Slashdot Mirror
Consumer Friendly Downloads?
* * Beatles-Beatles writes to tell us Yahoo and AOL will be offering a new anti-spyware initiative to begin next year. The new initiative will allow vendors to get their software "certified" as easy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."
People really don't care about their products being "certified". Go out to the store and buy any usb wifi adapter you can find. In the installation guy it tells you to make sure that you hit "continue anyway" when your computer warns you the drivers aren't certified. I don't think not wanting to hit continue anyway is a valid reason for returning your new adapter.
Just another bad idea to make some money - why would the consumer trust AOL (or M$, or better yet - Sony :) ) better than some other smaller software company ... :)
Obviously a "trust system" is needed, but not one based on payments to a single company
We don't need administrative or legal solutions to this, though they're nice.
What we need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails but on a much grander scale). The key to this (as with any security system) will be to balance security with usability, i.e. not make it so anal that you can't actually do anything. You'll still have ignorant users, but at least they will opt into insecurity rather than inherit it by default.
Crucially, this is something we nerds can do for ourselves and not rely on others whose agendas are opaque.
Maybe I'm missing something here but what's to stop a spyware producer from just copying the seal of approval and sticking it to the front of his product? The threat of legal action I hear you cry. I don't think Mr Spyware Producer really cares all that much about breaking the law so that's hardly a deterent.
Perhaps if AOL made it public knowledge they would send "da boys" round if they caught anyone copying the certificate that would slow some people down. Perhaps a fitting punishment would be being crushed under a million AOL cds pushed one at a time through a giant letterbox.
I used to have a better sig but it broke.
No you're not the only one. I posted a reply earlier this week that basically said the same thing. I think this must be one of ScuttleMonkey's buddies or something. I got modded down as offtopic, because for some reason everyone wants to look the other way.
This is obviously becoming a problem and represents what I consider to be a breach of ScuttleMonkey's journalistic integrity.
The best way to be certain that a program is free from spyware is to examine the source code, comment out any bits you don't like, and compile it on your machine.
The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.
That's how we have always done things in the Unix world, how we still do things in the Linux world -- and it's beginning to take hold of the Apple Mac world, too.
Now, if only the Windows world would wake up and smell the coffee! "What good is source code to me?" they bleat, "I'm not a programmer!" Yeah, you may not be a programmer, you may not want to be a programmer, but the source code is still your best guarantee that a program is what it says it is. And if the person who wrote that program won't show you the source code, even despite the facts that (1) they aren't charging you any money for the executable so it's not like you could be ripping them off by compiling more than one copy and (2) you aren't a programmer and wouldn't understand it anyway, then you have to ask yourself what don't they want me to see?
Insist to see the source. It's the best guarantee yet that the software you are running is pure.
Je fume. Tu fumes. Nous fûmes!
So, I'll likely have to pay for their seal of approval? You mean, I actually have to _pay_ to have my product carry an advertisement for their company? Thank you, but no...
How DirectRevenue and Bullseye network get away with forcing you to download an uninstaller, and fill out a fucking survey, respectively, before you can uninstall their adware. Unbelievable.
It's called Open Source. Or at least to me and the people I advise anyways.
I always tell people that Open Source apps typically do not have any of that crudware in them while most freeware does have that crap embedded, and then point them to various websites that track what freeware has what spy/crap/ad ware in it. I have never been burned by an OSS project and it's windows download/installer.
so look for the OSS label!
Do not look at laser with remaining good eye.
Even before they start, 'spyware' is not enough, and 'malware' ill-defined, to define installation of 'hidden extras' I do not want. These are both companies who package things I don't want as default options in their own installers - not a good start, even if they're 'up front' about it (and include separate uninstallation procedures).
If there's to be a 'police' force for this, I'd rather it be someone whose hands are completely clean...
It all boils down to:
- Do we trust AOL and Yahoo to be honest in this sort of thing.
Would you trust someone who has:
1. Service that is notoriously difficult to cancel?
2. Software that is difficult to remove cleanly?
I'm sure today's Slashdot readers are too young to remember when AOL regularly crapped up a machines TCP/IP stack which only a complete Windows/Software re-install would cure.
[MBASIC sucked. DOS sucked. Windows still sucks.]
AOL will launch 'approved software' that is 'easy to remove' when they dump their own annoying (remember AOL version 8.0?) and ubiquitous install CDs and have it on almost every new PC with Windows. Maybe people don't want AOL after hearing how bad their software is. I don't know if they are planning on stopping their mass distribution of AOL CDs (1048 free hours!) but they should stop it if they want to seem legitimate in this new effort.
You have to first build trust to ensure trust. By the way.......you've got SPAM!
He who knows best knows how little he knows. - Thomas Jefferson
I agree.. Moreover what prevents the software writers from interchanging the functionality of OK and Cancel. Like they could just put text like 'About to install the xxxxx software. If you want to quit hit OK else hit Cancel'. Most of the users hardly ever read all the text that gets shown.
Slashdot readers may be savvy about checking around the web to see if a piece of software contains spyware before they install it, but the average user has no idea how to tell if a given software program is spyware-free. If they could just see an easy-to-identify "spyware-free" certification on the package or website somewhere (and that certification actually means what it says), then that would help a lot. It would be kind of like seeing the "UL tested" stamp on an electrical device. Software companies that used the seal without authorization would be committing a felony. Even if the certification didn't eliminate spyware, it might at least force software makers to do a full disclosure, get the user's permission to install 3rd-party applications, give the user an easy way to later uninstall those 3rd party applications, and make it so that uninstallation completely removed every bit of the installed software from the system.
Buy Steampunk Clothing Online!
This is TRUSTe were talking about. My bet is that anyone who pays $500 gets certified.
Notice there is intentionally nothing about what it would cost or how developers apply.
"No-one I know uses AOL"
That comment reminds me of the film critic Pauline Kael's famous line after Richard Nixon's landslide victory over George McGovern in 1972: "I can't believe Nixon won. Nobody I know voted for him." Of course they hadn't. Kael lived in the cocoon of Manhattan liberalism.
AOL has about 27 million subscribers worldwide. That's more than the entire populations of say, Australia (20 million) and New Zealand (4 million) combined.
I'd say AOL is relevant.
Insert witty sig here.