Inside an Adware Company

Haikster writes "Brad Stone of Newsweek wrote a great article exposing DirectRevenue which is actually a combination of the old Dash guys with IPInsight, abetterinternet, offeroptimizer and blackstonemedia and the others... it's a bit lengthy but a great read."

How many are Slashdot readers?

[badfrog]

Wonder how many of spyware developers are regular Slashdot readers... Step forward, cowards!

Re:How many are Slashdot readers?

[ExtremeGoatse!]

I work for a "banner ad" firm which will remain nameless for obvious reasons. Despite our "in your face" tactics, tracking cookies, and the sneaky ActiveX exploit installs, the programmers really are just regular people. The group of guys I work with are a lot of fun to be around and are extremely knowledgable in the field. Some people probably think we get a kick out of hijacking some poor guy's web browser, but seriously, we've all got a family to feed. In this day and time, with the programming jobs being sent overseas, I can't be picky anymore. I wish I could work some place where I spend my days programming to cure cancer, but I've got to take what I can get until the economy picks up! So go easy on me fellas, I'm just a joe blow programmer like you.

Re:How many are Slashdot readers?

You are not a programmer like me. You have no ethics or morals, and I don't care for your "have to feed my family" BS. Your morals are worth nothing if you only have them when the economy is good!

Re:How many are Slashdot readers?

[drinkypoo]

You are not a programmer like me. You have no ethics or morals, and I don't care for your "have to feed my family" BS. Your morals are worth nothing if you only have them when the economy is good!

On the other hand, he has the balls to log in.

Re:How many are Slashdot readers?

[rosie_bhjp]

It's a troll account.

Re:How many are Slashdot readers?

[Spy+der+Mann]

It's a troll account.

And I bet he trolls everything which goes against his business i.e. Open Source, Adblockers, Linux, etc.

Re:How many are Slashdot readers?

Gonna go AC here (sorry), but since you asked, this might be an interesting story (but rather long, if you care to bear with me)...

I used to work for a company that made pretty hardcore spyware/popups. The owners claimed when they first hired me to do some consulting that they used popups to generate capital instead of going for VC money, and now that they had some income, were going to turn around and try to be a kind of Amazon/1-click shopping for useful tools (spam filters, privacy software, personal firewalls). This was a couple years ago before the market for this was absolutely saturated. So I thought, and the principals assured me, that once they had some $, they'd ditch the popup business and I'd be working on some really cool projects which I otherwise wouldn't have had the opportunity to work on, so I signed on fulltime. I was also really well paid and genuinely enjoyed the benefits, interesting engineering challenges, and people I worked with (none of the usual Office Space bullshit my friends complained about, but there were many downsides as you will see.)

However, after I joined, the owners kind of lost focus and kept delaying work on more legit projects to fix or enhance their popup distribution network or new things that all boiled down to schemes that would get our adware on more computers. Every week they owners would come up with some half baked new idea that was suddenly priority 1 (and the idea of "top priority" became something of a joke.) Because things took longer than expected and we were switching gears every week or so and could never truly get anything accomplished, the skewed lesson that the owners learned was that "software development is hard and expensive and not worth it".

At this point they stopped even fronting that they'd do legit things and just focused completely on adware. To keep the bills (and the principals' inflated salaries) paid, they started loosening their morals even more and fell down the slippery slope even more, delving into porn and other kinda shady areas which I won't go into, at which point I decided to resign since it was obvious that despite repeated promises, I would never be working on projects that had real value.

The time wasn't all wasted, though. In case anyone's curious, it is kind of interesting to see how things operate behind the scenes at one of these spyware places, and the psychology of the people who work there. I second another poster's point that the everyone who worked there -- business and developer types alike -- were otherwise normal, cool guys and not like evil masterminds or sociopaths or anything. (Ha, all of us were /. readers, too.) Everyone knows that what they're doing isn't totally cool but is sort of in denial (and we were repeatedly promised that we'd be working on legit projects "soon"), and you're so caught up in your work and the interesting engineering problems that you ignore the bigger picture (not a good thing).

The owners do a good job of sheltering themselves and most employees from the negative complaints that do arrive (delegating them to a "support" department that responds to hundreds of emails a day with "oh wow, we're sorry you're having problems, here's an uninstaller"). However, most of us did end up reading a lot of the complaints and most of us were in denial about the sheer volume of misery that the popups and other things created. It sounds strange that normal people would work on such clearly awful software, but every shady decision is rationalized in any number of ways including saying "well, it's legal" (or at least not illegal, for now), pointing to "worse" adware companies and being "at least we're not as bad as these assholes," policies like "hey, we email uninstallers to anyone who asks" (while ignoring the fact that only 1% might be savvy enough to actually figure out what's going on since most people never figure out where the popups come from). This will sound strange, but some of the projects were actually really cool technology and worth getting

Re:How many are Slashdot readers?

I make my own moral universe.

Re:How many are Slashdot readers?

[Aruthra]

Says the anonymous coward.

Re:How many are Slashdot readers?

> but seriously, we've all got a family to feed.

So why didn't you go into a much more honourable profession like prostitution, or prehaps mugging.

Its like the thief whos just done over your house whining "I'm just like you, I have a family to feed". You are nothing like us.

Re:How many are Slashdot readers?

[Elwood+P+Dowd]

and fell down the slippery slope even more, delving into porn and other kinda shady areas which I won't go into, at which point I decided to resign

More detail please? If it's some kind of "trade secret", that's all the more reason to spill the beans, and let the rest of us clean up this bullshit.

Re:How many are Slashdot readers?

Nothing too outrageous, just dumb ideas like putting ActiveX popups on warez sites and pretty much obliterating any pretense of trying to be an honest company.

Re:How many are Slashdot readers?

[DJCF]

Damn good post. Sounds alot like a case of The Banality of Evil. (Evil people are not evil at all, but are simply good people trying to do the right thing, but are too short-sighted to see they are not, says philosopher Hannah Arendt.) Interesting perspective, thanks!

Re:How many are Slashdot readers?

[ZonaldRumzfeld]

I say make em. Is it evil? maybe. The more spy/malware on the net, the more ways people will develop to counter all the crapware, be more aware of where they visit, and make sure the right tools are being used.

The more the community knows about exploits, the better, instead of having company X knowing a secret exploit that no one even knows about for years at a time and using it to there advantage.

Re:How many are Slashdot readers?

[mikkom]

(or at least not illegal, for now)

By the way that is the definition of legality in all western countries.

Re:How many are Slashdot readers?

You sir, need to learn how to write logic bombs.

Re:How many are Slashdot readers?

"Sorry for the extremely long post."

You make an interesting post with a lot of content, and then apologize for it?

Re:How many are Slashdot readers?

[JuggleGeek]

You're just a crook with no morals who has found a way to make a buck. No different from a thief - screw the other guy as long as you get what you want.

Re:How many are Slashdot readers?

[Indy+Media+Watch]

If people are interested in asking questions, reply to this and I'll put up an email address.

Uh, why not just display it in 200 seperate popup windows?

Interesting

Actually based on an older article, but still an interesting analysis of those companies. (Cache, already getting slow for me).

Re:Interesting

[OAB_X]

Note: not a cache above, but a pr0n site.

Re:Interesting

Oh please, nice trick. The real cache is here.

Re:Interesting

O_o
It looks like molten chocolate.
Please mod parent into the searing oblivion that is -1.

Re:First Post.

God damnit I fucking failed it.

They just use standard FOSS philosphophy

[Neil+Blender]

Information wants to be free. Your information.

Where's the part with the burning and the fires?

[EnronHaliburton2004]

The article is missing a critical piece...

where enraged citizens storm the building, set it on fire, seize the funds from the bank accounts and distribute to orphanages everywhere and leave the Adware staff tied up to lightpoles with a note for the police.

Dark. And noisy.

[Tackhead]

> He says his company is committed to "transparency" and is making it easier for users to uninstall its software.

When pressed, he defined "easy" as "sorta like dipping your balls in sweet cream and squatting in a kitchen full of feral cats."

And you don't wanna know what "transparent" looked like.

Re:Where's the part with the burning and the fires

[prtsoft]

sounds good to me, where do you want to meet? ;)

I'm a newb

[ltbarcly]

How do you install adware in debian? I tried apt-get install virus, apt-get install adware, apt-get install malware, nothing works. man, linux is crap

Re:I'm a newb

[nkh]

The article explains that you don't need Adaware and other anti-spyware programs anymore on Windows, just go to http://www.mypctuneup.com/ and it will remove your spywares for free! I wish I still had a Windows machine to see how much adwares this web site would install...

Re:I'm a newb

[Devi0s]

Troll? The parent is funny and advocates Linux use. Silly moderators...

Re:I'm a newb

Seeing that you've already install gpl software, one could argue that due to its 'viral' licensing scheme, you've already installed a virus :D

Re:I'm a newb

[Johnathon_Dough]

I went there and did the "scan" i got the result:

The results of our evaluation are:

I am not sure if my ad blocking hosts file, or the fact that I was using Safari on OSX got me this result.

Re:I'm a newb

[legirons]

"How do you install adware in debian? I tried apt-get install virus, apt-get install adware, apt-get install malware, nothing works. man, linux is crap"

You could try adding "non-free contrib" to your apt-sources list, and doing apt-get realplayer. I'm not sure that they even bothered with much spyware on the linux version though.

There's also a virus you could try installing - it was from about 1980 or so, but you should be able to find it on usenet. Or write your own, maybe using some of the nessus modules and get nmap to find vulnerable machines.

Failing that, you could just set a blank root password and run sshd, although you'll probably find people hosting sourceforge projects on your machine or something...

