Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Friendly Downloads?

Posted by ScuttleMonkey on from the bigger-friendlier-corporations dept.

* * Beatles-Beatles writes to tell us Yahoo and AOL will be offering a new anti-spyware initiative to begin next year. The new initiative will allow vendors to get their software "certified" as easy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."

169 comments

  1. Recycled versign? by sumdumass · · Score: 5, Insightful

    This sort of sounds like a recycled verisign sig. Unfortunatyl i doubt it would mean much to anyone at first. The majority of uasy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."sers i encounter think you only get trojans from visitiing porn sites and spyware from the same.

    Maybe this is a good thing. The interweb won't be the same.

    1. Re:Recycled versign? by Anonymous Coward · · Score: 3, Funny

      Shure is hard to un-install all those Mac applications. ...Wait, wait, wait. I have to drag and drop?...

    2. Re:Recycled versign? by Anonymous Coward · · Score: 0

      Why the hell was that gibberish modded Interesting?
      How about READING the posts, or at least trying to in the case with this one.

    3. Re:Recycled versign? by Tony+Hoyle · · Score: 1

      Actually it is...

      if it's installed a service maybe, or a couple of libraries that it needs.. drag and drop won't cut it - you have to go hunting with a root shell.

    4. Re:Recycled versign? by KDR_11k · · Score: 2, Insightful

      You laugh but for some people even that is too complicated.

      --
      Justice is the sheep getting arrested while an impartial judge declares the vote void.
    5. Re:Recycled versign? by Anonymous Coward · · Score: 0

      Yes, because if the Mac every got popular enough to attract spyware developers, they would all use simple drag-n-drop packages.

    6. Re:Recycled versign? by igny · · Score: 1

      "sers i encounter think you only get trojans from visitiing porn sites and spyware from the same.

      Does it mean I can now send nudejlo.exe to AOL for certification?

      --
      In theory there is no difference between theory and practice. In practice there is. - Yogi Berra
    7. Re:Recycled versign? by surefooted1 · · Score: 1

      vendors to get their software "certified" as easy to remove...

      Symantec is crapping their pants. lol

    8. Re:Recycled versign? by NoMoreNicksLeft · · Score: 1

      I was thinking the same thing. Is it so hard to glance through Makefile before running 'make install' ?

  2. And.... people won't care by SeraphimXI · · Score: 5, Interesting

    People really don't care about their products being "certified". Go out to the store and buy any usb wifi adapter you can find. In the installation guy it tells you to make sure that you hit "continue anyway" when your computer warns you the drivers aren't certified. I don't think not wanting to hit continue anyway is a valid reason for returning your new adapter.

    1. Re:And.... people won't care by oKtosiTe · · Score: 2, Funny

      But if Microsoft didn't test it, it has to be crap!

      --
      It will happen.
    2. Re:And.... people won't care by Crayon+Kid · · Score: 2, Informative

      Ah, I think they'll give it some thought if it's implemented properly. What strikes me as very nice is that some software depots out there already have such stuff in place and they don't make such a big fuss, it's just part of normal service.

      Take Softpedia for instance, and check out their page for Buddy Spy. Notice the "100% adware, spyware free" banner on the left side, as well as the "Report spyware" link (on right, same level as program name).

      It's probably nothing fancy, just a peer and user review system, overviewed by Softpedia admins. Just like the the rating system. Simple and not pretentious, but "It Works Now(tm)".

      --
      i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
    3. Re:And.... people won't care by Tim+C · · Score: 1

      I don't think not wanting to hit continue anyway is a valid reason for returning your new adapter.

      In theory, the drivers not being certified to work with your OS may kill any support contract you have in place with the OS vendor (in this case, MS). I'd call that a valid reason to return the product myself.

      --
      It's official. Most of you are morons.
    4. Re:And.... people won't care by bastardsquadmuzz · · Score: 1

      When I was installing the driver for my MP3 player I noticed what looked like the driver signing alert flash onto the screen, but then the installation program 'pressed' the accept button for me :-\ I wasn't too worried as I would have accepted it anyway, but it seemed a little worrying that it could be bypassed. It was a Creative player if anyone is curious or has any details.

      --
      --Muzz
    5. Re:And.... people won't care by TheGavster · · Score: 1

      I think these guys may take offense ...

      --
      "Because Science" is one step from "Because old book". Try "Because of my experiment testing my falsifiable assertion".
    6. Re:And.... people won't care by Jarnis · · Score: 2, Informative

      Actually, WHQL certification is pretty good indication that the driver isn't totally crappy. Then again its true that a lack of certification doesn't automatically mean it sucks - it just means that the HW vendor didn't want to pay for the testing & MS stamp of approval.

      So, since the certification costs money for the hardware vendors, and doesn't really tell you anything new, if their internal QA is competent, many vendors skip it - unless their OEM sales tell them they have to do it, so that dell/hp/ibm/whatever will accept the component/pheriperal for their systems.

    7. Re:And.... people won't care by TheSpoom · · Score: 1

      That happened with my Bluetooth key, but the program gave you the option of either letting them do it for you or you doing it manually (the manual option has about 10 different boxes popup with the warning because of the many different drivers the bluetooth key needs for its different functions). The automatic part never did work correctly.

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
  3. This reminds me of another article by ThatGeek · · Score: 5, Insightful

    Way back in March, Slashdot carried an article saying Office Depot will only carry Windows XP approved software.

    Don't get me wrong, I think spyware is bad. I also think a big company only supporting a few software titles (and probably charging a bit to do it) is bad too.

    I'd really prefer to see some kind of meta-moderated system by users to rate software as clear of spyware as it would give small vendors more of a chance. Otherwise, we will just further entrench big monopolies.

    --
    What are you eating? isItVeg?.
  4. A chain of trust ... by Aceticon · · Score: 4, Insightful

    ... is only as strong as it weakest link.

    It all boils down to:
    - Do we trust AOL and Yahoo to be honest in this sort of thing.
    - Do we trust that AOL and Yahoo have the technical capability to effectivelly detect both reported and not yet reported forms of spyware.

    1. Re:A chain of trust ... by Homology · · Score: 4, Insightful
      It all boils down to:
      - Do we trust AOL and Yahoo to be honest in this sort of thing.

      Yahoo have no problems helping the Chineese government hunting down dissident journalists, and other US companies have been shown to actively help surpress free speech and democracy. So no, I certainly dont trust Yahoo in this. I do trust that Yahoo will do anything, given enough money.

    2. Re:A chain of trust ... by BrynM · · Score: 1
      I do trust that Yahoo will do anything, given enough money.
      I bet this is just something new to add as part of the 'feature' list for an ISP partner (Definitely AwOL, but Yahoo will probably re-package it for others such as SBC Yahoo! perhaps). At least after a certain exclusive period for AOL. Another bullet point for the marketing brochure, website and commercial.
      • Anti-virus protection [show me details]
      • Spyware Protection [show me details]
      • Faster downloads [show me details]
      • Secure and Verified(TM) Downloads! [show me details]
      • Stupidity Sandbox(TM) [show me details]
      • Free mouse condom and NooB(TM) tee shirt [show me details]
      --
      US Democracy:The best person for the job (among These pre-selected choices...)
    3. Re:A chain of trust ... by BarryNorton · · Score: 2, Interesting
      It all boils down to: - Do we trust AOL and Yahoo [...]
      Add: Do we trust AOL and Yahoo to make a valid definition (perhaps this is what you meant by honesty).

      Even before they start, 'spyware' is not enough, and 'malware' ill-defined, to define installation of 'hidden extras' I do not want. These are both companies who package things I don't want as default options in their own installers - not a good start, even if they're 'up front' about it (and include separate uninstallation procedures).

      If there's to be a 'police' force for this, I'd rather it be someone whose hands are completely clean...

    4. Re:A chain of trust ... by Anonymous Coward · · Score: 1, Interesting

      It all boils down to:
      - Do we trust AOL and Yahoo to be honest in this sort of thing.

      Would you trust someone who has:

      1. Service that is notoriously difficult to cancel?

      2. Software that is difficult to remove cleanly?

      I'm sure today's Slashdot readers are too young to remember when AOL regularly crapped up a machines TCP/IP stack which only a complete Windows/Software re-install would cure.

      [MBASIC sucked. DOS sucked. Windows still sucks.]

    5. Re:A chain of trust ... by m50d · · Score: 1
      Funny how this is always mentioned here when yahoo comes up, but no-one ever talks about how google does exactly the same thing.

      Just sayin'

      --
      I am trolling
    6. Re:A chain of trust ... by Haeleth · · Score: 1

      Really? I missed that story - link please!

      I know Google helps the Chinese government censor the web by blocking certain search terms within China, but I wasn't aware they'd directly aided the Chinese in tracking down individual dissidents, like Yahoo! allegedly has.

    7. Re:A chain of trust ... by Lord_Dweomer · · Score: 1
      Also, please keep in mind that this is the same Yahoo who changed their privacy policy from "We won't give/sell your information to anybody." to "We don't give a rats ass about your information as long as we can make a buck off of it."

      Now, do you trust this company as a barrier against Spyware, which seeks to profit off of said information?

