Bitcoin Miners Bundled With PUPs In Legitimate Applications Backed By EULA

Free Software by Anonymous Coward · 2013-11-30 07:14 · Score: 5, Insightful

This is why you should use free software from a reputable source, such as Debian GNU/Linux.

Re:Free Software by Runaway1956 · 2013-11-30 08:00 · Score: 5, Insightful

Agreed - but you can't convince the unwashed masses. It's great having a "trusted repository" from which to pull almost all your applications. It's even better that you can browse the source code before compiling, to be halfway sure that the software does what it claims, and nothing "extra".
Admittedly, I'm not qualified to really examine all that source code, but I can and do browse through it from time to time.

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Re:Free Software by buchner.johannes · 2013-11-30 09:27 · Score: 1

Also, the repository package managers are all shit on Windows. (Yes, there are some.)

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Re:Free Software by Anonymous Coward · 2013-11-30 09:30 · Score: 0

Honestly I wonder if this could be like "Folding@Home" and have the potential to donate a few (just a tiny few) CPU cycles to FOSS. Obviously the amount should be tiny and optional or configurable. But it seems like a potential way for FOSS devs to get some money for their work. In a sense it is not radically different from adware or something like Ubuntu with Amazon's search.
How soon before websites try using the CPU of visitors to mine bitcoin? Would that be possible?
Re:Free Software by khellendros1984 · 2013-11-30 09:37 · Score: 4, Informative

How soon before websites try using the CPU of visitors to mine bitcoin? Would that be possible?
It's been done. Link goes to a Javascript-based bitcoin miner that you can embed in a webpage.

--
It is pitch black. You are likely to be eaten by a grue.
Re:Free Software by gutnor · 2013-11-30 12:37 · Score: 3, Insightful

The vast majority of the software use would not be able to read the source at all.
What they can do is asked other people that can if the software is ok or not. At that stage it does not matter if the code is open source or not. If the community, like malware listing site or others, has vetted the software, it is as good guarantee as they will ever have. Having the source code just make our job easier when trying to help guys with problem.
Re:Free Software by fuzzyfuzzyfungus · 2013-11-30 13:00 · Score: 1

I'd imagine that the fact that even GPU mining is a fairly dubious proposition at this point (I can't remember if the increases in price lately allow it to still be viable if the hardware costs are already sunk but you need to pay the electric bill; but the FPGAs and ASICs aren't getting any slower or less numerous), even donated or stolen CPU time would be close to worthless, even if doing it in Javascript doesn't impose much overhead...
Re:Free Software by Anonymous Coward · 2013-11-30 13:34 · Score: 2, Informative

I'd imagine that the fact that even GPU mining is a fairly dubious proposition at this point (I can't remember if the increases in price lately allow it to still be viable if the hardware costs are already sunk but you need to pay the electric bill; but the FPGAs and ASICs aren't getting any slower or less numerous), even donated or stolen CPU time would be close to worthless, even if doing it in Javascript doesn't impose much overhead...
The cost of production is irrelevant if you can dump it off onto a hacked/infected/duped user as a negative externality. It's like when a meth head smashes your car window, to steal your $400 phone, which he sells for $20:
Cost to you, $400 phone, $250 window, time & stress from the window repair and loss of communications: $650+
Income to meth head: $20.
That's a net -$630 loss to the pair of you, but you bear all the cost and he all the "profit".
This is also why methadone clinics should be funded by clear thinking conservatives, as well as after school programs and "crap" like arts, music and sports.
Re:Free Software by lgw · 2013-11-30 13:35 · Score: 4, Interesting

I think there's a big future for a testing company, like Underwriter's Labs is for physical goods, to do just that. Anyone big or small can send them code to review, and pay a fee, and they'll certify the resulting binary as trouble-free, at least to level of confidence you's expect from a good app store or distro (acknowledging that sufficiently clever malware can hide anywhere, but forcing it to be really clever would probably fix 99% of the problem),

--
Socialism: a lie told by totalitarians and believed by fools.
Re:Free Software by fuzzyfuzzyfungus · 2013-11-30 13:54 · Score: 1

I'm assuming that there are nonzero costs associated with operating the command and control infrastructure, whatever minimal legal exposure you might be taking, the value of the operator's time, and whatever alternate uses there are for the bots (especially since high CPU load is probably one of the most visible, and thus risky, things that you can do to a bot, increasing the risk that the computer will be wiped, scrapped, or remediated).

Lots of things certainly pay better if you can steal some of the inputs; but unless you can steal enough to cover all your costs, some crime is just too worthless to pay. I don't know if CPU time for bitcoins has quite approached that point; but the delta between even the fastest x86s and GPUs and ASICs is pretty dramatic, so it wouldn't surprise me if it is getting close (particularly if you factor in the opportunity costs of using the bots for bitcoins, with the higher detection risk, rather than for something less visible to nontechnical users.)
Re:Free Software by Anonymous Coward · 2013-11-30 17:17 · Score: 0

GNU/Linux would be great, if only it worked. Even modern recent releases seem to screw up really basic things. On my most recent whirl-wind tour of linux:
debian won't work right in a VM. didn't even make it onto one of my machines.
suse doesn't support colemak? really? veto. also never made it onto real hardware.
mint looked promising, but on real metal it can't keep a wireless networking connection up and the graphics acceleration is crap for some reason.
my long-time go-to ubuntu was looking real good for a day or two but it apparently still can't deal properly with restore-from-suspend/sleep, nor can it shut down properly half the damn time.
after I came back to my laptop frozen at ubuntu's dark purple screen (all I did was ctrl-alt-L lock it about 5 hours previously), I just let it boot back into windows 7 after doing a hardware power cycle (nothing else worked) and you know what? I'm reminded why after every single jaunt I have into Linux land, be it for 12 or 18 months on previous trips, or a few days on this most recent trip... I always end up back on windows. For all the shit MS and the os gets here and elsewhere, 7 just WORKS. I troubleshoot computers for a living... I want my own not to fight me on my off time.
Re:Free Software by careysub · 2013-11-30 17:35 · Score: 1

Right wing coward advocates police state to control what is intrinsically a victimless crime (intoxication). Good to know.

--
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
Re:Free Software by Bite+The+Pillow · 2013-11-30 17:42 · Score: 1

Awesome. Now I can mine bitcoins while reading about people mining bitcoins.
Re:Free Software by sjames · 2013-11-30 20:14 · Score: 1

There's not much effort to running the C&C. There's a lot of over-powered servers out there. If you use the bots to spam, the owners will get a lot of (angry) notification from all over the net but if you quietly burn CPU cycles, they may never notice.
Re:Free Software by mitzampt · 2013-11-30 21:20 · Score: 1

Communities could start asking members or FOSS users to donate CPU cycles for a buildbot, a BOINC [boinc.berkely.edu] computation project or just to mine some donations. Just a thought.

--
uhm...
Re:Free Software by Eunuchswear · 2013-11-30 21:51 · Score: 1

That would be insane.
Mining bitcoins on most machines will cost more in electricity bills than the bitcoins will be worth.
If you want money just ask for it.

