Inside an Adware Company

Haikster writes "Brad Stone of Newsweek wrote a great article exposing DirectRevenue which is actually a combination of the old Dash guys with IPInsight, abetterinternet, offeroptimizer and blackstonemedia and the others... it's a bit lengthy but a great read."

How many are Slashdot readers?

[badfrog]

Wonder how many of spyware developers are regular Slashdot readers... Step forward, cowards!

Re:How many are Slashdot readers?

[rosie_bhjp]

It's a troll account.

Re:How many are Slashdot readers?

Gonna go AC here (sorry), but since you asked, this might be an interesting story (but rather long, if you care to bear with me)...

I used to work for a company that made pretty hardcore spyware/popups. The owners claimed when they first hired me to do some consulting that they used popups to generate capital instead of going for VC money, and now that they had some income, were going to turn around and try to be a kind of Amazon/1-click shopping for useful tools (spam filters, privacy software, personal firewalls). This was a couple years ago before the market for this was absolutely saturated. So I thought, and the principals assured me, that once they had some $, they'd ditch the popup business and I'd be working on some really cool projects which I otherwise wouldn't have had the opportunity to work on, so I signed on fulltime. I was also really well paid and genuinely enjoyed the benefits, interesting engineering challenges, and people I worked with (none of the usual Office Space bullshit my friends complained about, but there were many downsides as you will see.)

However, after I joined, the owners kind of lost focus and kept delaying work on more legit projects to fix or enhance their popup distribution network or new things that all boiled down to schemes that would get our adware on more computers. Every week they owners would come up with some half baked new idea that was suddenly priority 1 (and the idea of "top priority" became something of a joke.) Because things took longer than expected and we were switching gears every week or so and could never truly get anything accomplished, the skewed lesson that the owners learned was that "software development is hard and expensive and not worth it".

At this point they stopped even fronting that they'd do legit things and just focused completely on adware. To keep the bills (and the principals' inflated salaries) paid, they started loosening their morals even more and fell down the slippery slope even more, delving into porn and other kinda shady areas which I won't go into, at which point I decided to resign since it was obvious that despite repeated promises, I would never be working on projects that had real value.

The time wasn't all wasted, though. In case anyone's curious, it is kind of interesting to see how things operate behind the scenes at one of these spyware places, and the psychology of the people who work there. I second another poster's point that the everyone who worked there -- business and developer types alike -- were otherwise normal, cool guys and not like evil masterminds or sociopaths or anything. (Ha, all of us were /. readers, too.) Everyone knows that what they're doing isn't totally cool but is sort of in denial (and we were repeatedly promised that we'd be working on legit projects "soon"), and you're so caught up in your work and the interesting engineering problems that you ignore the bigger picture (not a good thing).

The owners do a good job of sheltering themselves and most employees from the negative complaints that do arrive (delegating them to a "support" department that responds to hundreds of emails a day with "oh wow, we're sorry you're having problems, here's an uninstaller"). However, most of us did end up reading a lot of the complaints and most of us were in denial about the sheer volume of misery that the popups and other things created. It sounds strange that normal people would work on such clearly awful software, but every shady decision is rationalized in any number of ways including saying "well, it's legal" (or at least not illegal, for now), pointing to "worse" adware companies and being "at least we're not as bad as these assholes," policies like "hey, we email uninstallers to anyone who asks" (while ignoring the fact that only 1% might be savvy enough to actually figure out what's going on since most people never figure out where the popups come from). This will sound strange, but some of the projects were actually really cool technology and worth getting

Re:How many are Slashdot readers?

[ZonaldRumzfeld]

I say make em. Is it evil? maybe. The more spy/malware on the net, the more ways people will develop to counter all the crapware, be more aware of where they visit, and make sure the right tools are being used.

The more the community knows about exploits, the better, instead of having company X knowing a secret exploit that no one even knows about for years at a time and using it to there advantage.

They just use standard FOSS philosphophy

[Neil+Blender]

Information wants to be free. Your information.

Where's the part with the burning and the fires?

[EnronHaliburton2004]

The article is missing a critical piece...

where enraged citizens storm the building, set it on fire, seize the funds from the bank accounts and distribute to orphanages everywhere and leave the Adware staff tied up to lightpoles with a note for the police.

Dark. And noisy.

[Tackhead]

> He says his company is committed to "transparency" and is making it easier for users to uninstall its software.

