Slashdot Mirror
A Day in the Life of a Spyware Company
prostoalex writes "Business Week has a detailed expose of Direct Revenue. The article has some juicy details on the everyday workings of a spyware outlet, talks about the the business model and advertisers who funnel cash to Direct Revenue, and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."
http://it.slashdot.org/article.pl?sid=06/07/07/155 1237
It's the same article in a different place.
Additionally, it's in a different place, but it's the same article.
there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
"and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."
The crack dealer on one side of the street achieved a victory against crime today when he killed the competing dealer on the other side.
I very much doubt that their reasons for blasting away competing apps were for the benefit of the user. Most likely, they don't want the user's computer to slow down enough for them to notice and do a spyware sweep.
by spamming this story multiple times
actually I am happy to see you, however that is in fact a banana in my pocket.
Latitude, longitude, altitude.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
So if you run their program and their competitor's program at the same time, they will kill each other off? Who needs virus scanners now?
How to stop them in three easy steps:
find executives
kill them (or pay a crackhead to do it)
rejoice
Thus illustrating the old saying "for every complex problem, there is a solution that is simple, neat, and wrong." When it becomes OK to kill anyone that does something you don't like, it also becomes equally possible that others will kill you when you do something they don't care for. But of course you're a good enough troll to know that already.
And for every truth, there's a way to simplify it to the point of idiocy. When someone's doing something that causes you a significant amount of hardship and is making money doing it, they aren't just "doing something you don't like".
That said, I think killing them would be a bit harsh (unless the spyware managed to lock up a computer doing something truly important, but taking a two-by-four to some non-vital parts of their body would be appropriate. That's about what most people would do to an adult they caught vandalizing their car.
How about we vote? Me: give him death via organ donation
Long ago I stopped reading email bounce messages. If my email bounces, oh well. It's just lost. I get hundreds of bounces each day for emails that spammers sent in my name.
My email does bounce though, all the time. It bounces because everybody and their dog invents a brutal spam filter, each one differently flawed.
Just today I failed to communicate with somebody. Gmail sends from *.google.com instead of gmail.com, which is enough to bounce and/or silently delete the mail.
Even after filtering, much of the email I get is spam.
Lately, I don't even bother reading email that claims to come from banks that I actually do business with. Figuring out the legitimacy multiple times per day is too time-consuming.
Email is my primary communication method. It has been ruined. I can no longer rely on messages to be delivered and read. This has been a grave loss for me. I'm just one of many. So yes, the spammer should die. Humanity loses too much from this sort of behavior.
What do the items on this list have in common?
- Cingular Wireless
- Vonage
- Kazaa
- JP Morgan Chase
- Delta
- Travelocity
- Priceline.com
All companies that will no longer have my business, ever. (not that Kazaa would anyways)
I just wish I had the complete list
Douglas Kee, then Direct Revenue's chief of quality assurance (QA)...
Isn't having a quality assurance branch for a spyware company kind of an oxymoron?
That's like having an "ethics department of sudan" or "NSA oversight committee".
Sigh...
The Secret of Life: Proteins fold up and bind things.
>death via organ donation
Impractical. Tissue matching is hard enough when the donor is human.
Spy vs. Spy!
Resolving the references in the title and content of this comment is an exercise left to the reader ...
To err is human. To forgive is good system design.
For persons concerned about spyware it should be pointed out that the important thing is not the spyware company,
It is the companies which employ them.
The article glosses over that with only slight mention. . .
As a victim of the Aurora trojan on a Windoze box I became intimately aware of Direct Revenue and the damage they have caused to many people. Until this article, however, I always assumed they were supported by pr0n sites and spammers.
Instead it turns out Vonage is their main customer!
It's bad enough that Vonage plasters their annoying ads all over the net, and plays their annoying jingle on every channel of TV. Obviously, though, that is not sufficient. They must also use spyware to hook customers and violate more US and International laws.
Vonage has a history of this type of illegal behavior (in chronological order):
1. Its Chairman, Jeffrey Citron, was charged by the SEC with Securities violations due to illegal trades, while he was Chairman of Datek Securities, before starting Vonage.
2. Vonage has consistently engaged in anticompetitvive behaviour against its competitors by blocking SIP calls, and locking down their devices to prevent customers from using the devices with competitors.
3. Vonage has consistently engaged in deceptive advertising when selling their equipment and services by not disclosing that the equipment is not really owned by the consumer (it can't be unlocked to work with other providers).