--
Watch this Heartland Institute video
Re:Free Software by TheLink · 2013-11-30 23:55 · Score: 1

It is hard to certify some program is trouble-free - that's arguably harder than solving the halting-problem- since you aren't provided the full inputs and code (the program might download additional code).
So I proposed something like this:
https://bugs.launchpad.net/ubuntu/+bug/156693
https://bugzilla.novell.com/show_bug.cgi?id=308760
Trusted parties ( including 3rd parties) could sign the app and its sandbox.
My proposal is a bit like working around the halting problem by forcibly limiting how long the program will run. ;)
--
- Too many replies beneath your current threshold
Re:Free Software by rocket+rancher · 2013-11-30 23:58 · Score: 1

I think there's a big future for a testing company, like Underwriter's Labs is for physical goods, to do just that. Anyone big or small can send them code to review, and pay a fee, and they'll certify the resulting binary as trouble-free, at least to level of confidence you's expect from a good app store or distro (acknowledging that sufficiently clever malware can hide anywhere, but forcing it to be really clever would probably fix 99% of the problem),
This. So what if some company certifies the code as non-toxic? For every legit code certifying company that goes online, there will be a hundred phishing sites popping up over-night to take advantage of it. The problem is not toxic code --- the problem is the toxic levels of foolishness and naivete of the vast majority of users on the net.
Re:Free Software by Joce640k · 2013-12-01 00:06 · Score: 1

If you quietly burn CPU cycles then you may never get a bitcoin.
To get a bitcoin these days you need supercomuting power.

--
No sig today...
Re:Free Software by wbr1 · 2013-12-01 00:16 · Score: 1

This is why you should use free software from a reputable source, such as Debian GNU/Linux.
Like sourceforge? /sarcasm

--
Silence is a state of mime.
Re:Free Software by lvxferre · 2013-12-01 01:54 · Score: 1

debian won't work right in a VM. didn't even make it onto one of my machines.
Nor Windows, at least in my machine+VBox setup...

suse doesn't support colemak? really? veto. also never made it onto real hardware.
This can be either the distro's or the HW manufacturer's fault... by the way you mentioned it, I guess it's Suse's.
About your later paragraph: swap "MS" with "Debian Foundation" and "Ubuntu" with "Windows 7" and you'll have pretty much my personal experience with Windows.
(And I didn't even try to change Windows' default desktop environment - it looks like KDE, uhhhh. hahaha)

--
Nerdy news for your nerdy needs? http://www.soylentnews.org Soylent News is people!
Re:Free Software by Anonymous Coward · 2013-12-01 03:00 · Score: 0

How soon before websites try using the CPU of visitors to mine bitcoin? Would that be possible?
It's been done. Link goes to a Javascript-based bitcoin miner that you can embed in a webpage.
About two years ago there was a site called pornocoin or something like that. It used a java bassed gpu miner that was run on the visitors machine to mine for cons while they watched free porn. Thing was that they told you they were doin it and if iI rember correctly, the site did not do to well. However, at the time they probably mined 4-5btc due to the rewards back then. If they held onto it.....
Re: Free Software by Anonymous Coward · 2013-12-01 04:15 · Score: 0

No. The problem of toxic software is no more the fault of its victims than it is for any other crime or abuse even if you believe (ridiculously) that people who use the 'wrong' OS or dare to use a computer without being a programmer are contemptible.
- A programmer with better things to do than be a dick.
Re:Free Software by sjames · 2013-12-01 06:29 · Score: 1

Such as thousands of compromised machines running together under a C&C?
Re:Free Software by DanielRavenNest · 2013-12-01 08:05 · Score: 1

I did that for two years, GPU mining in the background on my regular PC, until it became uneconomic.
Re:Free Software by JamieIanMacgregor · 2013-12-02 16:45 · Score: 1

Can I please have some money?
Re:Free Software by Eunuchswear · 2013-12-02 20:52 · Score: 1

No.

--
Watch this Heartland Institute video
Re:Free Software by JamieIanMacgregor · 2013-12-03 10:59 · Score: 1

Looks like I'm back to secretly mining bitcoins on your machine then, thanks anyway.
Re:Free Software by RockDoctor · 2013-12-08 07:20 · Score: 1

a testing company, like Underwriter's Labs is for physical goods
A single testing company, like UL? Now, don't get me wrong - I've every bit as much confidence in UL's certifications as I have in TUV's. Or Det Norske Veritas'. Or BASEEFA's. But in the real world, one certifying company is just not going to cut it. And it doesn't, as the above list of the certifying authorities (with whom I have had to deal with often enough to remember their names) suggests.
There's an XKCD for that. xkcd.com/927/
Actually, the situation isn't quite as bleak - for hardware - as 927 suggests. There are widely applicable standards organisations for many things (I can add IDEST to the above list!) which are fairly well established in those fields, and which consequently have troubles with people counterfeiting their trademarks to falsely claim approvals that they don't have. But it's not a single unitary authority. And I doubt that one code-tester agency "to rule them all and in the lightness bind them" would happen for software either. Several bodies ... yes, but not one. Which is part of the jockying for position that Red Hat, Mandriva, Debian, Slackware and a few others are indulging in. (There's little point in differentiating amongst, for example, the Debian derivatives. At this level.)

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"

Incorrect by Frosty+Piss · 2013-11-30 07:14 · Score: 5, Insightful

Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. ... However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves

Incorrect.

Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.

--
If you want news from today, you have to come back tomorrow.

Re:Incorrect by mysidia · 2013-11-30 07:43 · Score: 4, Insightful

Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.
I agree with you about it not being "legitimate"; HOWEVER, certain major vendors have a conflicting opinion; including the operators of sites such as Download.com and Sourcforge.net.
The trouble is; they're able to hide behind the EULA, and if they are aggressive --- they can sue and win against anyone calling their software malware, since the behavior is "disclosed" as expected operation of the software.
Unfortunately; we ultimately need some prescriptive guidelines for consumer software.
And probably a regulatory regime... including certification marks; example a "SafeSoftware" seal for publishers, similar to the idea behind TRUSTe ---- if the software isn't digitally signed by a vendor holding a SafeSoftware seal; then perhaps, your browser should warn you before releasing the file to the Downloads folder
Then we could use something like an FDA, as it were, to regulate the labelling and safety of software sold to consumers, or provided as a free download.
Re:Incorrect by gl4ss · 2013-11-30 07:48 · Score: 1

http://www.thefreedictionary.com/legitimate
dunno what's so hard about the word.

--
world was created 5 seconds before this post as it is.
Re:Incorrect by Frosty+Piss · 2013-11-30 07:50 · Score: 0

And, Mr. Troll, what is the common interpretation of the word "incorrect" when used in context?
Do you also lecture people on There, Their, and They're?

--
If you want news from today, you have to come back tomorrow.
Re:Incorrect by Anonymous Coward · 2013-11-30 07:52 · Score: 0

Not worth it.
Re:Incorrect by AlphaWolf_HK · 2013-11-30 07:52 · Score: 4, Insightful

Then we could use something like an FDA, as it were, to regulate the labelling and safety of software sold to consumers, or provided as a free download.

Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.

--
Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
Re:Incorrect by Anonymous Coward · 2013-11-30 08:02 · Score: 0

With THAT exact wording, are there ANY 'legitimate' software companies in existence?
Cause I sure as hell haven't found them.
Re:Incorrect by Runaway1956 · 2013-11-30 08:04 · Score: 1

Doesn't matter what the law says. If anything from any source is using my computer for any purpose which was hidden, disguised, or obfuscated from me, then it is an illegitimate use. Full disclosure, with explicit permission, or it's illegitimate.