When pressed, he defined "easy" as "sorta like dipping your balls in sweet cream and squatting in a kitchen full of feral cats."

And you don't wanna know what "transparent" looked like.

Re:Where's the part with the burning and the fires

[prtsoft]

sounds good to me, where do you want to meet? ;)

I'm a newb

[ltbarcly]

How do you install adware in debian? I tried apt-get install virus, apt-get install adware, apt-get install malware, nothing works. man, linux is crap

Re:I'm a newb

[nkh]

The article explains that you don't need Adaware and other anti-spyware programs anymore on Windows, just go to http://www.mypctuneup.com/ and it will remove your spywares for free! I wish I still had a Windows machine to see how much adwares this web site would install...

The truth about Adware

[ravenspear]

This is good because it is completely amazing to me how the adware/spyware problem has received very little coverage in the media, certainly orders of magnitude less than the spam problem. We have seen many stories on /. over the last few weeks about how millions of Windows boxes are so infested with spyware that they are basically unusable, and yet most non-technical people still seem ambivalent.

If the same amount of effort currently used to fight spam is not applied to the spyware/adware situation, it will get just as bad if not worse than the spam problem.

As intrusive and annoying as spam is, at least it's influence doesn't extends past your email client. Spyware has the potential to totally screw up machines that do important tasks, which could be far more harmful.

Re:The truth about Adware

[geekyMD]

I think the shockingly absent outrage/response to adware has more to do with lack of awareness than anything else.

We all have gotten used to the idea of planned obselesence. From your car that is "old" after 3 years to your computer which was the absolute best until about 15 seconds after you bought it; most people expect their computers to run more slowly with time. And while popups suck, many people just don't really equate popups with adware. To them, its just "one of those things" that happen to PCs, especially when connect to that darned internet. I've worked in numerous offices that were about to buy a new set of PCs because their existing ones were "old and slow." After 30 minutes of AVG and SpySweeper they were amazed at the power of their "outdated" computer.

IMHO, Even when you include the viruses that go with spam, it seems like adware does much more to reduce producivity, hands down.

Alas, with SPAM we all see media 'orange alert's lasting for several days like:
"You computer will eat your first born and wreck your car if you open this email!!!"
But who has seen something like that for adware? How many people really know what it is or does?

We gotta get the word out! Alert the press! The baby eating, credit card stealing, nazi adware legions are headed straight for your comptuer! And if you don't uninstall them, Santa will be shot! That should wake some people up.

Re:Where's the part with the burning and the fires

[EnronHaliburton2004]

Silly me! I forgot to mention the shackles and public humiliation...

feedback

What happens when their own computers get infected with adware?

Re:Where's the part with the burning and the fires

[ackthpt]

where enraged citizens storm the building, set it on fire, seize the funds from the bank accounts and distribute to orphanages everywhere and leave the Adware staff tied up to lightpoles with a note for the police.

Hmm. Kinda like my fantasy, which seems to involve a tricky hand gesture which magically transfers money from their bank account to my bank account. Of course, I don't mean to be rude, thus a tastefully worded thank-yew note is forwarded to them.

Ah.. to be Merlin for a day...

Re:Dark. And noisy.

[OAB_X]

New steps to uninstall:

Add Remove programs -> spyware program -> uninstall window -> im sure i want to uninstall -> i dont want to reconcider -> i dont want to provide a reason for uninstalling -> im still really sure i want to uninstall -> yes i know some features maybe deactivated -> i dont want to install any companion programs -> i dont want to have programs from your sponsors installed either -> i dont want to have more msn smilies -> why do i need to go to a website to uninstall? -> i still want to uninsall reason: i hate spyware -> uninstall -> please wait while you download the uninstaller -> program uninstalled successfully, 5 more programs installed by uninstaller

I hate malware.

[rice_burners_suck]

I hate adware, and what we need to invent is some sort of adware realtime blacklist that contains all the IP addresses of adware companies. Then, all legitimate users could set up their firewall to disable access to and from any of these IP addresses. Then, the ISPs could completely disable access, and that would drastically cut down on the success of these illegitimate ventures.

Doing so could scare the spam authors, malware authors, virus authors, worm authors, spyware authors, and other illegitimate software authors into compliance with global IP standards, which will facilitate the streamlining of compelling enterprise solutions by content providers and emerging stewards of innovative technologies.

(If you didn't get the above then you need to do some critical thinking. It is composed in four layers and contains 12 hidden messages, 4 double meanings, and 9 psychological facts.)