      When I read this story, the first thing that popped into mind was when MS took over Hotmail and how they implemented a policy of "we're going to crack down on spam through Hotmail...except ours which you will have no way of blocking, MUWAHAHAHA".

      --
      Buy Steampunk Clothing Online!
    8. Re:A chain of trust ... by Homology · · Score: 1

      Really? I missed that story - link please!

      I know Google helps the Chinese government censor the web by blocking certain search terms within China, but I wasn't aware they'd directly aided the Chinese in tracking down individual dissidents, like Yahoo! allegedly has.


      Here you go

    9. Re:A chain of trust ... by size1one · · Score: 1
      given the high level of spam I get at any yahoo mail account ive ever created. Half of which is sponsored or allowed through the spam filters by yahoo. I will NEVER trust yahoo to certify my products. Given thier past actions certification will be nothing more than a company paying for yahoo's shiny logo on thier product.

      With enough money you could get a "program" that installs nothing but virii, rootkits, trojans and other nastyness aproved by them.

  5. Four words by Max+Romantschuk · · Score: 4, Funny

    What will it cost?

    --
    .: Max Romantschuk :: http://max.romantschuk.fi/
    1. Re:Four words by gorilla_au · · Score: 0
      What will it cost?

      After you "Show me the money".

    2. Re:Four words by DrXym · · Score: 2, Insightful
      Probably "nothing" to consumers if you're already signed up to their respective premium services. See also AOL's virus checker etc. To software suppliers I expect it will cost $$$$ for what is essentially a useless service.

      What do I as the user care if AOL "certifies" a programme is easy to install? If software followed the Windows XP guidelines (sufficient to qualify to show the logo), it would already be easy to install. Therefore, the good guys already have an incentive to seek certification - from Microsoft. They don't need AOL or Yahoo! to do the same. In fact, if AOL were that concerned about spyware they would have dumped the IE a long time ago since that is the primary vector for such things. Who knows, it might even lower their support calls having to deal with stupid users who've installed malware and are now complaining about all the porn popups they see online.

  6. Good idea... by mister_llah · · Score: 4, Insightful

    Sure, it is old hat, but one of these days, there might be a "(insert company name approved) software" program that actually holds its weight and is useful/consistent/trustworthy...

    I'm not exactly saying infinite monkeys/infinite typewriters, here, I'm just saying we've only had one major company do this so far (as far as I know) ... perhaps AOL/Yahoo will do it better? ... of course, considering the advertising on Yahoo... I'm not going to count on it from them, but it might inspire a knock-off.

    --
    MoM++ - A Classic Expanded - [Master of Magic 1.5]
    http://mompp.sourceforge.net/
    1. Re:Good idea... by Smallpond · · Score: 2, Insightful

      I have just started a company called, let me see, Certified Software, LLC which will place our well-known "Safe As Houses" seal of approval on your low-cost software package for only $99. The large enterprise edition puts the "Rock-Solid Software" seal on for $2999. It includes an actual tamper-proof seal similar to the type that prevent you from opening bags of weed killer. Does that make you feel better? Diebold is our first big customer.

    2. Re:Good idea... by fireboy1919 · · Score: 1

      I think that content distribution channels would be a better place for this. Tucows, for instance, could include a "spyware" rating on the stuff they distribute. That would be a lot more impartial and likely to work than getting a certification that you pay for and then distributing it yourself.

      Ultimately, my Litmus test for this will be whether or not Realplayer is considered spyware. If its not, then Yahoo has sold out, and I won't trust them for anything other software.

      --
      Mod me down and I will become more powerful than you can possibly imagine!
  7. What about the vendors? by mwvdlee · · Score: 3, Insightful

    Let me guess... any vendor, no matter how small, will have to pay a shitload of money to get certified?

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    1. Re:What about the vendors? by speculatrix · · Score: 1
      how about packages which use time-limits to allow evaluation, but set something in the system to prevent deinstall/reinstall to get round it.

      for example, ULead do this a lot - you download the full (or nearly full) package but it expires after a number of weeks. if the program expires, you try de/reinstall, the time limit is still reduced or expired.

      does this behavious still count in some small way as spyware - the fact that they don't deinstall *everything*, and thus can track a reinstall?

      short of using SysInternal's filemon and regmon and manually checking everything that the program and its installer look at, is there an easy way of "diff"ing what a windows installer *does* to the entire system? In linux, I could just md5 everything, or even chroot the install!

  8. Captain Cynical Returns by Ckwop · · Score: 5, Insightful

    Let me get this straight. One company decides what is malware and what isn't. Ask yourself this, would Sony's rootkit have been considered a safe download? I think you'd find the answer is yes. This isn't an objective panel of experts deciding what is safe or what isn't, it's a company and this inherently flawed.

    I find it hard to believe that any company, regardless of their otherwise good intentions, would refuse money from a company as Sony. In short, it may work in stoping the small spyware vendor but this is not nearly enough.

    Simon.

    1. Re:Captain Cynical Returns by Tim+C · · Score: 4, Insightful

      Some companies would not be buyable; most individuals would be buyable for the right sum of money. Don't forget that companies are run by collections of individuals - some of them are going to be as principled as you imagine your panel of experts to be.

      If Sony waved a couple of million dollars under your nose to claim that their rootkit wasn't malware, would you really turn it down? You can retire on that - hell, invested properly, your kids can retire on it. All just for saying "Hey, you know what, this DRM isn't so bad after all..."

      If you genuinely would turn it down, then I applaud your ability to stand by your principles; I really don't think I'd be able to myself.

      --
      It's official. Most of you are morons.
    2. Re:Captain Cynical Returns by Wordsmith · · Score: 4, Insightful

      Stopping the small spyware vendor does quite a lot. A vendor like Sony, which is -generally- above-board (meaning it doesn't spend most of its time torturing puppies and whatnot) and accountable to millions of customers, shareholders and legal parters has a lot to lose when it does something nasty. Witness the massive backlash against the root kit, and Sony's eventual decision to pull it once it became a PR nightmare. An aware consumer market can fight back when someone like Sony pulls this nonsense.

      It's a lot harder to fight back against the fly-by-night spyware vendor who is looking to collect some quick info - maybe even dangerous info like credit card numbers and banking site passwords - then disapear. You can't hold those people accountable. You can't threaten to stop using their services. You can't even sue them, if you can't find them.

      Ideally, we'd be able to find a tool that's entirely trustworthy for routing at malware, but as you said, that's simply not going to happen. That's why I'm generally careful with what I download, but still run a few competing anti-malware apps, just in case I get something borderline one of those products choses not to flag for whatever reason - questionable dealings or simple ignorance of the malware's existence.

      Having one more tool at my disposal for IDing spyware, even an imperfect tool, seems like a good thing. How useful it is will depend on what reputation Yahoo/AOL can build for being forthright.

    3. Re:Captain Cynical Returns by Anonymous Coward · · Score: 0

      Two million dollars lasting for 50 years comes out to a whopping 40,000 bucks a year. That's before taxes. Sure, I could live on it. No, it wouldn't be very much of a life. And I sure as hell bet you that my kids couldn't retire on it. I guess a few million bucks goes a whole lot further in your world.

    4. Re:Captain Cynical Returns by Bwian_of_Nazareth · · Score: 1

      Well, it is 40,000 bucks a year only if you keep it in your basement. If you invest the money then even low-risk low-interest portfolio would effectively multiply your millions over the 50 years. At 2 % interest rate, two million dollars would give you 40,000 bucks a year without losing any of the money (well, you still would be losing due to inflation - so let's say you can invest the money so that it bears interest of 2 % over the inflation rate. This is not that difficult with millions, I would say it is easier than with hundreds).

    5. Re:Captain Cynical Returns by TheKnave · · Score: 0

      Stopping the small spyware vendor does quite a lot. A vendor like Sony, which is -generally- above-board (meaning it doesn't spend most of its time torturing puppies and whatnot) and accountable to millions of customers, shareholders and legal parters has a lot to lose when it does something nasty. Witness the massive backlash against the root kit, and Sony's eventual decision to pull it once it became a PR nightmare. An aware consumer market can fight back when someone like Sony pulls this nonsense. What is to stop Sony from sponsoring a small vendor to do their dirty work for them? With enough lawyers the vendor may not even be aware who is really hiring them - just that they are suddenly certified spyware free. Bingo insta profits and minimal risk. This creates an impression of security where little exists.

    6. Re:Captain Cynical Returns by speculatrix · · Score: 1

      start spyware monitoring/announcement website

      declare many things to be dodgy

      extort money from vendors

      profit!

      Sony waved a couple of million dollars under your nose to claim that their rootkit wasn't malware...If you genuinely would turn it down
      I'd accept it, put the money beyond jurisdiction into a Swiss Bank account, sell the company, have plane tickets standing by just in case, start a new website denouncing the original one which stopped telling of the Sony evil, and wait for the next million dollar offer!

    7. Re:Captain Cynical Returns by Anonymous Coward · · Score: 0

      Ever heard of interest? Or investing money? Two million should take care of all your needs, if put to work the right way. That's a lot of money.