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Re:Incorrect by Anonymous Coward · 2013-11-30 08:07 · Score: 0

dunno what's so hard about the word.
https://en.wiktionary.org/wiki/douchebag
From a guy who doesn't know where the Shift key is, you sure come off sounding like a douchebag.
Re:Incorrect by BenEnglishAtHome · 2013-11-30 08:10 · Score: 1

Yes, because I would just love having to go through regulatory channels ...

No one would ever require that from small producers. After all, if you have just a couple of cows and want to sell a little raw milk and some craft cheese from your small farm, no one would ever interfere with that. That would be silly.
Oh. ... Wait. ...
Re:Incorrect by mysidia · 2013-11-30 08:40 · Score: 1

Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.
I would say you should be exempt, providing -- (1) You don't generate any significant revenue from the software, from your users, for you, or any third party --- OR substantially all revenue generated was obtained from selling upfront licenses, less than $10,000, AND (2) You don't partner with a distributor who generates significant revenue from distributing or providing any of your software.
In that case; downloading your software should just come with a disclaimer, that it has not been audited and inspected for safety.
Re:Incorrect by gl4ss · 2013-11-30 08:44 · Score: 2

there was full disclosure via text of eula and explicit permission given when pressing yes to it. problem of course being that people don't read the things(nobody does). but even if it had a blinking fullscreen dialog that spelled out that they will use your computers cpu and your electricity to make money people would still press yes, if it was a necessary step for installing software that they for some reason or another wanted to install. most addware addons nowadays are quite clear in the installers what they will do(install a fucking browser toolbar) but still people install them by the millons.
I do agree with that it's not nice for them to do it, but calling it illegitimate implies that it's unlawful...
good news is that it's bundled with software one doesn't want in the first place.

--
world was created 5 seconds before this post as it is.
Re:Incorrect by Anonymous Coward · 2013-11-30 09:05 · Score: 0

Stop trying to figure out how to tell people what to do. Regulate yourself. Leave the rest of us alone.
Re:Incorrect by Anonymous Coward · 2013-11-30 09:10 · Score: 1

Download.com is scumware wrapper and I warn everyone I know away from their links as they are virus loaded. I know they are not, but users understand the boogyman "VIRUS" word.
Any of these sites need to get a very bad rep created for them, any honest computer person will help spread the word about download.com as well as sorceforge as they are now owned by scumbags and are not to be trusted. Avoid them at all costs.
Re:Incorrect by dkf · 2013-11-30 09:54 · Score: 3, Informative

The trouble is; they're able to hide behind the EULA, and if they are aggressive --- they can sue and win against anyone calling their software malware, since the behavior is "disclosed" as expected operation of the software.
They might be able to claim that, but it doesn't mean that courts would necessarily agree. Consumers typically have greater legal protections than companies precisely because they are usually so much less skilled in contract law. This applies in many areas of commerce; for someone to say that computer software should be exempt from this principle is entirely unrealistic.

--
"Little does he know, but there is no 'I' in 'Idiot'!"
Re:Incorrect by Anonymous Coward · 2013-11-30 10:47 · Score: 0

You mean like Oracle's Java which demands to throw on a toolbar every time there is a bug fix?
Re:Incorrect by johndoe42 · 2013-11-30 11:29 · Score: 4, Insightful

Or we could finally fix the law and declare EULAs to be unenforceable. Unilateral contracts like EULAs are out of control.
Re:Incorrect by fatphil · 2013-11-30 11:33 · Score: 1

> downloading your software should just come with a disclaimer, that it has not been audited and inspected

Or ... come with (an offer of) source?

--
Also FatPhil on SoylentNews, id 863
Re:Incorrect by Anonymous Coward · 2013-11-30 11:44 · Score: 1

No. We don't need federal regulation. Why do you think the masses have become so 'brainless'? Big Daddy G is looking out for them. What needed to happen has happened. Someone noticed and the word is out.
This could be the future of all software being free. Instead of having in-app ads, you have bitcoin miners. Make your bitcoin miner too aggressive, people will drop your product because it's too resource intensive.
Re:Incorrect by Anonymous Coward · 2013-11-30 11:47 · Score: 0

Honestly, I'd rather have a free app that generated 1 bitcoin each time I opened it instead of having ads.
Re:Incorrect by ewieling · 2013-11-30 11:51 · Score: 1

From a bottle of honey in my pantry: "Made in a cottage food operation that is not subject to Florida's food safety regulations." Unpasteurized (raw) milk is not covered under the Florida cottage food law, though you can still sell raw milk for "pet consumption". My point is that there ARE reasonable rules for many "cottage" products.

--
I really shouldn't have used someone else's email address for this account.
Re:Incorrect by Anonymous Coward · 2013-11-30 11:57 · Score: 0

OMG. this could change everything. You could actually make money off 'pirates'.
Re:Incorrect by geminidomino · 2013-11-30 12:26 · Score: 3, Insightful

I think you underestimate the time needed to generate a bitcoin.
Re:Incorrect by The+Grim+Reefer · 2013-11-30 12:42 · Score: 1

Honestly, I'd rather have a free app that generated 1 bitcoin each time I opened it instead of having ads.
So you would prefer your system to be hosed for several weeks or more before you can run a program each time?
Re:Incorrect by fuzzyfuzzyfungus · 2013-11-30 13:02 · Score: 1

That's "Legitimate" as in "Legitimate Businessmen".
Re:Incorrect by fuzzyfuzzyfungus · 2013-11-30 13:08 · Score: 1

We could also adopt the truly revolutionary step of taking the theory that contracts actually reflect an 'agreement' between two contracting partners and applying it to the assorted contracts of adhesion that dominate the entire consumer side of the economy, with software simply one example among many, and hardly the most dangerous...

So long as you can 'consent' to mandatory binding arbitration in the kangaroo court of the company's choice, without further recourse, by clicking through some clickwrap, fighting over the details of what exactly one can and can't sneak into software is fighting a tiny skirmish in the middle of a war you've already lost.
Re:Incorrect by The123king · 2013-11-30 13:17 · Score: 2

Apple, in my mind, have solved the problem in the best way possible in (Mac) OS X. By only allowing the system to install signed (and thus hopefully vetted) software, many of these rogue applications just flat-out cannot be installed by the user. Obviously, any mechanism like this is only good if there's a way to turn it off, and indeed Mac OS X provides that capability. By restricting what Joe Idiot can and cannot install means that Joe Idiot is less likely to get crap installed on his computer. And for the more tech savvy people, there's always the option to turn it off.