Re:I hate malware.

[hsidhu]

I use the list from remember.mine.nu, its updated regularly and here the line count for my /etc/hosts file.

$ wc -l /etc/hosts
32848 /etc/hosts

I recommend it to anyone and everyone.

Google CEO ?

[SoLO]

Earlier this year, Direct Revenue raised $20 million from New York based Insight Venture Partners. The respected VC company boasts Google CEO Eric Schmidt and former Treasury secretary Robert Rubin on its advisory board.

Wonder if this is some kind of conflict of interest?

It concerns us.... (the military)

[i_want_you_to_throw_]

We constantly have a nightmare about people on our network installing spyware (we're half green suit/half civilian). Some day, some enterprising young person will create spyware with a key logger phoning home passwords galore. We already had a problem with HotBar clogging our pipe.

Admittedly we are't suppoed to be discussing classified information but we deal with politically sensitive stuff all the time.

Re:It concerns us.... (the military)

[_xeno_]

I recently got a security clearance. Just because a single piece of information isn't classified doesn't mean it can't reveal classified information. That's the main fear.

As a simple example, assume some adware managed to steal an Excel spreadsheet as it was being entered. The information was simply the dates and costs of fuel being bought for vehicles on base. This information isn't classified.

From this information, you can get a rough guess of troop movements and the amount of mechanised gear at the base. Combined with more information, you can get a good idea of current strategy, what troops are going where, and the level of activity around a given base. This information is classified.

Just because a given computer isn't classified doesn't mean that you can't piece together classified information from data contained on the computer - especially when combined with other information. That's what the military is concerned about.

Re:It concerns us.... (the military)

[sconeu]

Which is why Poindexter tried to create the "Unclassified but Sensitive" security level.

4 pages?

[Xeo+024]

it's a bit lengthy but a great read

Damn right it's a lengthy read. Anyone have the Cliff Notes for this?

When Will AntiVirus remove it?

[QuantumRiff]

So, how can a piece of software that gets installed without permission on my machine, that sends out spam emails to everyone on earth be considered a worm/virus, but a piece of software I get installed without prompting, by visiting a fucking web page, that changes my hosts file, dns settings, proxy servers, and or nic drivers be considered adware?

When will Symantec, McAffee and the others start detecting and removing spyware. I've emailed them requesting that feature, and have never even gotten a response.

Honestly, at the school I work at, our public use library and labs have no problems except spyware. The 40 machines in our library average about a week before they are so bad that the systems have to be re-ghosted. Yes, I have netscape installed, and yes, its the default browser, but no, I can't remove IE, some services they need to use (other colleges in the area) have web pages that only work in IE. If freaking symantec would just treat adware as a virus, my god, I would love them.. and so would many others..

Re:When Will AntiVirus remove it?

[wronski]

I use a free crapware blocker (Adaware) and a couple of very simple registry utilities that prevent anyone from setting a registry key without my permission. Not at all bulletproof, but it works for me.

Adware and Spyware are making me money

Yeah, it is. And I hate it. I hate having to take people's money to clean this shit off their computers; I would rather be deploying servers or upgrading home PCs for the holidays. But I'm not.

People get infected so easily because the just don't understand. Your average joe doesn't know the difference between virii and spyware; They don't understand that Norton Antivirus doesn't block this stuff too ( though they're starting to try ); They don't realize that IE's swiss cheese-like security is what allows most of this stuff on their system. While I spend a lot of my time cleaning spyware of my customer's computers, I also try to take the time to educate them. I show them the Adaware and Spybot icons. I run through them once with the customer to make sure they understand how to perform updates. I explain the new Firefox icon and how they should always always always use it, unless the site refuses to load without IE. I explain why Norton didn't stop it, and why the firewall didn't help. Folks just hear a lot of buzzwords like these and they just store the basic meme "Firewall=Safe" or "Antivirus=No Infection".

It shouldn't have to be this way. But it is, and I'm profiting from it. That makes me feel dirty in a way, even though I'm not the asshole clogging up the works.

Re:Adware and Spyware are making me money

[mrbcs]

Same here though I don't feel dirty doing it.. I'm doing them a favour. Better to pay me to clean up their machine than to go and buy a new one because of software issues.

Most times I've only had to see people once. It's very disheartening though, when two weeks later, the same customer comes back, riddled with viruses and spyware.

Me: "where's the programs I installed? Sygate? Ad-aware? Avg?"

