Slashdot Mirror
No Honor Among Malware Purveyors
metalion writes "True to the saying 'no honor among thieves,' adware company, Avenue Media, is finding that competing adware company, DirectRevenue, is detecting and deleting their software. Now Avenue Media is crying foul and have filed a lawsuit against DirectRevenue stating that DirectRevenue 'knowingly and with intent to defraud, exceeded its authorized access to users' computers.' DirectRevenue acknowledges that it may uninstall competing applications in its user license agreement. A researcher at Harvard University, Ben Edelman, reasons that 'Once the computer is infected with 10 different unwanted programs, the person is likely to take some action to address the situation.' Just how far will adware companies go to continue to attempt to bombard us with their ads?"
We all have been complaining about malware for years. . .
Now they are complaining about themselves.
When does it stop?
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Now if only we could make these malware programs only target other malware programs and not the operation of the PC...
We could have a little battlebots competition! The Amazing Bonzi takes on reigning champion THE GATOR.
Ironic that they file a lawsuit of thier program being removed when they didn't (explicitly) ask permission to get there in the first place. Maybe we all should just download Virtual bouncer to clean off our systems....oh, wait....
Well, since Ad-aware is run with the full consent of the user, I don't see how it would "exceed the authorizations of the user" or whatever the lawsuit language is.
We should require by law that when a spyware application installs itself, it must uninstall another spyware application without damaging the host system, and further that it put itself into add/remove programs.
Just because it is listed in Add/Remove Software doesn't mean it is removed entirely.
I hope they win the lawsuit. If they were to get the courts to agree that hiding malicious wording in the EULA is fraud then that would be a nice boon to shutting some of these people down.
In fact, just about any attack on the concept of click-through EULAs is pretty good in my book. Scream "contract!" all you want, they're bad for me personally and bad for the industry. Consent and informed consent are two different things and it appears the industry has completely abandonded any pretext of the latter.
TW
It's nice to think that at least one adware purveyor is going to be inconvenienced by this little tussle, but it's not so uplifting when you consider that the choice of winners is "adware company #1", "adware company #2", or "lawyers who represent adware companies".
Given that they're basing their argument on the asssumption that DirectRevenue "knowingly and with intent to defraud, exceeded its authorized access to users' computers," (Pot, I'd like you to meet Kettle...) I don't think there is much to worry about. Users running ad-aware are directly giving their consent to the program to modify their system.
And is my mom and other not-so-savvy users granting said authority in the first place? This suit seems riddled with assumptions that it was legal in the first place to install such software.
And since when has malware displayed any EULA - or any UI, for that matter?
This surprises you how? I've had a posting rejected and then seen the EXACT SAME story posted four days later!
Come on, this is Slashdot. You don't actually expect competence, do you?
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I wondered how long we would have to wait for this to happen. I always imagined it would be university students or black-hats. I never imagined it would be spammers/spyware authors trying to kill each other's programs.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
However, when the stupid malware companies realize that what they really need to do is be more like the true biologial parasite, then it may slow down. A RL parasite is benign to the host. If they wrote their code so that you never knew it was there, you would never know to complain now would you?
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Nothing. Ad-Aware's advertised main function is to remove adware.
This lawsuit is about some adware going outside the boundaries of their advertised function, and removing other adware and only telling the users by the fine print of the EULA.
We have, It's called Linux.
Mozilla is the key along with a system that is better suited to internet attachment.
The government which is strong enough to protect you from everything is strong enough to take everything from you.
Clearly, its the customer who is giving the other application permission to uninstall the exisitng malware. The vendors of the other application have no influence or stake in the agreement between the exisitng malware authors and the user. The only party that can breach the agreement is the user.
So, the users should be punished for violating the copyright on the software they didn't want in the first place, and was installed without their knowledge.
> We should require by law that when a spyware application installs itself, it must uninstall another spyware application ...
But on a clean install, there IS no spyware to uninstall. So how can you install the first program without breaking...wait, that's brilliant!
A lady in El Paso gets a telemarketing call. She says no, repeatedly. Telemarketer ignores her, repeatedly. She hangs up, forcefully.
She later gets a letter saying:
So, we have:
OK, I move that we commit all advertisers to institutions for the criminally insane, right now.
Any seconds?
www.eFax.com are spammers
I thought that there *was* honor among thieves, the contradictory nature of the statement "There is honor among thieves" giving it its resonance.
Maybe they'll make it illegal to skip ads and comercials, but that would be too insane wouldn't it?
oh wait....