Re:I'm a newb

You're asking for the wrong thing, man. Try apt-get install root-me-baby, or apt-get install localexploit.

Re:I'm a newb

[ltbarcly]

I'm not sure I did it right, but when I installed debian it downloaded new packages from the repository. So my system was up to date from the instant I installed it. Windows users get to install 3 year old software!

Until linux figures out a way around this there will always be an adware gap.

I bet..

[Renraku]

I bet its like those car dealerships you see where everyone that works there is an ex-high-school jock with gigantic muscles they got from working out four hours a day, six days a week.

Well, except for the programmer that they made their bitch and is doing all the work for minimum wage.

The truth about Adware

[ravenspear]

This is good because it is completely amazing to me how the adware/spyware problem has received very little coverage in the media, certainly orders of magnitude less than the spam problem. We have seen many stories on /. over the last few weeks about how millions of Windows boxes are so infested with spyware that they are basically unusable, and yet most non-technical people still seem ambivalent.

If the same amount of effort currently used to fight spam is not applied to the spyware/adware situation, it will get just as bad if not worse than the spam problem.

As intrusive and annoying as spam is, at least it's influence doesn't extends past your email client. Spyware has the potential to totally screw up machines that do important tasks, which could be far more harmful.

Re:The truth about Adware

Most importantly, the new law will make sure consumers can easily delete unwanted adware.

"By using our software, you agree not to remove our adware. We will occasionally scan your computer for its presence, and push an installation, which you cannot abort except by powering down your PC. This installation is already initiated by Our software, and you authorize it in full yadda yadda yadda..."

Surreptisoft standard licence agreement Section 84 Clause C subclause q paragraph 196

Re:The truth about Adware

[Fishstick]

Actually, CNN was running a story a week ago or so (You know, that technology news dweeb they have with the spiked hair and black horn-rimed glasses and a stupid smirk).

The first time I caught it was on headline news. I was not very impressed and was waiting for the words "Internet Explorer" and "alterate browsers" to make an appearance. nope.

But then they ran the same story on the "American Morning" regular CNN and they actually had him live in addition to his taped segment. He was asked what you can do and he did actually say "Mozilla Firefox" to which Daryn Kagan gave him a blank look and repeated "Mozilla Firefox?". He actually gave out www.mozilla.org and Daryn shrugged (like I'm going to go to some website looking for somthing I never heard of before).

Bill Hemmer seemed to know what he was talking about, though.

Re:The truth about Adware

this guy? you forgot to mention his faggy soul-patch.

transcript of that segment is here

http://cnnstudentnews.cnn.com/TRANSCRIPTS/0411/29/ lol.04.html

DANIEL SIEBERG, CNN TECHNOLOGY CORRESPONDENT: You may not know about spyware, but let's start with something you probably know way too much about, those pesky pop-up ads.

(voice-over): The pop-up ad for the X10 camera, remember that? It was among the very first pop-up ads to really sweep the Web. For a while there in 2001, it popped up again and again and again.

(on camera): Back then, such ads were pretty new. To help illustrate how things have changed, imagine that this tennis racket like the cursor or the mouse on your screen and you're trying to close down those pop-up ads.

Well, initially, there was a start of slow, steady stream, annoying but still manageable. Then along came something called spyware, little software programs that would install themselves on your computer. And pretty soon, that slow, steady stream turned into a raging flood, a torrent, if you will, of pop-up ads popping up faster than you can close them down. A little help?

(voice-over): And that's no coincidence. Most spyware is adware, as in advertisements, pop-ups designed to force you to click on them. But other versions of spyware actually track you around the Web, reporting your movements back to third parties. Some spyware even records everything you type, including sensitive information. How does this stuff get on your computer in the first place?

Well, you get it just by surfing the Web. When you visit certain sites, spyware programs insert themselves on your machine.

(on camera): So how do you know if you've got it? Well, the truth is there's no easy way to know. Look around on your desktop and you're not going to find an icon for spyware. That's because the people who make spyware don't want you to know that it's there.

(voice-over): One big tippoff that your machine has been infected is it will start to run slower, freeze up or even crash frequently. A recent study found that nine out of 10 computers connected to the Internet have been compromised with spyware lots of times. Dozens of different spyware programs are running all at the same time.

We sat down with Mark Rasch, a lawyer and computer security expert with the company Solutionary (ph) to find out more.

(on camera): Now spyware, beyond just providing all these popup ads, you're saying that it collects information, it collects what I'm typing? What do they then do with that information?

MARK RASCH, COMPUTER SECURITY EXPERT: What we have created with the Internet is this whole market economy in personal information. It's very important for me to know what are you looking at? What are you buying? What are you not buying? What time of day are you surfing? Who are you? So there's a whole marketplace for information. And so, what the spyware is trying to do is collect that information and the people who are purveying it, trying to sell it.

SIEBERG: Actually, we have been tracked online since the early days of the Web through something called a cookie. Most company Web sites use them. Here's how they work. When you visit company x's Web site, a small file gets placed on your computer called a cookie which tracks your movement on that particular Web site and remembers like the links you clicked on and how long you were there.

Now once you leave that Web site, the cookie stays on your computer. But it doesn't report back on where else you go on the Web. Not so with spyware. It can follow you anywhere.

RASCH: So here we have a computer that's acting very sluggish and we don't know why.

SIEBERG (voice-over): We turned off the spyware filter on a computer in our office, then we ran some spyware scanning software to see what it picked

Re:The truth about Adware

[geekyMD]

I think the shockingly absent outrage/response to adware has more to do with lack of awareness than anything else.

We all have gotten used to the idea of planned obselesence. From your car that is "old" after 3 years to your computer which was the absolute best until about 15 seconds after you bought it; most people expect their computers to run more slowly with time. And while popups suck, many people just don't really equate popups with adware. To them, its just "one of those things" that happen to PCs, especially when connect to that darned internet. I've worked in numerous offices that were about to buy a new set of PCs because their existing ones were "old and slow." After 30 minutes of AVG and SpySweeper they were amazed at the power of their "outdated" computer.

IMHO, Even when you include the viruses that go with spam, it seems like adware does much more to reduce producivity, hands down.

Alas, with SPAM we all see media 'orange alert's lasting for several days like:
"You computer will eat your first born and wreck your car if you open this email!!!"
But who has seen something like that for adware? How many people really know what it is or does?

We gotta get the word out! Alert the press! The baby eating, credit card stealing, nazi adware legions are headed straight for your comptuer! And if you don't uninstall them, Santa will be shot! That should wake some people up.

Re:The truth about Adware

[coopaq]

We have seen many stories on /. over the last few weeks about how millions of Windows boxes are so infested with spyware that they are basically unusable, and yet most non-technical people still seem ambivalent.

Yes, but these are offspring of the same people who refused to change the oil in the their cars when they first came out.

Sooner or later the smoke will get their attention.

Lucky for us they are also the same kinda people who turn their comptures off for hours at a time.

Re:The truth about Adware

[zallus]

Hmm... Alterate morning... sounds painful.

Re:The truth about Adware

[zallus]

I know replying to myself is in bad taste, but I just have to laugh at what a brainfart substituting "morning" for "browser" is. I left the thing open for three minutes, mistake clearly visible between the xterm trim, and never noticed before sending. To correct: "Alterate browser" is a search that'll actually get what you mean.

Re:The truth about Adware

[Fishstick]

my 'n' key was taking a break, ok?

maybe I should have previewed, oh wait... :-p

Re:The truth about Adware

[EddWo]

Well he obviously doesn't really know what he's talking about. The 44 running processes is just a bit of information that Adaware gives you, it's not really related to how much spyware you've got, and its not as though he's picked up 44 processes that weren't there before since deactivating his antispyware. Windows XP starts with about 24 by default, then adding on a virus scanner is 3 or 4, a few system tray processes and a couple of applications open and you will easily be up to 44 without any spyware installed at all.

The other figure of 211 objects recognised will mostly be cookies, which he's already discussed as being relatively harmless. Stay up to date with patches and visit sensiblle websites, and cookies are the only thing you need to worry about.
As for over 1000 different programs in a few days, I think he's just trying to scare people.

Re:The truth about Adware

[EvilGrin666]

There's a crucial difference between spam and spyware though. With spam simply possesing an email address means you get it. With spyware, generally you need to be running a poorly configured windows box thats got crummy software on it (Internet Explorer and/or Outlook Express usually).

This means that generally speaking geeks don't get spyware on their machines and even if they do, they can deal with it. With spam, they are hit just as bad as everyone else so they figure out how to make it go away. The reverse is true for spyware, the people most able to fix the spyware problem aren't affected by it and thus have no incentive to make it go away for everyone else.

The 'Its not my problem' mentality basically.

Re:The truth about Adware

[detlev409]

Not necessarily so. Note that Ad-Aware also classifies processes among the objects it scans for. It's possible that this guy just aggregated the number of malware processes found by Ad-Aware over the course of the experiment.

Then again, he apparently doesn't know that it's supposed to be Spybot not Spybox. So hey, maybe you're right.

Hitting the thousand mark isn't hard, IMO. Sure, you'd have to work at it, to do it in such a short time, but you wouldn't have to work very hard. Before our campus began including Spybot on the student images, we'd regularly service computers with 700+ objects. Our campus record stands at 3000. I don't know how the damn thing was still booting.

Re:The truth about Adware

[AcornWeb]

Our campus record stands at 3000. I don't know how the damn thing was still booting.

Amateurs! Our campus record is 4806 (using Ad-Aware 6.0 back in August). And yes, the computer was barely functional. I just can't believe people let their computer get that bad. <shakes head>

Were do you work?