4. Vonage has consistently engaged in deceptive marketing by convincing customers to LNP port their existing phone number to Vonage when the LNP port could not be done. Even though Vonage could not port the number due to lack of a CLEC in their area code, Vonage reps would tell the customer it could be done "soon".
5. Vonage deceptively operates a web site at Vonage-Forum.com. Only recently has a notice gone up that the site is not operated by Vonage. The site, however, uses the trademarked Vonage name and logo, and has Vonage ads on it.
6. The whole Vonage IPO stock fiasco: not surprising if you noticed item #1.
If Vonage doesn't qualify for U.S. Federal Prosecution on at least ONE of these items something is clearly wrong with our legal system that supposedly was fixed after Enron/Worldcom.
An article about internet advertising that makes me click through 5 pages for just one article. Its a shame I didn't click past the first page.
That comment almost made you spit your latte out over your PowerBook at Starbucks, didn't it?
They were only copying what Xerox, Apple and others had already done.
If computers could only be used by people who knew how to administer the, then there would be far fewer computers in use. Most people do not want to learn about computers, they are not interested. Ease of use is necessary.
It is also perfectly possible to have an OS that is easy to administer and reasonably secure. I have friends who no absolutely nothing about computers who have no problems with Macs. My father finds Ubuntu easier than Windows (although I initially installed it for him and occasionally give him some help).
It is not ease of use that is the problem. It is bad design, poor implementation and simply not caring about security.
Jesus, what a load of crap. I run a stable XP box with a combination of a virus scanner and a hardware firewall, and I have no problem with spyware or viruses (you know, the actual plural of virus), and the only time it goes down is when I (rarely) shut it down. The one time I had a problem with spyware that a good dose of Adaware couldn't fix, I just went back to the last system restore point. I don't need to know how Windows "really" works to be able to use it. It's a tool. Do you know how your car really works? Your dishwasher? Your microwave? Could you build one from scratch? You don't need to, as long as you don't crash your car or put your foot through your microwave. Same goes with Windows - don't download stupid crap, and you'll be fine. "Insightful", indeed...
It amounts to stalking, spying, possibly breaking and entering, and stealing, and the porn pop-ups break federal laws.
When you go to many websites, such as Amazon or Adam & Eve, you can expect as much privacy as in a local mall. But if someone were to follow you around from store to store, at that point it would be stalking.
Now when that "someone" (spyware company) breaks into your property (your computer) to install something without your consent (spyware programs), it's beyond just your typical stalking and into spying. Add to the charge that this "person" didn't have permission to enter your property in any way and you can add breaking and entering to this.
To run this program that you didn't consent to having uses power you are paying for. If it causes your system to crash, if you are someone who can't fix it, you've got to pay someone to repair it for you. Money out of your pocket. Theft. At the least of your own time to fix it.
When you go to a porn site, you usually have to click something saying you are at least 18 or of legal age to view sexually explicit material, and that you consent to doing so. If you were to sit a minor in front of the computer, or were to allow a minor to be nearby while viewing said material, you've commited an offense for which you could be required to register as a sex offender. But yet porn pop-ups happen on sites that aren't sexual in nature, sites that kids sometimes visit. The spyware company is giving no notice whatsoever that sexual material is about to pop up, no chance to consent or for children to be removed from the room first. Would this not be a violation of federal laws by the spyware companies by exposing minors to sexual material?
So I repeat, why is spyware not illegal?
It's a girl!
"think it would be significantly less effort for you to transition to a new email address. This time, don't give it out to anyone you don't trust. Get a throw away address for that and filter/forward it."
Tried that - doesn't work. Why?
Well, a lot of the people I email use Windows (I know, I know) and they are frequently compromised. The attacker gets their email list and Bingo!
Actually it does work, for a while. But then the rot starts and slowly, but surely the spam mounts up again.
Virus scanner: free, hardware firewall: wireless router, and as I said, Adaware and system restore are rarely needed (with the system restore being a one off). My Win2k box has been running for 4 years, and that is a crappy Dell machine. All you have to do is follow good pratice and be sure what you are downloading/accepting etc. Oh and don't use IE, because I agree, it is a piece of crap.
