Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Critics Respond to iDownload/iSearch

Posted by timothy on from the pesky-vikings dept.

Paul Laudanski writes "Slashdot ran an article earlier on 'iDownload Tries to Silence Spyware Critics'. Since then, the spyware critics have responded to iDownload: CastleCops, NetRN, and Sunbelt Software. InternetWeek and BroadbandReports have picked up this story as well. Brian Livingston interviewed iDownload's CEO Arlo Gilbert, who claims the letters were a success: "The majority of sites we've contacted have taken down or properly classified iSearch" and "When asked to name some of the sites that had complied, Gilbert answered, "I'm not going to share that information. It would be shooting a gift horse in the mouth."" General overview by Kye-U and Zhen-Xjell."

23 of 253 comments (clear)

  1. Is it... by Creepy+Crawler · · Score: 5, Insightful

    is it Spyware when you click OK?
    Is it spyware when you let it stay on your system?
    Is it spyware when you let it run?

    When does the user take responsibility over what somebody/something else does?

    Seriously, it has to do with peoples' rights and how many intentionally do not inform themselves what they do, and their repurcussions involved.

    If we applied to what normal people do online (and then blame), what would you say if somebody cashed those "Loan Checks" sent in the mail? Most people know its a acceptance of a loan. Yet, common sense is thrown out the window on the net.

    --
    1. Re:Is it... by Darthmalt · · Score: 5, Insightful

      It's Spyware/malware/adware when it piggybacks on your system without an easy way to keep it from installing and then resists being uninstalled. i.e. cool web search and it's ilk

    2. Re:Is it... by MindStalker · · Score: 5, Insightful

      Is it spyware when it called itself "Critical Microsoft Windows Media Player Update", and is nothing of the sort. Then does not appear in your add/remove programs. And in fact the only way to remove it is to use a spyware removal tool. Or how bout the people that got it bundled with the Win32.Beavis virus. They didn't agree to the EULA. Now if someone can simply prove that iDownload had this hand in the creation of this virus, we could finally put these guys behind bars where they belong. Of course getting access to secret memos before they are destroyed in another exercise entirly.

    3. Re:Is it... by 0x461FAB0BD7D2 · · Score: 2, Insightful

      I don't know how or why you were modded as "Flamebait". Your post is insightful.

      There is a different standard on the web, where willful ignorance is forgiven. Obviously not everyone can be an uber-geek, but as with anything out there, using a PC, or going online, requires a little bit of knowledge. If people are not going to pay attention to whatever shows up on their PC, or they're just going to click straight through install wizards, they ought to share some of the blame.

      Case in point: BBSpot posted a satire article about a Nigerian billionaire philanthropist. And while the site clearly states that it is completely satire, Brian Briggs still got emails asking for details about the Nigerian.

    4. Re:Is it... by timmarhy · · Score: 5, Insightful

      your wrong. plain and simple. isearch misrepresents itself in order to get installed. misrepresenting yourself in any other arena is called FRAUD. so why doesn't it apply to people who create things like isearch? spyware programs like isearch also rely on people not being tech savvy enough to know how to spot them. your arguement that someone not being tech savvy is a defense for companies like this also doesn't hold.

      --
      If you mod me down, I will become more powerful than you can imagine....
    5. Re:Is it... by RollingThunder · · Score: 4, Insightful

      User stupidity does not make the actions of the company OK. It just means that both parties share some of the blame.

      The company gets the bulk of the blame, they're obviously intending to trick people.

    6. Re:Is it... by dvdeug · · Score: 2, Insightful

      If we applied to what normal people do online (and then blame), what would you say if somebody cashed those "Loan Checks" sent in the mail? Most people know its a acceptance of a loan. Yet, common sense is thrown out the window on the net.

      Why shouldn't we blame those people who send out the checks? The goal there is to prey on the stupid and unwary. "I put it all in the fine print" may be a defense to a fraud charge, but it's not a defense to a charge of being a sleezeball and scumbag.

      No matter how stupid users are, these programs still have significant bad sides that are willfully hid from the user and made difficult to remove. That makes the creators sleezeballs and scumbags, and the program spyware.

      I want to live in a world where I don't have to be paranoid all the time, and one step towards that is making clear that this type of crap isn't acceptable.

    7. Re:Is it... by cgenman · · Score: 5, Insightful

      Realistically, people use their computers to do other things. If I want to chat with a co-worker online instead of going to the other building where they're located, I'll install and use aim. The average user isn't going to monitor what AIM does, or what any of the other applications say they are going to do, any more than I would go into my automobile to verify that the mechanic really did replace my spark plugs. You take the butcher's word for it. If an application represents itself as an app that can open any graphic image file, and I happen to need to see files sent to me by my family or I just worry about such things, I'll install it. I'll be buggared if I'm going to run a whois on every company and see if they have the same info as ClariaGatorInsertEvilSpywareMakerNameHere.