--
If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
Re:Incorrect by rhysweatherley · 2013-11-30 13:32 · Score: 4, Interesting

Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.
Depends on the regulations: "Commercial software can pick from one of the 5 following standard commercial licenses: ... Any commercial software license that deviates from a Standard License reverts to Standard License Type 1 wherever its EULA conflicts with this regulation. Software that complies with the Open Source Definition or otherwise allows the user to inspect the source code and remove unwanted features independently is exempt from this section."
You are then perfectly free to make money from your software. Pick whichever one of the standard licenses suits your purpose and carry on. But what you cannot do is employ a lawyer to invent a creative way to screw your users in the fine print. If you do, your license is automatically torn up and replaced with something sane.
Re:Incorrect by Anonymous Coward · 2013-11-30 14:06 · Score: 5, Insightful

If you have to piggy-back on another app in order to get downloaded, you're malware. If the download screen only talks about the main app with no mention of your piggy-back app, you're malware. If you have to hide your software description in the EULA (needlessly but commonly embedded inside a tiny scroll window) to avoid scrutiny, you're malware. If you weasel-word the software description (math calculations?) instead of being forthright, you're malware. If you will not cleanly uninstall when the user uninstalls you, you're malware.
Re:Incorrect by Carewolf · 2013-11-30 14:09 · Score: 1, Interesting

Doesn't matter what the law says. If anything from any source is using my computer for any purpose which was hidden, disguised, or obfuscated from me, then it is an illegitimate use. Full disclosure, with explicit permission, or it's illegitimate.
That would make the Chrome browser illegitimate. Most people are not aware that it is spyware and it is not advertised as spyware, it just mentions it deep in an EULA (much like the application in this stories does about being bitcoin miners).
The problem is that a lot of people rely on and trust applications that classically would fall into the category of malware. Google even went as far as inventing a new category called badware, which was the same as malware except it didn't include spyware intended for advertisement.
If we accept that people are okay with using some types of malware (like Google Chome), then we need to consider our definitions much more deeply, because suddenly software that has unintended and potentially unwanted side-effects are considered legitimate.
Re:Incorrect by rtb61 · 2013-11-30 17:00 · Score: 1

It is all far to late to make any real money out of bitcoin mining unless of course you create a new better more secure bitcoin and start mining early. All you have to do is target, undermine and cripple the existing bitcoin by what ever means possible and your new bitcoin mining becomes very very profitable indeed ;D.

--
Chaos - everything, everywhere, everywhen
Re:Incorrect by careysub · 2013-11-30 17:40 · Score: 1

Well said. Please mod this AC up.

--
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
Re:Incorrect by Anonymous Coward · 2013-11-30 18:47 · Score: 0

fuck off and die you piece of human shit
Re:Incorrect by tlhIngan · 2013-11-30 18:50 · Score: 1

Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.
Depends - ad-supported programs are a big industry as seen by Android apps. Though, even Android and iOS is not immune - a new plugin for Unity installs a passive Bitcoin miner.
If you're a app developer using the free-to-play model (or freemium), it's another option to consider. And given PC gaming is also going towards the freemium model to bypass stuff like DRM and piracy.
But for the users, well, it means your PC becomes a passive bitcoin miner. Naturally that page has no information on the impact towards mobile battery life.
Re:Incorrect by Eunuchswear · 2013-11-30 21:59 · Score: 1

If you're a app developer using the free-to-play model (or freemium), it's another option to consider. And given PC gaming is also going towards the freemium model to bypass stuff like DRM and piracy.
But it's not free - the player has to buy the electricity that's going to be used to mine the bitcoins.
And given that bitcoin mining on non specialised hardware now costs more in electricity than it makes in bitcoin the app developper would be better off seeing if he could make an under the table deal with the electricty company.
This is just another version of the app that phones premium rate numbers behind the users back.

--
Watch this Heartland Institute video
Re:Incorrect by Solandri · 2013-12-01 00:17 · Score: 1

I'm starting to wonder if we aren't going about this backwards. Maybe we should be coming up with a way for the computer owner to dictate a EULA to software, and tell it what it is allowed to do and how it's allowed to run. i.e. Instead of UAE in essence asking "do you want to allow this software to install and do whatever it likes?", it could ask "based on your understanding of what the program you're installing will do, should it be able to do...", followed by a bunch of check boxes and sliders.

So you could prohibit the program from setting itself to start at boot time. Or if you're only expecting the program to run only locally (e.g. a benchmark app), you could set it to not have network access. Or if it's supposed to be a simple program (e.g. a text editor), you could set it so a warning pops up if the program consumes an unusually large amount of CPU time. Or if it's not a content creation app (e.g. a browser) you could proactively prohibit it from writing in any directories except its own and the downloads directory.
Re:Incorrect by arisvega · 2013-12-01 02:29 · Score: 2

By restricting what Joe Idiot can and cannot install means that Joe Idiot is less likely to get crap installed on his computer.
Just because Joe does not know computers, does not mean that Joe is an idiot. Or that you are smarter than he is.

--
The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
Re: Incorrect by Anonymous Coward · 2013-12-01 11:30 · Score: 0

he may not be an idiot in other areas but if he's installing this crapware then he is indeed an idiot
Re:Incorrect by spectrumlogic · 2013-12-02 00:14 · Score: 1

This...There's a pretty long list of these "You-Might-Be-A-Malware-IF..." scenarios... If Tech is destined to become a race of mercenary exploitation creating a stratified "food chain"...maybe it's time to formulate an approval or ranking system to designate/evidence voluntary compliance to known standards. Trust is relative and seems more relevant to decision-making since the sovereign power's entry in the race has become common knowledge. I can't help but believe a large part of the recent indignation comes from the challenges to the pecking order and realization that the real "top dog" is actually an unknown quantity/quality. The value proposition of tech leadership has come to include subterfuge and trickery...and very few such unprincipled efforts will surrender their "black hat" advantage in the absence of recognizable economic/political consequences to balance their cost/benefit calculations. It is also unlikely this creepy feeling will go away until we reconcile the trust issues...by whatever method. Might as well get started...

Where there's money, there's crime by Toe,+The · 2013-11-30 07:14 · Score: 1

Interesting.

"potentially unwanted programs" by Anonymous Coward · 2013-11-30 07:17 · Score: 5, Insightful

Is "potentially unwanted programs" the new politicaly correct term for malware? It's OK to call it malware, even if the user technically-allegedly-probablynot signed an EULA allowing it.

If it runs an unauthorized bitcoin miner, stealing your cycles and electricity, it's malware. No exceptions.

Re:"potentially unwanted programs" by retchdog · 2013-11-30 07:30 · Score: 2

As i understand it, there was some concern about something like this happening to anti-malware organizations. So, call it "pups" instead. Everyone knows, or will soon know, what you really mean, but it's technically hard to argue that it's slander.

--
"They were pure niggers." – Noam Chomsky
Re:"potentially unwanted programs" by Linsaran · 2013-11-30 07:40 · Score: 3, Insightful

Potentially Unwanted Programs are not quite malware, though in many cases I'd argue are worse. PUPs are generally stuff like 'WOMG Awesome Toolbar', 'Internet Coupon Printer 3000', "Free smilies wacky mouse pointers' and Java.
They're legitimate in the sense that they won't exploit vulnerabilities in your system to install themselves, or (generally) ignore (or interfere with) attempts to remove them from your computer. They might even propose to have some sort of functionality that a user could want. The reality is that the functionality they generally offer is limited at best, and may even be inferior to the native functionality of the computer. They often slow your machine down, eating up your CPU cycles, opening up your computer to additional vulnerabilities, stealing your personal information to sell to advertisers, and generally speaking are not really useful to or needed by the people who have them installed on their computers.

--
In a bit of shameless internet panhandling, I accept Litecoin Donations at Lbd2oH9QsthD1GfuUXPyka12YxvWJYnBVf
Re:"potentially unwanted programs" by Anonymous Coward · 2013-11-30 08:16 · Score: 0

I don't know if I would put Java in the same group as out-and-out malware. Some people can install and use Java in a secure way and some people can't be bothered. I don't want to give up the advantages of the Java language just because some people can't figure it out.
Re:"potentially unwanted programs" by Anonymous Coward · 2013-11-30 08:18 · Score: 0

" The reality is that the functionality they generally offer is limited at best, and may even be inferior to the native functionality of the computer."

