Market Research Company Secretly Installs Spyware

An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall."

Well?

[flyneye]

Is anyone going to do something about this?
Some justice,revenge,butt chewing,anything?
Do we write our congressman,DOS them or what?
all problems and no solutions.
It must be illegal on some level.
do we file a massive suit and each collect $5 or what?

Re:Well?

[gardyloo]

Personally,
I think we should all write in this style.
A real Story-of-Mel style.

Hawt.

Seriously. The world
might not be made better for it.
But *I* might be made better for it.

When Congress writes anti-spam/anti-spyware laws
in this style, and the FBI enforces them,
with judges reading sentences in
i-am-bic pentameter,
humanity will be restored
(whatever THAT means).

[Now, watch slashdot's formatter totally f this up]

Re:Well?

These kinds of things are a plague to Windows users only.. I have been using Linux for years and this kind of stuff doesn't plague Linux users. In case you're wondering, Linux is the operating system that is killing off Microsoft Windows right now. I use it for everything from web surfing and email to watching DVD movies to creating and editing spreadsheets/documents/presentations/3D graphics and almost anything else you can think of. To Windows users: This is what you get for using a closed-source operating system designed and distributed by the most untrustworthy corporation in the world who employs morons and calls them programmers. Seriously, throw Windows in the trash where it belongs and install a real computer operating system.

Re:Well?

It must be illegal on some level.

Yes it is - in the UK: it is [most likely] a direct breach of the Computer Misuse Act 1990 section 3 - ``...guilty of an offence...any act which causes an unauthorised modification of the contents of any computer...''

Re:Well?

[0123456]

"any act which causes an unauthorised modification of the contents of any computer..."

Yes, but then they'll point out that when you downloaded that Naked Britney Spears Screensaver, you clicked on a EULA which authorised them to read all your bank passwords. The fact that no-one in their right mind would do so is irrelevant.

Personally I'm getting close to the point where I'm going to completely disconnect my Windows PCs from the Net and just have a Linux box for web stuff... it's just not worth the risk of having my bank account emptied by Windows scumware.

Re:Well?

[flyneye]

Actually I run Dyne:bolic for the clustering and apps,Agnula for the real time and pre-emptive patches and apps,straight debian for my kid and gal,Winblows for gaming.

Re:Well?

[TheLink]

Well that applied to the Sony rootkit thing too. So what happened?

In contrast that silly UK guy is going to get deported to the US because he was looking for UFOs by getting into US Gov machines without permission.

Re:Well?

[mpe]

Yes, but then they'll point out that when you downloaded that Naked Britney Spears Screensaver, you clicked on a EULA which authorised them to read all your bank passwords. The fact that no-one in their right mind would do so is irrelevant.

Or more likely the ELUA attached to the program said "We can change this however and whenever we like". With there being a piece of HTML somewhere on their website which says "We own anythihng on your computer".

Personally I'm getting close to the point where I'm going to completely disconnect my Windows PCs from the Net and just have a Linux box for web stuff... it's just not worth the risk of having my bank account emptied by Windows scumware.

Avoiding any banks who require Windows (with MSIE) for "(in)security reasons".

Yawn...

[Colin+Smith]

I'm sorry but monocultures and all that. I've given up warning people. It's their own responsibility to look after their computers? What they can't? Dearie me, that'll be hmmm, $$$ then.

Re:Yawn...

[UrbanPeasantsPolitic]

yes, if you dont want this crap, have sense enough not to plug into the net.............

Re:Yawn...

I'm sorry but monocultures and all that.

It has got nothing to do with monocultures. If everyone was running OpenBSD it would be a monoculture, but everyone would be a lot safer.

Re:Yawn...

[Ngarrang]

Yawn? Don't plug into the net? What arrogant uncaring tripe. What kind of jackass gives that sort of a response? Oh, right, an OS snob. People have the right to privacy and surf the net unmolested, no matter the OS they use. ComScore trampled on that right and deserve to burn, so don't turn this around and blame the user.

Re:Yawn...

[Temsi]

That's about as stupid as teaching abstinence only as the only way to fight STD's.

Interestingly, the advice given is almost the same too: don't plug in...

People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first.

Re:Yawn...

[Harmonious+Botch]

But most Windows users are as interested in secure computers as teenagers are in condoms.

Re:Yawn...

Really? Or would they all be downloading bash scripts from pr0n emails that delete their home directories and open up high numbered ports with shells running on them?

Re:Yawn...

And as Unix users are in social lives

Re:Yawn...

[Urza9814]

Have you every actually tried that? If they don't ignore you, they forget what you told them the next day. I've even installed it, said 'this is an antivirus program, it'll run by itself, it'll protect your computer, don't mess with it'...come back later to fix it again and find no trace of any of the software I installed. Most of the time I get the blank stare of 'yea, sure, whatever. Can I go back to downloading everything that says 'click here' yet?'

Re:Yawn...

True... but the first trip to the doctor for penicillin shots (e.g. major reinstall), then they will become interested. ;)

Re:Yawn...

But most Windows users are as interested in secure computers as teenagers are in condoms.

I never could get into screwing a piece of latex, it just doesn't do anything for me. I'd rather not bother.

Secure windows has never been a problem for me though.

I guess that defines my geekish priorities pretty well...

Re:Yawn...

[Dutch+Gun]

A more fitting comparison would be:

If you'd like to avoid STD's, avoid having sex with skanky prostitutes.

Likewise, if you'd like to avoid spyware, avoid installing "free" software from companies you neither know nor trust.

Seriously, the headline essentially reads "Marketing firm installs spyware on users system. World is shocked." WTF?

Re:Yawn...

[Some_Llama]

"Really? Or would they all be downloading bash scripts from pr0n emails that delete their home directories and open up high numbered ports with shells running on them?"

Possibly if they were all running as root, but that's not the default for a linux install, it is for windows XP...

That's sort of odd...

[zappepcs]

the previous story mentioned social justice in the headline... social justice here would be to have CD copies of their malicious software being rammed up their backsides "without their consent" so to speak...

Why is the DOJ worried more about aunt Eunice downloading MP3s than they are about people who are maliciously causing harm?

sigh, I'll write but I wonder if my representatives will actually notice...

Re:That's sort of odd...

Because he who has money wins. This case; it's the RIAA. DOJ doesn't care about you.. or your well being.. They care about the $, just like everything else.

Re:That's sort of odd...

[ScrewMaster]

Well, Department of Justice employees are appointed or hired, not elected, and if caught taking bribes are in deep doo-doo ... but the DOJ is not as independent an entity as one might desire. There are a lot of political favors that have to be accepted in order to reach a high rank in such an organization, and those favors are often owed (Mr. Gonzales, this means you) to people (are you listening, Mr. Hatch? Mr. Berman?) who don't mind a few extra contributions.

Re:That's sort of odd...

[jb.hl.com]

Because downloading MP3s is explicitly against federal law, whereas (IIRC) spyware is only legislated against by state law?

Re:That's sort of odd...

[Evilest+Doer]

Why is the DOJ worried more about aunt Eunice downloading MP3s than they are about people who are maliciously causing harm?

Well, I'm sure that given the clear illegality of this Market Research company's activities, the DOJ will hunt down and prosecute the people responsible, and those responsible will be heavily fined and have to spend a good bit of time in jail. Oh wait. I forgot. This is America, where corporations are given free rein to run roughshod over everyone and ordinary people are tossed in prison for anything and everything the government can think of. My mistake.

Re:That's sort of odd...

[StikyPad]

Because Joe Websurfer doesn't have a lobbiest bending the ear of Congress.

Win-win-win solution

[straponego]

I think everyone who isn't a total scumbag agrees that spammers and spyware makers are evil and a drain on society. Furthermore, in terms of lifetimes wasted, they time they cost us surely adds up to many times the lives we've lost due to terrorism. I have the answer, one which will heal the political rift in the US as a side effect.

First, we have the NSA, DHS, et al target their illegal wiretapping programs at spammers and spyware makers. They've got the infrastructure to track these people down, and this is a justification for the programs everybody can get behind.

Second, when a spammer is caught, we ship them down to Gitmo. It doesn't matter, in this case, whether torture is an effective means of getting information. We don't need information from them, we just want them out of circulation. We can hope that it would be a deterrent, but really they'll be getting it for the simple reason that they deserve it. Republican/Christians get to torture and sodomize to their shrivelled little hearts' content, and we don't have to worry about damaging our reputation in the world community. Everybody's happy!

Gentlemen, there is no way that we can lose on this one!

Re:Win-win-win solution

[davidsyes]

"We don't need information from them, we just want them out of circulation."

LOL. That sentence alone ought to have earned you 2 to 3 mod points... Or, maybe you had them, but had them taken away by:

"spammers and spyware makers are evil and a drain on society" supporting types....

Re:Win-win-win solution

[Steve+B]

One important point is that spam is about the perfect method of communicating "go-codes" to terrorist cells -- it's trivial to encode a message in the anti-filtering gibberish attached to most spam, and the indiscriminate broadcast completely negates traffic analysis.

Re:Win-win-win solution

[operagost]

Republicans/Christians? What kind of trolling idiot are you?

