Slashdot Mirror
Interview With an Adware Author
rye writes in to recommend a Sherri Davidoff interview with Matt Knox, a talented Ruby instructor and coder, who talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for surreptitiously installing adware on millions of computers.) "So we've progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that's encrypted — really more just obfuscated — to an executable that doesn't even run as an executable. It runs merely as a series of threads. ... There was one further step that we were going to take but didn't end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. ... It amounted to a distributed code war on a 4-10 million-node network."
That the people who makes IT Guys lives difficult and annoying are indeed IT guys.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
No wonder why it was impossible to remove. My Windows 2000 machine is most probably infected and will probably stay infected until I just reload windows from scratch. Maybe even that won't get rid of the adware.
You can only be young once. But you can always be immature.
Some serial killer goes and and murders dozens of innocent people; and we reward him with veneration, books written about him, endless press coverage, etc. Scumbags don't deserve our respect, our veneration, or polite treatment.
SJW: Someone who has run out of real oppression, and has to fake it.
It was funny. It really showed me the power of gradualism. It's hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.
It reminds me of the movie Permanent Midnight , where Ben Stiller starts out the movie smoking weed and at the end is hooked on crack.
It's probably Ben Stiller's best work, by the way.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
It would be a damn shame if something bad happened to this guy.
It's a series of threads.
Times change. In order for this to continue to be a factor, we need to make sure that occasionally, someone *does* show up on a doorstep and club someone over the head.
I suggest we start with people who have kidded themselves that the abusive software they've written does not make them a villain.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I am now more convinced than ever that it is impossible to secure Windows.
...his skills to slide past security and override their computer systems may be the last hope of mankind.
Unless the aliens AREN'T running Windows.
How would one get a program to run without executing it? Dr. Evil's 'series of threads' load itself into the ram space of an already running program, or what?
Also, is this the guy who wrote Virtumundo? That thing was so fucked it required its own remover.. spybot alone couldn't get it. Fuck that fucking thing fucking stole so much of my fucking time..
I'm seeing comments and tags using words like "scumbag". Well, I actually RTFA, and this guy doesn't seem to be a complete jerk.
According to him, the adware he wrote did not crack into your system using exploits, and when you ran the uninstaller it would go away and never come back. Also, according to him, it didn't scan for really personal information like credit card numbers.
I'm not about to start a fan club for him, but I don't hate him either.
I was interested in the technical stuff. His software would find other adware on a system and kick the other adware off; it was also designed to be very difficult for other adware to kick off.
The best single exchange in the interview:
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
This sounds like a task for the super friends! Talk about being scared straight... lulz.
I am certain that a truck would run better.
[sig]
I think the Windows programming model is at fault for much of the obfusciation tactics used by malware. Entire classes of exploits have arisen due entirely to the complexities and obscurities of the interface. Modern anti-malware tactics have to monitor many different parts of the operating system, and in some cases due to architectural constraints the methods of doing so can make the entire operating system unstable. Not only that, but race conditions and the use of special trap conditions/exception handling can make safely disabling malware a frustrating experience. Even professionally designed applications can sometimes tank the Operating System. Trying disabling Symantec Anti-virus on an XP system without a reboot, for example, and then doing a reinstall of it remotely. In the field, I saw failure rates of about 6% for SAV10. On a hundred thousand systems, let's just say I was not happy on that deployment! Killing malware is even more risky.
Windows is layers upon layers of earlier APIs that cannot be removed due to "backwards compatibility" concerns. I have some limited exposure to the .NET framework, and it has perhaps a half-dozen APIs for threading, and the documentation is riddled with exposed interfaces that have the note "Do not use. Not safe. bullet in the brain pan squish" in it. Over a third of the API is already depreciated (as far as I can tell), and there is an ever-shifting set of best practices standards. I can only imagine the hell a proper programmer endures in developing truly complex applications for .NET -- all I was doing was a few WMI calls and a database interface and I still crashed the kernel many times trying to figure out what to trap -- in many cases, error handling is mostly about creating a catch-all and then trying to break your code to see what is generated and then guessing what to trap accordingly. With an interface this complicated and unstable, it will always be a cat and mouse game between the white and black hats on this architecture, a game predicated on undocumented interfaces, obscurity, and deep knowledge of layers of the operating system that interact in unpredictable ways.