So in other words... they're apps.
Re:"potentially unwanted programs" by HiThere · 2013-11-30 08:21 · Score: 1

Adding Java to the list *was* a bit over the top. It does have actual advantages in many situations. So far. Oracle, however, seems bent on fixing that problem.

--

I think we've pushed this "anyone can grow up to be president" thing too far.
Re:"potentially unwanted programs" by mrbluze · 2013-11-30 08:51 · Score: 1

Is "potentially unwanted programs" the new politicaly correct term for malware? It's OK to call it malware, even if the user technically-allegedly-probablynot signed an EULA allowing it.
If it runs an unauthorized bitcoin miner, stealing your cycles and electricity, it's malware. No exceptions.
I love Bitcoin, it's so honest, so fair, so real, so future-proof.

--
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
Re:"potentially unwanted programs" by N1AK · 2013-11-30 09:16 · Score: 2

If you say when it tells you that it can install a bitcoin miner than it isn't running an unauthorised miner. We can argue all day about the idea that EULAs should mean anything, and we'd probably agree, but the EULA tells users this is what they'll do so it's not unauthorised.

I'm sure the people offering programs with a bitcoin miner would be perfectly happy to provide a version without a miner that costs $1 or something equally nominal (it's not like a typical home pc is getting much from mining these days anyway). Unfortunately people are tight and stupid. They'll pirate the paid for version rather than pay a $1 or they'll find a 'free' alternative instead (which includes a miner).
Re:"potentially unwanted programs" by Anonymous Coward · 2013-11-30 09:48 · Score: 0

But can it be considered unauthorized if including it's use is IN the EULA you agree to? Since you agreed (most likely without reading), doesn't that make it authorized?
Re: "potentially unwanted programs" by DigiShaman · 2013-11-30 10:03 · Score: 1

Other than the Ask Toolbar that rides along with it. That, and it's a vector for malware.

--
Life is not for the lazy.
Re:"potentially unwanted programs" by dkf · 2013-11-30 10:21 · Score: 1

Potentially Unwanted Programs are not quite malware, though in many cases I'd argue are worse. PUPs are generally stuff like 'WOMG Awesome Toolbar', 'Internet Coupon Printer 3000', "Free smilies wacky mouse pointers' and Java.
What, like Windows 8 which came with all those Metro apps (which I've never seen a user actually want)?

--
"Little does he know, but there is no 'I' in 'Idiot'!"
Re:"potentially unwanted programs" by Anonymous Coward · 2013-11-30 10:36 · Score: 0

the advantages of the Java language
What? What does Java do that a piece of Python\Perl\Ruby\Lisp script can't do, other than be easily closed-sourced and open a bunch of attack vectors in the browser?
Re:"potentially unwanted programs" by whoever57 · 2013-11-30 11:56 · Score: 1

If you say when it tells you that it can install a bitcoin miner than it isn't running an unauthorised miner. We can argue all day about the idea that EULAs should mean anything, and we'd probably agree, but the EULA tells users this is what they'll do so it's not unauthorised.

The only problem with that argument is that the EULA misrepresents the purpose of the "calculations" which might invalidate the ELUA:

your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security

--
The real "Libtards" are the Libertarians!
Re:"potentially unwanted programs" by geminidomino · 2013-11-30 12:29 · Score: 1

Run Minecraft!
Re:"potentially unwanted programs" by Bite+The+Pillow · 2013-11-30 17:54 · Score: 1

There is a huge gap between stealing personal information, and using electricity. Most people do not have anything other than the basic, integrated GPU that comes with commodity boxes. The amount of electricity stolen is nowhere near the typical mining expenditure.
We need lines to be able to classify and differentiate, and your personal emotional response really doesn't help.
Re:"potentially unwanted programs" by Linsaran · 2013-11-30 20:21 · Score: 1

Java was a bit of a tongue in cheek comment, I realize java itself is not a bad thing. It's just that 90% of the computers that have java installed on them, really don't need to have java installed on them, and don't really benefit from having it installed. 95% of the web works just fine now a days without Java or Flash or anything but the native browser functionality, and arguably the other 5% is mostly websites I'd recommend people stay away from anyways. Having additional runtimes like Java and Flash execute from the browser opens up all sorts of security vulnerabilities that shouldn't exist. The fact that Oracle seems hell bent on including the 'ask toolbar' with Java is just icing on the cake. I tell people all the time, that unless you've got a very specific reason to need Java installed on a machine, you're better off without it.

--
In a bit of shameless internet panhandling, I accept Litecoin Donations at Lbd2oH9QsthD1GfuUXPyka12YxvWJYnBVf
Re:"potentially unwanted programs" by Eunuchswear · 2013-11-30 22:14 · Score: 1

So you're ok with people stealing your money if they don't steal much?

--
Watch this Heartland Institute video
Re:"potentially unwanted programs" by tepples · 2013-12-01 11:07 · Score: 1

If you take "our affiliated network[]" to mean the Bitcoin network, then "confirm[ing] transactions" is exactly what mining does: it's a proof of work on the ledger.

This shouldn't need to be said but.. by Anonymous Coward · 2013-11-30 07:19 · Score: 0, Insightful

End users need to learn to be responsible for their own systems. Then again, it's not like Microsoft has made it easy to identify running processes, what launched them and what they are communicating with, so perhaps not all blame belongs to the end user.

Winzip finally found a business model by alen · 2013-11-30 07:24 · Score: 1

After all these years they figured out a way to make people pay for their software

Along with winrar

Re:Winzip finally found a business model by Anonymous Coward · 2013-11-30 08:48 · Score: 0

Oracle is watching. Avoid the next java update.
Re:Winzip finally found a business model by Anonymous Coward · 2013-12-01 12:43 · Score: 0

Oracle is watching. Avoid all java updates.
FTFY!
Or more to the point: Avoid Java.

Straight up theft by jtownatpunk.net · 2013-11-30 07:25 · Score: 1

And that's a big bump in electrical use these days. Especially if they're getting GPUs involved. My gaming rig's power consumption roughly triples under load. Then it cranks out the heat so my AC kick in...

No Wose Than Flash With Norton by Anonymous Coward · 2013-11-30 07:25 · Score: 1

This is no worse than Flash installing Norton antivirus when you update. Sure, you can opt out of installing Norton, but most inexperienced users end up installing it anyway.

Besides, a Bitcoin miner would probably use fewer system resources than Norton.

Re:No Wose Than Flash With Norton by Anonymous Coward · 2013-11-30 07:48 · Score: 0

Amusingly reminds me of something that needs checking but I got lazy and used IE to update Flash recently on Win7 laptop because one or more of Firefox's addons, probably AdBlock+ blocked the Norton option from appearing and the then broken Flash install page kept kicking me over to another Adobe page. Tried IE just to see how it would react and there is the little Norton (or whatever malware addition offered with Flash at that time) BS checkbox and images, unchecked the box and hit the install, it then loads a successful completion page on Firefox once the install is complete, since Firefox is my default browser there. There is still no valid substitute for Firefox+NoScript functionality, except IceWeasel etc of course. Does NoScript threaten Google's profit margins? Chrome is useless without it. Google* gets dewhitelisted in my NoScript installs, along with MS and Yahoo nonsense etc.

One Word: CNet by Frosty+Piss · 2013-11-30 07:30 · Score: 5, Interesting

End users need to learn to be responsible for their own systems.

True to a certain extent. But think about downloads from CNet.

Isn't CNet a trustworthy source? No? It certainly LOOKS like a trustworthy source. It's not a warez site, right?