Re:The truth about Adware

He was asked what you can do and he did actually say "Mozilla Firefox" to which Daryn Kagan...
To go way off topic, hubba hubba!!

Re:The truth about Adware

[mdielmann]

Heh, did my first OSS conversion the other day. I didn't want to totally disrupt their lives, or spend 3 weeks trying to install whichever flavour of Linux on their system, but I took care of the biggest pains. At least they can't make, and drink, a coffee during boot anymore. Spybot/Ad-Aware got rid of 85 classes of spyware, and the system was actually usable again. Then I added Firefox/Thunderbird to handle web/email needs while reducing the risks of popups/adware/spam/viruses. The interesting thing is they would be the last to call themselves computer literate, yet they were like, "whatever, just get this crap off our system, and keep it off." They were happy with Firefox 1.0, and were quite impressed with how fast everything loaded. The install for both was painless, and converted them from IE/OE with almost no hitches. It was interesting, however I don't think my parents would be able to handle it. Any change at all is a bad thing for them.

Re:The truth about Adware

[Zelxyb]

millions of Windows boxes are so infested with spyware that they are basically unusable, and yet most non-technical people still seem ambivalent

How else will we create a need for hardware upgrades?

Re:The truth about Adware

[Hognoxious]

This is good because it is completely amazing to me how the adware/spyware problem has received very little coverage in the media

[foil hat] That's obviously because they (the medias) are in on it too. You know, with the man and all that. [/fh]

Re:The truth about Adware

[danila]

The reason is that spam = "some moron keeps sending me ads about penis enlargement", while malware = "my computer just acts weird". While most people don't really understand the reasons for spam's existence and the technical challenges of combating it, at least they can easily have some grasp of the problem (after all, they all get spam in their real life mailboxen too). With malware most won't know the difference between "legit" evil popups and malware-caused evil popups.

Re:Where's the part with the burning and the fires

[EnronHaliburton2004]

Silly me! I forgot to mention the shackles and public humiliation...

feedback

What happens when their own computers get infected with adware?

Re:feedback

[Anonymous+Crowhead]

What happens when their own computers get infected with adware?

They probably reverse engineer it, figure out how it got there, and then incorporate that into their own adware. Seriously, you'd think these guys (at least the developers) would be pretty adept at keeping their machines clean.

Re:feedback

[AndroidCat]

Don't forget the part where they figure out how to have their adware disable the other guy's adware.

Re:Dark. And noisy.

> Please, mod him up. And not funny, insigthful.

+1, Scary :)

Re:Where's the part with the burning and the fires

[ackthpt]

where enraged citizens storm the building, set it on fire, seize the funds from the bank accounts and distribute to orphanages everywhere and leave the Adware staff tied up to lightpoles with a note for the police.

Hmm. Kinda like my fantasy, which seems to involve a tricky hand gesture which magically transfers money from their bank account to my bank account. Of course, I don't mean to be rude, thus a tastefully worded thank-yew note is forwarded to them.

Ah.. to be Merlin for a day...

Re:Dark. And noisy.

[OAB_X]

New steps to uninstall:

Add Remove programs -> spyware program -> uninstall window -> im sure i want to uninstall -> i dont want to reconcider -> i dont want to provide a reason for uninstalling -> im still really sure i want to uninstall -> yes i know some features maybe deactivated -> i dont want to install any companion programs -> i dont want to have programs from your sponsors installed either -> i dont want to have more msn smilies -> why do i need to go to a website to uninstall? -> i still want to uninsall reason: i hate spyware -> uninstall -> please wait while you download the uninstaller -> program uninstalled successfully, 5 more programs installed by uninstaller

The real question...

[ltbarcly]

Does it run linux?

Re:The real question...

[Cyclone_TBW]

Does it run linux? No, the real question is: Does it have a command line?

Worst part of adware...

If it was written correctly, it wouldn't be such a big deal. However, it causes computers to run very slowly and crash due to rampant bugs. I mean, can't they just add an ad toolbar to IE and be done? Do they really need to hijack the windows API to prevent themselves from being killed/removed?

Re:Worst part of adware...

[AKnightCowboy]

Do they really need to hijack the windows API to prevent themselves from being killed/removed?

On the plus side, you can't get in trouble anymore for making a virus, worm, or trojan horse. All you have to do is claim it was adware and the user consented to installing it. Afterall, when it comes down to it, these things are basically just malicious viruses.

Re:Worst part of adware...

[yuri+benjamin]

these things are basically just malicious viruses.

malicious trojans, to be precise.

How can they live with themselves?

[mboverload]

I seriously question how these people can LIVE with themselves. Their products harass millions, slow down the worlds computers, and hurt the internet expirience. I could not stand to live with myself knowing I was screwing millions a day, an hour, a minute. These people MUST be heartless.

Re:How can they live with themselves?

[Aardpig]

I seriously question how these people can LIVE with themselves. Their products harass millions, slow down the worlds computers, and hurt the internet expirience. I could not stand to live with myself knowing I was screwing millions a day, an hour, a minute. These people MUST be heartless.

Look, the guy in charge of Uzbekistan likes to boil to death people who disagree with him. And the US and the UK turn a blind eye because Uzbekistan is a friend in the war on terror. Perhaps you should get some perspective here.

Re:How can they live with themselves?

The guys that cut this code are probably the kinds of geeks who justify it by thinking only *stupid* people get infected with this stuff, so they deserve what they get.

Re:How can they live with themselves?

Oh come on. How many have been killed for money?

It's all about money.

Re:How can they live with themselves?

[tsm_sf]

How dare you bring up Uzbekistan when thousands of American citizens starve to death each year.

How dare I bring up hunger when tens of thousands die in car crashes...etc. all the way down to "Won't Somebody Think of the Children."

Perspective is all well and good, but a little goes a long way. There are LOTS of problems that need solving, and we'd never get anywhere if people just sat around trying to locate the worst one (Especially since it will probably turn out to be "people", and the solution "total annihilation of our species")

Re:How can they live with themselves?

[toomin]

Lawyers seem to be able to stand it. But, then, they spend years getting a Degree in heartlessness..

Re:How can they live with themselves?

[Afrosheen]

These people are saints to me. When you charge $50 per hour to clean up personal computers, you rejoice when you see a shitload of spyware on a computer. That's lots of cleaning time, and money in the bank.

If they're really serious about not getting re-infected, I'll leave them a Knoppix or PCLinuxOS disc and a brief tutorial.

Re:How can they live with themselves?

[FLEB]

That's it! We need a commission to determine the worst problem and the proper course of action!

I'll start printing the business cards...

Re:How can they live with themselves?

Look, the guy in charge of Uzbekistan likes to boil to death people who disagree with him. And the US and the UK turn a blind eye because Uzbekistan is a friend in the war on terror. Perhaps you should get some perspective here.

--
Slashdot: where racism against Indians is OK...


Jesus Christ. You are one self-righteous prick. I hope your job gets sent overseas as well.

I hate malware.

[rice_burners_suck]

I hate adware, and what we need to invent is some sort of adware realtime blacklist that contains all the IP addresses of adware companies. Then, all legitimate users could set up their firewall to disable access to and from any of these IP addresses. Then, the ISPs could completely disable access, and that would drastically cut down on the success of these illegitimate ventures.

Doing so could scare the spam authors, malware authors, virus authors, worm authors, spyware authors, and other illegitimate software authors into compliance with global IP standards, which will facilitate the streamlining of compelling enterprise solutions by content providers and emerging stewards of innovative technologies.

(If you didn't get the above then you need to do some critical thinking. It is composed in four layers and contains 12 hidden messages, 4 double meanings, and 9 psychological facts.)

Re:I hate malware.

[hsidhu]

I use the list from remember.mine.nu, its updated regularly and here the line count for my /etc/hosts file.

$ wc -l /etc/hosts
32848 /etc/hosts

I recommend it to anyone and everyone.

Re:I hate malware.

[WJMoore]

Then, all legitimate users could set up their firewall to disable access to and from any of these IP addresses.

The solution can't involve users. They are the problem, just look at virus'. If a person must insist on using Windows they can keep quite safe by following a few simple rules and keeping a virus scanner up to date. Obviously this frequenctly doesn't always occur and worms etc. spread like wild fire when released.

Re:I hate malware.

"I hate adware, and what we need to invent is some sort of adware realtime blacklist that contains all the IP addresses of adware companies. Then, all legitimate users could set up their firewall to disable access to and from any of these IP addresses. Then, the ISPs could completely disable access, and that would drastically cut down on the success of these illegitimate ventures.

Doing so could scare the spam authors, malware authors, virus authors, worm authors, spyware authors, and other illegitimate software authors into compliance with global IP standards, which will facilitate the streamlining of compelling enterprise solutions by content providers and emerging stewards of innovative technologies."


Your post advocates a

(*) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(*) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(*) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
(*) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(*) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(*) This is a stupid idea, and you're a stupid person for suggesting it.

Re:I hate malware.

[evilviper]

what we need to invent is some sort of adware realtime blacklist that contains all the IP addresses of adware companies.

Yeah, that would be great... It's too bad everyone on the face of the frickin planet didn't already come up with this idea before now, and publish thousands upon thousands of different blocklists just for this purpose....

Oh wait, THEY DID.

Re:I hate malware.

[vonsneerderhooten]

I can say from experience that this guy's done a pretty good job, and I've also written an 'installer'.

Re:I hate malware.

[IO+ERROR]

(If you didn't get the above then you need to do some critical thinking. It is composed in four layers and contains 12 hidden messages, 4 double meanings, and 9 psychological facts.)

And 78 buzzwords.

Re:I hate malware.