Compare this to linux, where the interfaces haven't changed that much, and when they do, depreciated means "We're going to remove this in a year or so and we mean it." Open source has one huge advantage here -- if it's not maintained, it ceases to be relevant and there's no 20 year old code lurking about in an unused API long forgotten. At least not nearly to the degree Windows has it. If you ask me, Microsoft is complicit in allowing malware to exist because they are unwilling to modernize Windows. They need to start over from scratch on their codebase and have a good hard think about what those APIs and interfaces are going to look like and then stick to it. Or at the very least, they could start by documenting these interfaces and releasing some code so we can be more confident that our hooks into their black-boxed APIs won't tear the operating system's heart out...
#fuckbeta #iamslashdot #dicemustdie
As an Out-sourced IT consultant I don't forget. I thank them.
Thirty percent of my work comes from people who don't know what they are doing. Thee other 70% comes from me learning what they screwed up, where they dropped the ball and where I can fix it, at double the rate in 1/2 the time. Everyone wins.
This is quite possibly one of the best interviews I've read, ever. Definitely read the article.
Theoretically, I'm not opposed to ad-supported programs. If someone is willing to put up with an advertisement in order to use a program for free, go ahead and let them. It's worked for television, radios, and web sites for quite a while (Tivos and Ad-Block aside).
The problem, obviously, is when uninstalling the adware becomes a major hassle. For example, the author described in the interview how you would have to download a special uninstaller from the net, fill out a survey, and allow them to keep a registry key installed permanently. That is bullshit. Uninstalling shouldn't force any remains of the program to be left behind, period. Yes, in this situation it prevents unintentional (or intentional) reinstalls, but that wouldn't be an issue if adware didn't rely on drive-by downloads and was more upfront in what was being installed with the main program.
To maintain some sense of legitimacy, uninstalling shouldn't be more complicated than a few clicks from using the Add/Remove Programs dialog, and not leave behind any of the program's code.
From the article:
Um, no. Unconscionability is a pretty ancient principle of contract law. People joke about signing away their first-born child in an unread EULA, but they understand that it's a joke: that term would never be enforced by a court, because allowing contracts of adhesion (like EULAs) signed by non-lawyers in casual circumstances to extract those kinds of concessions from the parties would result in the complete breakdown of society.
So when this guy (and his bosses) talk about how there was "no law around this", they're not fooling anyone, least of all themselves. If I buy a bus ticket and on the back there's some fine print stating that by riding the bus I've agreed to let the driver break into my house and take anything he wants, guess where the bus driver ends up if he tried to exercise his contractual "rights"? In prison. Which is where this guy belongs.
The real "Libtards" are the Libertarians!
To get that oh-so-useful uninstaller you had to go to a website, answer a survey, and only then could you download it. If they genuinely wanted to make it easy, they would have put it in Add/Remove Programs, and stuck their survey in there.
I don't know about you, but after getting sketchy software on my machine, the LAST thing I want to do is go to some random website and download even MORE crap. I wouldn't trust that download one bit.
And the bit about "it was also designed to be very difficult for other adware to kick off" is complete hand-waving B.S. It was designed to be very difficult for anti-virus packages and anti-spyware packages too. In fact, anti-malware packages were probably the primary target of the persistence code.
And their distributors were complete scum that Direct Revenue did very little to police. Yeah, they suspended any that were complained about (if the hapless users even had any clue how they got the software), but those rogue distributors would just sign up under a new name.