    8. Re:Captain Cynical Returns by Hosiah · · Score: 1
      If you genuinely would turn it down, then I applaud your ability to stand by your principles; I really don't think I'd be able to myself.

      I wavered on that ethical question for a moment. Then I remembered that I'm too stinking proud. A lifetime of money (which would get spent all the same) wouldn't be worth hating myself until I'm dead (and the kids growing up all tristed and warped because dad developed a psychosis).

    9. Re:Captain Cynical Returns by kawika · · Score: 2, Insightful

      The players here already have blood on their hands. Yahoo's Overture division is the primary source of revenue for Claria Corporation, one of the biggest offenders out there. TRUSTe makes big money to certify web sites and basically takes the company's word about their answers to a form.

      It's not just about spying or offering an uninstall link. For example, the Ask Jeeves folks make a toolbar that is bundled with a cute little utility named Smiley Central that is heavily advertised on game and kids sites. When you install it, it reconfigures your search setup to funnel all searches to Ask Jeeves. It also tacks little advertisements for itself onto your outgoing emails. But remember, you agreed to all that in the EULA, or at least your 10-year-old must have. Sure it has an uninstall, although the average computer user doesn't even know Add/Remove Programs exists much less what should be removed.

    10. Re:Captain Cynical Returns by assert(0) · · Score: 1

      Sony's rootkit would not have neen considered a safe download because it was never a download in the first place.

      --
      (founded 95,000,000 yrs ago, very space opera)
    11. Re:Captain Cynical Returns by mbius · · Score: 1

      Agreed. It's a conflict of interest.

      But with mass-market certification serving as a coarse crapware filter, maybe botnets will suffer a little. As long as the fine-tooth combs of FOSS apps like AdAware stick around, the only downside is increased overhead for developers. Gotta crawl before you can walk, but it'll provide an excuse for vendors to create a premium price point ["with GoldSeal Cleanware suite - add $80"]. I'm ambivalent.

      --
      you can have my violent video games when you pry them from my cold, dead hands.
      Prime UID Club
  9. Just another bad idea ... by xdesk · · Score: 1, Interesting

    Just another bad idea to make some money - why would the consumer trust AOL (or M$, or better yet - Sony :) ) better than some other smaller software company ...
    Obviously a "trust system" is needed, but not one based on payments to a single company :)

    1. Re:Just another bad idea ... by sumdumass · · Score: 2, Interesting

      They would trust Yahoo because the media will tell them to. The majority of users/consumers only do what they do because some advertisment persuaded them to do so. Either some fluff piece in the news or some well crafted advert made to look like some infomrative report will tell people to look for this sticker if you don't want problems with your computer and it will make less trips to the shop.

      And people will buy it or into it. Not because Yahoo is some pillar of faith, virtue, or savior in disguise, but because they have heard of Yahoo and somone told them they were doing good things and buy thier stock (even if someone cannot afford stock). Yahoo has name recognition and thats probably enough to either make it float or at minimum make it were another company can make it float.

      Most consumers still do trust microsoft- even though they might be fed up with thier products. Most consumers trusted sony to some extent untill this recent rootkit fiasco. I would be alot of them still don't know about that. I'm not shure if "trust" is a better way to describe it then "not having a reason to not trust them". I think it is the later of the two were most people don't know enough or care to know enough to see what these companies are really like. So i guess they do or will trust them because they havn't a reason not to trust them. You and i know better but we aren't average users either.

  10. A Good Start would be their toolbar ... by Anonymous Coward · · Score: 1, Insightful

    ... which comes with many software products in a bundle nowadays, and I'm pretty sure I don't want it.

  11. AOL/Yahoo are backing TRUSTe by Anyd · · Score: 2, Insightful

    I had the same thought at first, but the article states:
    TRUSTe, an organization that already certifies and monitors Web site privacy and e-mail practices for businesses, will rely on testing by two outside labs for the vetting. It would not name the labs.
    A user-run system of moderation is a great idea though. Although TRUSTe seems to be somewhat independant we have just recently seen that the big media corporations aren't exactly the most trustworthy entities when it comes to our personal privacy *cough...sony*, and there is sure to be alot of money at stake.

  12. We need an open source version of apt-get for win by joetainment · · Score: 1

    The problem with these plans is that there is always a cost to have your stuff certified, so only big/commercial players get their stuff in.

    What we need is an equivelent of Linux's apt-get and synaptic, but for installing windows 32 programs. Make repositories for GPL, open source, shareware, commercial software. Obviously commercial software would require purchase but the repository should include all types.

    Hmmm... I wonder if I can code this... I'm sure it would at least be doable for Free Software applications...

  13. Problem: Humans suck. by mister_llah · · Score: 3, Informative

    I'd really prefer to see some kind of meta-moderated system by users to rate software as clear of spyware as it would give small vendors more of a chance.

    Well, I don't know about that, those systems can cause problems, too.

    I have come across a few very suspicious programs on download.com (where they use a rating system on satisfaction with the program) ... that I skimmed through the comments on. There seems to be a way to generate user accounts... so people put programs out with trojan horses, made a bunch of fake accounts, and upped the ratings... you had to really skim to see the 2 or 3 users who had the "THIS IS MALWARE" messages. ... now, this can be avoided, sure, but it will always be a problem... such a system, if disrupted once, would lose a good deal of credibility.

    Also... there is the problem of trolls, plants (that is, if the spyware pals decide to just sit and make new accounts and do it all manually), and kiddies.

    ===

    Perhaps I am too much the cynic?

    It *could* work...

    It would have to be *really* well thought out and programmed. It would also need to get a good following rather quickly and remain free.

    --
    MoM++ - A Classic Expanded - [Master of Magic 1.5]
    http://mompp.sourceforge.net/
  14. For Great Product Justice by demastri · · Score: 5, Funny
    Doug Leeds, Yahoo's vice president for product justice.
    Move every zig. You have no chance to survive. Make your time.
    1. Re:For Great Product Justice by Retired+Replicant · · Score: 1

      You play Guild Wars too much.

    2. Re:For Great Product Justice by Anonymous Coward · · Score: 0

      do you seriously think "For great justice" originated with Guild Wars?

  15. Install mania by e-bart · · Score: 3, Insightful

    I'm not sure if this solves the problem. The problem is that there are a lot of not-so-professional people out there that just install anything they lay their hands on. It's like: "Hey! It's a PC! *Must* install stuff on this!" If the PC asks OK or Cancel? they click OK. And then to remove programs they're suddenly "smart" enough to find C:\Program Files\ and delete anything they don't understand. In the end all they need is a browser, an email client, an IM client, a Wordprocessor and perhaps something to mash up some Photo's. Installing anything more will just result in making it worse.

    The problem isn't the software. It's the people using the software! As long as they don't know what they're doing there will always be others abusing this.

    1. Re:Install mania by geo_2677 · · Score: 2, Interesting

      I agree.. Moreover what prevents the software writers from interchanging the functionality of OK and Cancel. Like they could just put text like 'About to install the xxxxx software. If you want to quit hit OK else hit Cancel'. Most of the users hardly ever read all the text that gets shown.

  16. Fear Will Make Money by TheZorch · · Score: 1, Insightful

    It will succeed because of one important thing; FEAR.

    The recent mess with Sony's rootkit, security threats all over the place, and scares over the latest batch of nasty viruses have the average Joe-User terrified. Your average Techie like yourself and me know better and have enough smarts to keep safe, but Grandma sitting at her PC chatting in AIM will be scared out of her bloomers.

    Its the reason why Antivirus companies are racking in the dough with virus definition update subscriptions and also why Adware recently nixed their free spyware scanner so you have to pay for it now. The only one that still free is Microsoft's beta program and a few smaller other scanners.

    Fear of Spyware that compromises your computer and might let someone steal your identity online or infect you with a virus is what will drive the Average User (the majority of the Internet's population) to use these services. All of you fellow Slashdotters should have figured this out already...shame on you.

    --
    Michael "TheZorch" Haney
    thezorch@gmail.com
    http://thezorch.googlepages.com/home
    1. Re:Fear Will Make Money by GWTPict · · Score: 2, Informative
      Adware recently nixed their free spyware scanner so you have to pay for it now

      Do you mean Ad-Aware? If so their personal edition is still available for free download,

      http://www.lavasoft.de/

      Products is the second section in the left hand navigation bar, Ad_Aware personal is the fourth link. Easy.

    2. Re:Fear Will Make Money by Anonymous Coward · · Score: 0

      "but Grandma sitting at her PC chatting in AIM will be scared out of her bloomers"

      This Thread Is Worthless Without Pics!

  17. Re:We need an open source version of apt-get for w by megrims · · Score: 1

    Aptitude is open-source. You wouldn't need to do much coding.

  18. Sandboxing by pr0nbot · · Score: 3, Interesting

    We don't need administrative or legal solutions to this, though they're nice.

    What we need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails but on a much grander scale). The key to this (as with any security system) will be to balance security with usability, i.e. not make it so anal that you can't actually do anything. You'll still have ignorant users, but at least they will opt into insecurity rather than inherit it by default.

    Crucially, this is something we nerds can do for ourselves and not rely on others whose agendas are opaque.