Re:Win-win-win solution

[ScrewMaster]

Republicans/Christians? What kind of trolling idiot are you?

I'd say a Democratic/Atheist one, you know, so long as we're making snap judgments about people.

Re:Win-win-win solution

[Evilest+Doer]

I'd say a Democratic/Atheist one, you know, so long as we're making snap judgments about people.

Really? I thought it had more of a Green Party/Universalist flavor. But, maybe that's just the sauce.

Re:Win-win-win solution

[grimJester]

Wow. Just....wow. You are comparing the *actual* loss of human life from acts such as terrorism...to the admittedly huge problem of spam and spyware. You are actually equating death with inconvenience. Holy. Shit.

Time and money saves lives and prevents deaths. If the resources drained by spam were used to make safer cars, more lives would be saved yearly than are lost to terrorism. If those resources were used in sub-Saharan Africa, even more lives would be saved.

Inconvenience for millions equals death for many.

Re:Win-win-win solution

[dbIII]

Relax - he's talking about "Republicans" that want to be run by a pre Magna Carta King and "Christians" that believe in a personal God that does what it is told as well as being merchants in the temple that think the poor are cursed by God for their sins.

Re:Win-win-win solution

Generic Standard Trolling Idiot v2.3.12 (bugfix release)

Re:Win-win-win solution

[GreenSwirl]

If I had a big pot of money and could either spend it on something that would make most people's lives a little easier, or spend it hunting terrorists, I'd easily pick the former. Unfortunately, I don't think eliminating spam would make MOST people's lives that much easier, just most Slashdotters'.

"unauthorized download"

Keep in mind when reading that by "unauthorized download" they don't mean copyright infringement, they mean that a third party installed ComScore software without *your* authorization.

Re:"unauthorized download"

[Dunbal]

they mean that a third party installed ComScore software without *your* authorization.

      Oh I hope it DOES make its way onto my machines. I can't wait until they see how much I charge for CPU cycles.

Re:"unauthorized download"

[Loconut1389]

You know, that's an interesting question. What if you do work that uses all or nearly all of the CPU and you litterally lose money if it takes longer. Could you then sue for lost revenue?

Re:"unauthorized download"

Um this is America, you can sue for any reason.

Re:"unauthorized download"

[Loconut1389]

correction- sue and win.

Overzealous Staffers

I love it when the organization in question blames the distributors/staffers/private investigators:
"I had no idea Joey Three-Fingers would break you kneecaps. I merely asked him to follow up on some overdue accounts."

HOSTS entry to block?

[martyb]

I want to proactively block any chance of getting caught by this. I just added this to my (Windows/XP HOME SP2) HOSTS file (C:\windows\system32\devices\etc\HOSTS):

127.0.0.1 comscore.com # ComScore, nee MediaMetrix, et al

I recognize this is but a start. I expect this has been investigated by others already. Rather than re-invent the wheel, I'm looking for some input on what else I can do to protect myself from them. (I already use ONLY firefox, and also have AVG, AdAware, Spybot, and WinPatrol)

Questions:

1. What other entries should I add to my hosts file? (Prevent)
2. What program(s) have you used to locate and remove this? (Detect and Remove)

FYI: Wikipedia's ComScore Entry

Re:HOSTS entry to block?

[interiot]

This lists some of the IP addresses that Texas Tech University has internally blocked. The most important thing to block is their proxy servers, since that's the bit that actually does the monitoring, and because the end-user software is distributed via a number of different sites and organizations.

Re:HOSTS entry to block?

[interiot]

Oops, I forgot to include the Texas Tech link with the IP addresses.

Re:HOSTS entry to block?

[flyingfsck]

http://everythingisnt.com/hosts.html http://en.wikipedia.org/wiki/Hosts_file

Re:HOSTS entry to block?

[mgemmons]

One of the best downloads I have ever made is the MVPs HOSTS file. This is a free hosts file which includes all spammers, spyware, parasites, and adware URLs. The version I am using has over 11,000 entries. Good stuff.

One nice fringe benefit of this file is that ads will no longer appear in web pages or applications which host ads, like MSN Messenger.

Intercepts https://

[interiot]

The thing that really gets me is that their monitoring software installs a root certificate in the user's browser so that they can do a "man in the middle" attack to https:/// connections at their proxy servers. In many cases, comScore gets permission from end users to do this, but I don't think many users really realize how much information they're exposing by doing this. Most obvious is bank passwords, etc, but comScore says they don't monitor those. comScore DOES however say that they verify their user's name, address, income, etc., which I'd imagine most users wouldn't actually agree to if they were fully informed.

Re:Intercepts https://

[khallow]

Most obvious is bank passwords, etc, but comScore says they don't monitor those. comScore DOES however say that they verify their user's name, address, income, etc., which I'd imagine most users wouldn't actually agree to if they were fully informed.

In other words, comScore does a credit check. People routinely agree to those. So I'm not sure that your last statement is correct.

Re:Intercepts https://

[interiot]

It's sort of like credit check, I suppose, but they can (and based on the "buying power" reports they generate, I believe there's a good chance they do) track purchases made, and may track bank balances (I'm not sure how easy this is to do, but it's possible they do this for the X largest ecommerce sites and the X largest banking sites).

Yes, people routinely agree to credit checks, but usually there's a direct financial benefit... eg. getting a loan or something like that. comScore rarely pays its participants anything (they do run sweepstakes, but with ~2 million participants, there's very little chance you'll get compensated for giving away your private information).

Re:Intercepts https://

[15Bit]

Obviously having anything installed on your computer without your consent is a problem, but i'm fascinated as to how this service (with consent) exists. In many countries you have a core set of "Rights" that the law explicitly says you are not allowed to sign away, no matter how much someone pays you or how charming the salesman is. They are there to save stupid people from clever and dishonest ones (and occasionally to save you from yourself). Now I don't like the nanny state any more than the next person, but this looks to me like a magnificent poster case for why you shouldn't be allowed to just sign up for anything you like. You simply should not be allowed to sign up for something this intrusive and surreptitious.

Re:Intercepts https://

[Beryllium+Sphere(tm)]

Inviting the question, even if you trust them with your credit card numbers, and trust all their employees, do you want to bet that there won't be a security breach on one of their servers?

This is a serious limitation of SSL on commodity operating systems, by the way. IE's list of trusted root certificates is simply entries in the registry. Even if you're part of the infinitesimal fraction of users who knows what a CA cert is and where to look for them, how can you do a security review on all 39 of the root certificates that come with Firefox, or spot a new unwanted one? (One of those root certs is from AOL, by the way). If you trust the Mozilla foundation to audit the security and practices of each and every one, do you have the same trust in a proprietary browser's developers? Even assuming the developers make the decision instead of the marketers?

Re:Intercepts https://

[hitmanWilly1337]

So how is this different from a rootkit or trojan? And if it isn't, why are these people still a company and not in jail w/ the rest of the black hats? and why are we more worried about some kid who downloads a couple Metallica CDs?

Use a firewall and wear a rubber - hitmanWilly1337

Re:Intercepts https://

[owlstead]

The developers won't make those decissions: you'll have to pay through your nose to get on that list of trusted CA's. So by definition, the first station is not the developer. And once the payment is there, do you think they can say: "well, you've payed, but you won't get on the list"? Nope, that is indeed a pretty serious limitation of the current technology.

At least there should be different levels of trust. At the moment, you can choose different kind of levels of certificates, but the browsers will accept anyone of them - without displaying that trust level. So what's the point?

this is what they should do!

[ILuvRamen]

why the hell don't the cops show up at the company's door, break it down, and arrest everyone responsible and make sure CNN news crews are there to record it and make a story out of it. Then maybe these stupid, evil marketing people will stop thinking they can get away with it! It's called illegal for a reason. If they can arrest a guy for putting a distributed processing screensaver on school computers, they can arrest marketing execs!

Re:this is what they should do!

[Jerry]

Exactly!

How is what these scum are doing any different from a thief photographing the contents of letters in your mailbox?

None that I can see.

Re:this is what they should do!

[interiot]

I don't think Ford, Microsoft, etc. would do business with them if what they did was really obviously illegal. Also, if taken to court or whatnot, they'd probably say that most users agreed to their EULA, which says things like:

Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts, which may include personal financial or health information. We may use the information that we monitor, such as name and address, for the purpose of better understanding your household demographics.

They pretty much explicitly say that they track user's online financial transactions. Obviously, end users don't usually read EULA's. IMHO, it's journalist's job to point out really egregious EULAs like this, and hold the company's feet to the fire. In this case though, unfortunately their EULAs haven't gotten much press coverage. And the company's entire business is based around this information collection, so it's not like a small amount of press would be enough to remove a small clause that lawyers added in as an afterthought.

Re:this is what they should do!

[davidsyes]

Sure they can. But then the/that local police chief won't make mayor. See, the marketing lobby will lobby the living shit out of the local police union to NOT give their votes to that chief. Maybe even a few lawyers/pro tems and the DA might get recalled or not re-elected if they signed off on the city breaking down the door of these evil marketing execs. The word EVIL exists for a REASON, ye know?

I feel how you feel. Maybe what we end users need is a hella intense honey net with our OWN real-time MITMA to modify our data to feed SHIT to those marketing companies. We'd be a "GOOD EVIL" bunch, eh?