Unfortunately, we don't get to pick an arbitrary fitness evaluation. If spyware does damage to our network infrastructure, and yet delivers the most advertising, spamming and phishing revenue, it is fit as spyware.
Actually it only needs to deliver advertising/spamming/phishing revenue. If it hitches a ride on a worm, that would make it even more fit.
Damage to the network is a "neutral" trait until it starts to interfere with spyware downloads.
Glad this was modded funny!
Because it is. Have you tried to kill Messenger access to the Internet? Microsoft has played every trick in the book to make sure that this program can get through any firewall unless you make the firewall so tight that you might as well have no Internet access whatsoever.
My point is that your remedies will only be effective so long as Microsoft allows them to be. As long as Windows code is hidden behind a proprietary screen, you will never know. Linux and other software, however, being Open Source, will never be able to hide this for long.
Pay no attention to this post. Continue to bask in the warm glow of your secure systems.
When I got my IBM ThinkPad X31 about a year ago, I figured I might as well try to boot Windows just once to see what kind of hardware-specific tools IBM supplied. (Trying to get a refund for an operating system I did not want was not possible, since IBM made it clear, that if you did not agree to the licenses of all the supplied software, you were free to return the laptop, which, of course, was not an option.)
I didn't get very far, though. Before it would boot (acutally, install Windows from a restore parition) the software wanted my to agree to two click-through EULAs, one from Microsoft and one from IBM. The funny part is that the license texts, which would have required tens of pages each if printed for sure, was displayed in two tiny text areas, only three text lines high. There was no option to save or print the licenses, and, if I call correctly, there was even some music playing in the background.
The point is, noone is intended to read these texts. I'm not sure what implications that has for the validity of this kind of licenses in various jurisdictions (IANAL etc), but the whole situation is just weird.
(Needless to say, I powered off the machine at that point and net-booted a Debian installer.)
Blog Ho
But that is how most adware gets installed in the first place. If the fine print of the EULA is good enough to authorize an install, it should be good enough to authorize a removal. It is, after all, the end users computer. These companies act like they own the computer instead of the end user.
Insert Generic Sig Here:
I think all the EULA's are out of control as to how much control and ownership these companies have over your PC and what right's we as owners of the PC should have reserved.
I keep hoping someday, someone, somewhere will really bring all these EULA's that we are all subjected to each and everytime we install something, under a microscope and start really questioning the legality of said EULA's.
Just my 2 cents...
Sounds perfectly legal to me. I'd be willing to bet Direct Revenue's EULA (you know, the one I'm sure everyone who installs their software reads before doing so) has a clause in it that says "Our software is allowed to delete competitor's software."
Since the user no doubt agreed to it, I see no problem here.
In what fucked up police state can you be charged with "intent to deliver" because police find "several marijuana stems". WTF is that all about. Who in their right mind would buy a freakin MJ stem? And charged with possesion of "drug paraphenalia"? What, like a cigarette rolling paper, or a pipe? Why weren't they charged with "possesion of a deadly weapon", I'm sure they had a kitchen drawer full of knives that could kill someone. Or why not terrorism, I'm sure you could make a bomb from what was under the kitchen sink. Same connection as with a rolling paper, maybe for dope, maybe not. I did not know that your legal system had been changed to include the presumption of guilt. That must make it easier for investigators.
I really feel sorry for those of you who live in the "land of the free", every day it becomes more obvious that there is NOTHING free about your land. Please, please, please get congress moving on putting up that 40ft high "security" wall around the US, the sooner you are all locked in, the better off the rest of the world will be. Oh wait, no, sell it as "the sooner that we are all locked OUT", that will get congress moving.
I can not believe that I ever wanted to get a green card. Throwing out that application was the best thing I ever did. Had I not done so, I would be waiting around to be drafted by the least competent leader on earth, to go fight a war that pads his friends pockets, yet solves nothing. Oh, and waiting to see if some cop is going to decide that THIS pipe is paraphanalia, and that twig is trafficing.
And don't think the latter is a perfect solution. I've seen sites prompt me to install .xpis into Firefox. The damage potential of the latter is slightly reduced compared to ActiveX, but you can bet that if there was no useful reason to be sending them, the authors wouldn't be wasting their time sending them.
I gave a neighbour access to the Internet via my DSL connection and wireless network a few months ago and all but revoked her access within two or three months because I had to clear up her PC of malware twice. Her son had been browsing certain dubious websites and had installed the malware, fed up of constant prompts to install it and under the assumption he had to to view the content. NAT is not enough to secure a PC.
You are not alone. This is not normal. None of this is normal.