    1. Re:Sandboxing by WilliamSChips · · Score: 2, Interesting

      Have you heard of capabilities? With this type of stuff, spyware would have to ask to get your personal information and such. A pity the early capability systems sucked royally, making ACLs win.

      --
      Please, for the good of Humanity, vote Obama.
    2. Re:Sandboxing by speculatrix · · Score: 1
      need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails

      this is a neat idea. snag is, 99% of windows applications have to be installed as administrator mode to work, and ?50% have to run as admin to work!

      another snag is that windows XP home is crippled in terms of file protection/security. With XPpro you can set file protections, ownership etc, this has been almost entirely stripped out in XPhome, so you can't actually try and lock the machine down even after using admin to install the package.

    3. Re:Sandboxing by Anonymous Coward · · Score: 0

      Sounds like SELinux to me. With SELinux you can make it so your mp3 player (for example) can only read mp3 files and it's configuration files, can only write to it's configuration files, and can only connect to cddb or freedb over the Internet. Now all we need are a few distros that have reasonable policies set up by default with additional policies ready to go so all the administrator has to do is pick one for whatever app they are adding and install it.

    4. Re:Sandboxing by m50d · · Score: 1
      What we need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails but on a much grander scale). The key to this (as with any security system) will be to balance security with usability, i.e. not make it so anal that you can't actually do anything.

      And therin lies the problem. You can achieve most of the effect of this idea by running as non-admin - but it will either not be restricted enough to make any difference, or be so restricted you can't put up with it. Yes, it's partly ignorance that people don't know what needs access to what, but the amount of learning needed to be able to do decent per-application sandboxing is unreasonable to expect from the average user.

      --
      I am trolling
  19. Re:We need an open source version of apt-get for w by n0dalus · · Score: 2, Insightful

    Windows programs generally have no dependancies, so a project like this is not really needed. It has been tried before, and there are various projects still taking a stab at this, but I don't think they'll get anywhere.

  20. Submitter is a link spammer, does /. care? by Anonymous Coward · · Score: 5, Informative

    Am I the only person who has noticed the numerous stories that get posted by *--Beatles-Beatles? Am I also the only person who has noticed that the link used in is name is a constantly changing URL (depending on the story) with pointers to various scammy sites? Is it not obvious what he's doing? He's using the awesome PageRank of slashdot do promote his sites based on searches that have the word Beatles in them.

    It's a small price to pay for free advertising. Find a story, summarize it in 5 minutes, post to slashdot, and get a pagerank boost that advertisers would pay hundreds (or maybe thousands) for. (Text links on high-ranking sites is big business - just ask oreilly).

    Slashdot should at least put a ref=nofollow in the links to submitters (or better yet, only link the submitter's name to his/her user page).

    1. Re:Submitter is a link spammer, does /. care? by Anonymous Coward · · Score: 5, Interesting

      No you're not the only one. I posted a reply earlier this week that basically said the same thing. I think this must be one of ScuttleMonkey's buddies or something. I got modded down as offtopic, because for some reason everyone wants to look the other way.
       
      This is obviously becoming a problem and represents what I consider to be a breach of ScuttleMonkey's journalistic integrity.

    2. Re:Submitter is a link spammer, does /. care? by pv2b · · Score: 2, Funny
      This is obviously becoming a problem and represents what I consider to be a breach of ScuttleMonkey's journalistic integrity.


      Slashdot? Journalistic integrity?

      Pull the other one.
    3. Re:Submitter is a link spammer, does /. care? by Anonymous Coward · · Score: 0

      "I got modded down as offtopic"

      Since there's no public review of moderation it's entirely possible this was administrative. There's nothing to keep the admins from modding you down themselves. I don't remember if meta-moderation shows the moderator's identity, but even if it does, there's nothing to keep the admins from greating mule accounts for this kind of work. They can give themselves as many mod points as they want. They have direct DB access and no accountability.

      "This is obviously becoming a problem and represents what I consider to be a breach of ScuttleMonkey's journalistic integrity."

      This has been going on for well over a year. Possibly much longer. I browse through a third-party filter to strip off most of the crap. Maybe if more people did /. would notice... but probably not.

    4. Re:Submitter is a link spammer, does /. care? by Phroggy · · Score: 1

      I don't remember if meta-moderation shows the moderator's identity,

      It doesn't. Otherwise metamoderators would be influenced by who was moderating, instead of how they moderated, and that would break the system.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    5. Re:Submitter is a link spammer, does /. care? by Anonymous Coward · · Score: 0

      Check that source. *--Beatles-Beatles linked page has some pretty shitty Javascript and ActiveX. I guess that since this is /. we're all supposed to be savvy enough to be unaffected.

      However, the irony and ethical bankruptcy displayed by a /. update about spyware linking to such scum is not lost on some of us.

  21. Small business owners will pay, though. by lwagner · · Score: 5, Informative
    Way back in March, Slashdot carried an article saying Office Depot will only carry Windows XP approved software. I also think a big company only supporting a few software titles (and probably charging a bit to do it) is bad too.

    Ah, my friend, but you forget that is for for small business owners such as myself who couldn't care less about the variety of software -- we just want our stuff to work. Do you know how much time I spend playing "IT Guy" for our company? It is truly not fun.

    Give us our MS-Office, our devices that plug in correctly, our specialized apps, and just make everything work. We'll pay extra.

    1. Re:Small business owners will pay, though. by computerjunkie · · Score: 2, Insightful

      It's what I do for a living Mr. Business Owner is fixing messes that you made... What really sucks for you is your MS Office and devices and specialized apps that you bought thinking you understood technology and your playing "IT Guy" when you actually make money doing something else. Holy crap I don't understand cheapskate small business owners. I am one too and if I need my business taxes done I pay somebody that knows what the hell they are doing. I've seen people spend several days monkeying around with comnputer problems cause they're too cheap to call me and in frustration they give in and I fix it in minutes. How much is their time worth? Apparently not much if they can afford to screw around for days playing "IT Guy". Me? I make a lot more money fixing things for people than I do trying to muddle through taxes or change the oil in my car, or whatever, so I pay the people that know what they're doing to perform those tasks.

      Sorry to get off on a rant but you pretty much sound like a lot of my customer base. If y'all would stick to what it is that you make money at then you wouldn't be frustrated playing "IT Guy" and oh, NO you won't pay extra. You already admitted that you spend too much time playing "IT Guy". You should just pay and let someone who enjoys it handle it for you so you can focus on the core objective of your business.

    2. Re:Small business owners will pay, though. by Tim+C · · Score: 1

      It's good for consumers, too. XP certified software has to conform to a number of standards, one of which is the ability to run as a non-privileged user account. The more this becomes the norm, the better off the whole internet will be, as people stop inadvertently zombifying their machines (or at least, do so much less often).

      --
      It's official. Most of you are morons.
    3. Re:Small business owners will pay, though. by not-quite-rite · · Score: 1

      I don't want to sound like a zealot here, but sounds exactly like you should be selling Apple stuff.

    4. Re:Small business owners will pay, though. by Anonymous Coward · · Score: 0
      Do you know how much time I spend playing "IT Guy"

      Does reading Slashdot fall under "Playing IT guy"?

    5. Re:Small business owners will pay, though. by Anonymous Coward · · Score: 0

      That makes me wonder if it is worth investigating moving my workplace to Windows XP and Office XP, because if Office XP is certified then they should have fixed the bug where in MS Publisher, as an unprivileged user, you can't save to a usb mass storage device. They should have also fixed the one to do with graphics operations, which is related to the bug in the photo editor where it won't even bother opening photos. And maybe they might have fixed the issue in Excel where as an unprivileged user you can't get data from a web site directly imported into a worksheet.

      Although I must qualify this with I havn't tested if SP3 for MS Office fixed any of these, although it hasn't fixed the graphics related ones, and I'm fairly sure it hasn't fixed the saving one.

      Although who am I kidding, even if MS Office is XP certified my work place wouldn't find the money to upgrade. They can find the money to screw up building works incredibly badly and in a way which would have resulted in firing people if the place wasn't a tax payer funded site (even though I'm only an IT tech, I managed to predict with scary accuracy exactly what would happen, and I'm predicting the same incompetacy related issues with systems integration which need to happen for the same project. But hey, what do they care, at worst they will screw up the education of ~150 kids, they've done worse, and yes, I do mean the same people have done worse, not just the organisation), but they will ignore my request to find funds to do things like follow a three year computer replacement program (in fact, if it's anything like last year they will have 'forgotten' that they even need the money to carry out a four year relpacement plan. Fortunatly a few other things came into play to stop the machines getting to 5 years).

    6. Re:Small business owners will pay, though. by lwagner · · Score: 2, Insightful
      I don't think you meant to be funny when you called your customers stupid... these same stupid people are hiring you. I'm amused.

      Your rant exemplifies why I would prefer doing it myself versus hiring someone. It's not being cheap that's the problem.

    7. Re:Small business owners will pay, though. by computerjunkie · · Score: 1

      I didn't call my customers stupid, dipshit. I said quite simply that people should stick to what they know rather than being too cheap for their own good. Sorry you didn't get it.