I was browsing 4chan the other day, in their Random section, looking for interesting (ha) pictures to add to my new website that's been in the works for way too long, and bam -- I get tons of popups, a bunch of icons appear on my desktop, and I've got three freakin' toolbars (unhideable toolbars, mind you) in all of my Explorer windows. What's more -- I was using Firefox. I have IE's settings set to the highest possible security, so that even in the worst case that IE lauched for any reason, I won't get screwed. But wow, I certainly did not expect Firefox to be vulnerable to spyware. (I have since reformatted -- I tried everything to get rid of the toolbars and extra crap. I eventually got rid of most of it, but the thing made it so I couldn't right-click anything except for icons in Explorer. Arrrr. Why didn't I view 4chan on my Slackware box? -- More digression: the spyware managed to install some crappy program, which was actually listed in Add/Remove Programs, but the program was using over 10 MB. How can spyware install so quickly if it's so large?)
I see a lot of computers with spyware. Most, if not all, of the computers that I fix have been completely demolished by malware, spyware, adware, and just general crap. A lot of times, it's from user ignorance (the kind of people that don't even skim EULAs). However, many times, it's from them visiting a website that looks just fine, and the website using some kind of hole in IE to screw over the viewer.
So I must ask, how is exploiting security holes a legal business method? It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarily. Since many times it is known (through thorough searches and whatnot) who created the spyware with which one's machine is infected, I find it hard to believe that no serious legal action has been taken up with these companies.
I am truly displeased to see even Firefox becoming a serious target for these jackasses. If Opera felt better (I have this thing about the "feel" of some programs that I can't explain) I might think about almost downloading it.
I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?
I mean, If an advertiser or client becomes a liability, wouldn't spyware go away on it's own without having to be illegal?
I'm sure this angle has been covered before.. but it's early and I'm still on my first cup of caffiene.
Companies have the right to advertise, but (imho)they don't have the right to install *anything* on your PC. (For that matter, what is acceptable advertising on the net?)
My favorite page-1 quote from that article would have to be Some advertisers say their messages have appeared in pop-ups without their permission.
How STUPID do they think we are? As an advertiser, you don't accidentally advertise for someone that's not paying you. When's the last time you saw a commercial on TV that the retailer denied they paid for? The spammers are charginng a lot for their service, and there is no shortage of customers, so I'm quite certain they are only spamming for paying customers.
More than likely these are cases where someone in marketing got the brilliant idea to advertise with spyware and started it without really letting their uppers know what the fallout was going to be. Then six months later when the CEO's in-box is piled high with complaints they deny they had anything to do with it.
I work for the Department of Redundancy Department.
FTFA: by accepting its ads, consumers get popular software applications free of charge that otherwise can cost up to $30 apiece.
Wow, I can save $30 by making my $500 PC unusable.
--- http://davidnehme.blogspot.com
"If one of the infected computers ends up being a government machine, under the USA Patriot Act, this could be a capital crime"
Dude, the PATRIOT act is a virtual blank check for Government/LE abuse.
Don't toy with our emotions by giving us one GOOD way it could be (but never will be) abused... er.. used.!
...how can I prevent my ads from being served by spyware? How about a clause in my contract with the advertising company that says "Ads served by provider and any subcontractor will not be served by pop-up, and will only be served as the result of a user willfully navigating to a web page which serves ads, and may not be served as the result of any additional software installed on the user's computer. The definition of 'pop-up', 'willfully navigating' and 'installed' remains at the discretion of the customer, and we reserve the right to terminate this contract if the advertising agency is unable to assure us that it meets these criteria."
For some small business this wouldn't work too well, but if big companies started doing it, and it became standard operating procedure for corporations, it would help a lot. Suddenly, other advertisers will just stop dealing with these guys.
Nailing down the definitions is a bit tricky, and IIRC there was a case where some company sued over being designated as malware, so this approach isn't a cure-all. Going after the actual technical definition of something is a bit more effort, but it quashes the arguments of companies that might complain they are being singled out prejudicially.
Also, pornographers and other shady businesses will always do stuff like this, but at least we'll maintain the association of sleaziness with pop-ups and spyware, which is where it belongs.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
they are in the business of making money, not of causing problems for the user (that, to them, is merely an unfortunate side effect) - likely some people at that job slept easier knowing at least their software did one useful thing.
You are way too kind to this scum. Their rationalization was that there was money to be made but not for long and that only those who struck hardest would make it. The dirt bag interviewed admitted this by quoting Douglas, "Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them." The business model only worked as long as there were only a few dirt bags trying to impose the maximum tolerable burden. They knew that everyone who could care less would jump into it and soon the burden would be intolerable to anyone.
The only thing that made them feel better was the money they were making as they burnt down your computer. Hopefully, most of that money will be taken away.
The same thoughts can be applied to WGA.
Friends don't help friends install M$ junk.