[siliconjunkie]

PeerGuardian is what you are describing. It has multiple blacklists, including Spyware/Malware IPs.

Re:I hate malware.

hmmm...that's not much

wc -l /etc/hosts gives 86003 on my system

Google CEO ?

[SoLO]

Earlier this year, Direct Revenue raised $20 million from New York based Insight Venture Partners. The respected VC company boasts Google CEO Eric Schmidt and former Treasury secretary Robert Rubin on its advisory board.

Wonder if this is some kind of conflict of interest?

Re:Google CEO ?

[maximilln]

Yes, it is. Yes, the regulators see it. Yes, they're all laughing on the walk to the bank while the media blames the recession on the political party of the day.

It concerns us.... (the military)

[i_want_you_to_throw_]

We constantly have a nightmare about people on our network installing spyware (we're half green suit/half civilian). Some day, some enterprising young person will create spyware with a key logger phoning home passwords galore. We already had a problem with HotBar clogging our pipe.

Admittedly we are't suppoed to be discussing classified information but we deal with politically sensitive stuff all the time.

Re:It concerns us.... (the military)

[Stevyn]

When I worked as an intern for the DOD over the summer at a base in NJ, no classified computer was allowed to be connected to the internet.

Re:It concerns us.... (the military)

[pizen]

Just because it's not classified doesn't mean it isn't sensitive.

Re:It concerns us.... (the military)

Who would you have to talk to to get an SBIR solicitation out for more advanced spyware detection / removal methods?

Re:It concerns us.... (the military)

[_xeno_]

I recently got a security clearance. Just because a single piece of information isn't classified doesn't mean it can't reveal classified information. That's the main fear.

As a simple example, assume some adware managed to steal an Excel spreadsheet as it was being entered. The information was simply the dates and costs of fuel being bought for vehicles on base. This information isn't classified.

From this information, you can get a rough guess of troop movements and the amount of mechanised gear at the base. Combined with more information, you can get a good idea of current strategy, what troops are going where, and the level of activity around a given base. This information is classified.

Just because a given computer isn't classified doesn't mean that you can't piece together classified information from data contained on the computer - especially when combined with other information. That's what the military is concerned about.

Re:It concerns us.... (the military)

[sconeu]

Which is why Poindexter tried to create the "Unclassified but Sensitive" security level.

Re:It concerns us.... (the military)

We constantly have a nightmare about people on our network installing spyware (we're half green suit/half civilian).

What you should do, right now, is ask your G6/J6/A6/etc why your site license for Symantec Anti-Virus does not detect this malware. Perhaps a home user might be a legit subject for a malware vendor's "restraint of trade" lawsuit, but a NIPR workstation's user is already restrained from using such applications, so Gator has no basis for whining when you pay Symantec to keep that crap off your net.

Seriously. The only difference between the viruses that NAV filters and the spyware it doesn't is that the spyware has a company that Symantec is afraid of being sued by. You and your users have a legitimate reason not to fear this, even indirectly.

Please please PLEASE feed this requirement up your 6 command chain and maybe DISA or NMCI can pressure the vendors in the acquisition contracts to solve this problem for all of us if we all yank their chain hard enough.

Re:It concerns us.... (the military)

[danila]

Can't you just bomb the DirectRevenue? Or something...

Re:It concerns us.... (the military)

[hswerdfe]

err..loose lips sink ships...

The gawntlet was thrown long before . . .

[grahamkracker]

The gantlet was thrown long before this beef turned into a global thermonuclear war . . .

Norms find it simpler to ignore the cancer that infests their everyday lives, even when it is proven to yes be this right here & yes it is killing you . . . . *blink* oh and while you live in squaller they are making millions . . .

fkcu, // kracker

* Pick a fight with yourself & win . . .
* bludgeon your face to spite yourself
* Altitude is nothin' compared to action

I die after this line, but i still want mine ... Eminem : Evil Deads (sry, the shadows told me to do it ... )

Stupid names

Why is it that adware companies always come up with incredibly stupid names for themselves?

Re:Stupid names

...as opposed to "smart" names like Slashdot, Google, and Bamzu.

Riiiight.

Re:Stupid names

[Grey_14]

They cant use the good ones, because they change it every few months, they think of good ones, and hold on to them, or sell them or something, why waste a good name when your just going to change it so people cant figure out "Claria" = teh bad

4 pages?

[Xeo+024]

it's a bit lengthy but a great read

Damn right it's a lengthy read. Anyone have the Cliff Notes for this?

Re:4 pages?

I am Cliff Notes, you insensitive clod!

Oops...

[The+Wooden+Badger]

I thought it said ADAWARE

Re:Oops...

[Stegersaurus2686]

Yes, and Ada-ware is nasty spyware that you get from going to www.adaware.com. I can't tell you how many people just hear the name Ad-Aware and proceed to download the similarly named malware. It drives me insane.

Re:Dark. And noisy.

[eobanb]

Transparent........hard to see. Hmmmmmmmm.

Re:Where's the part with the burning and the fires

[homer_ca]

Why stop at that? A mob like that would probably put their heads on a stake outside as a warning to others who would dare write more spyware.

what

tl;dr

Just once...

[Frennzy]

Just once I want to be the guy who these fucktards approach to get 'my advertising' into their spyware model.

Just once. I'll string them along, until I've met all the most important players in their company.

Then...I'll post all of their details on /., and wait for the inevitable melee.

And, in the spirit of /.,

2.?????
3.Profit!

Re:Just once...

A-fucking-men

1 - as above
2 - eBay
3 - Profit

Re:Inside a ffirst post...

[SteveXE]

...what?

When Will AntiVirus remove it?

[QuantumRiff]

So, how can a piece of software that gets installed without permission on my machine, that sends out spam emails to everyone on earth be considered a worm/virus, but a piece of software I get installed without prompting, by visiting a fucking web page, that changes my hosts file, dns settings, proxy servers, and or nic drivers be considered adware?

When will Symantec, McAffee and the others start detecting and removing spyware. I've emailed them requesting that feature, and have never even gotten a response.

Honestly, at the school I work at, our public use library and labs have no problems except spyware. The 40 machines in our library average about a week before they are so bad that the systems have to be re-ghosted. Yes, I have netscape installed, and yes, its the default browser, but no, I can't remove IE, some services they need to use (other colleges in the area) have web pages that only work in IE. If freaking symantec would just treat adware as a virus, my god, I would love them.. and so would many others..

Re:When Will AntiVirus remove it?

[Bill_Royle]

Symantec's v9 of their antivirus software does do this (at least the corporate edition), but they do a piss-poor job of it. Of course, this keeps in line with their antivirus efforts, which suck as well. While it's decent at removing files, spyware references in the registry are regularly missed.

Re:When Will AntiVirus remove it?

come on. i'm sure you can get linux installed if your spyware problem is that big... why not knoppix?? even easier..

Re:When Will AntiVirus remove it?

[Cosslax]

They don't do it in their anti-virus software because it makes them more money to release a seperate piece of software. That being said, Norton and McAfee both do sucessfully detect some malware apps and promptly fail at doing anything useful with them. Not saying much nowadays anyways, half the spyware I clean off computers at work doesn't show up on any scanners anyhow.

Re:When Will AntiVirus remove it?

[wronski]

I use a free crapware blocker (Adaware) and a couple of very simple registry utilities that prevent anyone from setting a registry key without my permission. Not at all bulletproof, but it works for me.

Re:When Will AntiVirus remove it?

[cheekyboy]

Why dont you force a transparent proxy to make sure ALL IE requests are BANNED except for the websites that are NEEDED to be used by IE. And let mozilla requests go thru.

That will fix all , also you should install MYIE, its a wrapper app for the IE engine, could be safer.

Re:When Will AntiVirus remove it?

[DocSavage64109]

A good alternative to re-ghosting every week would be Deep Freeze. Once it is installed, a simple reboot erases any changes the users have made to the system... including installing spyware, moving icons, or deleting files.

Re:When Will AntiVirus remove it?

[zallus]

You might be interested in a Windows program that allows the same "daily fresh start" that having your permanent OS be a live-cd gives: DeepFreeze. Nice little software, starts intercepting writes to the drive at NTLDR, I believe. You can allow a password-less administrator account if you want; as long as no one gets the program password, the system will come back up in a digital Groundhog's Day of cleanliness. Protects all the way down to a low-level format while the OS is running. (Note: I don't work for these people, but I've seen this in use, and it's quite nice.)

Re:When Will AntiVirus remove it?

Me too. I've accidently been infected when I installed a freeware cd alarm clock that previously was fine but in the new version was adware - not free!
AdAware fixed most of it. What I want is for AdAware (or the virus scanner) to find the adware inside the installer before I install it - which didn't happen in this case.

Adware and Spyware are making me money

Yeah, it is. And I hate it. I hate having to take people's money to clean this shit off their computers; I would rather be deploying servers or upgrading home PCs for the holidays. But I'm not.

People get infected so easily because the just don't understand. Your average joe doesn't know the difference between virii and spyware; They don't understand that Norton Antivirus doesn't block this stuff too ( though they're starting to try ); They don't realize that IE's swiss cheese-like security is what allows most of this stuff on their system. While I spend a lot of my time cleaning spyware of my customer's computers, I also try to take the time to educate them. I show them the Adaware and Spybot icons. I run through them once with the customer to make sure they understand how to perform updates. I explain the new Firefox icon and how they should always always always use it, unless the site refuses to load without IE. I explain why Norton didn't stop it, and why the firewall didn't help. Folks just hear a lot of buzzwords like these and they just store the basic meme "Firewall=Safe" or "Antivirus=No Infection".