  22. Hmmm by m4ttbrian · · Score: 1

    I wonder what will happen if Microsoft does go ahead and buy a stake in AOL. Would this service cease as soon as it is started?

  23. Certified Garbaj by TheBlunderbuss · · Score: 0

    "consumers wouldn't benefit much from a system in which good products simply display seals of approval"

    Reminds me of Tommy Boy: It's guaranteed because it's worth less.

  24. Copy the seal of approval? by squoozer · · Score: 2, Interesting

    Maybe I'm missing something here but what's to stop a spyware producer from just copying the seal of approval and sticking it to the front of his product? The threat of legal action I hear you cry. I don't think Mr Spyware Producer really cares all that much about breaking the law so that's hardly a deterent.

    Perhaps if AOL made it public knowledge they would send "da boys" round if they caught anyone copying the certificate that would slow some people down. Perhaps a fitting punishment would be being crushed under a million AOL cds pushed one at a time through a giant letterbox.

    --
    I used to have a better sig but it broke.
    1. Re:Copy the seal of approval? by product+byproduct · · Score: 1

      From TFA:

      "Developers earning TRUSTe's certification will not be permitted to promote that fact, said its executive director, Fran Maier. Rather, TRUSTe will issue a "white list" of trusted programs that partners Yahoo Inc. (Nasdaq:YHOO - news), America Online Inc., CNET Networks Inc. and other Web publishers may use in determining whose software they wish to ally with or distribute."

    2. Re:Copy the seal of approval? by SComps · · Score: 1

      so in order to find out if AOL/Yahoo has certified a potential application I have to go to a website to view a whitelist?

      Might this website be laden with targetted advertising?

      --
      The world according to SComps
  25. This is so transparent: by Hosiah · · Score: 1, Troll

    It's just a front to say "Linux/BSD/Solaris is crap because the .iso file isn't AOL-certified." Meanwhile a malware-spammer with shoverfuls of cash from his latest pink contract will have no problem getting in. And how fast do you thing DRM will get on board? "Hah, Natasha! We can stop anybody from sharing ANYTHING just because it isn't AOL-certified!" "Yes, Boris, and now we make big trouble for moose and squirrel!" AOL-certified will have the opposite effect: products bearing this seal will be treated with an extra measure of suspicioun.

    1. Re:This is so transparent: by Cheapy · · Score: 1

      Did you just call Linux/BSD/Solaris 'moose and squirrel'?

      --
      Would you kindly mod me +1 insightful?
    2. Re:This is so transparent: by Hosiah · · Score: 1
      Did you just call Linux/BSD/Solaris 'moose and squirrel'?

      Yes, but in a good way! (-: This will make no sense to you unless you have seen "The Rocky and Bullwinkle Show", featuring Rocky the flying squirrel, Bullwinkle the moose gradute of Wassamatta-U, and the two pseudo-Romanian villains who were always plotting to do them in. Meant as a humorous reference to those whacky corporate CEOs and all the mad-cap schemes they come up with to try to defeat Open Source.

      I see my parent comment got modded troll, so I'll post this challenge: show me an Open Source download, be it iso image OS or a mere Linux/BSD tarball, that gets the AOL seal of approval to download, post a link to it here, and I'll take back what I said.

      Seriously, think it over: You're running AOL, so you have to have Windows. You want to download and install a free Linux operating system, which will make you no longer an AOL/Windows customer. You think they'll be that stupid to encourage you?

    3. Re:This is so transparent: by Ekevu · · Score: 1

      I haven't seen any operating system which is "easy to remove" by a simple point-and-click way. :o)

    4. Re:This is so transparent: by lupinstel · · Score: 1

      Point your shotgun, click the trigger. Removed!

      --
      Don't blame me, I voted for Cthulhu.
  26. Better Way by ajs318 · · Score: 2, Interesting

    The best way to be certain that a program is free from spyware is to examine the source code, comment out any bits you don't like, and compile it on your machine.

    The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.

    That's how we have always done things in the Unix world, how we still do things in the Linux world -- and it's beginning to take hold of the Apple Mac world, too.

    Now, if only the Windows world would wake up and smell the coffee! "What good is source code to me?" they bleat, "I'm not a programmer!" Yeah, you may not be a programmer, you may not want to be a programmer, but the source code is still your best guarantee that a program is what it says it is. And if the person who wrote that program won't show you the source code, even despite the facts that (1) they aren't charging you any money for the executable so it's not like you could be ripping them off by compiling more than one copy and (2) you aren't a programmer and wouldn't understand it anyway, then you have to ask yourself what don't they want me to see?

    Insist to see the source. It's the best guarantee yet that the software you are running is pure.

    --
    Je fume. Tu fumes. Nous fûmes!
    1. Re:Better Way by chub_mackerel · · Score: 1
      Insist to see the source. It's the best guarantee yet that the software you are running is pure.

      Another way to say this, even for the less computer savvy who don't even care what "source" is: "Use open source software". Ever since I made the switch to OSS, I worry much less about spyware, adware, crippleware, annoyware, etc. To top it all off, I don't copy commercial software anymore... so, I don't worry about that either. The fact that something comes, signed, from a repository I can trust means much more than some yahoo certification from a company that puts its bottom line first.

    2. Re:Better Way by Mathinker · · Score: 1

      Even though from your sig you obviously don't use TeX or Mathematica,
      I will stoop to comment on your post... :-)

      (1) My grandmother and most people don't know what a compiler *is*
      (2) These people are not helped if someone distributes source code
              which isn't the real source code which was compiled to get
              the executable.

      The only reason mal-coders haven't done it is because very few
      non-technical people think the way you do. So giving them "the source
      code" doesn't impress them at all...

      BTW, do use OpenOffice? Exactly how long did your code review take?

    3. Re:Better Way by RAMMS+EIN · · Score: 1

      ``BTW, do use OpenOffice? Exactly how long did your code review take?''

      I'm not the one you were responding to, but I'll answer for myself:

      No, I don't use OpenOffice.org, but I do use OpenBSD. The base system has been audited extensively, and the ports receive audits, too. About half of the ports I use were done by myself, and in about half of those cases, even the program itself is all mine.

      So while I agree that complete source code review is sort of an utopia, it's definitely possible to have much of the software on one's computer reviewed.

      --
      Please correct me if I got my facts wrong.
    4. Re:Better Way by koreaman · · Score: 1

      Yeah, too bad programmers need to eat...

      --
      Le français vous intéresse?
    5. Re:Better Way by ajs318 · · Score: 1

      Taking your points in reverse. The answer to point two is simple. You just have to compile the source code locally. If you're in some rural backwater with only a 56K modem to connect you to the Internet, then downloading will take a lot longer than compiling. If you're on ADSL, then compiling might take an hour or so, but at least it's a fair bet that you've got a good enough electricity supply to run a kettle at the same time as your computer :)

      On Gentoo, everything you install is compiled from source, and on Debian you have the option to compile everything from source. Assuming it's in the repositories, of course, but then that assumption is quite reasonable for Debian or Gentoo. I manage fine in an Xterm, but I'm sure it wouldn't be too hard to wrap a GUI around the process. And even the pre-compiled packages found within the various Linux repositories were all compiled from source by developers who often were not affiliated with the original authors, so they can be considered at least somewhat independent.

      I'm not too sure about Windows; but I would imagine that, since it's so easy to just stick a pre-compiled executable anywhere, it would not be much harder to automate the process of compiling the source for a program and all its dependencies. All the user would notice would be a delay between downloading the program and it being ready to run.

      The answer to point one is just as simple. Your grandmother and most other people who don't know what a compiler is, can always learn what one is. Ignorance is nothing to be proud of and you do nobody a favour by suggesting against bothering to learn things. A little knowledge might just make the difference between enjoying using your computer and wading through a mire of malware.

      And no, I don't use OpenOffice. I'm still struggling to get it to compile properly on my "pure" AMD64 architecture {i.e. no legacy 32-bit libraries}.

      --
      Je fume. Tu fumes. Nous fûmes!
    6. Re:Better Way by Mathinker · · Score: 1

      Wow! I gotta tell NASA --- don't waste money sending a manned mission to Mars, I know a guy on Slashdot who lives there!

      "The answer to point two is simple... I'm not too sure about Windows; but I would imagine"

      If you have no familiarity with Windows, which is the computing platform used by the people I mentioned in (1), I fail to see how you can be sure it is "simple". (It isn't.)

      "The answer to point one is just as simple. Your grandmother and most other people who don't know what a compiler is, can always learn what one is."

      Martian grandmothers must be very different than the majority of Earth grandmothers!

      "And no, I don't use OpenOffice."

      You obviously missed the point here. Or have you actually personally reviewed all the software you use?

    7. Re:Better Way by ajs318 · · Score: 1
      OK then, what's so hard about compiling a package from source under Windows?