I can't believe he thought this job was a "net positive" simply because he wiped out the other guys' malware more than he installed. That just means he is a very sneaky coder... That's like a embezzeling salesman saying he was a "net positive" because he generated more profits than he stole. It may be true, but it doesn't make him any less of a scumbag.
SirWired
so let's educate some of you:
we capture someone like frank abagnale, and we go all sharia law on him, as a lot of you propose, and leave him as a bloody stump
then what?
well, there are other frank abagnales out there. how do we detect them and capture them? well, the frank abagnale you just beat to a pulp: he would have made a good tool to do that, ya think?
luckily, in real life, this is exactly what the feds and the banks did. in real life, you capture and use highly intelligent crooks to... drum roll please... capture more highly intelligent crooks. get it?
law enforcement is hard grinding work, it doesn't happen like "death wish" or "dirty harry". i know in some of your justice league of america fantasy lives, delivering justice with a fist and a gun is the way to go. but we'd like to talk about reality, ok?
so to review:
1. we can have justice your way, and beat adware authors to a pulp, or
2. we can have smart justice, and listen carefully to mr. adware author's words, and use those words to catch more adware authors
get it? see the difference? do you want to pursue justice? or do you want to beat people up?
these are mutually exclusive activities, despite your dimwitted fantasy lives
now go crawl back under your rocks mouth breathers. nobody who is actually going to catch and punish cybercriminals in this world is going to think like you do
even the most vile amoral serial killer is useful to keep alive and listen to. simply for matters of brain analysis and psychological study. or, we could put a bullet in his head, scrambling the abnormal brains, and having nothing useful to catch more vile amoral serial killers
dumb violent justice leaves a dumb violent society that knows nothing about the smart and truly vicious criminals in their midst
smart justice is about studying smart criminals, and using them against each other
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
A more fitting title for the article.
Just for fun, consider the following actions a Unitary Programmer might do to your machine. Where would you rate them on the $SCOUNDREL scale, and why?
Playing "CoreWars" is tricky business, and people with even a dim sense of ethics are loathe to try it. But there's one case where none of the above actions are ethically questionable: When the machine's owner does it themselves.
I think the adware author lost sight of that for a while...
Schwab
Editor, A1-AAA AmeriCaptions
"Deprecated function: char * gets (char *s). ... The gets function is very dangerous because it provides no protection against overflowing the string s. The GNU library includes it for compatibility only. You should always use fgets or getline instead."
I'm pretty sure I remember "gets" being deprecated more than 20 years ago, so what exactly does "and we mean it" mean?
Spyware, adware, viruses and other sh1t? There fixed it for you.
Disclaimer: I am not affiliated with this company in any way. Just a happy customer.
Stories like this make me think the profession should have some sort of written code of ethics. This guy violated the profession's ethics and should be barred from practicing in the future.
As it is, all we can do is call him a scumbag
Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.
What about those that use color of law? It's not terribly surprising that the FBI only receives about 200 complaints of color-of-law, and doesn't investigate, much less prosecute, a single one.
Simply being a police officer offers enormous immunity from the general public accusing you of crimes, and further means that most of your fellow officers won't "rat" on you (instead of being disgusted at your behavior and bringing disrepute to the supposed "profession.")
Please help metamoderate.
Wow, all this encrypting, threading, random names, registry keys... sounds like really exciting software. Where do I download it?
I sometimes wonder if there is a way to estimate aggregate "harm" caused by a widely distributed crime. Is it the same to steal 1 minute of time from 1 million people with an automated telemarketing robocall as it is to lock 1 guy in your basement for 2 years (1 million minutes)?
None of them can see the clouds; The polished wings don't care.
My win98 machine just crashed trying to read slashdot, can someone tell me how to fix it?
Guy sounds like a sociopath, which makes the serial killer comparison someone else made more apt (all serial killers I'm aware of are sociopaths). Basically means he can't empathize with others, he thinks he's the only person in the world who's important. This also leads to an attitude of "I can do no wrong."