But of course most /. folks know otherwise, we know that CNet is one the major sources of malware.

Also, please remember that not everyone who uses a computer is an "IT pro". This should not be necessary to avoid shit like this crap.

--
If you want news from today, you have to come back tomorrow.

Re:One Word: CNet by mjwalshe · 2013-11-30 09:06 · Score: 1

so some one want to get Google to flag the site as serving malware
Re:One Word: CNet by Anonymous Coward · 2013-11-30 09:10 · Score: 0

Nonsense. Before you drive a car on the road where you could kill someone, you usually do a bit of training. I'm not saying people should have to get licenses to use the Internet or computers, but they have only themselves to blame if they go in blind and get burned.
Re:One Word: CNet by penix1 · 2013-11-30 09:33 · Score: 1

Also, please remember that not everyone who uses a computer is an "IT pro". This should not be necessary to avoid shit like this crap.
And there is the problem. People pay hundreds or thousands for a computer and still want to treat it as an appliance like their toaster. Why should I give a shit about their safety if they don't give a shit about it? The real question is when are people going to take responsibility for their own actions? Install crapware and get infested with shit like this. It is that simple. It all comes down to greed. Greed on the part of the producers of shit like this and greed on the part of the user trying to get a free lunch when no such thing exists.

--
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
Re:One Word: CNet by Bert64 · 2013-11-30 10:25 · Score: 1

This is exactly why walled gardens are taking off, traditional computers are simply not suitable for average users as they require users to know how to avoid malicious sites while working out which ones are not malicious, and all manner of other crap.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Re:One Word: CNet by pspahn · 2013-11-30 11:29 · Score: 1

I don't really understand the thought mechanism that allows my 60 year old father to somehow install all these browser toolbars and related debaucherous software, but I know for damn sure it's got nothing to do with "being greedy".
Maybe if you took a look in the mirror every time a lay-user asked you a question you simply rolled your eyes to and gave a smart-ass response, you might see that the problem isn't always with the user. Sometimes the heart of the problem lies in the "experts" being unwilling or incapable of educating the non-expert user base.
In my experience, "computer geeks" are notoriously bad at feeling empathy.

--
Someone flopped a steamer in the gene pool.
Re:One Word: CNet by Anonymous Coward · 2013-11-30 11:30 · Score: 0

we have saying about burning children, burning makes for great homework. work good for adults too.
Re:One Word: CNet by Anonymous Coward · 2013-11-30 11:41 · Score: 0

Our lack of empathy is easy to explain: First you shout at me for 10 years about how suck at soccer - then you expect me to fix your malware infested computer? HA!. *People* are bad at empathy, period - and zero education is given. If you want it so bad, take it. Besides, your dad is probably getting them from the usual porn sites, being old does not mean 'interest' goes away.
Re:One Word: CNet by Anonymous Coward · 2013-11-30 12:10 · Score: 0

Of course, Apple and others have the solution for this. Locked down walled gardens like iOS, with their store being the only game in town. It is the age old freedom for security thing, yet again. This is why we have Windows 8 and Metro apps. Same with Cook's way or the highway on iDevices.
People need to at least take some basic care with a computer, or just use a Chromebook or tablet where that responsibility is taken away from them.
Re:One Word: CNet by Anonymous Coward · 2013-11-30 12:35 · Score: 0

How many computer geeks do you know who are not self taught? Computers are a tool that takes years of practice to master. Any idot can swing a hammer but only a framer can frame a house in a day. It should be no surprise that computer geeks show no empathy for people who want results but don't comit the time to learning how to get them.

There is no 'right to a well runing, clean computer,' its not the vendor's problem that you install boatloads of garbage on their hardware/operating systems. They sold you an inredibly powerful tool and most people out of ignorance or lazieness abuse them to the point of uselessness.

If some one keeps crashing into other cars on the highway should a rally driver feel empathy for their suffering?
Re:One Word: CNet by Frosty+Piss · 2013-11-30 12:56 · Score: 1

That's pretty brave of you to say at /. but I agree.

--
If you want news from today, you have to come back tomorrow.
Re:One Word: CNet by wagnerrp · 2013-11-30 16:37 · Score: 1

Empathy? I thought that was just something made up for counsellers on starships.
Re:One Word: CNet by Bacon+Bits · 2013-11-30 20:52 · Score: 4, Insightful

And there is the problem. People pay hundreds or thousands for a computer and still want to treat it as an appliance like their toaster. Why should I give a shit about their safety if they don't give a shit about it?
Yes, I'm sure auto mechanics, carpenters, doctors, soldiers, and farmers all think the same thing when they get up to do their daily work.
The fact is, all people need medicine, not just those who are experts. All people need homes, not just those that can build them. All people need their vehicles repaired, not just those who can do it themselves. All people need their nation defended, not just those who can devote their life to it. All people need food, not just those with the means to produce their own. And, yes, all people need computers, not just those who are experts.
We experts have jobs because we're supposed to help these other people. Having a skill doesn't make you special. It just makes you useful. Being useful doesn't give you the right to be an asshole.

--
The road to tyranny has always been paved with claims of necessity.

I found another one by NoNonAlphaCharsHere · 2013-11-30 07:32 · Score: 1, Funny

A potentially unwanted program that consumes over 50% of my CPU cycles: it's called Adobe Flash. Anybody know how to get rid of it?

Re:I found another one by Anonymous Coward · 2013-11-30 10:49 · Score: 0

Got the same problem with a process called gtk-gnash.

Screw-U-Ware by Anonymous Coward · 2013-11-30 07:33 · Score: 0

A new dimension in computing.

The really strange thing about this: by Dputiger · 2013-11-30 07:40 · Score: 4, Interesting

Bitcoin mining on anything but ASICs is no longer profitable. Even on an R9 290X with an 80+ Platinum PSU, you're making maybe $1 - $2 a day. And the vast majority of people don't have anything like that equipment. CPU mining is so slow, you'll never complete any work before the block is finished. GPU mining is still fast enough to get some work done, provided you own an AMD GPU.

But Nvidia GPUs don't mine BTC for beans and most mining kernels will crash an NV card or lead to rampant slowdowns and random lockups. Even an AMD card needs a low priority miner to escape the kind of UI chokeup that immediately alerts someone to a problem in the system. This might have made sense in 2010, when CPUs could still mine, but these days the return on investment is going to be terrible -- and the performance hit is big enough that people *will* notice.

Re:The really strange thing about this: by NoNonAlphaCharsHere · 2013-11-30 07:43 · Score: 5, Informative

That's the whole point: there's no investment at all if it's running on somebody else's machine.
Re:The really strange thing about this: by DingerX · 2013-11-30 07:45 · Score: 2

Who cares? If your freebie gets 100k installs, and only 1000 of them still work, you can probably count on $500/day, recoup your dev costs and make some money faster than you can say "Unconscionable".