It shouldn't have to be this way. But it is, and I'm profiting from it. That makes me feel dirty in a way, even though I'm not the asshole clogging up the works.

Re:Adware and Spyware are making me money

[mrbcs]

Same here though I don't feel dirty doing it.. I'm doing them a favour. Better to pay me to clean up their machine than to go and buy a new one because of software issues.

Most times I've only had to see people once. It's very disheartening though, when two weeks later, the same customer comes back, riddled with viruses and spyware.

Me: "where's the programs I installed? Sygate? Ad-aware? Avg?"

Customer: "umm, I guess we uninstalled them.. kazaa wasn't working right."

Me: "fine, $60, we'll try again."

I don't think I'm long for this game anymore. Users can be very draining on your spirit. Really bugs me that I've had no problems with my 10 machines in 7 years or so.

Re:Adware and Spyware are making me money

[rugger]

Ever heard of a thing called professional emotional detachment?

You are being paid to clean their computer, there is no need to be upset about it.

They will either keep paying you $60 every few weeks to clean their computer, or learn how to deal with it themselves.

Re:Adware and Spyware are making me money

[myov]

Had one the other day... WinXP blew up at a friend. 4 hours later it was finally running. They had internet problems later on and their ISP actually told them to remove the anti-spyware programs! A few days later, spyware took over again.

Another time, I wiped & locked down a machine which was constantly getting spyware. A few weeks later they were back to IE running as administrator.

What's really getting annoying is needing to run 4 different anti-adware programs, plus hosts and adware blocking, just to keep a machine somewhat usable.

Re:Adware and Spyware are making me money

[Buran]

One of my coworkers is constantly somehow managing to run IE to surf the web no matter how many times I tell windows to hide it and tell HIM to not use such an insecure browser. I think he's got it and I set up Firefox to look just like IE, and what happens?!

THE IDIOT FIRES UP IE AGAIN!!

How the fuck is he even getting it to run when I removed all access to it!? Next step: block it from net access entirely and refuse to unblock it. Want to browse the web? You won't do it with IE unless you're at windowsupdate.

Re:Adware and Spyware are making me money

[Elwood+P+Dowd]

It's worse than that. A coworker of mine had spyware that redirected all her network connections through their proprietary network stack.

No uninstallers available, so we had Spybot uninstall it.

No networking.

Format, reinstall. And this is without downloading any screensavers or someshit. Just via holes in IE.

Re:Adware and Spyware are making me money

[MikeBabcock]

Professional emotional detachment is a very difficult thing to achieve and most often a hoax. As long as you pretend to be detached and act like you're detached, you're fine in most cases.

In reality, people who *care* about other people will not be detached.

Re:Adware and Spyware are making me money

[k512-arch]

holy jesus, if someone did that to me i would punch them. i've tried firefox, but i just can't stand not having those little nuances that make browsing easier. like control-tab -> address bar. and lots of pages that don't render the same as in ie (which matters when you make sites youreself too). leave him alone.

Re:Adware and Spyware are making me money

[Tim+C]

How the fuck is he even getting it to run when I removed all access to it!?

Windows key-R, type in "iexplore", hit return?

Re:Adware and Spyware are making me money

[barzok]

ctrl-L puts you in the address bar in all the Netscape/Mozilla browsers I've used.

Pages not rendering the same? Usually it's the original designer only checking in IE, which gets many things wrong, and saying "ok, that's what I want" - then a browser that does it right comes along and renders differently from what was intended.

Re:Adware and Spyware are making me money

[Buran]

He's not that advanced of a user. Must be something stupidly simple that windows just doesn't get right. Of course, that doesn't narrow down things much.

Re:Adware and Spyware are making me money

[Stinking+Pig]

You just need to change your motivation. If you're in IT to try and make the world a better place, you're going to hit that burn-out wall pretty quick (took me about five years, give or take). Now that my motivation is more squarely focused on "provide for my children while doing something that doesn't drive me completely batty", I can handle the stupid users a little better. They're still just as stupid, but I don't care. I certainly don't scruple at taking their money in exchange for crappy software, because I've learned the hard way that they're incapable of selecting or using better software.

Re:Adware and Spyware are making me money

[k512-arch]

control-tabis with only your left hand, and they're closer together. control l feels somewhat inconvenient..

Hosts file + GUIDs

[rsilvergun]

does what you want. You use a hosts file (c:\windows\system32\drivers\etc\hosts, and no, I don't know why the fsck it's there either) to redirect IPs to the loopback addy (search around google, there's lots of good hosts files if you trust the poeple making them :) ). Combine that with a program like spywareblaster that registers Windows Globally Unique Identifiers (GUIDs) for known spyware. If your program's GUID is already registered, it won't install. Those two things + firefox + thunderbird + patches has kept even my Mom spyware free.

Re:Hosts file + GUIDs

[zallus]

1. Connecting to 0.0.0.0 is caught by any good IP layer and immediately halted. 127.0.0.1 just results in a timeout. 2. I suppose "winsock" would be built in a POSIX-esque fashion, in Ye Olde Compliance Stabbe that MS seems to give every once in a while. However, either an over-precise standard, or lazy MS subsystem designers, have foisted an actual *nix tree into the \windows\system32\drivers folder. Makes me wonder about installing a kernel in there...

Re:Hosts file + GUIDs

[Lehk228]

Redirect to 0.0.0.0 instead, if you point to 127.0.0.1 you get to wait for every blackholed connection to time out against your own machine, while an attempt to connect to 0.0.0.0 is instantly recognized as an invalid ip and the conneciton fails.

Re:Hosts file + GUIDs

Connecting to 0.0.0.0 is caught by any good IP layer and immediately halted. 127.0.0.1 just results in a timeout.

Any good TCP stack should immediately halt this as well, by sending an RST.

Re:Hosts file + GUIDs

[Starsmore]

Call me a complete frikkin' idiot, but don't suppose anyone has a handy webpage detailing how to set this up on a windows machine?

Re:Hosts file + GUIDs

edit the file \windows\system32\drivers\etc\hosts instead of /etc/hosts

the format is:
0.0.0.0 blocked.site.com

use # before comments.

Re:Hosts file + GUIDs

[StarCat76]

Uh, on my box here (Gentoo 2.6 kernel) 0.0.0.0 just redirects to 127.0.0.1.

Re:Hosts file + GUIDs

[Fweeky]

You've got a blackholing firewall set up on loopback? Why?

Re:Hosts file + GUIDs

[Theatetus]

You use a hosts file (c:\windows\system32\drivers\etc\hosts, and no, I don't know why the fsck it's there either)

Beneath the cruft of Windows, within the [windows|winnt]\system32 directory, there lurks a roughly POSIX system, including such files as /etc/hosts.

Re:Hosts file + GUIDs

[SysGoddess]

You use a hosts file (c:\windows\system32\drivers\etc\hosts, and no, I don't know why the fsck it's there either) to redirect IPs to the loopback addy (search around google, there's lots of good hosts files if you trust the poeple making them :)

Or you could simply enable this function in Spybot S&D. Tools/Hosts File

Re:Dark. And noisy.

transparent, but the makers are not to be held responsible if said transparancy is coated in mud.

Well... your machine already *is* infected...

[PornMaster]

with a viral license...

Re:Well... your machine already *is* infected...

[Xtifr]

No, no, he said he's running Debian! Not SCO!

What I want to know...

Consumer advocates familiar with the company charge that Direct Revenue has engaged in an array of unethical practices: it secretly installs its software onto computers, designs its adware so that it reinstalls after users delete it and has changed its name so often that frustrated users can't find the company to complain.

...is if their business model includes such practices, how do they get around many states anti-hacking laws? In several states it is a felony computer crime to install software onto people's computers without permission. Most Adware companies get around this by a "click-through" license but it was not mentioned in the article if Direct Revenue uses such.

Even with a click-through license I would love to hear them explain to a judge their justification for automatic reinstallation after a user deletes it.

Re:What I want to know...

[Elwood+P+Dowd]

Yeah, I want to know how they skirt felony hacking charges too. Did they specially word the Patriot Act to avoid making these people criminals? How come they aren't considered terrorists?

Re:What I want to know...

[maximilln]

The law is only selectively enforced. Adware/spyware companies help launder billions of dollars every year. Unless they step on the toes of someone in a particular position of power there's no fear that a band of /. readers are going to hire an attorney to track them down and sue them. Politicians won't sue them because then Wall Street would pull funds. Wall Street won't sue them because it helps them launder funds. The regulators won't sue them because they are beholden to the politicians. The attorneys won't sue them because, well, there's no money in it. These companies are vaporous. If they get sued they just declare bankruptcy, dump the judgement on their insurance company, and the actual responsible people disappear to start the next one.

Kill em all

[bogie]

I don't care if God sorts them out.

As I type this I'm about to finally sit down for a movie after spending hours on yet on spyware/adware infested PC. I'm just tired of it. As much as I hate those scumbags who put out adware etc I have to once again question. What the fuck was Microsoft thinking waiting until summer 2004 to deal with the problem? Oh and the other 50% of Windows users on this planet who are not running XP with SP2? They're just as screwed now as they were before.

Re:Kill em all

[dj245]

Oh and the other 50% of Windows users on this planet who are not running XP with SP2? They're just as screwed now as they were before.

Well I don't run it on half of my machines because they have so many programs the installer doesn't complete. But I do install all other updates as soon as they come in. I would guess a lot of the "smarter people" who don't run SP2 also have this probllem. But of course there is the stupud 47.5%

Re:Kill em all

[IO+ERROR]

All of Microsoft's flaws, security holes, bugs, etc., are specifically designed to create and maintain an aftermarket for technical support.