The funny thing is I bet, like others of this type, if someone wronged him in the same way he wronged others he'd be shouting and screaming and completely enraged at how this person could possibly be so mean.
I have basically no sympathy for people like this. Since they can't/won't care about how others feel, only how they feel, then when they pull shit like this I believe we should come down on them hard. Make it so they'll behave themselves because they fear the consequences, since they are not willing to do so out of kindness.
to an executable that doesn't even run as an executable. It runs merely as a series of threads. ... There was one further step that we were going to take but didn't end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers.
That's really nifty... Now, from the other perspective, without knowledge of the program, how can one detect such a thing on your own system? I'm thinking something like System Safety Monitor might catch it in the act, but I wonder if there's a simple way to list these remote threads...
Was it sued by Spitzer the man, or some other entity of which Spitzer was a part?
Thought so.
you had me at #!
This guy is a clear example of a sociopath. He doesn't give a damn about anyone else but himself, and doesn't have one thought about if his actions will cause harm to other people computers. This is the guy that has wasted my time over the years fixing my relatives computers. What a sleazeball.
Im sure glad he enamored himself to you, but this guy wrote nail.exe/aurora spyware. That piece of shit caused me more headaches than all the rest of the spyware I've had to deal with _combined_.
If there was one person who deserves furious vengence its that guy. And he has the nerve to smile about it, to blame the users??? FUCK MATT KNOX!!!
at least now we have a name...
As a potential lottery winner, I totally support tax cuts for the wealthy
DeNiro was funny but that chick should have been kicked to the curb post-haste, along with her crazy fucking family.
You better watch out, there may be dogs about . .
Just because you experience sexism as a female in IT, doesn't mean you have to adopt the same attitudes towards your male counterparts and perpetuate the cycle.
You better watch out, there may be dogs about . .
Not bad, in fact.
Maybe the "victims" would have been much worse off without his software, getting/keeping all the other crap.
No one is seriously suggesting violence, get a clue. Also meaningful penalties and cooperation are not mutually exclusive. For the millions of dollars of damages his spyware caused he should have been sentenced to say 40 years, with 20 years off for cooperation (from jail).
What I told him was that if you charge what bestbuy charges, poeple take it there, and if you don't charge, they take advantage of you. So you come up w/ something in the middle, and have someone else collect for you because no one ever wants to pay 300 to fix a machine worth a nickel, but they allways say, I don't want to format.
How much is your data worth? Back it up now.
Boss: Hey timmy, You done with that program yet?
Timmy: Working in it, trying to finish the program so people can't put in null and break the program.
Boss: ... WHY THE HELL DID YOU SPEND TIME DOING THAT?!
Timmy: It's ethical business practice to make your programs work in a friendly and reliable way.
Boss: >:[
Sony Boss: Hey, we want to develop a way so that people can't steal our files ^_^
Joseph Fake: ... Well to do that, you'd need to rootkit a system, and THAT is inethical and evil.
Sony Boss: ... What's your point?
I hope my scenarios clarified the situation of "It's not nessisarilly the person's fault."
Modded -1 for being a person who sympathizes with Adware developers
Lol, the only "other" profession where it can take 4 million lines of code and a dozen libraries to effectively state "Hello World".
-Matt
--- Need web hosting?
"There seems to be a big stretch between a serial killer and some guy writing malicious code."
Not for me. Because everytime I have to clean up something they've unleashed on the world, I want to become a serial killer... by hunting every single one of them down and feeding them their entrails.
I know stupid end users are part of the problem, but the responsibility originates with the scumbags writing the virus/trojan/worm. This is awful of me, but there really are times I wish someone would hang these bastards.
Life is hard, and the world is cruel
Of course they're morally bankrupt. However they also play an important role in the ecosystem.
What? How in the hell are malware writers an "important part of the ecosystem"?