      Under GNU/Linux, what you do is open a terminal and enter
      $ ./configure
      $ make
      $ su
       type root password
      # make install
      {And that's the hard way. In Gentoo, if you want to download, compile and install a package called "thingy" then you just use # emerge thingy.}

      I vaguely remember the Windows C compiler supporting "project files", as a way of organising non-trivial projects with more than just one file of source code. So I would have thought that Windows would just automatically associate project files with its compiler, and all you would need to do is unzip the archive, double-click on the project file and have the sources compiled and linked. Is it not like that, then?
      --
      Je fume. Tu fumes. Nous fûmes!
    8. Re:Better Way by Mathinker · · Score: 1

      Uhm, you forgot the step where you pay $262.99 to Microsoft for the compiler? (Assuming it's Visual Studio 2005 --- and of course M$'s compilers are not totally backwards and forwards compatible, so you might have to pay more for other compiler versions, assuming M$ is still selling them).

      There are free compilers, but most software developers on Windows don't use them. And porting from M$'s compilers to the free ones, which are gcc-like, is usually non-trivial.

      Other than that what you wrote is pretty much OK. I'm willing to concede that if Windows compilers were all available and free of charge, a Gentoo-like setup could work.

      Your average (or at least the lowest 20 percentile) Windows user, unfortunately, lacks the know-how to read warning dialogs, never mind the patience to wait for a large program to compile. And expecting them to learn is similar to expecting that pilots should have to know how to fix every piece of equipment on any airplane they fly.

    9. Re:Better Way by ajs318 · · Score: 1
      Uhm, you forgot the step where you pay $262.99 to Microsoft for the compiler?
      Ah, that'd be the bit I was missing. Makes sense now. So you have to pay extra for the compiler?! That would be why there's so much pre-compiled stuff ..... in fact, you could give away the source gratis, and charge money for the pre-compiled binary; it would still appear cheaper to pay for it pre-compiled than to pay for the compiler and compile it yourself.

      And they used to say that we Brits were weird 'cos {until recently} whenever you bought a new electrical appliance, it came with bare wires and you had to fit your own mains plug!

      With that mentality going around, I really hope they don't find a way of metering air soon .....
      Your average (or at least the lowest 20 percentile) Windows user, unfortunately, lacks the know-how to read warning dialogs, never mind the patience to wait for a large program to compile. And expecting them to learn is similar to expecting that pilots should have to know how to fix every piece of equipment on any airplane they fly.
      I'd say it was more like having pilots be expected to know how to read every important instrument on any plane they fly, and what kind of readings were normal and abnormal {you can always put out a distress call if you see something bad}. As for the patience argument ..... if you are using dial-up, downloading usually takes longer than compiling.

      In most countries, it's the law that prepackaged foods have to have an ingredients list, but what if they didn't, and what if it was legal to put any old stuff in it -- even slightly poisonous materials just to bulk it out, or strongly addictive drugs to keep you going back for more? Would you buy a heat-and-serve ready meal, not knowing what was in it? Would you even accept it if it was free? And would you really mind waiting in a restaurant while a fresh meal was being prepared just for you without loads of chemical additives, if you didn't have to pay for it?
      --
      Je fume. Tu fumes. Nous fûmes!
  27. No problem by Poromenos1 · · Score: 1

    Not to be a troll, but I use OSS and they tend to have no spyware whatsoever (probably because they are OSS). I use it so much that now I tend to distrust non OSS software, and only use them when I can't find any OSS that does the trick. 99% of my software is OSS though (and I use a LOT of software, not just OS/office suite).

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:No problem by Anonymous Coward · · Score: 0

      Really? Because my wife downloaded and installed the mywebsearch bar the other day and it not only worked in Firefox, it wasn't listed on the extension list as installed. Never underestimate the gullibility of others...or my wife.

  28. Like a gun amnesty by Anonymous Coward · · Score: 0

    This is not going to work, just like a gun amnesty, the only people who hand in weapons are the kind of people who are not going to get the urge to go *stabby stabby* to their neighbours.

    The companies that will get their software signed are the companied that don't include spyware in their products. The companies that install spyware will just circumvent the protection.

    nice try though, 10 for effort, keep thinking...

  29. Download.com by goraknotsteve · · Score: 3, Informative

    I don't know if I'm being simplistic about it but I've tended to go with www.download.com for anything extra I need - like an avi converter or free audio editor package like audacity. Judge the download by other peoples reviews as to whether it does the job without installing any nasties. GnS

    --
    How much do you like toast?
  30. AOL / Yahoo selling advertising by Anonymous Coward · · Score: 1, Interesting

    So, I'll likely have to pay for their seal of approval? You mean, I actually have to _pay_ to have my product carry an advertisement for their company? Thank you, but no...

  31. I just never understood... by vudufixit · · Score: 2, Interesting

    How DirectRevenue and Bullseye network get away with forcing you to download an uninstaller, and fill out a fucking survey, respectively, before you can uninstall their adware. Unbelievable.

    1. Re:I just never understood... by Hosiah · · Score: 2, Insightful
      How DirectRevenue and Bullseye network get away with forcing you to download an uninstaller, and fill out a fucking survey, respectively, before you can uninstall their adware. Unbelievable.

      *cough* *choke* You'd ACTUALLY DO this? Even when I knew no better than to run Windows, I got ahold of the MS-port of Emacs, guaranteed to find all files hidden everywhichway on your system (and able to read binaries in hexl-mode as well; you can get an idea of what a program does this way). I always simply deleted the files/directories associated with the questionable programs. Each one uses a stinky trick to try to stop this, but don't worry: if their programmers were any good for a goddamn thing at all, they cold get jobs writing REAL programs! Ad/mal/spyware has about 6 tricks that it uses over and over; learn them all (after your sixth time being attacked), and you'll never have a problem dealing with them again. Emacs is also good for editing .ini and .bat files, for those nasty programs that write themselves into the system configuration.

      Uninstaller, my ass! You know what an install program does? It copies files/directories to a destination folder and registers the process with Windows and tells it where the icon is so it can draw the little picture for the program for you in the Start menu's program files. What does an uninstaller do? Same thing in reverse, only it usually leaves behind a huge mess of folders and data cruft that you have to remove manually (for instance, did you once run and then uninstall the Sims? If so, you can reclaim 1 whole Gig of disk space just by deleting the leftover "Maxis" folder). Now, the whole process of harrassing you before "uninstalling" the program probably (a) records your data to ensure that you'll get plenty of spam in the future, and (b) might possibly just replace your malware with *more* malware that's harder to detect.

      My number-one tipoff that a program was bad news on windows: (a) it was new and I didn't recognize it, and (b) the program's folder had no README.txt, uninstaller.exe, or any other courtesy conventions usually observed by professionals, and (c) tried to obfuscate it's purpose (never trust a program named .MQ345tyuII1Pzx334l?112.345, for instance). At the very least, I'd delete the executables (SHIFT-delete, no trash can!). What's the worst that could happen that way? I'd just have *broken* malware that didn't work anymore.

  32. Already exists by Lumpy · · Score: 3, Interesting

    It's called Open Source. Or at least to me and the people I advise anyways.

    I always tell people that Open Source apps typically do not have any of that crudware in them while most freeware does have that crap embedded, and then point them to various websites that track what freeware has what spy/crap/ad ware in it. I have never been burned by an OSS project and it's windows download/installer.

    so look for the OSS label!

    --
    Do not look at laser with remaining good eye.
    1. Re:Already exists by TekGoNos · · Score: 1

      Well, and how many of you DO check the source code of every application you install?

      I don't and I know that it would be dam easy to make me install an open source spyware.

      I just trust that someone in the community will actually read the sourcecode (even if it is just out of curiosity) and post a note on slashdot (or something like this) to get the spyware down in case. But I still think I'm naive here.

      However, most of my software comes from my distro and I suppose that the package maintainer checks for spyware. (And is dishonored permanently if ever he, intentionnally or not, adds spyware). Which is less naive but still based more on trust than on knowledge.

      --
      I have discovered a truly remarkable proof for my post which this sig is too small to contain.
  33. it never ceases to amaze me... by Yahweh+Doesn't+Exist · · Score: 1

    ...how much effort people are willing to put into creating fixes and work-arounds for the simple fact that Microsoft Windows is broken.

  34. Band-Aids to fight Cancer by Jason+Straight · · Score: 1

    That's what it sounds like to me, fix the underlying problem. Make the OS more secure, not necessarily picking on windows underlying OS here so much as their methods of add and removing software, they need to come up with a way that all changes to the system are tagged with the application that made them. Then removing the software would be complete always, leaving no extra hidden goodies behind.

    All operating systems could really benefit by something like this, of course with the way windows is built it would probably be too easily circumvented anyway.

  35. Security Hole by TheKnave · · Score: 0

    Surely this makes things worse. Something masquerading as Consumer Friendly bypasses at least some scrutiny.

  36. How about an anti-AOL CD-dumping initiative? by digitaldc · · Score: 2, Interesting

    AOL will launch 'approved software' that is 'easy to remove' when they dump their own annoying (remember AOL version 8.0?) and ubiquitous install CDs and have it on almost every new PC with Windows. Maybe people don't want AOL after hearing how bad their software is. I don't know if they are planning on stopping their mass distribution of AOL CDs (1048 free hours!) but they should stop it if they want to seem legitimate in this new effort.
    You have to first build trust to ensure trust. By the way.......you've got SPAM!

