Slashdot Mirror
Consumer Friendly Downloads?
* * Beatles-Beatles writes to tell us Yahoo and AOL will be offering a new anti-spyware initiative to begin next year. The new initiative will allow vendors to get their software "certified" as easy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."
This sort of sounds like a recycled verisign sig. Unfortunatyl i doubt it would mean much to anyone at first. The majority of uasy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."sers i encounter think you only get trojans from visitiing porn sites and spyware from the same.
Maybe this is a good thing. The interweb won't be the same.
People really don't care about their products being "certified". Go out to the store and buy any usb wifi adapter you can find. In the installation guy it tells you to make sure that you hit "continue anyway" when your computer warns you the drivers aren't certified. I don't think not wanting to hit continue anyway is a valid reason for returning your new adapter.
Way back in March, Slashdot carried an article saying Office Depot will only carry Windows XP approved software.
Don't get me wrong, I think spyware is bad. I also think a big company only supporting a few software titles (and probably charging a bit to do it) is bad too.
I'd really prefer to see some kind of meta-moderated system by users to rate software as clear of spyware as it would give small vendors more of a chance. Otherwise, we will just further entrench big monopolies.
What are you eating? isItVeg?.
... is only as strong as it weakest link.
It all boils down to:
- Do we trust AOL and Yahoo to be honest in this sort of thing.
- Do we trust that AOL and Yahoo have the technical capability to effectivelly detect both reported and not yet reported forms of spyware.
What will it cost?
.: Max Romantschuk
Sure, it is old hat, but one of these days, there might be a "(insert company name approved) software" program that actually holds its weight and is useful/consistent/trustworthy...
... perhaps AOL/Yahoo will do it better? ... of course, considering the advertising on Yahoo... I'm not going to count on it from them, but it might inspire a knock-off.
I'm not exactly saying infinite monkeys/infinite typewriters, here, I'm just saying we've only had one major company do this so far (as far as I know)
MoM++ - A Classic Expanded - [Master of Magic 1.5]
http://mompp.sourceforge.net/
Let me guess... any vendor, no matter how small, will have to pay a shitload of money to get certified?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Let me get this straight. One company decides what is malware and what isn't. Ask yourself this, would Sony's rootkit have been considered a safe download? I think you'd find the answer is yes. This isn't an objective panel of experts deciding what is safe or what isn't, it's a company and this inherently flawed.
I find it hard to believe that any company, regardless of their otherwise good intentions, would refuse money from a company as Sony. In short, it may work in stoping the small spyware vendor but this is not nearly enough.
Simon.
I had the same thought at first, but the article states:
TRUSTe, an organization that already certifies and monitors Web site privacy and e-mail practices for businesses, will rely on testing by two outside labs for the vetting. It would not name the labs.
A user-run system of moderation is a great idea though. Although TRUSTe seems to be somewhat independant we have just recently seen that the big media corporations aren't exactly the most trustworthy entities when it comes to our personal privacy *cough...sony*, and there is sure to be alot of money at stake.
I'd really prefer to see some kind of meta-moderated system by users to rate software as clear of spyware as it would give small vendors more of a chance.
... that I skimmed through the comments on. There seems to be a way to generate user accounts... so people put programs out with trojan horses, made a bunch of fake accounts, and upped the ratings... you had to really skim to see the 2 or 3 users who had the "THIS IS MALWARE" messages. ... now, this can be avoided, sure, but it will always be a problem... such a system, if disrupted once, would lose a good deal of credibility.
Well, I don't know about that, those systems can cause problems, too.
I have come across a few very suspicious programs on download.com (where they use a rating system on satisfaction with the program)
Also... there is the problem of trolls, plants (that is, if the spyware pals decide to just sit and make new accounts and do it all manually), and kiddies.
===
Perhaps I am too much the cynic?
It *could* work...
It would have to be *really* well thought out and programmed. It would also need to get a good following rather quickly and remain free.