Re:this is what they should do!

[ILuvRamen]

if I was a cop on that squad and they tried to bribe me or worse, take me out to eat, I'd order a really expensive steak and a bowl of chilli then shove the chilli in their face after I was done with the steak and then mace them if they got mouthy about it :-D too bad I'm not a cop lol. Hmmm I wonder what I can do to lobnyists as a programmer...

Re:this is what they should do!

[0123456]

What kind of fucktard would actually, legitimately, agree to that license?

Re:this is what they should do!

[mpe]

why the hell don't the cops show up at the company's door, break it down, and arrest everyone responsible and make sure CNN news crews are there to record it and make a story out of it. Then maybe these stupid, evil marketing people will stop thinking they can get away with it! It's called illegal for a reason.

The police department which actually does this would arrive by helicoptor and have a nickname of "The Flying Pigs"...

Screenshots?

[slashkitty]

The submitter claims the software takes screenshots of every page the users visit.

This isn't what the actual article says. It says "virtual photos". Most likely is that it's just collecting URLs.. and maybe the contents of the page.. There would be no reason to do screenshots... It would make things much more difficult to analyze.

Re:Screenshots?

[interiot]

The installed software re-routes all of your internet traffic through comScore's proxy servers. In most cases, they're probably just monitoring the URL's you visit, but they also check check more specific information in some cases... they say they verify the user's demographics (name, address, it sounds like purchases are tracked as well), and depending on what they're doing research on at the time, they sometimes track P2P activity, audio streaming activity, instant messaging statistics, etc.

Re:Screenshots?

[Otter]

This isn't what the actual article says.

For that matter, the title "Market Research Company Secretly Installs Spyware" is completely wrong. Even the researchers aren't suggesting comScore* is actively involved in anything illegal, just that they're indiscriminate about what kind of scum they use as distributors.

* I was going to ridicule the submitter/editor but they actually got the company's name right, while Forbes is wrong...

Re:Screenshots?

[slashkitty]

If it's just a proxy, it's not even going to be able to see your https post data (just the URLS you're going to). There is a big difference between credit card, bank account numbers and just the URLs you're going to.

Re:Screenshots?

[interiot]

From TFA:

While ordinarily an HTTPS connection would simply pass through a proxy securely, in this case MarketScore also installs a new root certificate in your browser so that it can decrypt all intercepted SSL connections (a "man-in-the-middle" attack) without triggering a security warning from the browser. In normal operation, browsers would complain if a site certificate doesn't match the domain of the URL, but the new root certificate tells the browser to trust ComScore's site certificate for any URL.

Re:Screenshots?

[slashkitty]

I think the article is suggesting that by letting 3rd party vendors distrubute their software, they are opening themselves and the users to all sorts of trouble.

Re:Screenshots?

[statusbar]

So once this software is installed, that 'little padlock' in the web browser that says to everyone that the connection is secure is lying.

--jeffk++

Re:Screenshots?

[mpe]

The installed software re-routes all of your internet traffic through comScore's proxy servers. In most cases, they're probably just monitoring the URL's you visit, but they also check check more specific information in some cases... they say they verify the user's demographics (name, address, it sounds like purchases are tracked as well), and depending on what they're doing research on at the time, they sometimes track P2P activity, audio streaming activity, instant messaging statistics, etc.

Even if they arn't "doing research" putting all your traffic though one bottleneck is unlikely to give you a good "Internet Experience"

So what good is a unenforced law?

[canuck57]

So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce it?

Re:So what good is a unenforced law?

[Threni]

> So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce
> it?

It would also appear to break the UK's Interception Of Communications Act 1988.

Re:So what good is a unenforced law?

[TubeSteak]

Question: So what good is [Some law passed by Congress] if the FBI will not enforce it?

Answer: It makes Congress look good. The can go home & tell their constituents "look what wonderful law I voted for".

In reality, it takes either some Attorney General makes a stink over it, or some high profile mishap lights a fire under their asses.

Re:So what good is a unenforced law?

[slimjim8094]

Oh, they enforce it alright. Just not against people who actually cause harm (the people who the law is SUPPOSED to punish)...

Re:So what good is a unenforced law?

And the UK Computer Misuse Act 1990.

But the authorities won't do anything without a complaint. So if you find this software on your computer then make a complaint to the police. Otherwise nothing will happen.

Re:So what good is a unenforced law?

[hitmanWilly1337]

They enforce it alright...when they feel like it. Like against some kid who happens to be poking around in his university's mainframe. but against a large company (read: potential campaign contributor)? i dont think so.

Just because you're paranoid doesn't mean they aren't out to get you.

Re:So what good is a unenforced law?

[mpe]

So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce it?

They probably do enforce it, just in a highly selective and political way.

Re:So what good is a unenforced law?

[mpe]

They enforce it alright...when they feel like it. Like against some kid who happens to be poking around in his university's mainframe. but against a large company (read: potential campaign contributor)? i dont think so.

Where's "Crackers" when he's needed?

Yawn...Just say no to sex.

"That's about as stupid as teaching abstinence only as the only way to fight STD's."

Well since they're called Sexually Transmitted Diseases, then yes abstinence (not engaging in SEX) is the one hundred percent way of avoiding STDs through that vector.

"People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first."

And kids are bringing guns to school and shooting everyone. Maybe we should start them on some gun lessons, and practice at the firing range?

Re:Yawn...Just say no to sex.

[Temsi]

OK, now you're just being silly.

Sure, abstinence is the only 100% effective way of preventing STD's, but teaching that and nothing else, is an extraordinarly dumb thing to do, because it goes against our natural instincts. We are born with the need for sex, and when it awakens it tends to go a little nuts. Abstinence only education can lead directly to teen pregnancies and the transmission of std's, because kids are not given an alternative method of protection, and in fact statistics show that it simply doesn't work in any way shape or form. Ignorance is not protection.

Your gun lesson analogy is a bad one. Firing guns is not a natural urge written into our genes.
ALL teens have sexual urges, but only a handful of nutcases have the urge to shoot their classmates.
Thus, your argument is a red herring.
That being said, it wouldn't hurt to have an alternative method of protection against guns, such as trigger-locks, and not rely solely on the "don't do it because I said so" method (which incidentally is the same one used in abstinence only education).

A more proper analogy would be:
You have a swimming pool in your back yard. You can tell your kids not to go in it all you want, but one day, when you're not looking, they will, and when that time comes, wouldn't it be safer if they've been taught how to swim?

Re:Yawn...Just say no to sex.

"Sure, abstinence is the only 100% effective way of preventing STD's, but teaching that and nothing else, is an extraordinarly dumb thing to do, because it goes against our natural instincts. We are born with the need for sex, and when it awakens it tends to go a little nuts."

*rased eyebrow*

I'm being silly? You're the one with the "it's human nature so enough with the limits!" POV. Just because it's human nature doesn't mean that we shouldn't establish boundardies. Abstinance isn't some kind of death sentence, and marriage is a perfect outlet for those "urges" you think we can't control.

BTW I guess if abstinance is "because we said so" then you must have had a rough childhood with your parents aying "No don't do that". There's a reason for everything and the high incidents of STDS and unwanted pregancies shows that humanisms "permissiveness" is no better a solution.

Re:Yawn...Just say no to sex.

[nysus]

This is just ignorant and backwards and puritanical and not practical. It's 2006, not 1621.

Re:Yawn...Just say no to sex.

Right, you're not being silly.

You're being completely, utterly stupid.

Abstinence doesn't work - because it doesn't and won't happen.

Now, just because in your case you have no ability to get laid doesn't mean that most of the population won't.

Oh, and I suppose you're going to say that gays should only have sex in Canada and Massachusetts where they can get married? Or perhaps you're the sort of bigoted homophobe who doesn't want them to have sex at all, ever.

Re:Yawn...Just say no to sex.

[HikingStick]

Firing guns may not be a factor of our genes, but our fight or flight response is. We teach children the concept of self control so that they don't run away all the time like whipped pups, or so they don't go postal on their schoolmates. I'm just tired of the "you can't teach kids to abstain, so why bother" camp. You'll find that, most of the time, kids will rise to the level of expectations placed upon them. Expect that your kids will be lazy slackers who won't clean their rooms and--surprise, surprise--they grow up to be lazy slackers who won't clean their rooms. Instill and reinforce expectations early and often and most kids rise to the challenge. I don't care whether it's self care or staying out of the sack while young--the concept is the same. Sure, some will try the other path, but they will be the minority. At one time, they were considered bad examples that reinforced the lessons of a common morality. Moral relatism put that in the crapper, though, so the viablity of a return to this type of society is unlikey without seeing a far-reaching moral realignment among the citizenry of much of the world...

Re:Yawn...Just say no to sex.

[MobileTatsu-NJG]

"ALL teens have sexual urges, but only a handful of nutcases have the urge to shoot their classmates."

On an unrelated topic: This is why sex on TV/Video games gets more attention than violence.

Re:Yawn...Just say no to sex.

Stop with the metaphors, everyone. It's like taking a potato and making it sing.

Re:Yawn...Just say no to sex.