Re:Kill em all

[fermion]

Because from a corporate viewpoint it was unBecause from a corporate viewpoint it was unnecessary. Despite the fact their business model exposed customers to needless risk, the fact that the customers did not mind made expending resources for improvements counter indicated.

For instance, a school district standardizes on IE and Windows. It is clear that both potentially exposes children to pornographic images (violence and sexual content), as it issilly to believe a child will not accidently punch a adware button, or be confused by a pop up window. But, in spite of such risks, the school districts still wants every home to running IE.

Change is happening becaus of the potentiall loss of a customer base and liability concerns. The fact that people spent money on windows made the change take so long. I often think that we should let god sort out all the Windows users and those lost souls that buy products from spam.

Re:Kill em all

What you've just said made no sense at all. At no point in your rambling, incoherent response was there anything that could even be considered a rational thought. Everyone on Slashdot is now dumber for having listened to it. I award you no mod points, and may God have mercy on your soul.

Re:Kill em all

[Richard+M.+Nixon]

You Sir, are homicidal.
I like that.

How would you like a possition in my next administration?
You get to kill as many scumbags as you like, with good pay and benefits.

Talk, talk, talk.

[BillX]

"Abram [Direct Revenue] recently backed that claim with a letter to Congressman Joe Barton of Texas urging passage of H.R. 2929, "The Spy Act," a bill that would require adware companies to get explicit permission from users to place software onto their machines and to allow users to easily uninstall those programs. Abram says his company and the industry have not met this goal yet, but they are moving in the right direction."

Really, does it take more effort to write a letter to a congressman, or to add one sentence to the beginning of an EULA? Or to code, for that matter? Here guys, let's make life easy on you:

/* Super secret proprietary adware code - please don't steal and copy into your own software */

wantmalware=Application->MessageBox("I would like to spy on you, slow your PC and pop ads in your face all day long. Is this OK?", NULL, MB_YESNO);

My poor little fingers, they are cramping up already.

Re:Talk, talk, talk.

[maximilln]

add one sentence to the beginning of an EULA?

Don't you know that it gets buried in the middle?

Re:Talk, talk, talk.

Well, actually the code snip is not correct.
An real spyware code will end with ...MB_OK); instead of ...MB_YESNO;)

Re:Talk, talk, talk.

[BillX]

Very true!

I'm waiting for one to pop up a warning telling me that my house is broadcasting a street address.

Re:Dark. And noisy.

[ThJ]

Why hasn't this been modded up? It's so true.

Mod UP!!! A/V companies are p......

[Chordonblue]

I also work at a school and I'm wondering the same thing. Check out something like the VX2 spyware/trojan. It:

- Is often installed without user permission (using holes in IE/Windows)
- Has versions that restore themselves no matter how many anti-spyware proggies you use
- Does not register itself in add/remove programs

In our case, I don't care if the user installed something anyway - IT'S NOT THEIR COMPUTER! School computer policy says 'no unauthorized software is to be installed without permission...' I want my A/V program to do what we pay them to help us do - keep malicious software off our machines!

I've been going rounds with Sophos about this particular piece of crap (VX2). Somehow, this thing ended up on a machine here and NO software was directly installed. Evidentally, this was a 'drive-by' download. So, I ask Sophos, why ISN'T this a trojan virus? It has many of the same characteristics.

They then proceed to tell me that it serves a commercial purpose (advertising). So I replied with something like, 'Let me get this straight: I could take a virus like Netsky and create my own variant that serves pop-ups and that would be ok?'

That was two weeks ago. I still haven't gotten back a reply. The fact is - anti-virus companies are pussies (Yeah, I said PUSSIES! Feel free to step up Sophos/Grisoft/Symantec/McAfee, etc.)

I think they've had it pretty good - stopping would-be script kiddies and the like. But this is apparently a challenge that they can't or won't step up to. My suggestion? ALL you A/V companies should file lawsuits against the first spyware company that bitches. United, you'd have nothing to fear...

Re:Mod UP!!! A/V companies are p......

[dosius]

My idea would be to come up with some kind of a live Windows CD (yes, it can be done), put all necessary software on it, wire it into the drive. System boots, runs consistently {well | poorly}, spyware has limited opportunity to install, and is gone on reboot.

That is, assuming using Knoppix is not an option. I would certainly recommend Knoppix over Windows. XD

Moll.

give me a break

[tempny]

According to the article, these companies are "working" on making their glorified viruses less intrusive and easy to uninstall. Amazingly, the article never points out just how bullshit this is. Anyone who has ever worked on commercial software knows that it is trivial to let the user remove your program (automated installshield or something of the sort). Even if you don't want to bother with that, the user should always be able to just kill the process and delete the executables. However, it's certainly not easy to actively prevent the user from stopping or removing your software, and especially to automatically and invisibly reinstall upon removal. Yet these companies are "working" on making their programs removable? How stupid do they think we are?

Re:give me a break

[malfunct]

While I agree that the adware companies are taking giant leaps to make thier software uninstallable it is also a misconception that making software uninstallable is trivial. Its especially hard when the software decides to link into the network chain when it is well know that due to a bug in windows you bork things when you try to remove yourself from the chain.

Re:Dark. And noisy.

so is that the ??? in the three stage profit model?

Where is the class-action lawsuit?

With as much unauthorized computer trespassing and usage is going on, I'm left wondering why a lawyer hasn't sued yet.

The lost cpu cycles and kilowatt hours of millions of users must add up to a large sum to sue for via class-action. With a jury it would be a slam dunk trial. I don't like lawyers, but at least the vial filth of the spyware companies that made money by installing onto your machine via a security hole don't get anything.

DOH

[Spy+der+Mann]

And they'd start SPAMMING the list by adding legitimate IP's. Why you think the garbage text below SPAM was created? To bombard the anti-spam bayesian filters. You think they'd be stupid enough NOT to do anything against a malware blacklist?

Re:Where's the part with the burning and the fires

... and wave, like this (wiggles fingers)

Re:Where's the part with the burning and the fires

[ddimas]

I prefer nailing the windows and doors shut and then lighting the building up.
Recividism is thus kept to a minimum.

Lengthy?

[acvh]

four pages of three sentence paragraphs is LENGTHY?

Re:Lengthy?

[fossilstar]

Slashdot readers are mostly in the USA. Look at who we have in the Whitehouse. Obviously we're not exactly a nation of readers.

Re:Dark. And noisy.

[CrazyDuke]

You forgot "-> spyware program silently reinstalls itself on next boot"

Business Model Relies on Deception

[c0dedude]

Do they really think, given the costs and benefits clearly laid out, that any consumer would choose to install adware?

Re:Business Model Relies on Deception

[malfunct]

It depends. Ad tracking cookies and personalization cookies are often considered adware and I'd gladly let those be installed by certain companies. As far as an adware software application goes I rarely find benefit from them and certainly no benefit that outweighs the cost.

Re:Business Model Relies on Deception

[Kvan]

If Kazaa won't work without it, most consumers would.

Re:Dark. And noisy.

[rco3]

"Feral cats? BRILLIANT!"

You, sir - funny.

Re:Dark. And noisy.

[ChiefHappyWind]

> He says his company is committed to "transparency" and is making it easier for users to uninstall its software.

Yeah, like one spyware i had on my computer. It required that i download an "uninstall" program. The uninstall program demanded that i fill out a questionare about marketing before i uninstall. I guess i answered wrong when i chose my number of aceptable ads per day because the hard disk started making a funny noise, and i could no longer boot Windows.

Question?

[JNighthawk]

Am I supposed to mod this Off Topic or Unintelligable?

Re:Question?

[Afrosheen]

I'm asking the same question. Attention editors: please create a -1 WTF?!? or a -1 Retarded mod option.

Re:Question?

[grahamkracker]

you can hate me now . . .
people always hate what they refuse to understand . . .

//kracker http://thelastbigthing.com/

Re:Question?

[Burb]

Don't kid yourself. We don't hate you, just haven't the faintest idea what you are talking about.

PARENT LINK IS FAKE

[JNighthawk]

Just a warning for all those who browse at -1.

Personal info for the Chairman, Mr Kaufman...

Anyone interested in marketing his products directly to the CEO of Dash.com and chairman of Direct Revenue, Mr Daniel L. Kaufman, should consult the following information:

The Mr. Kaufman listed in the article holds this office for his scams

The Internet Archive version of Dash.com from 1999 has a nice little bio of Mr Kaufman.

According to that bio, he has significant real estate holdings in Boston, MA. According to the City of Boston, indeed he does:

Home Address:
20 ROWES WHARF, APT #306
BOSTON, MA 02110
Building value: $819,400.00
Residential Exemption: YES
("Since 1983, the City of Boston has elected to apply a residential exemption to residential property that serves as a principal residence of its owner.")

I will leave the rest as an exercise to the reader.

Re:Where's the part with the burning and the fires

[tntguy]

What do you want?

MOD PARENT UPWISE..Re:Personal info for the Chairm

[indole]

cus i have no mod points.

The Hermeneutics of Bullshit

[jco]

Consider:

[Abrams] says his company is committed to "transparency" and is making it easier for users to uninstall its software. For instance, it runs a site called MyPCTuneup.com, which he claims uninstalls all its adware. Abram has also paid to promote this site on Google and Yahoo. So when users search for information on Direct Revenue programs such as "Twaintec," "Abetterinternet," "Bestoffers" and "Better Internet" on Google or Yahoo, the first advertising link that appear next to the search results now point them to MyPCTuneup.