This is the Internet, not Wild Kingdom. In nature, real virus infections do indeed serve a natural purpose. On a computer, it serves nothing but the ends of assholes and criminals. There's no justification... none whatsoever... for what these guys do. And don't give me that farcical security argument, either. They're not doing the world any favors by violating other people's computers.
Life is hard, and the world is cruel
So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief.
I'm sorry, but why did you buy a door with a lock on it if not to protect against thieves? If someone sells a product that purports to protect you against criminals, and it fails to do as advertised, then that seller has sold a defective product and partially to blame for your loss. To follow your line of logic would absolve locksmiths of any responsibility to make a product that isn't slipshod.
Microsoft thumps its own chest about the safety and security of its system. Their failure to live up to their claims makes them part of the problem and not an innocent bystander.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
And if you read the interview, you'd see he's not really evil, like many/most/all serial killers, but a very intelligent young person.
First, what exactly is "evil?" Some people think that one has to cackle and twirl your moustache with glee at being evil for its own sake, but most people who do horrible and evil things to other people have a good justification for their acts: "I was desperate and I needed the money," "I was just following orders," "I'm protecting my family and my country," "Everybody else gets away with doing it," "My evil rids the world of other evils," "If I didn't, then someone else would," "It was just a job," "It's nothing personal," "Stupid people get what they deserve," "It's just survival of the fittest," etc., etc.
Doing something wrong just because you were in a tight spot and put your own needs over others is no more just than doing it just because you enjoyed it. Evil is evil. While I feel sympathy for his poverty and think that we as a society should focus our government's attention more on preventing the root causes of crime than just "deterrence," I feel no real qualms about stringing someone up if they've crossed the line. He had a choice whether to do right and struggle or to do wrong and prosper. He chose the easier of the two paths.
And second, I'd like to point out that most serial killers were "very intelligent young people." Unlike them, he wasn't mentally ill -- just greedy, ethically bankrupt, and too enthralled by the shiny programming challenge.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Oh, sure, it's a windfall for the repair guys, but it's a real loss to the people who own and operate computers. A drain on the economy. Nothing of value was created. So don't bring up any broken window fallacies or anything...
The World Wide Web is dying. Soon, we shall have only the Internet.
Compare this to linux, where the interfaces haven't changed that much, and when they do, depreciated means "We're going to remove this in a year or so and we mean it."
That's because when Linux deprecates an interface, it doesn't put anyone out of a job.
Windows "backwards compatibility" is therefore welfare for lazy programmers -- welfare which puts all Windows users at risk.
I don't make the rules. I just make fun of them.
Can you get me in touch with these people you're advising? I could certainly use some free IT equipment.
No really, I'm serious -- if you know of folks throwing out perfectly functional computers solely because of virus infections, I'd love to have a few of their machines. Heck, they're worth something just for hobbyist spare parts, if nothing else. :)
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
And the new version of Windows would be laughed at by non-IT consumers. "Why would I upgrade to the new Windows when all of my stuff doesn't work?" This is part of the argument against Vista, and why some people can't see past the need to break backward compatibility to do things "the right way".
Raise your hand if you have any "Linux games" by Loki. /me raises hand
Not one single tear was shed for me. Not even by me.
I don't make the rules. I just make fun of them.
Guys, Matt is a wonderful teacher, a great coder and a good friend of mine. It was pretty awesome that he did this interview and gave us the inside scoop on how a noted adware company operated, both technically and from a business perspective. Sometimes people find themselves in positions they don't intend, and he certainly recognized that and moved on. Nowadays he uses his skills to educate and create software for doctors. He's offered us some valuable insight in this interview, and I for one very much appreciate it.
--Sherri (author of philosecurity.org)
There does exist Linux malware. It's mostly focused on database exploits and rootkits, but it's out there and it always has been. For the most part though, these things target servers and are employed in targeted attacks. If the bad guys can compromise the webserver for a hosting provider they can launch their real attack on the Windows desktop. These things don't become widespread because as soon as they're common enough to get noticed the professionals who maintain servers load the updates and for the most part all is well again.