[Locomorto]

Yeah, but your kids only need to do it once, for something to go wrong. When your child say, leaves his room like its been hit by a bombshell, that can be undone. You can't undo pregnancies (and abortion is a rather horrible solution).

Re:Yawn...Just say no to sex.

[Loco+Moped]

You have a swimming pool in your back yard. You can tell your kids not to go in it all you want, but one day, when you're not looking, they will, and when that time comes, wouldn't it be safer if they've been taught how to swim?

That's a nice analogy, but it doesn't fit. Almost every friend I've set up with Firefox, firewalls, anti-virus programs, etc. has, within days, DISABLED those programs and gone back to surfing bareback.

Why? I ask.

Every bogus reason in the book:
"It was too *slow*" (It wasn't)
"I didn't *like* it!" (Won't say why)
"It *messed up my computer*" (How, they can't say).
"The Icons look wrong" (no joke)

Now I just walk away. Why waste my time with bozos when actual work is available for which I'll not only get paid, but get a "thank you" along with the check?

Re:Yawn...Just say no to sex.

[teaX0r]

"Your gun lesson analogy is a bad one. Firing guns is not a natural urge written into our genes." You might NOT be a redneck if...

Re:Yawn...Just say no to sex.

ALL teens have sexual urges, but only a handful of nutcases have the urge to shoot their classmates.

I don't think that's true. Most have probably felt "the urge" to kill someone, but haven't acted on it because the consequences are so enormous.

Re:Yawn...Just say no to sex.

You have a swimming pool in your back yard. You can tell your kids not to go in it all you want, but one day, when you're not looking, they will, and when that time comes, wouldn't it be safer if they've been taught how to swim?

So what are you saying? We should teach our kids how to have sex instead? How many geeks even know how to have sex? First-hand experience? If they wouldn't insist on blocking porn and indecency on the boob-tube, maybe our kids could just watch some late night spice and learn a trick or two.

Anyway, back to your pool analogy... I say just throw the kids in the pool and tell them if they want to live past puberty then they better to learn to swim.

Thanks,
Anon Coward

Re:Yawn...Just say no to sex.

[Mr.+Freeman]

I think an even better analogy would be: A company is installing illegal spyware on your computer, what do you do?

I don't know why the hell we're even discussing abstinence, STDs, and guns. The article doesn't have anything to do with any of those things.

Re:Yawn...Just say no to sex.

[Temsi]

Wrong.
There is no comparison between temporary anger/frustration and the continuous urge that drives the population boom. It's the essence of natural selection. If you're horny, you're more likely to procreate, and thus your gene pool lives on.

Re:Yawn...Just say no to sex.

[mpe]

Firing guns may not be a factor of our genes, but our fight or flight response is. We teach children the concept of self control so that they don't run away all the time like whipped pups, or so they don't go postal on their schoolmates.

This a case of modifying a natural behaviour. Humans generally don't need to "run away like whipped pups", for the simple reason that they are typically high level predators. (Especially in groups.)

I'm just tired of the "you can't teach kids to abstain, so why bother" camp

It's more that you are expecting these people to do something entirely un-natural.

Re:Yawn...Just say no to sex.

[Some_Llama]

""The Icons look wrong" (no joke)"

I have done the same for friends or family, what i do is just re-route the program to the new browser (ie firefox) but keep the icon the same, they dont notice the difference as long as you do some minimal configuration on the browser after install.

Also for other programs I make it so they can't go back (set passwords, change install paths, different user accounts, etc) and they just adapt.. if might be hard at first (everything is) but they get used to it and eventually realize that they aren't having the problems they used to have.

Of course there are always follow up questions but they become less and less and the users begin to understand more and more.. the only time I charge is when someone doesn't (want to) learn and keeps coming back with the "problems", then i see it as a billable service.

They have to! Think of the poor marketers!

[orkysoft]

They have to install it on the computers of people who don't agree to it, because if they only monitored people who agreed to it, it would skew their results, because they'd be using self-selected samples! Think of the marketers!

Re:They have to! Think of the poor marketers!

[Some_Llama]

"Think of the marketers!"

I do!! All the time!! It keeps me motivated as I clean my guns...

Re:Linux

[FLEB]

Just don't let it get too popular.

Skew them !

Download their software onto a 'tame' computer, and use it to browse 'interesting' sites.

Who would have thought that people who regularly view Ford's web site also like Goats ?

Your best bet

[Slur]

To be frank, the only software that will ultimately protect you is another operating system. Windows is fundamentally broken. Switch to Linux - or better yet, Mac OS X - and you will not only have a better internet experience, you'll have a better desktop experience overall.

Re:Your best bet

[the_humeister]

Indeed. That's why I use Minix as my operating system, vi as my word processor, and links as my web browser. Come and get me, you bastards!!!

Re:Your best bet

[HRbnjR]

To be really frank... these problems are all driven by money. As long as your computing interests and operating system are in the hands of a for-profit company, there is a good chance that at some point they will make choices which are better for their bottom line, rather than for providing you the best internet/desktop experience. Annoying advertisements, DRM restrictions, etc.

GNU/Linux and Free Software put the ultimate control in the hands of the people. We allow the vendors like RedHat to set our experience, but only for so long as they don't do anything we don't like, else we all leave for some new vendor, taking our software with us. With Mac OS X, you have no such freedoms, should things someday go sour.

Re:Your best bet

[hitmanWilly1337]

Mac and apple in general want to be just like M$. Granted, they deliver a better product (feel free to flame away on this), but they try to control not only your software, but your hardware too. Switch to Linux. I use slack 11 myself, and have never had a problem w/ it.

Talking about OS's is like talking about religeon. Everyone is sure theirs is the best, and they're all wrong.

Re:Your best bet

[budgenator]

you sir are a savage, civilized people use Linux, Vim and w3m!

Re:Your best bet

Dear god, enough already.

Re:Your best bet

[HikingStick]

And if everyone does switch, then it will only be a matter of time before the hucksters change tactics to leverage the new O/S-du-jour...

Re:Your best bet

[DerekLyons]

To be frank, the only software that will ultimately protect you is another operating system. Windows is fundamentally broken. Switch to Linux - or better yet, Mac OS X - and you will not only have a better internet experience, you'll have a better desktop experience overall.

Oh, yes. Not being able to run the MMORPG's of my choice massively improves my internet experience and not being able to run the games I want massively improves my desktop experience.
 
Given the choice between living in a sterile and protected world - or living in a world where I have a broad choice of options.... Well, it's not really a choice is it?

Re:Your best bet

[StikyPad]

I tried both, but neither would recognize SCDA.exe as a valid executable.. whatever that means.

Re:Your best bet

[MobileTatsu-NJG]

"Switch to Linux - or better yet, Mac OS X - and you will not only have a better internet experience, you'll have a better desktop experience overall."

Not if you're a gamer.

Oh, and by the way, make sure to keep installing all those security updates no matter which OS you use.

Re:Your best bet

Get me an OS that works with everything and is reasonably secure, and is as easy to use as Windows, and I'll use it. Until then, shut it.

How about instead of insulting my OS of choice, you attempt to get me to switch using methods that aren't designed to make me feel stupid? Of course, you electronically imperialistic, self-righteous fanboys can't seem to come up with stuff like that.

The only reason I've even tried Linux is because my history professor suggested I try it, and he was really nice about it. He didn't say "You're dumb, switch to Linux or you will get hacked" or "Windows is the worst OS ever". He just said "I use Ubuntu on a daily basis. If I can do it, anybody can. It's fun too."

So I tried it. I switched back to Windows primarily because nothing worked with Ubuntu (Nothing I was familiar with anyway), but at least he didn't assert himself as the most righteously awesome computer user ever, like every other Linux fanboy I've ever met.

Re:Your best bet

[Custard]

Both Linux and OS X have numerous unpatched vulnerabilities. I have recently switched to a Etch A Sketch®. There are no reported vulnerabilities and it reboots in seconds.

Re:Your best bet

Yes, it's secure, but there's really no modern office software available for the Etch A Sketch platform. You still have to draw all of the spreadsheet cells yourself, and nobody makes a printer for it any more. Furthermore, game support is notoriously bad. I've heard rumors that somebody got theirs to run Doom, but I never saw any screenshots. :-P

More examples of software Mac users don't have

Hi:

Yet another reason to own a Mac. No, I'm not being a snob, I just think that being able to screw over joe user who wants a computer that functions without hosing him is an entirely reasonable expectation.

Re:More examples of software Mac users don't have

[Goaway]

Macs are just as vulnerable, if not even more so, to this kind of thing. We're lucky we haven't been targeted yet, but if we ever are, it will be just as hellish as on Windows.

Re:More examples of software Mac users don't have

[db32]

1. Users are the larger factor in vulnerability to this type of thing.

2. Mac users are an entirely different type than Windows users

3. Mac users are only interested in buying into the hip and trendy

4. Companies trying to get Mac user money already know this and don't need to study habits

This is works out well because since they aren't being targeted Mac users tend to get uppity about how Macs are the best, thus increasing the hip and trendy value to other potential Mac users and gathering the next generation of Starbucks sippping, one button clicking, iPod listening hipsters willing to spend twice the value of the computer to get the pretty white Mac logo and the trendy points with their hipster friends.

