blue with advertising. These aren't pop-up (or pop-under) browser ads but actually a weird misuse of Windows Messenger Service, a mostly useless tool which Microsoft has left on by default! Though similarly named, this isn't at all related to Microsoft's IM product. You can't block these pop-ups by shutting down ports, because Windows Messenger Service shares some ports with other useful services. The best way to stop the pop-ups requires the user to readjust some internal Windows settings. As you might imagine, many users are reticent to do that. Now, AOL has come up with another solution. They're going into subscribers' machines, without asking and making the adjustments themselves! Though the short term result will probably be good, there are all sorts of implications when your ISP just reaches out and decides how your PC should be configured without your knowledge." The Computer Fraud and Abuse Act makes this clearly illegal; if this were a 17-year-old instead of AOL, the FBI would be investigating.

10 of 558 comments (clear)

  1. Headline is an overreacting attention grabber by Anonymous Coward · · Score: 5, Insightful

    Don't get me wrong, I'm not approving of what AOL is doing, but at worst this is "white hat" hacking. This is the sort of stuff that /.ers joke about (and perhaps engage in), chuckling about writing worms that use holes in Windows to get in and then patch the very same holes.

    1. Re:Headline is an overreacting attention grabber by donutz · · Score: 4, Insightful

      Maybe you're new here, but "white hat" hacking is dangerous. Just look at the Welchia worm. Someone tried to fix computers infected with Blaster, but their "white hat" hacking worm only made things worse.

      Good intentions doesn't always mean you let it slide when someone breaks the law.

    2. Re:Headline is an overreacting attention grabber by arcanumas · · Score: 4, Insightful
      The fact that their intention is good means nothing.
      Think of this. I have a custom application that USES this service and when they disable it my company stops working... Do they have the right to do it now?

      --
      Slashdot Sig. version 0.1alpha. Use at your own risk.
  2. What Else Can AOL Do? by blunte · · Score: 5, Insightful

    When you have the single largest group of ignorant users in the world, how do you educate them to protect themselves from the MS problems?

    I bet AOL did this due to constant complaints from susbscribers about AOL "allowing" or "sending" them popups.

    I also bet there's a clause in the AOL agreement (which AOL subscribers have agreed to) that either explicitly allows AOL to configure your computer, or allows them to change their policy at any time, thus allowing that by proxy.

    --
    .sigs are for post^Hers.
  3. You Agreed by Ageless · · Score: 5, Insightful

    I guarantee that somewhere in some license agreement the users gave AOL permission to do this.

    And as for "adjusting Windows internal settings", let's stop the FUD shall we? It's turning off a service. Nothing insidious. If someone recommended that you comment out the telnet line in /etc/inetd.conf would you call it "adjusting Linux's internal settings"?

    Everyone knows that turning off Messenger is a good thing. AOL is looking out for their customers. Give em a break.

  4. More to do with company image by mao+che+minh · · Score: 5, Insightful
    AOL probably realizes that the average customer is going to blame pop-ups on either AOL software, or blame AOL for being unable to prevent them. With competitors like Mindspring offering free software that does block the messenger flaw, people are leaving AOL.

    AOL is just protecting their business.

  5. Re:This is good for the average AOL user by Nidhogg · · Score: 4, Insightful

    One way of looking at this is that AOL is simply taking Microsoft's quality issues into their own hands.

    That may very well be the scariest thing I've read in years.

  6. Re:This is good for the average AOL user by DrEldarion · · Score: 5, Insightful

    The bad part isn't that they're doing it - that's excellent. The bad part is that they don't even ask permission.

    If a dialog box popped up that said, "AOL would like to disable the messenger service on your computer. This will help stop pop-up ads. Would you like to allow AOL to do this? [Allow][Do Not Allow]" then it would be fine. They shouldn't just ASSUME that the user has no use for it.

    -- Dr. Eldarion --

  7. Re:But the precedent isn't by fredz · · Score: 5, Insightful

    I think jaredmauch hits the nail on the head when he says "You're not talking about your 'Average' ISP." AOL is very paternalistic, giving its customers a nice, safe, easy environment that you or I might find infuriating but that some people really like. Those people who want 'somebody who knows computers' to manage their 'online experience' are the same people who want 'someone who knows computers' to manage their PC.

    I think AOL may be accidentally backing themselves into a good business model. You buy the PC and sign up for AOL, and they take care of all of the rest of the technical stuff for you. I won't be signing up anytime soon, but I bet a lot of people would love the service.

    Fred

  8. Re:This is good for the average AOL user by AllUsernamesAreGone · · Score: 4, Insightful

    Theoretically, I agree. But put yourself in the place of AOL - they start asking people whether they want Messenger Service disabled and the first thign they'll see is a massive increase in the number of people phoning the technical support line asking why their computer is asking them this question, then they'll find (as anothe rposter suggested) that many of them will get confused and refuse it and then they'll have yet more people on the phone complaining that something has gone wrong "because fo that fix you did" (when it is likely to be just psychological, or somethign the user has done). Trust me, I've done tech support, the very LAST thing you want to do is ask the average, bearly computer literate user, questions about technical issues on their machines.

    While the ethics are questionable, IMO AOL is aimed at people who are not and have no intention of becoming technically literate, and as such they are dangerous - to themselves and the net - when a known exploit exists on their machines. In exactly this situation, I have no problem with the action. Ys, I'd be annoyed if anyone tried it on my machines, but I'm with an ISP that expects some technical ability.