The vast majority of malware you will find on the Internet is Windows desktop based attacks, because that's where the money is. The attackers compromise the most-hit adservers, actually pay for ads, or compromise the most popular websites in order to deliver their malware to their real targets: Windows based hosts. They employ Search Engine Optimization (SEO) to make sure their malware servers are highly placed in all the common search engines. The attack vector is usually either drive-by downloads (ie6? Still?) or social engineering (really, is your porn provider the best place to get an A/V codec that installs with an .EXE?).
I've heard it said - hell, I've said - that Unix-like operating systems are more resistant to these sort of attacks, but frankly that's not entirely correct. If you can get the user to run your app, you can get your script to run every time the user logs in. Even if the system is perfectly secure, your app can still do anything the user can do - including read the contents of all user-readable files and post the contents of a form to any IP on the Internet. Maybe you can't get system privileges usually, but the end-user facilities available on a Linux desktop are a valuable resource. If anything, a Linux box is potentially more dangerous. Windows boxes don't come with Python and Perl by default after all.
That said, unless you're specifically a high value target (and hence, should be paying for high priced system admin), the threats are just not there.
Help stamp out iliturcy.
Maybe the answer is to do a careful rewrite as you suggest,
.. followed by a lot of useless drivel.
Nuke it from orbit. It's the only way to be sure. Seriously. Burn it down and start over. Let it go, man, 'cuz it's gone.
Or don't. And Apple drinks your milkshake. They drink it all up. Whatever.
Help stamp out iliturcy.
Apple doesn't have this baggage. Maybe that's why they're growing share and Microsoft is not. Trust me, the non-IT consumers that have Macs aren't at all interested in trying out some app that requires this legacy infrastructure and the commitment to Windows it represents. They'd rather find a better way to do what they need to do. More of them every day. They're laughing, not at new versions of Windows, but at the poor fools who try to use them.
Help stamp out iliturcy.
Behold, the wonder of streams.
A nice place to hide a few gigabytes of code without anybody being the wiser.
It's like they built it to support the AV industry.
Help stamp out iliturcy.
The vast majority of software shipped with modern Unixes on the desktop is licensed under the GPL. Even where they're not, their licenses are almost universally formed after the format of the GPL.
Freedom is viral. Get over it. Stallman won. He always knew he would. Now somebody should adopt him at a mascot or something. Maybe give him a grant.
Help stamp out iliturcy.
See http://news.bbc.co.uk/2/hi/uk_news/politics/7827020.stm. I fully expect Bush to get a UK Knighthood soon for services to the military and finance industry and humanity in general.
After all, he successfully avoided being indicted for lying about WMD and a lack of available interns or a shred of normal human behaviour, and one favour naturally deserves another. Heck, he could even get a Nobel price if he learned how to spell it..
Well sometimes people dont want to spend $500, and rather find a friend of a friend who will do it for $50.
People do have to eat and pay for living.
Or just backup stuff to your 16gig usb, install a brand new Windows7 beta on it.
Liberty freedom are no1, not dicks in suits.
I agree. Can anyone explain to me why he isn't doing life in prison? That alone indicates there's something wrong with the law or its enforcement.
Ok , if you're running under root/administator priviledge then I guess thats a partial excuse for it , but if the process is running as an unpriviledged user there is NO excuse WHATSOEVER for ANY API to bring down an OS kernel. End of.
I believe that his "interrupt handler" story isn't true. It was, for Windows 9x; like the CIH virus did, but under NT it is not easy to do from userland without resorting to (platform specific) exploits.