      Now, I actually do all of these things, because that's one of the things I'm paid to do. But the average user cannot be expected to check their task manager's list of running processes and know that while wscntfy.exe, hptskmgr.exe,wmplayer.exe, YEDIEx.exe, vmnat.exe, sshd.exe, svchost.exe, boinc_gui.exe, avgcc.exe, grxp4exe.exe, and the 64 other things currently running on their machine are benign, but that ie_32.exe is spyware. Heck, even now I only recognize *most* of what's on the list, and then in a cursory "that's usually on the list" sort of way.

      Normal people shouldn't be expected to know this. They want to interface with the computer, not program it. When I go to the store to buy a batch of oranges I expect a batch of oranges: I shouldn't need to know the finer details of modern horticultural techniques and the international fruit business to avoid getting lemons that have been painted orange.

      If somebody represents their ap as going to do something, the extent of my responsibility assumes that the ap behaves as expected. If it earnestly tries to look like an orange, it should be an orange. If I sold a painted lemon as an orange, even with a fine print disclaimer, I would be in trouble for misrepresenting the product. I don't see how software is any different.

      --
      The ______ Agenda
    8. Re:Is it... by Anonymous Coward · · Score: 1, Insightful

      No matter what OS you run, you can limit permissions and run questionable apps mostly safely. Like I reiterate, it s a fault of the user for not watching what he does on the machine.

      This applies to every part of life. Car stops working? Driver's fault for not taking care of it. House gets robbed? Owner's fault for not securing the necessary deterrents. Toilet gets clogged? Depositor's fault for overloading its capacity. Kid goes bad? Parent's fault for not monitoring his thoughts.

      There are always things you can do to prevent bad things from happening. It's not like the little part of the universe we occupy is too complicated for any intelligent human being to understand and keep track of.

    9. Re:Is it... by ultranova · · Score: 2, Insightful

      Do you buy watches on the corner near the grungy club in the big city? Do they say "Rolex"?

      If you sell fake rolexes on a shady corner, and the police catches you, do you walk away with no charges filed because anyone who believed you was an idiot ?

      More generally, is it okay to commit fraud if your victims are idiots ?

      No ? Then the intelligence - or lack of it - of iSearch's victims is irrelevant to the topic at hand.

      Furthermore, I would like to remind everyone who's bemoaning the stupidity of the victims that unless you are expert in every field, you too are vulnerable to scams - after all, if you're not a mechanic yourself, you cannot be certain how well the repairman repaired your car, if you're not a biochemistry researcher you cannot know if the food you eat has been tainted, if you're not a plumber, you cannot know if the pipes in your basement were properly sealed, and so on.

      And remember that the victims in this case didn't buy Rolexes from people lurking on shady corners - they installed a utility program from a respectable-looking web site.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  2. It's all bad to me by erick99 · · Score: 5, Insightful

    I don't like any adware or spyware - period. I run three separate programs (AdAware, SpyBot, and a webroot program) to keep that stuff off of my computer. I understand folks have to make a living but do it differently. I don't mind google adsense ads within pages and stuff like that. It's upfront and a little more honest than some program hiding and collecting data or "helping" me by collecting key strokes and making sure I get the "right kind of ads." It's all bad. Period.

    --
    http://www.busyweather.com/
    1. Re:It's all bad to me by pipingguy · · Score: 4, Insightful


      Advertisers have to get off the pollyannish notion that they can track their ads to specific sales.

      Eyeballs impressed is useless unless the eyballs gathered are relevant to your product/service.

      What advertisers have to do is to specifically target websites that discuss things that are relevant to the readers of that website. That won't happen soon because the shotgun approach is still prevalent (a 1/4 page, one month ad in the back of a more general interest, glossy magazine is worth more than a 6 month ad on a more-specific website).

      The web has been a neophyte marketer's dream come true - lots of flash and hype.

    2. Re:It's all bad to me by Moraelin · · Score: 4, Insightful

      Well, that kind of notion is what happens when you let someone define their own criteria of doing their job well. Doubly so when we're talking someone whose job _is_ to lie, i.e., marketting.

      Actually, lemme rephrase that. Not outright "lie", but creatively mis-lead and mis-represent.

      So the marketters invented all sorts of bogus self-serving metrics to justify their job. And then worked to inflate those metrics, rather than actually sell a product.