MoM++ - A Classic Expanded - [Master of Magic 1.5]
http://mompp.sourceforge.net/
I'm not sure if this solves the problem. The problem is that there are a lot of not-so-professional people out there that just install anything they lay their hands on. It's like: "Hey! It's a PC! *Must* install stuff on this!" If the PC asks OK or Cancel? they click OK. And then to remove programs they're suddenly "smart" enough to find C:\Program Files\ and delete anything they don't understand. In the end all they need is a browser, an email client, an IM client, a Wordprocessor and perhaps something to mash up some Photo's. Installing anything more will just result in making it worse.
The problem isn't the software. It's the people using the software! As long as they don't know what they're doing there will always be others abusing this.
We don't need administrative or legal solutions to this, though they're nice.
What we need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails but on a much grander scale). The key to this (as with any security system) will be to balance security with usability, i.e. not make it so anal that you can't actually do anything. You'll still have ignorant users, but at least they will opt into insecurity rather than inherit it by default.
Crucially, this is something we nerds can do for ourselves and not rely on others whose agendas are opaque.
Windows programs generally have no dependancies, so a project like this is not really needed. It has been tried before, and there are various projects still taking a stab at this, but I don't think they'll get anywhere.
Am I the only person who has noticed the numerous stories that get posted by *--Beatles-Beatles? Am I also the only person who has noticed that the link used in is name is a constantly changing URL (depending on the story) with pointers to various scammy sites? Is it not obvious what he's doing? He's using the awesome PageRank of slashdot do promote his sites based on searches that have the word Beatles in them.
It's a small price to pay for free advertising. Find a story, summarize it in 5 minutes, post to slashdot, and get a pagerank boost that advertisers would pay hundreds (or maybe thousands) for. (Text links on high-ranking sites is big business - just ask oreilly).
Slashdot should at least put a ref=nofollow in the links to submitters (or better yet, only link the submitter's name to his/her user page).
Ah, my friend, but you forget that is for for small business owners such as myself who couldn't care less about the variety of software -- we just want our stuff to work. Do you know how much time I spend playing "IT Guy" for our company? It is truly not fun.
Give us our MS-Office, our devices that plug in correctly, our specialized apps, and just make everything work. We'll pay extra.
Maybe I'm missing something here but what's to stop a spyware producer from just copying the seal of approval and sticking it to the front of his product? The threat of legal action I hear you cry. I don't think Mr Spyware Producer really cares all that much about breaking the law so that's hardly a deterent.
Perhaps if AOL made it public knowledge they would send "da boys" round if they caught anyone copying the certificate that would slow some people down. Perhaps a fitting punishment would be being crushed under a million AOL cds pushed one at a time through a giant letterbox.
I used to have a better sig but it broke.
The best way to be certain that a program is free from spyware is to examine the source code, comment out any bits you don't like, and compile it on your machine.
The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.
That's how we have always done things in the Unix world, how we still do things in the Linux world -- and it's beginning to take hold of the Apple Mac world, too.
Now, if only the Windows world would wake up and smell the coffee! "What good is source code to me?" they bleat, "I'm not a programmer!" Yeah, you may not be a programmer, you may not want to be a programmer, but the source code is still your best guarantee that a program is what it says it is. And if the person who wrote that program won't show you the source code, even despite the facts that (1) they aren't charging you any money for the executable so it's not like you could be ripping them off by compiling more than one copy and (2) you aren't a programmer and wouldn't understand it anyway, then you have to ask yourself what don't they want me to see?
Insist to see the source. It's the best guarantee yet that the software you are running is pure.
Je fume. Tu fumes. Nous fûmes!
They would trust Yahoo because the media will tell them to. The majority of users/consumers only do what they do because some advertisment persuaded them to do so. Either some fluff piece in the news or some well crafted advert made to look like some infomrative report will tell people to look for this sticker if you don't want problems with your computer and it will make less trips to the shop.