So a user has to know that they have a piece of malware, know the name of the company that made it, search on that and scan the sponsored hits to find a site, the name of which does not suggest that it will putatively uninstall said malware? You know, my other programs just show up in the "Add/Remove Programs" list. That's how you make programs easy to uninstall. But then, what do you expect from an industry whose workers spout meaningless drivel such as this:

Anyone in this business for more than four years has some dirty laundry. But anybody who has a desire to continue to grow wants to shed it, clean it up and address it going forward. Companies like ourselves that have been around have some history to address or clarify now and again.

Or this:

The test of this business is going to be postlegislation...Who can provide the coolest applications and most value to consumers?

How about "who can stop behaving like corporate asses and respect the wishes of users not to have our scumware on their machines"?

What if...

[teslatug]

What if all these adware/spyware/malware companies had been smart and hired people that wrote good software, that didn't slow down amd mess up the host computers. They'd be a much bigger threat. Good thing they're (after) dumbasses.

Nothing beats Novell at file and print sharing!

Well I don't run it on half of my machines because they have so many programs the installer doesn't complete.

Hah! You, sir, sound like the unenlightened folks at work who bitch when I mention "service pack 2" and respond with, "Oh, you want to stay away from that. I installed it and it royally screwed up my computer. I had to reinstall to fix it!" What's most disappointing is that most of these people call themselves "IT professionals". Repeat after me: 1. Windows is only as secure as I make it. 2. Service Pack 2 is a "good thing".

Now, go play in the corner like the bad (=stupid) Novell admin you are.

Re:Nothing beats Novell at file and print sharing!

[MikeBabcock]

I'd rather have a Novell admin with me than a Windows admin any day.

Re:Dark. And noisy.

Yeah, really. I was working on a computer with a failing hard drive once. I tried uninstalling some spyware, and at that particular moment the hard drive finally died. It's pretty obvious that the drive died because of the spyware. Really.

How many are Slashdot readers?-"/." ethics.

"You are not a programmer like me. You have no ethics or morals, and I don't care for your "have to feed my family" BS. Your morals are worth nothing if you only have them when the economy is good!"

Or were copyright, patents, trademark, RIAA, MPAA, Valve, Google, Apple, FCC, Microsoft, Outsourcing, Enviromentalists, AOL, religion, GWB, IBM, [enemy of the month] are involved.*

*Just to name a few that have one time or another been on our shit list.

Two hundred and forty seven thousand?!?!

[Theatetus]

That is not a small number!

That is a very big number!!

Re:Two hundred and forty seven thousand?!?!

[freakmn]

Very nice StrongBad reference. I see a strongba in there, but it's getting eaten by some linux or something. By the way, it's 423,827 viruses.

How can P2P'ers live with themselves?

"I seriously question how [P2P'ers] can LIVE with themselves. Their [actions] harass millions, slow down the worlds [commerce], and hurt the [music] expirience. I could not stand to live with myself knowing I was screwing millions [of artists] a day, an hour, a minute. These [P2P'ers] MUST be heartless."

Moral outrage is for those that have a consistent moral, and ethical perspective. "Morals of the Month" members need not apply.

Re:How can P2P'ers live with themselves?

[ChairmanMeow]

Their [actions] harass millions

How exactly do their actions harass millions?

No new laws needed

Another site registered to Direct Revenue was TrueData.org. In mid-2001 the site declared that TrueData software "tracks every site visited, every keyword entered into search engines, every transaction completed at the top 500 merchants"

Don't beat around the bush. This is industrial espionage. This is the perfect tool for credit card fraud, identity theft, and blackmail. This is wire tapping. This is interstate computer crime. This is not a legitimate business. All board members, officers, and inside investors involved should be prosecuted, bankrupted, and imprisioned. All corporations involved should be bankrupted and disolved under the RICO act.

By passing a new law, congress is pretending that there was nothing illegal about it before. Bullshit! Enforce the laws we have now. Make an example of these bastards!

You can't go after the spyware companies...

[circusnews]

but you can go after those that advertise with them. Same for SPAM. If we were to pass laws allowing individuals to go after the companies making money from the practices, we would see them largely dissapear. Enough of this BS, go after the root of the problem.

Re:You can't go after the spyware companies...

[detlev409]

Why can't we go after them? They're installing programs on users' computers that track their activities without their knowledge or consent. Sounds pretty prosecuteable to me.

Re:You can't go after the spyware companies...

[circusnews]

Soon as we do, they will move off shore. No, attack the source of the money. Make it unprofitable, and it will go away.

Re:You can't go after the spyware companies...

[detlev409]

Thing is, what they're doing is still technically legal. In order for your strategy to work, you presume that the advertisers are involved in something illicit. It's a process. Until we make it illegal to create this kind of scumware, there is no standing to go after the advertisers.

Re:You can't go after the spyware companies...

She also has venereal disease.

Re:Where's the part with the burning and the fires

[Clay+Pigeon+-TPF-VS-]

Mod parent up +5 Babylon 5 reference.

What is it with this adware?

[veg_all]

No matter ho hard I try, I just can't install their software!

axlotl@atlatl ~ $ sudo emerge -pv OfferOptimizer.com

These are the packages that I would merge, in order:

Calculating dependencies
emerge: there are no ebuilds to satisfy "OfferOptimizer.com".

axlotl@atlatl ~ $

Re:What is it with this adware?

Ha! Gentoo sucks and is for ricers.

Re:Where's the part with the burning and the fires

[alptraum]

What ever happened to tar and feathering?!!!

Why not explain how to burn Linux install disks

[tallbill]

That is the cheepest and easiest way to avoid all of that crap.
I feel like I am watching from the shore, safe, while all of these people go buy on a burning boat screaming: "When will the popups end.
Why can't I read the email from joan?
I looked at the picture. Now my computer
doesn't work anymore. boo hoo"

So do your clients a favor and get them a Linux box. They can use that when Windows isn't working.
After a while it will work and Windows won't and they will not care.

Re:Dark. And noisy.

[Afrosheen]

"and i could no longer boot Windows."

Well at least that's a step in the right direction. There are many fine Linux distributions that you'll never have this problem with.

A few other examples...

[Theatetus]

Just for a few other examples, most people don't know that the windows command line allows redirection and pipes (">" and "|" just like you'd expect), has an almost fully-functional grep replacement (called "findstr"), and has a better "For" than bash.

Anyways, to answer grandparent, hosts is in that directory because the original winsock developers came from UNIX and changed as little of the layout as possible.

Hacking Terrorism

[defective]

There are flaws in our communications network. These people are feeding off of that. There needs to be a real infrustructure investment from everyone, all advanced governments, large businesses, and geeks. What if a terrorist group hires these guys to perform attacks or monitoring? They have control over a huge network of zombie computers.

But a bigger picture question is: Can this global information network be free of these parasitic intentions? Can we make the internet immune or adaptive to these parasites?

Afterall, it's not just the automated installations they had to resort to... they started trojan horses. With the near total number users uninformed about all the dangers of a computer, comes a critical mass of infected computers.

You can't educate the users of the internet. Everyone uses email, but many can't pass a high school test.

I argue that there are other networks also in this situation. The users aren't aware of the dangers, and the users are being compromised. Television. Cell phones. Economy.

The problem is it's not just the users here who are getting the short end of a stick. The merchants have a tough time. We talk about taking advantage of BarnsAndNoble and Borders affiliate programs. Most of the economy (as well as the online economy... it's all the same economy) is comprised of small business. All the "mom and pop" businesses and the big guys are paying affiliate fees for orders they would have gotten otherwise. The article says they're stealing other affiliates commissions. Nearly all online purchases made from these infected computers had a commission paid to spyware.

The affiliate companies love it, cause they look like they're making everyone money, but they're just getting their commission too. Some affiliate networks work with spyware, some spyware companies run their own affiliate networks.

By the way, ever wonder why their programs bring a computer to a crawl? They're running process distributed computing clients to win the cash prizes. In a way, they're helping further knowledge which might some day eradicate them.

Who am I? And how do I know all this?

A serious failure of OSS here

[SmallFurryCreature]

Until OSS can finally get of its collective ass and start adding easy ways for users to have software installed that will totally destroy their desktop it just cannot compete with the likes of MS. Even OSX just doesn't deliver. Simple to use HA. Just try adding hiding your IP from being broadcasted on an Apple. Can't be done. Or making sure you clock is up-to-date? No 1001 smilies for you you unix user.

Frankly I see no problems with companies like this. Spyware/Adware is a great tool wich allows me to instantly judge your intelligence. You got it? You don't have any. (Works both ways. Those without adware will see the logic, those with adware will have to find someone to explain it to them).

Re:A serious failure of OSS here

[dosius]

What? With Hed Rat 8 at least it's almost mindlessly simple to resynch your clock (hm, haven't used in awhile, wasn't it "rtime" or something like that?), and you can always put the command in a cron job and have it run automagically, if you so like.

Moll.

Cleanslate

[robw810]

We use a program called Cleanslate from Fortres in the computer lab (and on some teacher computers) at my school. Combined with limited user permissions for all accounts, you'll cut your support time down to almost nothing...
RW

legislation won't change anything

Has legislation stopped spam or even reduced it at all? These guys will just move shop when the laws get introduced.

And believe it or not...

[Tuxedo+Jack]

Ad-Aware/VX2 Plugin can't get the new VX2 strain. It can't even be removed manually as of yet.

These little bastards are the older brother of CWS, and they've got legitimate backing to do their dirty work.

If you se any HOSTS entries for IEAUTOSEARCH, you're infected - gat Lavasoft's VX2 plugin and hope for the best.

They cause a lot of misery for probably 6 cents

[bxbaser]

Whats the actual payment per computer infected, does anyone know.
These guys are the worst of the worst, at least the spammers dont destroy the os.