      Probably the most insidious is the "click" as a measure of success and somehow directly equivalent to "sale". I mean, hey, if you got them to click, they're surely interested in the product, right? Wrong. Exactly in what product is someone interested when they click by mistake on a Fake-UI ad or "punch the monkey" tricks? None whatsoever.

      And the whole Internet disaster is a direct effect of these bogus metrics. People end up working to drive up the metric, not to actually do their job.

      E.g., once you define "number of ads downloaded" as a measure of advertising success, you get spyware and other software that just downloads tons of ads. It doesn't even matter if anyone sees them. They just have to show up in the logs as downloaded.

      E.g., once you define "number of clicks" as a success metric, the direct result is fake UI ads. Or with spyware that automatically redirects you to the site, basically simulating a click the obnoxious way. It's not even a slippery slope. It's a direct cause-effect situation.

      Etc.

      And just so I don't offend only the marketting people, the same happens in _every_ job where people are measured against a bogus metric of success.

      E.g., I know one PHB who demanded weekly reports from everyone of what patterns they applied, and measured a programmer's worth in how many of those they applied. That project is still not ready yet, some 3 years past the original deadline, and with a team 4 times the original size by now. It's also _the_ most baroque architecture I've ever seen, because _everything_ goes through every pattern ever invented, to match the boss's metric. E.g., no object is ever just passed around as it is, it's first wantonly wrapped in a "decorator", obtained from a "factory", which is a "singleton", etc, etc. And I mean so baroque, you can _literally_ fill a whiteboard with only the _layers_ an object has to go through. Sad.

      --
      A polar bear is a cartesian bear after a coordinate transform.
  3. Not that it matters by Realistic_Dragon · · Score: 5, Insightful

    You could have 'iDownload is selling your credit card information to people who want to rip you off' in 5 mile high letters created by manipulating the Northern Lights and there would still be people who downloaded and ran it just to see what all the fuss was about.

    --
    Beep beep.
  4. Heres what i dont want... by SteveXE · · Score: 5, Insightful

    I dont want any software i cant remove 100% without it coming back and no more then a few clicks to remove it. I dont want software that tracks what websites i visit, or files i download, whether anonymous or not. I dont want software that can read my cookies, email, keystrokes, or any of my data whether it reports it or not. I dont want software sneaking onto my system, whether its concealed in a 1000 page EULA or not unless i say specificly install this it doesnt belong on my pc. I dont want ant software that can edit any data and transmit data over a network without my permission I consider that spyware/malware, if your software does this stuff it shouldnt be allowed to exist. Unless the user is informed upfront on what it is, what it does, what it modifys, reads, sends, and how to uninstall it in big bold letters.

    1. Re:Heres what i dont want... by Anonymous Coward · · Score: 2, Insightful

      Unless the user is informed upfront on what it is, what it does, what it modifys, reads, sends, and how to uninstall it in big bold letters.

      That's what the 1000 page EULA is for. Feel free to read it big bold letters.

  5. Re:Here's a piece I found interesting. by garcia · · Score: 1, Insightful

    Although the writer of the article goes into detail, frankly, iDownload is using semantics to hide the true purpose. Spyware, is software that is installed on a consumer's computer, WITHOUT that consumer's explicit, knowledgeable consent, and DOES NOT serve a proper, useful service for that consumer.

    No way?! A Spyware company that's trying to use word games to justify their existence? No way!

    I thought that there were straight forward and honest people behind those companies installing software w/o my knowledge on my computer.

  6. Harassment? by AtariAmarok · · Score: 2, Insightful
    "Also, if they hang up on you, respect that and don't call back. If you call repeatedly, that can be harassment."

    Some people call that "telemarketing".

    --
    Don't blame Durga. I voted for Centauri.
  7. Re:Hmmmm by BCW2 · · Score: 3, Insightful

    I don't understand that one getting hammered the way it did. The people who foist this crap should be tied to a tree and fed ex-lax for a week. The users who allow it should be taught responsibility while wearing a shock collar. You just called the thundering herd of dumbass a thundering herd of dumbass.

    I work in a whitebox store and spend 80% of my time cleaning this crap out of boxes. I tell them where it comes from: ALL pop-ups are EVIL, ALL toolbars are spyware. At least 20% will be back in < 3 months with the same problem(gee I don't know where the 6 toolbars came from?). I will not let any computer leave the store without Ad-Aware and Spybot installed, yes even a brand new one, and the owner instructed on updating and running. With some it helps with others nothing will help till they make the connection between clicking this crap and paying me money.