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  37. Standards by Dekortage · · Score: 1

    FTA: "Leeds said applications and the way they are distributed change so often that companies like Yahoo have a difficult time keeping up. A certification program, he said, will allow Yahoo to keep monitoring a partner's practices."

    Uh... how will a certification program help? Does Leeds mean that they will only certify specific version releases? ...that if the company releases an upgrade or patch, that each one will have to be re-certified? Won't this just slow down software releases?

    And how long before another company (say, MS or IBM) starts their own certification? Then we'll have competing certification systems. Even without this, it would be better if the open source community started a democratic rating system....

    --
    $nice = $webHosting + $domainNames + $sslCerts
  38. Nor the average geek... by xtracto · · Score: 2, Insightful

    Do you use Firefox?

    Tell me ONE (1) extension you have installed that does not say "UNSIGNED" in red black font?

    Do you panick when you see those? do you avoid installing such extensions.

    What is the meaning of that field anyway?

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
    1. Re:Nor the average geek... by CAlworth1 · · Score: 1

      Google Toolbar for Firefox
      Yahoo Photos Easy Upload Tool

      think thats about it though...

    2. Re:Nor the average geek... by Anonymous Coward · · Score: 0

      Thank you for clarifying that, when you said 'one', you really meant 1. Without this, I would have been most terribly confused by your post. Your attention to detail is a huge benefit to your readers. You are truly an asset to society.

  39. Download.com already does this. AOL is the suck by 8400_RPM · · Score: 1

    Download.com already does this.
    AOL is the suck. Bets on how long before AOL is out of business?

  40. and aol certifies aol as... by cyclomedia · · Score: 1

    "avoid" - software corrupts system settings and does not include a satisfactory uninstall procedure

    --
    If you don't risk failure you don't risk success.
  41. AOL certifies software as 'easy to remove'??!!?? by cepler · · Score: 1

    ...and AOL will be offering a new anti-spyware initiative to begin next year. The new initiative will allow vendors to get their software "certified" as easy to remove...

    AOL, certifying software as easy to remove...heh..hehhheheheh...AHAHAHHAHEAHEHAEHAHAHA HAHAHAHA YAYAAYHEAHEAOIHEAODHFAOSDHFAOSEFAYUWFOASJFAL:SDF!

    Ok, thats just too absurd, this has totally made my day, hilarious! Is it April 1st?!

  42. Yahoo! by merc · · Score: 1

    Yahoo and AOL will be offering a new anti-spyware initiative to begin next year.

    Because Yahoo! would never want anything to do with spyware, would they?

    Oh, wait...

    --
    It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
  43. I also have a bridge to sell you. by Stumbles · · Score: 1

    And just how do they propose to certify their certifications process? So they are saying they know how to detect every possible way to detect a virus, trojan and rootkit there is? That's laughable at the least and very very misleading. This is nothing but a bogus marketing attempt to lull ignorant users. If you are stupid enough and there are boat loads of Windows users out there that are, to download software from places other than the vendor. Then you should have your PC confiscated.

    --
    My karma is not a Chameleon.
  44. I use GPLed software by at_slashdot · · Score: 1

    I use GPLed software -- not "freeware" that takes care of the problem.

    --
    "It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
  45. money making scheme? by Tom · · Score: 1

    Is this a money making scheme or is it for real? I guess I'll find out when I submit some stuff, and tell them that since its non-commercial anyway, I can't pay a thing aside from maybe a few bucks for processing.

    The problem is:
    Either it is difficult and/or expensive to get through the process, in which case a lot of good software won't make it simply because it's freeware, cheap shareware or the author doesn't care enough, or it's easy and cheap, in which case I don't see how it can be good enough to not fall for the spyware authors submitting their stuff.

    --
    Assorted stuff I do sometimes: Lemuria.org
  46. Who's looking for who to do it? by PhilHibbs · · Score: 1
    "They are looking for us to do it for them,"
    I don't know of anyone who is "looking for" Yahoo or AOL to do shit for them. No-one I know uses AOL, I only know one person who uses Yahoo and that's because of their BT tie-in, but god damn, who do they think they are? Delusions of relevance.
    1. Re:Who's looking for who to do it? by windowpain · · Score: 2, Interesting

      "No-one I know uses AOL"

      That comment reminds me of the film critic Pauline Kael's famous line after Richard Nixon's landslide victory over George McGovern in 1972: "I can't believe Nixon won. Nobody I know voted for him." Of course they hadn't. Kael lived in the cocoon of Manhattan liberalism.

      AOL has about 27 million subscribers worldwide. That's more than the entire populations of say, Australia (20 million) and New Zealand (4 million) combined.

      I'd say AOL is relevant.

      --
      Insert witty sig here.
    2. Re:Who's looking for who to do it? by PhilHibbs · · Score: 2, Funny

      Yeah, like Australia and New Zealand are relevant. Pfffft.

  47. Heh, AOL by EddyPearson · · Score: 1

    The days of having 8 or 9 AOL CD's in your mail are over people! They'll get involved in whatever they can, bringing Time Warner down with them :p

    --
    You feel sleepy. Close your eyes. The opinions stated above are yours. You cannot imagine why you ever felt otherwise.
  48. Re:We need an open source version of apt-get for w by Admiral_Grinder · · Score: 1

    That really isn't a bad idea. Sometimes I don't have time/energy to browse sourceforge.net or just googling it. There was a /. comment sometime ago where a person posted this huge list of windows apps that was considered safe in this context. I found some useful programs from it. I have that list in a PDF on my computer somewhere, but I won't know of any new programs out there. I used to use download.com and winfiles.com but they are mostly time/feature limited shareware anymore.

  49. ironic by NynexNinja · · Score: 1

    Isn't it ironic how the biggest peddlers of spyware and spam on the internet today would be the ones pushing an anti-spyware initiative. Seems like they are trying to clean the dirt off their own names.

  50. Oh thank goodness... by Pollux · · Score: 1

    The new initiative will allow vendors to get their software "certified" as easy to remove and not containing spyware.

    That sounds like a great idea. Let's certify software to make sure that it doesn't do anything that it shouldn't. And of course, everybody's going to want to get this certification, right? Because, every piece of software that we install on our system, we've had a chance to make sure that it's "certified", right?

    It makes about as much sense as certify everybody who promises not to commit murder. Yea, that will stop the killing.

  51. Search for Beatles-Beatles by Anonymous Coward · · Score: 0

    Interesting.

    Quite a flurry of story acceptions lately. :(

  52. Are software apps the problem? Or is it ActiveX? by walterbyrd · · Score: 1

    When I got hit by adware/spyware, it wasn't because of some software app I installed. Going to the wrong site, is like stepping on a landmine. And going to those sites isn't hard to do since they have it rigged to route you there if you mis-type the url.

  53. Damn straight-parent deserves a nod by way2trivial · · Score: 1

    and it's not the easiest app to remove always......
    I hit this story strictly because I find yahoo toolbar annoying to yank on far too many pc's

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  54. Re:AOL certifies software as 'easy to remove'??!!? by wpiman · · Score: 2, Insightful

    How about "AOL will certify companies as prompt in stopping charging credit cards the moment service is cancelled.".

  55. Re:Are software apps the problem? Or is it ActiveX by Anonymous Coward · · Score: 0

    It's a software app problem: you're using IE which is not certified.

  56. Re:Better Way (heh) by RonBurk · · Score: 1

    Just be sure you also examined the source (all umpteen megs of it) for your compiler and all other tools (e.g. linker) you'll be using in the process, since it is an ancient and classic hack to simply infect a compiler to always include generated malware, and then throw away the hacked source to the compiler so that everyone thinks it's hunky dory. Not as simple as you thought, huh?

  57. Much needed for the average user by Retired+Replicant · · Score: 2, Interesting

    Slashdot readers may be savvy about checking around the web to see if a piece of software contains spyware before they install it, but the average user has no idea how to tell if a given software program is spyware-free. If they could just see an easy-to-identify "spyware-free" certification on the package or website somewhere (and that certification actually means what it says), then that would help a lot. It would be kind of like seeing the "UL tested" stamp on an electrical device. Software companies that used the seal without authorization would be committing a felony. Even if the certification didn't eliminate spyware, it might at least force software makers to do a full disclosure, get the user's permission to install 3rd-party applications, give the user an easy way to later uninstall those 3rd party applications, and make it so that uninstallation completely removed every bit of the installed software from the system.

    1. Re:Much needed for the average user by Hosiah · · Score: 1
      Software companies that used the seal without authorization would be committing a felony.

      Have you never heard of a phishing scam? It's where the cyberthief sets up a whole bogus website, corporate insignia and all, to fool people into typing their credit card numbers into this data trap that they think is their bank's website. Now, what difference would breaking *one* *more* crime make to this sort of person?