Customer: "umm, I guess we uninstalled them.. kazaa wasn't working right."

Me: "fine, $60, we'll try again."

I don't think I'm long for this game anymore. Users can be very draining on your spirit. Really bugs me that I've had no problems with my 10 machines in 7 years or so.

What I want to know...

Consumer advocates familiar with the company charge that Direct Revenue has engaged in an array of unethical practices: it secretly installs its software onto computers, designs its adware so that it reinstalls after users delete it and has changed its name so often that frustrated users can't find the company to complain.

...is if their business model includes such practices, how do they get around many states anti-hacking laws? In several states it is a felony computer crime to install software onto people's computers without permission. Most Adware companies get around this by a "click-through" license but it was not mentioned in the article if Direct Revenue uses such.

Even with a click-through license I would love to hear them explain to a judge their justification for automatic reinstallation after a user deletes it.

Kill em all

[bogie]

I don't care if God sorts them out.

As I type this I'm about to finally sit down for a movie after spending hours on yet on spyware/adware infested PC. I'm just tired of it. As much as I hate those scumbags who put out adware etc I have to once again question. What the fuck was Microsoft thinking waiting until summer 2004 to deal with the problem? Oh and the other 50% of Windows users on this planet who are not running XP with SP2? They're just as screwed now as they were before.

Talk, talk, talk.

[BillX]

"Abram [Direct Revenue] recently backed that claim with a letter to Congressman Joe Barton of Texas urging passage of H.R. 2929, "The Spy Act," a bill that would require adware companies to get explicit permission from users to place software onto their machines and to allow users to easily uninstall those programs. Abram says his company and the industry have not met this goal yet, but they are moving in the right direction."

Really, does it take more effort to write a letter to a congressman, or to add one sentence to the beginning of an EULA? Or to code, for that matter? Here guys, let's make life easy on you:

/* Super secret proprietary adware code - please don't steal and copy into your own software */

wantmalware=Application->MessageBox("I would like to spy on you, slow your PC and pop ads in your face all day long. Is this OK?", NULL, MB_YESNO);

My poor little fingers, they are cramping up already.

give me a break

[tempny]

According to the article, these companies are "working" on making their glorified viruses less intrusive and easy to uninstall. Amazingly, the article never points out just how bullshit this is. Anyone who has ever worked on commercial software knows that it is trivial to let the user remove your program (automated installshield or something of the sort). Even if you don't want to bother with that, the user should always be able to just kill the process and delete the executables. However, it's certainly not easy to actively prevent the user from stopping or removing your software, and especially to automatically and invisibly reinstall upon removal. Yet these companies are "working" on making their programs removable? How stupid do they think we are?

Re:Dark. And noisy.

[CrazyDuke]

You forgot "-> spyware program silently reinstalls itself on next boot"

Re:Hosts file + GUIDs

[Lehk228]

Redirect to 0.0.0.0 instead, if you point to 127.0.0.1 you get to wait for every blackholed connection to time out against your own machine, while an attempt to connect to 0.0.0.0 is instantly recognized as an invalid ip and the conneciton fails.

Re:Where's the part with the burning and the fires

[tntguy]

What do you want?

Two hundred and forty seven thousand?!?!

[Theatetus]

That is not a small number!

That is a very big number!!

Re:Where's the part with the burning and the fires

[alptraum]

What ever happened to tar and feathering?!!!

A serious failure of OSS here

[SmallFurryCreature]

Until OSS can finally get of its collective ass and start adding easy ways for users to have software installed that will totally destroy their desktop it just cannot compete with the likes of MS. Even OSX just doesn't deliver. Simple to use HA. Just try adding hiding your IP from being broadcasted on an Apple. Can't be done. Or making sure you clock is up-to-date? No 1001 smilies for you you unix user.

Frankly I see no problems with companies like this. Spyware/Adware is a great tool wich allows me to instantly judge your intelligence. You got it? You don't have any. (Works both ways. Those without adware will see the logic, those with adware will have to find someone to explain it to them).

And believe it or not...

[Tuxedo+Jack]

Ad-Aware/VX2 Plugin can't get the new VX2 strain. It can't even be removed manually as of yet.

These little bastards are the older brother of CWS, and they've got legitimate backing to do their dirty work.

If you se any HOSTS entries for IEAUTOSEARCH, you're infected - gat Lavasoft's VX2 plugin and hope for the best.