Re:More examples of software Mac users don't have

[toddestan]

It's just another example of a piece of software that could be made for the Mac (or Linux, etc.) that simply wasn't. There is no reason why they couldn't try to trick Mac users into installing the software like they do to the Windows/IE users.

Re:More examples of software Mac users don't have

[Technician]

Yet another reason to own a Mac.

Snob.. Own a Mac.

Sensible about security.. Own a non-Windows computer.

Smile :-)

Re:More examples of software Mac users don't have

Hi,

> here is no reason why they couldn't try to trick Mac users into installing the software like they do to the Windows/IE users.

I really want to see Angelina Jolie nude, but when I download her pictures, angelinanude.exe won't open?

Mac users don't visit the kind of sites that peddle this malware because these sites and the stuff they offer doesn't work on macs. That means you need a whole new distribution network.

Also: a large proportion of mac users tend to frequent Mac news/rumor sites. One wiff of something like this and it will be plastered all over these sites and the vast majority of mac users will know about it.

If you want to get malware out on macs, you have to do it really quickly or really stealthily.

Im sure it can be done, but if it ever happens, it will require more effort than it's worth financially so it'll be a bragging-rights-only kind of thing.

Re:More examples of software Mac users don't have

[db32]

Moderation
30% Funny
30% Overrated
20% Troll

Wow...I was just joking...guess I touched a nerve of some uppity emo trendsetting hipster Mac users. :)

Re:More examples of software Mac users don't have

[toddestan]

I really want to see Angelina Jolie nude, but when I download her pictures, angelinanude.exe won't open?

Mac users don't visit the kind of sites that peddle this malware because these sites and the stuff they offer doesn't work on macs. That means you need a whole new distribution network.

As I was saying, the only real reason is because they the stuff out there doesn't target the Mac.

Also: a large proportion of mac users tend to frequent Mac news/rumor sites. One wiff of something like this and it will be plastered all over these sites and the vast majority of mac users will know about it.

If you want to get malware out on macs, you have to do it really quickly or really stealthily.

This is the typical slashdot Mac user, which is like the typical slashdot Windows user - a pretty rare breed. You underestimate the number of people who bought a Mac because "They don't get viruses.", or had a Mac foisted on them by friends/relatives who were tired of fixing their Windows boxes. These people don't understand how their Windows install became infected, and how to take basic security measures to prevent infections. These people will be easy pickings for any kind of Mac malware, just like they were easy pickings for Windows malware.

I hope someone takes the lead on this

[erroneus]

I hope that some group or someone special takes the lead on this and not only goes after civil penalties but criminal penalties as well. I was to see someone in control of these decision sent to prison for their decisions to make this happen. I ALSO want to see the programmers and implementers of the methods used here sent to prison for their misdeeds.

I think there is a point that needs to be driven home into our culture that it's NOT okay to do anything for money. Because I believe that at some level we all somehow forgive these people for their tresspasses because their motivation was for profit... and we all understand the need for profit right? No, there are limits to what is acceptable behavior with a profit motive and like HP's spying (which arguably wasn't directly a profit motive but performed by a profit seeking competitive organization) we should not simply dismiss this as yet another "white collar crime" and move on. If people felt like they were risking more than a few hundred thousand of their millions of dollars, they just might think twice before ordering these things be done.

Do you have to deal with the problems?

[Colin+Smith]

Yawn? Don't plug into the net? What arrogant uncaring tripe. What kind of jackass gives that sort of a response? Oh, right, an OS snob Actually it's the sort of response that you get from someone who's constantly asked to fix computers that are repeatedly infested with viruses, spyware and other malware.

Maybe you're 12 and your time's worthless. Mine isn't and I now charge $$$ to fix computers. You don't want to pay? YeeHaw! Go away, fix it yourself then, or find some rather dim student who has nothing better to do.

People have the right to privacy and surf the net unmolested, no matter the OS they use. Awww, how sweet. Welcome to the real world, not the idealised socialist one you have in your head.

Re:Do you have to deal with the problems?

[Score+Whore]

You sound like you lack the social skills necessary to tell people that it consumes too much of your time to fix all your friends computers in such as fashion as to retain them as your friends. Another option you might want to consider is to help them learn to browse safely. In addition to using Solaris and Linux, I also use Windows. For years the full extent of my anti-virus was the web based scan from trend micro once in a while. I never had a problem. It is entirely due to my habits. You should be able to teach similar sorts of things to your friends, strengthen your friendship and give yourself more time to do fun things.

Re:Do you have to deal with the problems?

[jlarocco]

You sound like you lack the social skills necessary to tell people that it consumes too much of your time to fix all your friends computers in such as fashion as to retain them as your friends.

Real friends don't expect you to do work for them. If that offends them, good riddance.

You should be able to teach similar sorts of things to your friends, strengthen your friendship and give yourself more time to do fun things.

Yes, but it's not my responsibility, nor is it a way I want to spend my free time. There are much more fun ways to strengthen friendships that don't involve one person doing work for free.

As far as I'm concerned, my help stops after I tell them to run Debian.

Re:Do you have to deal with the problems?

[Steppman2]

Is this some kind of bad Nick Burns impersonation?

Re:Do you have to deal with the problems?

[Score+Whore]

Selfish much? Like I said, "...you lack the social skills..."

Re:Do you have to deal with the problems?

[jlarocco]

Selfish much? Like I said, "...you lack the social skills..."

When it comes to this: very. Life's too short to spend it doing other people's work for free.

And it's not a lack of social skills. I just don't hang out with people who want me to be their bitch. I don't hang out with them to get free stuff from them, so why should I be expected to provide free services to them? That's not what friendship is about.

I might feel differently if they wanted coding done (my actual job, which I enjoy), or if cleaning shit out of Windows machines was fun or rewarding, but they don't, and it's not.

Re:Do you have to deal with the problems?

Isn't part of friendship something like, 'you scratch my back, i'll scratch yours'? Like cooperating? (somehjow I feel like these are alien concepts to you).

Doing stuff for other people doesn't make you 'their bitch', it's just about being nice. And if you don't get anything in return, then fine, that person has turned out to be a bad friend. You live and learn. In addition, if the things you do for other people is only stuff you enjoy (ie, you're really only doing it for yourself), then you're the bad friend.

So yes, it a lack of social skills.

Re:Do you have to deal with the problems?

[Ngarrang]

I am someone who is paid to fix these sort of problems. And while I appreciate the users keeping me busy and in steady employment, this problem falls squarely on the shoulders of the evil doers (spammers, spyware programmers, Colin Smith, etc) for taking advantage of people. Now, given that the world is a dangerous place, people do need to learn how to surf more carefully. I taught my wife my own methods of surfing safe and the computers at my home have been virus and spyware free for 8 years. They are both Windows systems. The DOS system has been virus and spyware free for 15 years.

Re:Do you have to deal with the problems?

[Fred_A]

You should be able to teach similar sorts of things to your friends

From what I've seen most people don't care enough to be bothered to learn about these things. It's computers, it's complicated, they don't care. If you try to explain it to them they just wave you away. When it slows down, it means it's broken so they get a new one.

Re:Do you have to deal with the problems?

You do favours for your friends and work for your customers. Since you consider your friends to be customers I seriously doubt your relationships are based on any kind of solid foundation. Get some social skills, get a life and if you have no time to do your friends favours you'll be able to tell them that nicely instead of acting like a jackass and refusing to give them even the most basic of pointers.

Re:Do you have to deal with the problems?

[jlarocco]

You do favours for your friends and work for your customers. Since you consider your friends to be customers I seriously doubt your relationships are based on any kind of solid foundation. Get some social skills, get a life and if you have no time to do your friends favours you'll be able to tell them that nicely instead of acting like a jackass and refusing to give them even the most basic of pointers.

Did you miss the part where I said "I suggest they use Debian"? I'd help them with that. If they want to stick with Windows, they're on their own.

Oh, and another thing: There's nothing wrong with my social skills. I'm not here to get lectured on my "social skills" from some anonymous coward asshat with a condescending attitude. Try to stay on topic, maybe?

Re:Do you have to deal with the problems?

I might feel differently if they wanted coding done (my actual job, which I enjoy)

XML Parsing Error: syntax error
Location: http://jlarocco.net/
Line Number 1, Column 16:
<?xml version="1.1" encoding="utf-8"?>
---------------^

Re:Do you have to deal with the problems?

[jlarocco]

Firefox error.

Re:Do you have to deal with the problems?

[bmo]

"Real friends don't expect you to do work for them. If that offends them, good riddance."

Hear, hear old chap!

It's about time we all stopped subsidizing Microsoft's insecure shitware. If everyone who had Windows had to pay GeekSquad's rates every time a computer died, there would be much more pressure on Microsoft to release something secure. But they don't, because they don't have to.

And seriously, it takes a good whole 12 hours of watching the cleaning software chew through all the data on drives these days and when you're done, you're still not sure you got everything.

Yet some "friends" want us to do it for free or for prices that wind up being about minimum wage when the billable hours are worked out. Sometimes that's ok. Some charity cases are OK in my book, but when the charity case comes back 6 months later with the same old "my computer is slow", one feels like a chump.