I come across some systems that are mildly infected - I can clean them up using manual removal methods, and several different legitimately free apps like ad-aware, spybot, etc. When they are simply just over-clogged, or unstable after malware removal, I do reach for the reinstall. Sorry, but I have up to eight client stops in a day... and if I spend that sort of time, potentially many hours, on one machine, I won't make anything. Why? Because I simply won't charge for every single hour I spend on such a situation. I hear all of the time of techs charging far more than I do, and having no compunction about charging far more than the cost of a new PC for the work! I'd rather recognize when a machine is simply overwhelmed, cut my time losses, back up all of the data, reinstall Windows, repopulate data. The client gets a clean machine, free of malware and "winrot" and I get to stay on schedule, as well as charging a middle ground price that is fair to both the client and myself.
"To get that oh-so-useful uninstaller you had to go to a website, answer a survey, and only then could you download it. If they genuinely wanted to make it easy, they would have put it in Add/Remove Programs, and stuck their survey in there."
So it takes 5 minutes instead of 2. They didn't want to make it easy to uninstall (of course they didn't) but they didn't make it very difficult.
If I was uninfecting a machine with that awful crap, I wouldn't have touched that uninstaller with a 10-foot pole. To get it, you had to go to "mypctuneup.com", supply your e-mail address, and answer a survey. After getting crappy software on your machine, would YOU go to a sketchy-sounding website, supply your e-mail and install anything it gave you? That's a real easy way to get more crapware on your box, and piles of spam to boot. I'd rebuild the OS before doing something that stupid.
Providing the uninstaller that way is about as useful as the "unsubscribe" link at the bottom of a spam: sure, there is the off-chance it works, but it is far more likely to be the prelude to more evil.
"And their distributors were complete scum that Direct Revenue did very little to police. Yeah, they suspended any that were complained about (if the hapless users even had any clue how they got the software), but those rogue distributors would just sign up under a new name."
[Citation Needed]
Gladly: http://www.oag.state.ny.us/media_center/2006/apr/Direct%20Revenue%20Affirmation%20of%20Justin%20Brookman.pdf PDF Page 40, paragraph 99. I will modify my statement somewhat: It turns out they did NOT suspend distributors caught doing shenanigans; they allowed them to continue operating with nothing more than a mild warning, even after being caught more than once.
"I can't believe he thought this job was a "net positive" simply because he wiped out the other guys' malware more than he installed."
I think that's a rational, logically correct, statement for him to make. Overall, because of him there was net adware around. He didn't say that it cleared him of blame or made it morally excusable. He leaves the reader to draw his or her own conclusions about that.
Just because this clown uninstalled the competition on somebody's PC didn't actually help the user; it just provided more room for his software to waste the user's time. The only "positive" for the user would be an actual clean PC, which they didn't get. His actions were about as useful as giving a drowning scuba diver a tank of air attached to a 500-lb lead weight; yeah, they can now breathe... too bad they're still screwed.
SirWired
If they weren't abusive, why on earth did they ever remove the Add/Remove Programs option? I could buy your statement that it was the user's fault if the option was there the whole time, but it wasn't.
A better tactic than installing unremovable crapware separate from the download would have been to tie the two programs together. You want to get rid of the ads, you uninstall the program you got for free too. And plenty of folks ended up with the DR crapware (with DR's full knowledge) through IE exploits... those weren't trying to get something for nothing.
No, they were not convicted of criminal charges, but they did all but admit wrongdoing to the FTC, and they didn't lose any suits because they went under before the suits were completed.
Yeah, you worked there, and must have drunk the kool-aid too.
SirWired
This explains why Process Explorer shows so much CPU time going to hardware interrupts.... sigh....
Mods, while I might not personally agree with the rationale of throwing away computers because of infections, Digishaman's argument certainly makes sense, at least on an economic level, for the vast legions of the clueless. If they have browsing habits that habitually get their machines so glommed up with muckware as to be unusable, they're going to have to shell out major buckage to get their machines un-mucked -- and at that point, it *does* indeed begin to make more sense for them to just buy a newer low-end machine -- at least the OEM OS should be more up-to-date than their older machine, and might therefore last a bit longer before being rendered unusable again.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Posting in monospace make you look like a fucking moron.