Yeah, there is that. A EULA that crypto-tries to say "in exchange, you agree for us to take over your computer and use it to crank out money" is no good.
Re:The really strange thing about this: by ledow · 2013-11-30 07:51 · Score: 1

From what I see on the various online calculators for these sorts of things, the kind of ASICs you could afford are no longer profitable even now. You make a net loss on electricity even on the cheap, low-power USB device. You have to spend about $2000-3000 on a dedicated machine with dozens of ASICs in order to actually make any profit.
And when you project into the future for the difficulty changes, etc., you'll find they are barely profitable for a year or two.
CPU mining is worthless. Even with a whole bunch of computers running "for free", you won't make any money out of it.
GPU mining is uneconomical but you might make a few bitcoins before the difficulty changes again.
ASIC mining isn't really subject to the article's malicious use scenario, but even then in another couple of years you won't be able to make money.
The problem is that there's little where else go go. We're reaching the top of the curve for bitcoin mining, long before all the possible coins are "found".
This is one of the reasons that Bitcoin has seen massive jumps in price since the ASIC generation turned out to just kill off the predecessors, not actually make a bucket-load of profit.
Re:The really strange thing about this: by gl4ss · 2013-11-30 07:54 · Score: 1

it's profitable.
it's just unprofitable if you have to pay for electricity or the machine investment. there is no investment in this method though. ..besides many of these machines do have gpu's.

--
world was created 5 seconds before this post as it is.
Re:The really strange thing about this: by tompaulco · 2013-11-30 08:20 · Score: 0

You must be looking at some strange calculators. ASIC devices are much more efficient on energy than even the most efficient GPUs. My GPU is just about breakeven at current prices and difficulties. The cheapest ASICs would make me a few hundred in profit. The biggest ASICs, some of which cost $1,000, use a few hundred watts of electricity and would presently yield $2,500 USD equivalent a month.
I haven't bought an ASIC and I haven't mined in awhile, but I pay attention, and it is definitely still very profitable with the latest technology.
All of the previous revolutions in mining made the previous generation unprofitable. ASICs made FPGA obsolete (well, maybe not quite yet). FPGA made GPU obsolete (not really, but ASIC sealed its fate). GPU made CPU obsolete (eventually).

--
If you are not allowed to question your government then the government has answered your question.
Re:The really strange thing about this: by tftp · 2013-11-30 08:26 · Score: 1

We're reaching the top of the curve for bitcoin mining, long before all the possible coins are "found".
This means that at some point the remaining coins wouldn't be searched for. For that to be economical, each coin would have to cost a $1M or something. If that's not the case, there is no reason to bother. It's exactly as I don't walk the streets looking for lost coins, wallets, or jewelry. I guess I could get some revenue this way, but it makes no sense - there are better ways to make money.
ASIC mining isn't really subject to the article's malicious use scenario, but even then in another couple of years you won't be able to make money.
Miners, as I understand, are an essential part of BTC network. If nobody mines anymore, how will the network operate? There is nothing on the horizon, and the difficulty would make it prohibitive anyway.
Re:The really strange thing about this: by reikae · 2013-11-30 08:30 · Score: 1

It's profitable, but not as profitable as you think. One thousand Core i7 3930k CPUs mining (66 GH/s) nets around 40 euros per day (at 835â/BTC).
The number of installs is probably much higher than 1k, but on the other hand most CPUs won't be as fast as a 3930k and won't be running 24/7.
Re:The really strange thing about this: by reikae · 2013-11-30 08:34 · Score: 1

As I understand it, the miners also get a tiny fee for processed transactions. So maybe you'd walk the streets looking for loot if you got paid x amount every ten meters.
Re: The really strange thing about this: by Anonymous Coward · 2013-11-30 09:01 · Score: 0

That's the spamming business model. The cost is so low, that even minimal returns can add up. So what if the chances are low that a PC can contribute much. What about 1000 PCs? 1000000 PCs?
Re:The really strange thing about this: by tftp · 2013-11-30 09:05 · Score: 1

From what I know, miners only get a fee from the blocks that THEY mined. Not from other miners' blocks. If true, this gives even more advantage to "early adopters" - not only they sit on mountains of nearly free BTC, they also collect rent on it. Those would be the only "miners" left (they won't be doing actual mining, probably.)
Re:The really strange thing about this: by ledow · 2013-11-30 09:10 · Score: 3, Interesting

http://mining.thegenesisblock.com/
Select the hardware, look at the cost (just underneath it), see how many actually make a profit (in blue on the right) after a few months, how many after an entire year, and how many never make one (profit in red and bracketed).
Quite a lot of the companies have NOTHING on there that generates profit at all (including the new USB ASIC miners, for instance, as I said).
The ones that do make a profit, you need a few thousand of dollars investment, hope the difficulty doesn't go up, and you might make a few hundred dollars for 6 months until they start to make a loss. The ones that make thousands of dollars cost over $10,000 in the first place.
And next year, you will be worse off again.
Not saying you can't make profit. Saying that when you take into account the hassle, the cost, the difficulty changes, and the risk, you'll be lucky to make more than your bank would have given you for the same amount of cash in a savings account. And at least that doesn't "devalue" over time.
Re:The really strange thing about this: by Anonymous Coward · 2013-11-30 09:14 · Score: 0

You are 100% wrong. Take all the ASIC's you can buy and I can out mine you in a heartbeat on PC's.. Because if I have 500,000 users computers out there all mining for me, you don't have enough cash to buy enough ASIC's to even get close to 1/10th my capacity.
Now scale that up on a popular app or a scumbag company like download.com bundling it on everything and your precious ASIC becomes a joke. A complete and utter joke.
Call me when an ASIC can match the power of 1.2 million computers that are compromised by a company like CNET or Sourceforge.
Re:The really strange thing about this: by ledow · 2013-11-30 09:15 · Score: 1

You can pay a transaction fee to speed your transaction. It's assumed that when all the coins are mined, people will make money from this transaction fee instead.
But all coins aren't mined yet, so there's still a once-in-a-year/decade/whatever chance that you'll generate a whole coin, so people won't stop mining for a while yet. And a whole coin is worth several thousand at the moment. It won't be "profitable" but people will still be mining on the off-chance of a windfall, I suspect.
Re:The really strange thing about this: by ArchieBunker · 2013-11-30 09:44 · Score: 1

That is still hardly worth it.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
Re: The really strange thing about this: by DigiShaman · 2013-11-30 10:11 · Score: 1

Assuming the BT bubble doesn't pop anytime soon; eventually BT mining will only be profitable with large investment funds. Like say, financial institutions and banks.
So basically, nothing changes for the little guy. He/she will still get fucked. Fact of life!

--
Life is not for the lazy.
Re:The really strange thing about this: by Bert64 · 2013-11-30 10:33 · Score: 1

You won't get to a situation where noone is mining at all, as those for who mining is no longer profitable stop mining the share of profits for those who remains will go up and the difficulty goes down. Eventually you will hit a plateau where the people with cheap electricity and the latest asics will make money and noone else will bother.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Re:The really strange thing about this: by Bert64 · 2013-11-30 10:43 · Score: 2

Current generation ASICS are capable of hashing bitcoin faster than supercomputers, which consist of thousands of high end CPUs running 24/7...
Your network of compromised computers won't all be running 24/7, won't all be the latest processors and won't have exclusive use of the CPU...
Incidentally this article isn't talking about bitcoin, but about an alternative coin which works similarly to bitcoin but using a different proof of work algorithm, one that is designed to be less suited to GPU and ASIC implementation, while also being less popular and thus having less competition (and much lower value).

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Re:The really strange thing about this: by shutdown+-p+now · 2013-11-30 11:01 · Score: 1

Mining Bitcoins is unprofitable, yes. Mining some other coins (e.g. Litecoin) can still be profitable, even on a GPU. About $400/month with a high-end AMD at current difficulty.
Re:The really strange thing about this: by Anonymous Coward · 2013-11-30 11:08 · Score: 0

That is still hardly worth it.
Maybe where you live. In some parts of the world, 40 euros a day would allow you to live like a king.
Re:The really strange thing about this: by petermgreen · 2013-11-30 11:33 · Score: 1

When a transaction is included in a block any transaction fees in that transaction* go to the miner who included the transaction in the block. Where the bitcoins originally came from is irrelevent.
* Including transaction fees in your transaction is not mandatory but doing so increases the chance of it getting included in a block in a timely manner.