So now my line is "I'll do it for free if you let me put Linux on it."

Last Friday, a colleague asked me if his computer was infected because it was slow. I told him it was probably a couple of hundred infections (true). He was wondering if he should give it to me or GeekSquad. I told him GeekSquad will just format and reinstall. I did tell him that while he could pay me to do the same thing at a cheaper rate than GS, I would put Linux on it for free. He's thinking.

--
BMO

Re:Do you have to deal with the problems?

Ah, you're an IE only "coder". Fair enough.

Re:Do you have to deal with the problems?

[jlarocco]

Ah, you're an IE only "coder". Fair enough.

I don't even know what it looks like in IE. I've heard it works okay, but it looks great in Opera, Konqueror, links, lynx and w3m. And it validates as XHTML 1.1 strict. And the mime type is properly set as xhtml.

It's my personal page, so I don't have to code to buggy browsers. If you don't like it, don't waste my bandwidth.

Re:Do you have to deal with the problems?

[jlarocco]

Ah, you're an IE only "coder". Fair enough.

Oh, and making websites isn't "coding".

Re:Do you have to deal with the problems?

[Your+Pal+Dave]

Real friends don't expect you to do work for them. If that offends them, good riddance.

A friend helps you move, a Real friend helps you move the body.

Re:Do you have to deal with the problems?

[pyr3]

Since when does attacking someone win you the argument? Unless you buy into McCarthy-ism then maybe you should settle down and calmly explain your argument.

Maybe you're 12 and your time's worthless. Mine isn't and I now charge $$$ to fix computers. You don't want to pay? YeeHaw! Go away, fix it yourself then, or find some rather dim student who has nothing better to do. You aren't required to fix people's computers. And even if you were, he's not asking you to fix his computer. If people think that you *need* to fix their computer for free, then just tell them to piss off. If they can't do it for themselves, they shouldn't expect you to do it for free, but don't project your anger at technophobes onto other people. I really don't see anywhere in his argument where he said that you should fix people's computers pro-bono. The crux of the argument is that is should be illegal for these companies to put their stuff on the computers of unsuspecting users in the first place. And it *is* illegal insofar as I know. It's just a matter of why the authorities are over-looking the issue. You seem to just be trying to de-rail the conversation into some personal feelings towards people that allow themselves to be infected with 100s of viruses, malware, adware, etc.

Awww, how sweet. Welcome to the real world, not the idealised socialist one you have in your head. Yea, it is the real world. But I also think that people have a right to a childhood without sexual molestation, or a right to life without being murdered for their brand new Nikes in the middle of the street. That doesn't mean that people won't get molested or murdered. To think that you could prevent all such cases is naive. That doesn't prevent us from making laws and punishing those that perform those actions though. Your argument seems to be that users are stupid and these malware companies are 100% justified in taking advantage of stupid people because it is a just punishment for these users wanting you for fix their computers for free. Lots of people don't know much about cars. I'm sure they are ripped off by mechanics all the time. Is that justified because the person was too stupid to maintain their car so that it doesn't breaking down? Is it justified that they pay the mechanic a premium for work that he might knowingly done incorrectly just because they don't know enough to inspect the work for correctness themselves?

if you think this is bad,

you should see what their ComeScore software does!

Re:Live CDs

[EsbenMoseHansen]

Flamebait? Maybe, but I personally think you are on to something there, though it has little to do with linux per se, but rather with that Ubuntu CD. What about it? It's a livecd. Use that, and you *will* be safe from even the most blatant user errors and the most malicious crackers (but not social engineering, sadly). Replace it once a year to be on the safe side.

Now actually, that would make browsing a mite slow. So maybe an install option where everything is mounted read-only? It might work.

This is of course only meant for the "I write email & browse the web" people. But those are the ones most likely to get hit by something like this.

I can't find the repository

[symbolset]

Isn't it sad that poor Windows users have to put up with this nonsense to get a "free" program? It's so much nicer just to click add/remove software and search for the program I want to use. It must be awful not to be able to trust the people who make your software when any one bad program eventually will give away your banking information and you would never know until UPS contacts you to get directions to your Lithuanian address.

Windows users: when you use linux, a program that does just what you need is almost always just a few clicks away, is free, and doesn't have toxic junk like this attached to it. Usually linux comes with your choice of industrial-strength database servers and clients, web servers and scripting languages, a complete software development kit for the whole thing in dozens of programming languages, a choice of office suites and so much more that it's just amazing. One of the nicer things about it is that you can throw out that filing cabinet with the installlation CDs , packaging and license agreements that came with every piece of hardware and software because you just don't need it. You can replace it with a nice japanese fountain and improve your Feng Shui.

Re:I can't find the repository

[flyneye]

Is it necessarily a winblows problem or a browser plug-in/extention problem?

Re:I can't find the repository

While technically it doesn't have to be, 99.99999% of the time it is. Windows just makes it so easy.

Am I the only one who things this article is a bit obvious? I mean it's like having a headline that reads "Fast food chains pump food full of fat" or "Cat licks own butt."

Thanks Dr. Obvious!

Re:I can't find the repository

[Redlazer]

You fail to realize that if Linux was the most popular OS on the internet, it would be having exactly the same problem, only people would be talking down to Linux instead of Windows.

-Red

Re:I can't find the repository

You fail to realize that if Linux was the most popular OS on the internet, it would be having exactly the same problem, only people would be talking down to Linux instead of Windows.

And you fail to realize that most Linux users get nearly all their software from official repositories or respected independant repositories which would never tolerate spyware etc. no matter how much market share Linux had. The reason so much Windows software is spyware infested is because Windows has no equivalent to the Linux repositories so people just download stuff from random websites.

Re:I can't find the repository

[theCoder]

It's not really a Windows technical problem (what comScore did could probably be done on Linux), but more of a Windows culture problem. I don't know about you, but I get nervous when I download source code for a program and run it without looking over the code. I get doubly nervous if I download a binary and run it. Back when I ran Windows (many years ago), I had no problems downloading and running programs from the Internet. If I happen to use Windows today, I still do that (though I'm pretty selective of the sources of the binaries).

Of course, the question is if people migrated en mass to Linux, would they bring their bad Windows habits with them? Probably. Most people don't understand computers and don't really know why running binaries from the Internet is a bad thing. They do it all the time, and really they have no choice since most MS computers have no compilers on them.

Technically, it's possibly to have spyware on Linux. Culturally and socially, it's much less likely.

Client List

[phantomcircuit]

Corporations supporting comScore's actions

• AOL
• Best Buy
• Borders
• CareerBuilder.com
• Clear Channel Communications
• Columbia House
• Digitas
• Discover Financial Services
• Eli Lilly and Company
• Expedia
• ESPN
• Ford Motor Company
• General Mills
• Google
• HP Home & Home Office Store
• Hyatt Corporation
• Interpublic Group
• iVillage
• Johnson and Johnson
• Knight Ridder Digital
• Mattel
• Medscape (Web MD)
• Mercado Libre
• Microsoft
• Monster Worldwide
• NASDAQ
• NAVTEQ
• Nestlé USA
• The Newspaper Association of America
• New York Times Digital
• Office Depot
• OMD Digital
• Orbitz
• Pepsi
• Procter and Gamble
• Starcom IP
• Terra Networks
• Ticketmaster, LLC
• T-Mobile
• Tribune Interactive
• Verizon
• Viacom International
• Washington Mutual
• Yahoo!

Retrieved from http://www.comscore.com/about/clients.asp

Re:Client List

[NewbieProgrammerMan]

That's the most useful information I've seen in all the posts under this article...time for some letters/emails informing their clients that I will be terminating my business with them if they can't tell me they won't be using this advertising firm any more. Whether it will hurt them or not I don't know, but it seems that I can't count on my government to do anything about people like this.

Re:Client List

Yeah. So how are you going to make do without Google, hotshot? go back to Lycos? How about Hotbot?

Re:Client List

Corporations supporting comScore's actions * AOL * Best Buy * Borders * CareerBuilder.com [...] I think that's a bit overreaching. Corporations to apply pressure to get comScore to change their methods might be a little more accurate. I doubt that comScore is being forthcoming to clients that they are using illegal tactics in order to collect this information.

Re:Client List

[dq5+studios]

> Knight Ridder Digital

Oh no! Not KITT!

Re:Client List

[NewbieProgrammerMan]

You know, if it turns out that this firm really is doing something illegal, and Google is still using them, maybe I will find another search engine to use. It's not like web search is a critical part of my life, or that it can only be done using Google's products.

Availability of garbage

[The+Hobo]

I find it sort of funny that whenever I want to find a place to download the garbage mentioned in stories, I can't.. I can only remember Gator letting you go on their website to directly download what it is you wanted.

(For those wondering, sometimes I feel like downloading things just so I can play with it if I wanted to, in a VM for example, where a snapshot can make everything go away)

Re:Availability of garbage

[interiot]

Well, they're a market research company, so they're legitimately interested in avoiding self-selection bias. Anyway, opinionsquare.com and permissionresearch.com are two places you can download the software. In this case though, it's clear that self-selection bias isn't the only concern... they almost completely avoid mentioning their connection with comScore (though if you click on the WebTrust / Earnst&Youngthing in the bottom corner, and then click on "Audit Report and Management's Assertions", you can see they're connected).