    --
    Professional Politicians are not the solution, they ARE the problem.
  8. Re:Hmmmm by Creepy+Crawler · · Score: 2, Insightful

    Yeah, I guess +5 IS what I deserve ;)

    And I wasnt trying to justify anything, except that users ought to learn the basics of the hazards of the Internet. Even explaining to them that you need a program like a "Virus Scanner" to find them, and then you hand them a link or 2 to some popular anti-crapware scanners.

    But then again, poeple learn how to drive, how to manage finance, how to build things, yet getting help (from Google or a friend) and applying that help is somehow above most peoples' grasps.

    --
  9. Re:Some little details by Troy · · Score: 2, Insightful

    Complaining to the secretary on the phone probably won't help matters. Likewise, it will be useless fo complain to almost anyone that a total stranger could get on the phone in short order. And, almost by definition, anyone in a spyware company with the power to do anything about it probably doesn't care.

    Instead, why not call companies being targeted and encourage them to persist in how they label this product? Likewise, once it comes to light which companies gave in, contact them and let them know how disappointed you are, and how you won't be recommending their products to your clueless relatives.

    -Troy

  10. Re:Shooting a what??! by comgen · · Score: 3, Insightful

    I find it interesting that a company of this nature would go this route. I do understand how having your company black-listed would pose a threat to your business and PROFIT-'being key here'. I feel that if your company and/or product made it to the antivirus, spyware, watch lists etc. that there is a major problem with your service/product(s) and should be closely reviewed and fixed. This letter got me to thinking, why don't I bill this company for my time and service. Why should I bill customers for time, service and repairs caused by this software and their partners. From the letter they claim to be a legitimate business, if this is the case then they ship obviously buggy, insecure,faulty software. I have cleaned up many systems with this software and their partners 'random' 3rd party add-ons. I noticed that while installed a 2GHZ, 1GB Ram system can actually run 'neck and neck' with an Old beat up 486DX system. In most situations the 486DX would run circles around it though. I'll not get into how a basic DSL/Cable connection can come to a near halt. Of course the issue with this company in particular is that they do warn you about add-ons, privacy etc. To a degree only the user can be held responsible here. Since in 'fine print' and/or agreement they do ask for permission before installing. What can be done in situations like this? Maybe forcing legitimate software companies and developers, to include these warnings or disclaimer in plain view at or near the top line of each agreement. Insert also: Bold, clear, and descriptive explanations; Non-technical information provided in a 'LARGE' legible box above the 'Next/OK' button, explaining to users why slowing down, damaging, etc. their new $$$$$K desktop/laptop-DLS/CABLE connection is a benefit of using their software. Maybe we should develop software that pulls information from these disclaimers and agreements, that would also stop the install process until the 'BOLD, CLEAR' -'in their own words' legal 'damaging' content can be provided to the user. For some users you would probably need to include some neon lights and loud bells.

    --
    -- Best regards
  11. Bad bad software by Blitzenn · · Score: 5, Insightful

    I was INFECTED by this stuff recently. I had an extremely difficult time removing it from my machine. It would reinstall itself continuiously and had so many roots in my registry it took me hours to weed it all out. When I wrote a letter to the manufacturer. They told me that I should not try to uninstall their software. If I insisted, They would send me an uninstall 'package' taht I could install to remove the installation. The really pissed me off as they wanted me to install more of their software in order to remove the first software.

    I didn't bite.

    I replied to them that their software had been installed on my machine without my permission and without my knowledge, took over my machine settings and that was wrong. Because of those properties, it was spyware. They got pissy and told me that I was wrong. That it was not spyware and that not utility that I could get off the market could remove their product successfully. They seemed quite proud of that fact.

    THe only way I found to successfully remove the infectious dlls and such was to change the security settings on the target executables so that they did not have enough permission to run on a reboot and then reboot the machine and delete all of the dll's and executable you otherwise could not because they were already being actively used.

    We pass laws to stop people like this and all they do is find a new way to skirt the law, while the boy down the street, who was just goofing around and made a mistake, gets arrested and sent to jail under that same law. Our approach to fixing these problems is obviously not working. Why does everyone insist on continuing down that road? We write laws that contain templates to check to see if someone is 'bad'. If you fit the template, you are bad and go to jail. The problem is that the bad guys you are really after simply alter themselves just enough, so they no longer fit the template, and skate free. We need to target these people SPECIFICALLY not generically as we are doing now. We are harming people who don't deserve it and curtailing our own freedoms with this method. It is not showing ANY results that matter. Stop the nonsense, PLEASE!