These jerks are the reason why someone who has the sorry task of being the family pc fixer doenst have any free time.

On a side note is it just my family that doesnt listen to me when i tell them to use a more secure browser.

Re:They cause a lot of misery for probably 6 cents

[somegeekgirl]

Not just you. My father refuses to stop using IE because his stock trading site doesn't run on Firefox. My mother refuses to switch from using Outlook because of the abilities its address book has.

Re:They cause a lot of misery for probably 6 cents

[BillX]

I don't know about most; these people are pretty tight-lipped about this stuff unless you look like a serious partner to them. But New.net was heard at one time (in the Audiogalaxy days) to pay 5 cents per confirmed install.

Re:Dark. And noisy.

[Billly+Gates]

Uh most spyware infects your browser.

Many are installed by security holes via a popup ad.

You can not manually uninstall them.

Or in the case of the DivX player you can uninstall the player but the spyware remains activated.

I knew it

[maximilln]

Dash.com raised $50 million on this idea from venture capitalists such as AT&T Ventures and the JPMorgan Investment Corp. Now it was preparing to give any leftover cash back to investors and slink off into the dot-com void.

How many .com companies were in this exact same place? Forget the party line about the middle east, or 9/11, or anything else... _THIS_ is what caused the recession. _THIS_ is what the media won't tell you about the SEC. Those regulators saw this coming 5 years away. They knew what was going on. While the rest of us watched 401(k)s going down the tubes and lost our jobs, these knobs were sitting pretty on the executive salaries they made for five years and then dumped the rest of the losses onto the investors.

That and business bankruptcy insurance. And everyone wonders why auto, home, and health insurance costs have gone through the roof.

Hmmmmm... 2+2=4?

Disabling MSIE

[KMSelf]

I actually managed to disable MSIE for a youth center's tech lab. Over 6 months with 340+ kids, nobody's got around it.

The problem is that all the standard "disabling" tricks (see Joe Barr's NewsForge article this past summer) just hide the interface, they don't actually disable MSIE's browsing capabilities. You can access it many different ways: type 'iexplore' in the 'Run' dialog, enter a URL into the Windows Explorer nav bar, Windows Media Player, and a whole bunch of apps which use MSIE for a help/file/web browser without checking system prefs.

The basic method is to point MSIE to a non-forwarding proxy (either real or nonexistant, though I had a real proxy set up). You need to make exceptions for any sites you absolutely, positively must access via MSIE (eg: Windows Update site). I had some antivirus software and other stuff to deal with as well. And you need to make sure the configuration is always on.

Above and beyond the minimal setup described above, what I did was install Cygwin on the 'doze boxes, used Cygwin's 'regtool' command line registry edit/query tool ('REG.EXE' in WinXP should also work, though IIRC it's either a Resource Kit exec and/or isn't on NT/2K), and had the relevant lines in my Samba server's LOGON.BAT file (netlogon share).

To make the experience a bit cleaner, I set up an IP-based vhost on a local Apache server, aliased an IP, and had that vhost serve up nothing but a page instructing users not to surf with MSIE.

Users were instructed to use Firefox rather than MSIE for browsing. Occasionally they'd end up on MSIE (usually one of the methods described above), and I'd explain that they shouldn't use it, because "it does bad things to your computer".

Not bulletproof, but you'd have to have someone intentionally changing their proxy settings on every logon to bypass this. With a web proxy (say, squid), you might also block based on user-agent strings or the like.

I'll write this up as a technical article, really, soon, I promise. Meantime, that's pretty much the method. As mentioned. none of the rugrats figured out how to bypass it, but there were only a few who might have been inclined to do that anyway.

Re:Disabling MSIE

[Buran]

What I can't figure out is why my explanations of security problems and the like aren't sinking in nor is the fact that I set up Firefox to have all his bookmarks, etc.

While I'd love to see what you come up with (feel free to send it my way once you write a guide, though it might be overkill for this particular machine) I might try the blocking-access trick with zonealarm. Maybe the irritation trick will be enough for a while at least.

Re:you are scum

[utnow]

How the hell did this get an 'insightful' mod?

Yeah, and full of Adverisments too!

[MCRocker]

It's a little hypocritical that an article that complains about software that puts ads on your computer is so full of ads itself.

I'm not just complaining about web page sponsorship in general, but about ones that are so intrusive that the page is hard to "read"... I mean even for my computer. You don't think I'm going to read that long article myself do you? I have my Mac 'speak' it to a file for me and listen to it on my PDA later. The problem is that this article is so full of obtrusive advertisements and other junk that you can't just highlight the whole thing and have the computer speak it. It took almost as long to copy and paste the damned thing as to read it... even with images and animations turned off!

Can you imagine how hard such sites must be for people with accessibility issues? The article was so bad that it crashed Bobby. Talk about an accessibility nightmare.

Re:Yeah, and full of Adverisments too!

[Reziac]

I couldn't read the thing as it was, it formatted too wonky in any browser, and is hardcoded to a very large screen. And the Print link didn't sensibly go to a single unencumbered page, or even a series of unencumbered pages. Noooo, it went to a "tries to print for real" popup for EACH page, which then didn't sensibly link to the next PRINTABLE page, but rather, back to the *original* bloated version of the next page -- which then displayed IN the popup window. Its behaviour is obviously designed to *ensure* that each and every pageview WILL include ads, and that there will be no workarounds like going directly to an all-pages-in-one printable page. IOW, it's designed rather like adware.

Whoever designed this site's so-called navigation obviously never tried to use it, nor was the layout tested beyond the most cursory glance. [eyeing docsource, from a safe distance] And I *think* the layout was mostly dumped from a page layout program, not from an HTML app.

Sitting on the hard drive

[MagnaMark]

I love it when tech writes dumb it down for the masses:

"In this week's edition of NEWSWEEK, we looked at the growing online presence of adware, software that sits on users' hard drives and can slow down the desktop with resource-consuming pop-up ads."

The adware is sitting on the hard-drive? I don't know, there's usually not a lot of space for sitting inside the case. Sitting on top of the monitor, maybe. But probably not the hard drive.

And it slows down the desktop? Well that's a relief! I think I can live with a slow desktop as long as the rest of my apps keep running fast.

Re:Where's the part with the burning and the fires

I second the motion for tar and feathering, perhaps in conjunction with a mass goatse-ing of their inboxes?

Advertisers: The "other" criminals

[AndresFerraro]

Committing a crime will land you in jail, and normally so is hiring someone to do it on your behalf. Advertisers beware! As spyware and such activities become illegal, there is opportunity for an attorney that wants to get his/her name in the media to go after the ADVERTISERS that hire these companies. This is going to be so much fun to watch!

Re:Dark. And noisy.

[Tim+C]

An awful lot of spyware piggybacks on legitimate installs of software you want (think Kazaa), or by social engineering.

Re:Dark. And noisy.

[OAB_X]

You know, if you ever got one of those "search bars" or "desktop utilities" bundled with some software, you know that thats practically what you have to go through to uninstall them. I downloaded a LimeWire clone that was suppsed to have no spyware, it got 25 hits on my firewall from programs it installed, and spybot/adaware found about 70 other spyware entries.

It infected my browser, taskbar, desktop, start menu, and stuff would pop up at random times like when I started downloading anything ("download manager").

Re:Where's the part with the burning and the fires

[SimonInOz]

"thank-yew note" .. hmm, is this some kind of really complicated and subtle joke involving yew being used for longbows in some sort of rebellion - or just a really poor bit of spelling?

Hang on, this is slashdot isn't it? Sorry I asked ...

Re:Where's the part with the burning and the fires

[edinjapan]

Very nice Master Sidious! Then you take control of the company and make even more horrendous, totally evil and insidious popups, spamware and spyware...

Instead, remove the need for Internet Explorer

[John_Sauter]

...I can't remove IE, some services they need to use (other colleges in the area) have web pages that only work in IE.

This is your real problem. Instead of asking Symantec et al to improve their spyware detectors, ask those other colleges to improve their web pages. You might even offer to help. Of course, you should first make sure that all of your web pages are standards-conforming.
John Sauter (J_Sauter@Empire.Net)

Insecure private information wants to be fenced

[alienmole]

It's not a double standard, but it is an interesting issue that's worth examining. Different rules apply to different situations. If you don't make your private information public in some form, there's no reason that it should "want to be free".

The kind of information that is usually described as "wanting to be free" is the information inherent in products that are sold for money. If I buy something that contains information -- whether music, a movie, an article, or even say a car -- I may want to reuse the information it contains in various ways. I may want to use it in some other media format, e.g. download music, a movie or an article to a mobile player. In the case of a car, I might want to modify it or install an add-on which requires information about its inner workings. Saying that the information inherent in these commercial products "wants to be free" is really a way of characterizing the collective desire of all the users of these products to reuse the information they contain. That collective desire is a kind of force, which can be very strong, and it's easy to see how the end result can be described as "information wants to be free".

There's no comparison in any of this to private information that is never sold or otherwise made publicly available in any form.

However, one could argue that the collective desire of all the sleazebags who want access to other people's private information constitutes a similar force. But in that case, the sleazebags don't normally have access to the information in the first place, not even in a protected form, so can't claim any rights to it.

Spyware/adware does change this picture, allowing the sleazebags the technical means to access this information. So now there's a technical force which is pushing private information into other hands. But note that this is certainly not making the information "free" - on the contrary, the sleazebags want to resell the information, profit from it, and certainly not share it freely. So the appropriate phrase in this case would really be more like "insecure private information wants to be fenced".

(P.S. that's "fenced" in the sense of selling stolen property).