      (-: Ooooh! I have an idea! I'll end burglary by going around town slapping stickers on the front of every house saying "do not rob this house". Then I'll make it a crime to rob houses with that sticker on them, and a crime to remove the sticker. I'll charge everybody ten bucks (a small price to pay to stamp out crime! you're either for me or you're for the criminals) to get the sticker service, and then after a few years, I'll pass a *new* law that makes it a crime to own a house without buying the sticker (which will have risen in price several thousand times by then), because that would encourage crime. Um, like, y'know, I'd be a hero like, um, whatsisname...Superman! D00d!!!1!1!

  58. Slashdoters are missing something important by woolio · · Score: 1

    Consider companies like Symantec that sell software to protect people from viruses.

    What would happen if Symantec's software was soo good that it could detect and quarrantine both NEW and OLD viruses (without explicit definitions for them). Would they really want this? Would they stay in business?

    Of course not. THEY don't want to get rid of viruses, they only want to SELL you a tool to find them. And somehow, (thousands of?) new viruses manage to keep poping up. (Despite the fact they they don't mutate on their own like the biological kind).

    I'm not sure if AOL *really* wants to see spyware eraticated. I think they just want to make extra money from the current situtation. And I wouldn't be surprised if they (secretely?) took steps to ensure the status quo.

  59. AOL Intruder by Ranger · · Score: 0

    I hate using AIM but I have friends who I chat with and they won't use anything else. I use Trillian so I can use ICQ and Yahoo! Messenger as well. I signed in this morning and I get this message from AOL that said "We've installed two new bots ShoppingBuddy and MovieFone. I thought "What the fuck is this shit?" It may have been because I installed AIM Triton preview to see if I could get the video chat to work. This is even more egregious than all the ads and tickers and additional software they want to install on your computer. Anyway I blocked them.

    In the past, I've had to go in and edit some of the AOL files to get rid of all sorts of crap. AOL is about as welcome as an anal probe. They want to block other peoples intrusive software so they can foist their crap on you. AOL's idea of "consumer friendliness" is to come into your home uninvited, bend you over, put an anal probe up your keister, and tell you just how wonderful and lucky you are to have it. Your very own mini-Federal-pound-me-in-the-ass prison in the comfort and safety of your own home. Only 9.95 per month!

    --
    "You'll get nothing, and you'll like it!"
    1. Re:AOL Intruder by Anonymous Coward · · Score: 0

      I use Gaim, and that came up this morning for me too. Kind of ironic.

  60. AOL's program for determining malware by ZachPruckowski · · Score: 1

    if(!malware)return "All clear";

    if(malware==true)
    {
    if(vendor =="AOL"||vendor=="Sony"||vendor=="Microsoft"||vend or==...)
    return "All clear";

    else
    return "AOL is on your side, keeping you safe from malware";
    }

  61. Wait a sec... by thesnarky1 · · Score: 1

    AOL is going to tell me what's decent software?! Huh... perhaps I'll just download from reputable sources, and ignore those popups with nude women asking for a quiky click.

    --
    Want to find other gamers to play board and role playing game
  62. Liability? by Lord_Dweomer · · Score: 2, Interesting
    So lets say some software gets approved, and lo and behold it IS malicious, or someone spoofs their certification...will Yahoo and AOL assume legal liability?

    --
    Buy Steampunk Clothing Online!
  63. Re:We need an open source version of apt-get for w by Tony+Hoyle · · Score: 1

    Actually what happens is Windows programs *do* have dependencies (lots of them, for MSVCRT71 upwards) but they ship all of their dependencies built into the MSI - so you have a 20MB download instead of a 1MB one.

    Heck, I've seen installers that bundle the entire .NET runtime in there...

    Since on Windows, there are no 'shared' libraries in the true sense (every app is supposed to have its own copy of dependent libraries - writing to System32 is a verbotten, although there are still badly written installers that do).

  64. Not likely to work by digitalgimpus · · Score: 2, Interesting

    This is TRUSTe were talking about. My bet is that anyone who pays $500 gets certified.

    Notice there is intentionally nothing about what it would cost or how developers apply.

  65. AOL? Bleh. by WebScud · · Score: 1

    Of all companies, I do not want AOL to verify what I download. I think that they know they are dead and the only thing that is keeping them alive is their free IM client. You know we're going to have to pay for it soon...

  66. Re:Are software apps the problem? Or is it ActiveX by Anonymous Coward · · Score: 0

    I agree with the above.

    It's not that you're walking through a mine field, it's that you're trying to find ground safe to walk on by whacking the floor with a sledgehammer.

  67. Finish that thought by Anonymous Coward · · Score: 0
    So while I agree that complete source code review is sort of an utopia, it's definitely possible to have much of the software on one's computer reviewed
    ...if you're a fucking programmer.
  68. MOD PARENT DOWN by Anonymous Coward · · Score: 0

    The spyware scanner is called Ad-Aware, and it's still free.

  69. MOD +5 FUNNY by Anonymous Coward · · Score: 0
    The answer to point one is just as simple. Your grandmother and most other people who don't know what a compiler is, can always learn what one is. Ignorance is nothing to be proud of and you do nobody a favour by suggesting against bothering to learn things.
    In 5 years at this site, this has got to be the funniest shit I have ever read, hands down.
  70. Call me paranoid but... by Irvu · · Score: 1

    Large content/network companies do nothing about spam or spyware. Indeed they stand in the way of many effective attempts to address the problem. Both Spam and Spyware become perceived as a problem. Then they step in with "consumer friendly download services" which offer to make downloads "safe" again perhaps for a price.

    This is probably just the market at work but it's herd not to see the same business planning behind both decisions.

  71. Jesus, you stupid fuck by Hrothgar+The+Great · · Score: 1

    Nice condescending attitude, dipshit. I'm sure you'd be just the guy to hire. I can picture you somewhere in the back of my mind, sitting in front of some server in a customer's office, halfway through your eighth cup of coffee, sweating and maybe twitching a little, your face scrunched up in anger and starting to turn red.

    That telltale vein starts to pop out on your forehead as you sigh just loudly enough that everyone else in the office stops what they are doing to stare at you momentarily out of the corners of their eyes. Someone stops by to drop off some paperwork of some sort. "IDIOTS..." you mutter in a barely audible hiss after they are slightly out of earshot.

    Also, you are fat.

    1. Re:Jesus, you stupid fuck by computerjunkie · · Score: 1

      God, some people are so looking to read too much into something. I just said people should stick to what they know rather than wasting time and money instead of doing what earns them money- and somehow this gives you all kinds of insight into what I look like and my beverage preference? Get a life.

  72. Why this Sucks by SpecBear · · Score: 1

    Remember when Yahoo reset all of their users' spam preferences? Heck, a few stories up from this one you can read about how AOL just automatically added two bots to all the AIM users' buddy lists. Sure these are both things that are easy for the user to fix, but it demonstrates that, if the price is right, these companies would rather ask for forgiveness than permission. Lack of consideration for the user's personal preferences is pretty much the problem when it comes to annoying software installs.

    What we have here is a group of companies that don't really have a great track record in respecting the wishes of their customers. Why should we believe that things will be any better now that they're colluding to set standards?

  73. Has anyone noticed what they are really certifying by Anonymous Coward · · Score: 0

    If you read a couple of the articles about this certification it becomes apparent that they are actually certifying ADWARE! They are saying that it will be easy to remove... but who really cares? Adware is Adware and I am not going to voluntarily put it on my pc. What are they thinking? Take a look at the fifth paragraph in the following article. http://www.eweek.com/article2/0,1895,1887914,00.as p

  74. Or maybe COAST by BillX · · Score: 1

    Seriously, who would retain control over this group? This is the same Yahoo that recently released an anti-spyware toolbar that not only plays favorites with detection, but outright ignores (regardless of settings) certain products that Yahoo has a financial tie to. The last time people tried to agree on a consortium promising to certify apps as "spyware free", it failed miserably for the same reasons - the model of selling such a certification provides a clear financial incentive geared toward certifying products/companies rather than rejecting them.

    --
    Caveat Emptor is not a business model.
  75. This is great! by Anonymous Coward · · Score: 0

    We might call the new repository Debian Main.

  76. repository by Vantage13 · · Score: 1
    And... and... maybe we could have users download this software from one central trusted location and.. and.. maybe we could call them 'repositories' and.. and.. maybe we could have people install it with a tool called... apt-get ... or maybe have a gui version called ... synaptic...

    I'm sure glad no one has thought of this before

  77. The sony route by Sleeping+Kirby · · Score: 1

    I won't be surprised if they take the sony route. " In order to change the way consumers view software, we've supplied this anti-spyware software. It'll scan your system, checking for anything bad, then report that back to you and us, along with your ip address, os version, your webpage history, recent documents and programs, just to be safe. But don't worry, it's not spyware because we're out to change how you look at software." Then again, they might not. But the more I write stuff like this, and the more people read stuff like, the less likely they'll do something like this.

    --
    please... let me sleep... a little more... yay, no longer annonmyous coward.
  78. Money $$$ by Mortlath · · Score: 1
    How much is this going to cost?

    The article was a little vague about the exact process for getting certified. Since it's going to be run by TRUSTe, I imagine that this won't be for free...

    Well, at least this certification only affects the software that gets distributed by AOL, Yahoo!, CNet, etc. I just wonder if this isn't the start of some sort of "trusted computing".