Just in case someone wants to look him up.
domain: mattknox.com
reg_created: 2005-06-16 19:29:50
expires: 2015-06-16 19:29:50
created: 2005-06-17 01:29:50
changed: 2007-04-23 23:56:04
transfer-prohibited: yes
ns0: a.dns.gandi.net
ns1: b.dns.gandi.net
ns2: c.dns.gandi.net
owner-c:
nic-hdl: MHE9-GANDI
owner-name: Alpha Geeks
organisation: Alpha Geeks
person: H Eide-Goodman
address: '121 St. Marks Pl., #23'
zipcode: NY
city: New York
state: New York
country: United States of America
phone: +1.2122285779
I wonder... Is that his real phone number?
You mistake what I've written, and what my intent was.
I personally feel that it is unjust to treat exceptionally gifted criminals better than run-of-the-mill criminals, hence to me there is no distinction in how they should be handled.
The way I see it, you believe one of two things: Do you think brilliance makes crime justifiable, and punishment improper? Or do you think that people who can help catch other criminals should be given a free pass because they are useful to society once caught and mined for information?
If you want brilliant people to help you find criminals, give them a good incentive to do so, other than "I won't put you in jail".
Your views seem to advocate tolerating criminal actions because the criminal can help you. Seems to me like a VERY unjust system.
Would you let a big criminal run free because he donates a couple million dollars to a law enforcement agency? This is the same as what you're advocating.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
"Your views seem to advocate tolerating criminal actions because the criminal can help you"
no. my view advocates a criminal reversing themselves and doing some good with their position. and what incentive does a criminal have for stopping to be criminal? some leniency, redemption, a sense of forgiveness. something all moral codes must have in order to be valid
"Would you let a big criminal run free because he donates a couple million dollars to a law enforcement agency"
no, and it doesn't compare. in your situation, you have a criminal going free by commiting yet another crime: bribery. in my situation, you have leniency towards a criminal by commiting a follow up good deed: helping the authorities catch yet more criminals. understand the difference?
furthermore, i am saying you have no choice on the matter. say a criminal invents or discovers or is among the few people in the world who can do technical feat xyz. he is caught, but other criminals get wind and start using technical feat xyz to commit crimes. do you want to stop the second round of criminals?
or do you want to adhere to your idealism and allow the second round of criminals to go unpunished?
in my world, the second round gets punished harshly, since their special technical knowledge isn't so special anymore, thanks to cooperation of the original criminal. in your world, you sit on the original criminal harshly, and have no way to stop the second round of criminals
not a very superior attitude
criminality in life isn't an aspect of doing one thing wrong, and remaining on ice forever. all mature systems of morality understand that there is an interplay between right and wrong, and someone who does wrong, and later does something right, deserves consideration for that
your attitude meanwhile, is all stick and no carrot. you punish, but you don't reward. no, you need a carrot, and a stick. you need to punish wrong, and you also must provide a path back towards doing the right thing, the carrot
in your harsh sharia law world, you will punish someone and give them no consideration for doing anything later that might help society. in this system, all you do is turn minor criminals into major criminals, because you haven't given them any incentive to ever do anything right ever again in their lives. its a feedback cycle, and it creates a society with more hardened criminals
you speak of incentive for good people to continue being good, and not doing something criminal. yet a genuinely good person needs no such incentive, they already udnerstand right and wrong and the implications. meanwhile, a criminal needs incentive to do good. but your attitude of all punishment no reward just burns those bridges and gives someone who commits minor crimes no reason to ever turn towards doing something good ever again in their life: its all just punishment for them from here on out
redemption and forgiveness figure into every moral code in the world
but apparently, not in yours, making your "morality", or understanding of morality, to be invalid and incomplete
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
For "virus problem", I only have one solution - DeepFreeze. It prevents user from ruining a partition with system. Second partition is used for data, of course...
Doing a good job is like spilling coffee on a dark suit, you feel warm all over, but nobody notices.