They don't do it

[wytcld]

They commission third parties to do it. That's plausible deniability.

Enticing a third party to commit a crime should carry heavier penalties than doing the crime yourself. Especially when as in this case multiple third parties are enticed.

And comShare is receiving stolen property - property stolen only because they offered to buy it. But do we need new law in this area to properly jail these fuckers?

Re:They don't do it

[mpe]

Enticing a third party to commit a crime should carry heavier penalties than doing the crime yourself. Especially when as in this case multiple third parties are enticed.

Problem is that enforcement of criminal law against "corporate people" is just lacking. It's not as if you'd really need any new laws, "conspiring to commit criminal acts" already covers this kind of situation.

MOD UP

[shenanigans]

.. that is some pretty important information.

It's the stupidity, stupid.

[rudy_wayne]

from the article:
"Two years ago, university IT managers busted comScore for tricking students into installing tracking software packaged with a free Web-accelerator program."

Why are university students downloading a "Web-accelerator program"? Because they're too stupid to know that these programs are worthless bullshit. Once again, we see that the biggest problem is not viruses or "spyware" -- it's user stupidity.

Re:It's the stupidity, stupid.

[hitmanWilly1337]

PEBKAC
But seriously, isnt that the same as saying "She was asking for it?"

Re:It's the stupidity, stupid.

[LordLucless]

Not always. I've never used any of the latest generation, but way back in my dial-up days, I used to have a web accelerator that actually provided some benefit. What it did was skim a webpage for links, and load those links up in the cache, so when I clicked on one, I got an instant response from the cache rather than having to wait for my connection to do the work. It took advantage of the fact that when browsing the web, your modem was generally idle while you were reading. These days, with broadband reducing the time lag significantly, with the huge number of links generally on each page, and with people often downloading/torrenting in the background, that sort of accelerator probably wouldn't be as helpful.

Re:It's the stupidity, stupid.

And Opera used to (still do?) provide one that recompressed images to smaller sizes. Most web accelerators were crap, but some really did help.

Re:It's the stupidity, stupid.

[LordLucless]

How did that work? The accelerator would still have to fetch the image before it recompressed it, unless it proxied all images through Opera's server, or something.

Re:It's the stupidity, stupid.

[toddestan]

AOL used to do it, maybe they still do. The only way for it to work is to have your ISP support it by recompressing the images on their end.

news?

[Nikademus]

How is that news? I mean spyware is a part of windows and is even installed stock from windows 2000 and upwards. This is just yet another spyware company.

Links?

[SkiifGeek]

It hasn't received much coverage (it was only made public a couple of weeks ago), but there is an exploitable buffer overflow vulnerability that affects Links. Technically, it affects the libpng library that Links links against, but the exploit / vulnerability development was focussing on Links as the vector to achieved the buffer overflow.

Re:Links?

[budgenator]

Lynx is a text mode web browser, so it is unlikely to be affected by an overflow in a graphics library.

Re:Links?

[Svenne]

Why are you talking about lynx?

Re:Links?

[Srdjant]

$ ldd `which links` | grep png

Links links with the png library.

Re:Links?

[the_humeister]

Here's what I got:

                linux-gate.so.1 => (0xb7f33000)
                libdl.so.2 => /lib/tls/libdl.so.2 (0xb7f26000)
                libgpm.so.1 => /usr/lib/libgpm.so.1 (0xb7f20000)
                libc.so.6 => /lib/tls/libc.so.6 (0xb7dee000) /lib/ld-linux.so.2 (0xb7f34000)
                libncurses.so.5 => /lib/libncurses.so.5 (0xb7dad000)

Re:Links?

[budgenator]

GGP said "indeed. That's why I use Minix as my operating system, vi as my word processor, and links as my web browser. Come and get me, you bastards!!!" and I didn't even know there was a text browser named links until I whatis'ed it seconds ago and assumed he meant lynx

Re:Links?

[Srdjant]

ldd /usr/bin/lynx
                linux-gate.so.1 => (0xffffe000)
                libz.so.1 => /usr/lib/libz.so.1 (0xb7ed8000)
                libbz2.so.1.0 => /lib/libbz2.so.1.0 (0xb7ec8000)
                libncurses.so.5 => /lib/libncurses.so.5 (0xb7e89000)
                libssl.so.0 => /usr/lib/libssl.so.0 (0xb7e58000)
                libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0xb7d54000)
                libc.so.6 => /lib/tls/libc.so.6 (0xb7c38000)
                libgpm.so.1 => /lib/libgpm.so.1 (0xb7c32000)
                libdl.so.2 => /lib/tls/libdl.so.2 (0xb7c2d000) /lib/ld-linux.so.2 (0xb7f10000)

So I suspect your links is a symlink to lynx. Links links with the math library, while lynx does not. It seems unlikely that math lib is stripped out of links.

Re:Links?

[the_humeister]

I'm using Debian and got both via apt-get. They're definitely separate binaries.

ldd `which lynx`

                linux-gate.so.1 => (0xb7ef3000)
                libbz2.so.1.0 => /lib/libbz2.so.1.0 (0xb7eda000)
                libncursesw.so.5 => /lib/libncursesw.so.5 (0xb7e8e000)
                libgnutls-extra.so.13 => /usr/lib/libgnutls-extra.so.13 (0xb7e80000)
                libgnutls-openssl.so.13 => /usr/lib/libgnutls-openssl.so.13 (0xb7e75000)
                libgnutls.so.13 => /usr/lib/libgnutls.so.13 (0xb7e07000)
                libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7dd8000)
                libc.so.6 => /lib/tls/libc.so.6 (0xb7ca6000)
                libz.so.1 => /usr/lib/libz.so.1 (0xb7c92000)
                libdl.so.2 => /lib/tls/libdl.so.2 (0xb7c8e000)
                libopencdk.so.8 => /usr/lib/libopencdk.so.8 (0xb7c6e000)
                libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7c1d000)
                libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7c18000)
                liblzo.so.1 => /usr/lib/liblzo.so.1 (0xb7bfb000)
                libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7be8000) /lib/ld-linux.so.2 (0xb7ef4000)
                libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7bd2000)

ldd `which links`

                linux-gate.so.1 => (0xb7f51000)
                libdl.so.2 => /lib/tls/libdl.so.2 (0xb7f44000)
                libgpm.so.1 => /usr/lib/libgpm.so.1 (0xb7f3e000)
                libc.so.6 => /lib/tls/libc.so.6 (0xb7e0c000) /lib/ld-linux.so.2 (0xb7f52000)
                libncurses.so.5 => /lib/libncurses.so.5 (0xb7dcb000)

Bandwidth

I did not the RTFA, nor do I plan to RTFA, but did anyone else see the screenshot of every page part and their first though was, Dam that gotta be a hell lot of bandwidth. And how many employees did they fire for working and looking at Pron? (think about it for a second)

Does this effect me?

I use Linux, does this effect me?

Of course it doesn't dumb ass!!

route reject

If you don't have a proper firewall you could blackhole the route to the offending place.

On Linux: route add -net the_offending_ip_or_network netmask netmask_of_the_network_or_host reject
(On Solaris route add -reject network/netmask some_gateway)

Friends helping friends (Re:Yawn...)

[rhyre417]

I think about Windows as being similar to people who smoke unfiltered cigarettes. They'll just kill you quicker than the other kinds. And, when you can do it, abstinence is the only foolproof way - just don't visit that web site unless you know what it has inside.
They know that Windows-only computing is risky to their computer's health, compared to other platforms. If they don't see that, consider your role as their friend. Don't you have an obligation to not enable their risk taking and self-destructive behaviors, and intervene?
Show them some Apple commercials, take them to an Apple store, and show them the stuff you do on your Macintosh or Linux system. Also show them Firefox, Noscript (controls javascript), and Little snitch (which monitors outgoing internet connections and allows you to opt-in for the ones you want).

Yawn...Just say no to wisdom.

So in other words you can outgrow wisdom.

Yawn...Just say no to consequences.

"Oh, and I suppose you're going to say..." If I didn't say it, then don't assume I said it. I'll make a deal with all the people saying "It's OK because we can't help ourselves". I'll take responsability for the consequences of my advice to others, if all of you will accept the financial responsability for your advice. For example if someone's son gets AIDS because his "It's better than an air gap and two layers of clothing" condom breaks. Or someone's daughter gets pregnant because their "chemicals! best invention ever" fails and they have to pay for an abortion (fraught with it's own risks, and let's not mention the mental trauma.), or have to arrange an adoption (and all that goes with it). Something tells me your side will never accept the consequences (financial or otherwise), while those who preach adstinence will have to foot your bill for decades to come.

Re:Yawn...Just say no to consequences.

One question, why do you believe so strongly in abstinence?

Re:Yawn...Just say no to consequences.

Because he can't get any.

Re:Sad news ... Augusto Pinochet, dead at 91

[MobileTatsu-NJG]

I just heard some sad news on talk radio - Former Chilean dictator Augusto Pinochet was found dead in his Santiago home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an Chilean icon.