And people will buy it or into it. Not because Yahoo is some pillar of faith, virtue, or savior in disguise, but because they have heard of Yahoo and somone told them they were doing good things and buy thier stock (even if someone cannot afford stock). Yahoo has name recognition and thats probably enough to either make it float or at minimum make it were another company can make it float.
Most consumers still do trust microsoft- even though they might be fed up with thier products. Most consumers trusted sony to some extent untill this recent rootkit fiasco. I would be alot of them still don't know about that. I'm not shure if "trust" is a better way to describe it then "not having a reason to not trust them". I think it is the later of the two were most people don't know enough or care to know enough to see what these companies are really like. So i guess they do or will trust them because they havn't a reason not to trust them. You and i know better but we aren't average users either.
I don't know if I'm being simplistic about it but I've tended to go with www.download.com for anything extra I need - like an avi converter or free audio editor package like audacity. Judge the download by other peoples reviews as to whether it does the job without installing any nasties. GnS
How much do you like toast?
How DirectRevenue and Bullseye network get away with forcing you to download an uninstaller, and fill out a fucking survey, respectively, before you can uninstall their adware. Unbelievable.
It's called Open Source. Or at least to me and the people I advise anyways.
I always tell people that Open Source apps typically do not have any of that crudware in them while most freeware does have that crap embedded, and then point them to various websites that track what freeware has what spy/crap/ad ware in it. I have never been burned by an OSS project and it's windows download/installer.
so look for the OSS label!
Do not look at laser with remaining good eye.
Do you mean Ad-Aware? If so their personal edition is still available for free download,
http://www.lavasoft.de/
Products is the second section in the left hand navigation bar, Ad_Aware personal is the fourth link. Easy.
AOL will launch 'approved software' that is 'easy to remove' when they dump their own annoying (remember AOL version 8.0?) and ubiquitous install CDs and have it on almost every new PC with Windows. Maybe people don't want AOL after hearing how bad their software is. I don't know if they are planning on stopping their mass distribution of AOL CDs (1048 free hours!) but they should stop it if they want to seem legitimate in this new effort.
You have to first build trust to ensure trust. By the way.......you've got SPAM!
He who knows best knows how little he knows. - Thomas Jefferson
Do you use Firefox?
Tell me ONE (1) extension you have installed that does not say "UNSIGNED" in red black font?
Do you panick when you see those? do you avoid installing such extensions.
What is the meaning of that field anyway?
Ubuntu is an African word meaning 'I can't configure Debian'
How about "AOL will certify companies as prompt in stopping charging credit cards the moment service is cancelled.".
Slashdot readers may be savvy about checking around the web to see if a piece of software contains spyware before they install it, but the average user has no idea how to tell if a given software program is spyware-free. If they could just see an easy-to-identify "spyware-free" certification on the package or website somewhere (and that certification actually means what it says), then that would help a lot. It would be kind of like seeing the "UL tested" stamp on an electrical device. Software companies that used the seal without authorization would be committing a felony. Even if the certification didn't eliminate spyware, it might at least force software makers to do a full disclosure, get the user's permission to install 3rd-party applications, give the user an easy way to later uninstall those 3rd party applications, and make it so that uninstallation completely removed every bit of the installed software from the system.
Buy Steampunk Clothing Online!
This is TRUSTe were talking about. My bet is that anyone who pays $500 gets certified.
Notice there is intentionally nothing about what it would cost or how developers apply.
"No-one I know uses AOL"
That comment reminds me of the film critic Pauline Kael's famous line after Richard Nixon's landslide victory over George McGovern in 1972: "I can't believe Nixon won. Nobody I know voted for him." Of course they hadn't. Kael lived in the cocoon of Manhattan liberalism.
AOL has about 27 million subscribers worldwide. That's more than the entire populations of say, Australia (20 million) and New Zealand (4 million) combined.
I'd say AOL is relevant.
Insert witty sig here.
Yeah, like Australia and New Zealand are relevant. Pfffft.