Slashdot Mirror
Consumer Friendly Downloads?
* * Beatles-Beatles writes to tell us Yahoo and AOL will be offering a new anti-spyware initiative to begin next year. The new initiative will allow vendors to get their software "certified" as easy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."
People really don't care about their products being "certified". Go out to the store and buy any usb wifi adapter you can find. In the installation guy it tells you to make sure that you hit "continue anyway" when your computer warns you the drivers aren't certified. I don't think not wanting to hit continue anyway is a valid reason for returning your new adapter.
We don't need administrative or legal solutions to this, though they're nice.
What we need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails but on a much grander scale). The key to this (as with any security system) will be to balance security with usability, i.e. not make it so anal that you can't actually do anything. You'll still have ignorant users, but at least they will opt into insecurity rather than inherit it by default.
Crucially, this is something we nerds can do for ourselves and not rely on others whose agendas are opaque.
Maybe I'm missing something here but what's to stop a spyware producer from just copying the seal of approval and sticking it to the front of his product? The threat of legal action I hear you cry. I don't think Mr Spyware Producer really cares all that much about breaking the law so that's hardly a deterent.
Perhaps if AOL made it public knowledge they would send "da boys" round if they caught anyone copying the certificate that would slow some people down. Perhaps a fitting punishment would be being crushed under a million AOL cds pushed one at a time through a giant letterbox.
I used to have a better sig but it broke.
No you're not the only one. I posted a reply earlier this week that basically said the same thing. I think this must be one of ScuttleMonkey's buddies or something. I got modded down as offtopic, because for some reason everyone wants to look the other way.
This is obviously becoming a problem and represents what I consider to be a breach of ScuttleMonkey's journalistic integrity.
The best way to be certain that a program is free from spyware is to examine the source code, comment out any bits you don't like, and compile it on your machine.
The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.
That's how we have always done things in the Unix world, how we still do things in the Linux world -- and it's beginning to take hold of the Apple Mac world, too.
Now, if only the Windows world would wake up and smell the coffee! "What good is source code to me?" they bleat, "I'm not a programmer!" Yeah, you may not be a programmer, you may not want to be a programmer, but the source code is still your best guarantee that a program is what it says it is. And if the person who wrote that program won't show you the source code, even despite the facts that (1) they aren't charging you any money for the executable so it's not like you could be ripping them off by compiling more than one copy and (2) you aren't a programmer and wouldn't understand it anyway, then you have to ask yourself what don't they want me to see?
Insist to see the source. It's the best guarantee yet that the software you are running is pure.
Je fume. Tu fumes. Nous fûmes!
They would trust Yahoo because the media will tell them to. The majority of users/consumers only do what they do because some advertisment persuaded them to do so. Either some fluff piece in the news or some well crafted advert made to look like some infomrative report will tell people to look for this sticker if you don't want problems with your computer and it will make less trips to the shop.
And people will buy it or into it. Not because Yahoo is some pillar of faith, virtue, or savior in disguise, but because they have heard of Yahoo and somone told them they were doing good things and buy thier stock (even if someone cannot afford stock). Yahoo has name recognition and thats probably enough to either make it float or at minimum make it were another company can make it float.
Most consumers still do trust microsoft- even though they might be fed up with thier products. Most consumers trusted sony to some extent untill this recent rootkit fiasco. I would be alot of them still don't know about that. I'm not shure if "trust" is a better way to describe it then "not having a reason to not trust them". I think it is the later of the two were most people don't know enough or care to know enough to see what these companies are really like. So i guess they do or will trust them because they havn't a reason not to trust them. You and i know better but we aren't average users either.
How DirectRevenue and Bullseye network get away with forcing you to download an uninstaller, and fill out a fucking survey, respectively, before you can uninstall their adware. Unbelievable.
It's called Open Source. Or at least to me and the people I advise anyways.
I always tell people that Open Source apps typically do not have any of that crudware in them while most freeware does have that crap embedded, and then point them to various websites that track what freeware has what spy/crap/ad ware in it. I have never been burned by an OSS project and it's windows download/installer.
so look for the OSS label!
Do not look at laser with remaining good eye.
Even before they start, 'spyware' is not enough, and 'malware' ill-defined, to define installation of 'hidden extras' I do not want. These are both companies who package things I don't want as default options in their own installers - not a good start, even if they're 'up front' about it (and include separate uninstallation procedures).
If there's to be a 'police' force for this, I'd rather it be someone whose hands are completely clean...
AOL will launch 'approved software' that is 'easy to remove' when they dump their own annoying (remember AOL version 8.0?) and ubiquitous install CDs and have it on almost every new PC with Windows. Maybe people don't want AOL after hearing how bad their software is. I don't know if they are planning on stopping their mass distribution of AOL CDs (1048 free hours!) but they should stop it if they want to seem legitimate in this new effort.
You have to first build trust to ensure trust. By the way.......you've got SPAM!
He who knows best knows how little he knows. - Thomas Jefferson
I agree.. Moreover what prevents the software writers from interchanging the functionality of OK and Cancel. Like they could just put text like 'About to install the xxxxx software. If you want to quit hit OK else hit Cancel'. Most of the users hardly ever read all the text that gets shown.
Slashdot readers may be savvy about checking around the web to see if a piece of software contains spyware before they install it, but the average user has no idea how to tell if a given software program is spyware-free. If they could just see an easy-to-identify "spyware-free" certification on the package or website somewhere (and that certification actually means what it says), then that would help a lot. It would be kind of like seeing the "UL tested" stamp on an electrical device. Software companies that used the seal without authorization would be committing a felony. Even if the certification didn't eliminate spyware, it might at least force software makers to do a full disclosure, get the user's permission to install 3rd-party applications, give the user an easy way to later uninstall those 3rd party applications, and make it so that uninstallation completely removed every bit of the installed software from the system.
Buy Steampunk Clothing Online!
This is TRUSTe were talking about. My bet is that anyone who pays $500 gets certified.
Notice there is intentionally nothing about what it would cost or how developers apply.
"No-one I know uses AOL"
That comment reminds me of the film critic Pauline Kael's famous line after Richard Nixon's landslide victory over George McGovern in 1972: "I can't believe Nixon won. Nobody I know voted for him." Of course they hadn't. Kael lived in the cocoon of Manhattan liberalism.
AOL has about 27 million subscribers worldwide. That's more than the entire populations of say, Australia (20 million) and New Zealand (4 million) combined.
I'd say AOL is relevant.
Insert witty sig here.