Heh. This is the first time I read about some famous person dying... and it turned out to be true!

Why doesn't it inform you?

[Christopher_Edwardz]

If comScore isn't being devious or underhanded, why don't they have a clear install/operation routine that warns you every time you fire up a web-browser session?

All it would take is a box, perhaps giving you an opt-out for that session or simply just recording URLs. This would still provide accurate and interesting data. Especially in the latter.

Then the marketing droids would see which kinds of information people didn't want them to track.

I'm guessing they chose the spyware/malware route (which I see this software as) because they realized the obvious: who, in their right minds, would allow all their web surfing habits to go to someone else?

Additionally, how long do you think it is going to take for someone to alter the URL/IP in the software to send that data to another proxy? How long would it take any non-very-technical user to figure out this had been done?

Yawn...Just say no to monkeys.

"I'm just tired of the "you can't teach kids to abstain, so why bother" camp. You'll find that, most of the time, kids will rise to the level of expectations placed upon them."

You can thank darwinism for that. If we're descended from monkeys, then that's as high as we have to reach. If you've ever seen monkeys they'll do sex at the drop of a hat with everyone looking on. Marriage? Nope. Top monkey has his back turned? Go for it.

Yawn...Just say no to peer pressure.

Why can't you wait till marriage? Peer pressure?

Re:Yawn...Just say no to peer pressure.

[poopdeville]

Because I'm horny, and while I know there are very real risks, I know they can be mitigated.

Re:Yawn...Just say no to peer pressure.

Why can't you wait till marriage? Peer pressure?

Why assume marriage is for everyone in the first place? Only a fool would claim that there's a "one size fits all" food, job, sport, hobby, etc.

No reason to be worried !

[Mr+Europe]

Don't be alarmed ! It affects only Windows.

We Linux users are safe.

Flamebait

[nozzo]

huh? How's what I said in any way flamebait?
I've been using Windows since 3.1 and after many iterations I wrote my thoughts about a switch to a Linux distribution and got called flamebait - huh. Seems like thos MS fan-boys are taking over this board.
I think I've had it with MS and their crowd - the asking price for Vista is wayyyyyy beyond what I'm prepared to pay for an OS. XP left a hole in my wallet but VIsta is just beyond the pale, I'll not be donating any more to Bill's retirement fund.

  calling me flamebait

Re:It's the stupidity, stupid. -- Arrogant ass.

1) I may be mistaken, but AFAIK there is a large difference between "stupid" and "not knowing".

A "not knowing" person needs to be educated (just like you needed to learn not to put your finger into that candle-flame). Only people that do something that they are warned for and than suffer the consequences can be called "stupid".

2) People have to decide, on meager information, if they want to trust someones word (or appearance) or not. You do the same every time you buy your food : you do not expect the store to put some addictive adjectives (let alone poison) into it.

3) Now the funny part of this all : The people that do realize that any-and-all software to be obtained can contain malware (embedded, or installed at the same time), and as a result refuse to install/run any software of unknown origin are looked funny at, even by the likes of "non-stupid" people.

They, after all, are not stupid : they have bought-and-installed at least one virus-scanner and a firewall (next to the one XP allready offered, as that one "does not work to well"), and than trust those measures to work. Oh yeah : they grab themselves the newest MS fixes like its a religion.

In other words : they have been conned into feeling safe, because some company told them that their products would keep them safe. Products they mostly do not know more about than those "download me, I'm a free game!" ones.

As a "thank you" that trustworthy company (MS) has conned you (by simple obsfucation : You could have known, if you would have read everything they did show you. Which you did not, as you trusted them) into installing that WGA application (which is a piece of spyware to say the least).

Who is laughing now ? You as a twice-warned "non-stupid" person, or all those "stupid persons" that are looking at a defeated "expert" ?

Yawn...Just say no to gambling.

So in other words you want to gamble with your life, instead of taking a safer route. Fine. Are you willing to assume ALL of the the responsabilities if you gamble and lose? All the things I've mentioned can be expensive, and ongoing (for the rest of your life). Is a brief moment of sex really worth all that? I do hope you make better decisions in other aspects of your life, than what's so far being demonstrated in this one.

Re:Yawn...Just say no to gambling.

[poopdeville]

Wow, I haven't met an overbearing Christian since I got out of high school. I almost fell for the troll aspect of your post.

Life is full of risks. To paraphrase Benjamin Franklin, those who give up an important freedom for temporary safety deserve neither. Marriage is not the solution to the problems you raised. Effective birth control is. Indeed, many married couples don't want to have children.

Yes. I do want to gamble with my life. I do it every day. I shudder to think how boring a life I would have if I didn't.

So they're worthy...

[KlausBreuer]

...of the first thing I read when I looked at the heading, bone-tired: cumSore.
Mhm.

I read this myth a lot

[symbolset]

It isn't true.

Most servers on the Internet run Linux. Problems are rare.

Linux is not the most common desktop platform but it is not the least common either. It's more popular than Mac OS-X.

Linux is not a monolithic platform. Each distro has quirks that distinguish it and those quirks make it harder to build spyware that works on every linux box. Boxes where the software fails spectacularly become red flags that alert people to the presence of malware, as developers attempt to figure out why it failed.

Many novices are running linux now with no problems. Some default configurations leave little to attack - no remote services listening for example, no software installation unless you've been prompted, etc.

It's hard to hide the kind of junk referred to in TFA into the source code. You might get it accepted to someone's project or repository, but when word got out their project or repository would become instantly unpopular, so I imagine they check pretty thoroughly.

In comparison, in the Windows environment creeps can and do hide anything they want behind "Close this dialog box? Yes / Accept / OK." It takes articles like this or extreme hackers to find out that a major corporation has been installing rootkits in millions of PC's. There have been so many of these articles that one has to wonder exactly how many Windows boxes aren't compromised yet. Because you don't get the source code with anything, you're not suspicious about what they're hiding from you.

Re:I read this myth a lot

[interiot]

Absolutely. Hackers like computers that are connected 24/7, because they're useful as a platform for spamming and botnets. Before cable modems and DSL came along, hackers did target unix and linux boxes, but they weren't as successful... botnets and spamming from compromised machines wasn't nearly as frequent back then. Once a bunch of home computers started showing up on cable modems and DSL, then botnets really got going. It's not true at all that Linux wasn't targeted.

Re:I read this myth a lot

[Redlazer]

I do agree - and you have to realize that im not some "ZOMGMICROSOFTRULEZ" type of guy - im not.

I just dont think that the other two OS'es (Mac and Linux) are as immune as everyone thinks. Where there is a will, there is a way. Im confident that given enough time and talent, someone at some point would design a rootkit/spyware/adware for Linux that broke all the rules.

Im not saying it wouldnt be harder, or involve some bizarre weakness which would soon be patched, but how would that be any different from Windows?

The repositories are a very strong point for Linux, yes. But there are a few of them that exist out there for Windows - downloads.com comes to mind, as a (pretty) safe place to grab downloads, unless i misunderstand your meaning.

In short, Linux is great, for now. With the intelligent people behind the wheel, Linux is a bastion of defensable land on par with a castle. But as soon as you get Joe Average behind the wheel, everything changes.

-Red

What quirks in Linux?

[sowth]

Each distro has quirks that distinguish it and those quirks make it harder to build spyware that works on every linux box.

What kind of crap fud is everyone spreading here? It would be difficult to create spyware which embeds itself into the system without root access certainly. There are no "quirks" in the system which would make it difficult to build a binary (or source code) for every distro. The only incompatibilities would be if a different processor was used (say arm or powerpc or motorola's 68000 or whatever) or if they used some sort of incompatible kernel or libc...anyone do this? I haven't seen any distros mod the kernel or glibc or use anything other than the Linux kernel and GNU libc--though I think Debian also supports the Hurd (others?) and if there are any embedded distros (haven't looked) they probably use a smaller libc.

Unless you are talking about the script kiddies who write projects and include a thousand obscure lib deps and no download option to just get the program staticly linked with the unusual ones. Libc, libjpeg, libpng, etc are fine, but weird programming languages, ultra specialized libs, and such should really be included in the package. Maybe your distro may have them, but for everyone else it will be a pain in the ass. Must be them Debian dudes who can just type apt-get and they have access to every library known to man. ;-)

The only other potential quirks are when developers don't include the correct header file(s), which is a developer mistake, not the distro's. They should go with the man page or other offical docs.

Any jack off can easily write a spyware binary which only needs libc (or even makes direct kernel syscalls) and it will work on any distro, assuming you didn't compile it with the latest bleeding edge libc and theirs is a lower version. You wouldn't expect a program made for WinXP to run on Win95. Would you? If any libraries are needed, they just have to staticly link them. No "quirks" involved.

No offense intended, but it irritates me so many are saying this. It simply is not true.

Ha! Privacy Crusader

[adageable]

Just browsing slashdot for this article, I see an ad for Privacy Crusader hosted on slashdot, which gets a less than glowing review from McAfee Site Crusader (http://www.siteadvisor.com/sites/privacycrusader. com).

Forget meta-moderation... all is not well in the state of Denmark...

Truth is, you really can't trust anyone.