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Re:The really strange thing about this: by petermgreen · 2013-11-30 11:36 · Score: 1

If nobody mines anymore, how will the network operate? There is nothing on the horizon, and the difficulty would make it prohibitive anyway.
The difficulty is set to keep the rate at which miners successfully create blocks roughly constant. If miners stop mining and the total network hashrate drops then the difficulty will also drop.

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Re:The really strange thing about this: by Anonymous Coward · 2013-11-30 12:13 · Score: 0

Um... BitCoins have nowhere to go but up. That $500 a day may be iffish, but it won't be long before it becomes $5000 a day or $50,000 a day as the Chinese trade real value for a currency that can't depreciate or be tampered with (read, no printing press.)
Re:The really strange thing about this: by tompaulco · 2013-11-30 12:22 · Score: 1

Guess I just got lucky. My GPU miner, which I used for maybe a year has produced over $120,000 worth of bitcoins (a little over 100). It cost me about $700 and the electricity maybe cost me another $700.

--
If you are not allowed to question your government then the government has answered your question.
Re:The really strange thing about this: by Anonymous Coward · 2013-11-30 12:23 · Score: 0

For now... Once BitCoin hits $10,000 a unit, those devices will be very useful.
Re:The really strange thing about this: by jafac · 2013-11-30 14:00 · Score: 1

The cure for this is 1.2 million copies of Malwarebytes, cleaning this shit off.
Sadly, I am dreaming if 1.2 million people would visit malwarebytes.com, download their stuff, and run it regularly. :(

--

These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Re:The really strange thing about this: by Anonymous Coward · 2013-11-30 14:18 · Score: 0

Hardly worth what? You're saying the revenues are small. Others are saying the expenses are zero, because the person who pays for the energy isn't the same as the person who gets the bitcoin. Small revenue minus zero expenses equals profit.
Re:The really strange thing about this: by R3d+M3rcury · 2013-11-30 15:37 · Score: 2

Well, consider an alternative: Putting ads in your application. That might get you a few cents per day. Getting $50 a day from an application sounds like a pretty good deal to me.
Re:The really strange thing about this: by NIK282000 · 2013-11-30 17:19 · Score: 1

Even in a westernized country 40euros a day will keep you drinking for free. That's more than enough incentive to add a bitcoin bot to your software. The real fun will start when you have more than one of these bitcoin bots fighting for your CPU time. Current malware will pale in comparison to bots who's only goal is to run your computer balls out.

--
Dear aunt, let's set so double the killer delete select all
Re:The really strange thing about this: by blackraven14250 · 2013-11-30 20:17 · Score: 1

This is the kind of thing where you can't see the forest for the trees - the problem is doing this on a massive scale as an addon to another application. As a company, you are not paying for equipment or electricity, only via your public image, and that requires someone to discover you're doing it first. It's like having a botnet mining coins for you. While you might not get a ton per computer infected, the total sum is going to be substantial over time.
Re: The really strange thing about this: by Anonymous Coward · 2013-12-01 11:53 · Score: 0

lies. screen shots and links or it didn't happen.
Re: The really strange thing about this: by Anonymous Coward · 2013-12-02 12:08 · Score: 0

Assuming the BT bubble doesn't pop anytime soon; eventually BT mining will only be profitable with large investment funds. Like say, financial institutions and banks.
Theoretically when the bubble pops and fewer people mine, then the difficulty goes down until it become profitable to mine again. Those who are most efficient at mining will be the only ones profiting. As in this story, using someone's electricity and hardware is very efficient.

Chutzpah. by fieldstone · 2013-11-30 07:55 · Score: 1

This is pretty much the definition thereof.

Names please by k2r · 2013-11-30 07:56 · Score: 1

Whenever I read something like this it makes me wonder what "plausible" software is the means of infection.
I may be naive but I can not imagine that any of the companies and individuals I install stuff of on my machines would be shady enough.

What stupid stuff from what shady source do I have to install to get a Bitcoin-Miner I didn't ask for?

Re:Names please by k2r · 2013-11-30 08:02 · Score: 2

I should have understood the article, first.
From the article it seems to be
www.yourfreeproxy.net
Well, who would not want to install an application that redirects all of their network traffic though their servers FOR FREE?
Re:Names please by mr_jrt · 2013-11-30 08:37 · Score: 4, Insightful

I should have understood the article, first.
From the article it seems to be
www.yourfreeproxy.net
Well, who would not want to install an application that redirects all of their network traffic though their servers FOR FREE?
Someone not very technical wanting to bypass their government's mandated filtering?

--
Boo.

Could be worse.. by Anonymous Coward · 2013-11-30 08:17 · Score: 0

At least they don't turn you into a Humancentipad

False advertising laws may come into play here by Anonymous Coward · 2013-11-30 08:20 · Score: 0

In many countries advertising a product as "free" when you have fine print that says it's not free (hint: electricity costs money) is illegal.

10 words or less by Anonymous Coward · 2013-11-30 08:26 · Score: 0

Could you reduce what you just said down to 10 words? Thanks.

Fair is Fair by Murdoch5 · 2013-11-30 08:31 · Score: 1

If the EULA mentions minning of any kind and you accept it without reading it then you can't complain. The reason you have the EULA presented to you is because you're meant to read it.

Re:Fair is Fair by Jeremy+Erwin · 2013-11-30 08:36 · Score: 1

My attorney bills $250/hour to read and analyse a EULA. Expensive, but worth it.
Re:Fair is Fair by Anonymous Coward · 2013-11-30 08:50 · Score: 0

So, reading an EULA is actually work, and they expect us to do it for free???
Re:Fair is Fair by Anonymous Coward · 2013-11-30 09:54 · Score: 0

The reason you have the EULA presented to you is because you're meant to read it.
I guess you never tried to read one than ? With "read" as in read-and-fully-understood ofcourse.
Although for most of us its quite doable to read the words in a EULA, and we might even speak the sentences they create without stuttering, understanding the meaning of those words and sentences, let alone the whole document, is a whole other matter.
Nope, as far as I can tell EULAs are not ment to be read by the users. Quite the opposite actually.
Re:Fair is Fair by Anonymous Coward · 2013-11-30 11:21 · Score: 0

How many hours, pray, have you invested in this EULA analysis?
Re:Fair is Fair by pspahn · 2013-11-30 11:43 · Score: 1

If only we could come up with some kind of bot-net to read them for us.

--
Someone flopped a steamer in the gene pool.
Re:Fair is Fair by Anonymous Coward · 2013-11-30 15:14 · Score: 0

So, reading an EULA is actually work, and they expect us to do it for free???
No, the lawyers that made the EULA expect you to hire another lawyer to read and analyse the EULA. It is called job security.

potentially? by Anonymous Coward · 2013-11-30 08:47 · Score: 0

I think we just need to call it UP - unwanted programs. No potentially about it.

Doesn't Digsby do something like this? by mrbene · 2013-11-30 08:55 · Score: 1

Pretty sure that "free" chat client aggregater Digsby has been using CPU time on machines it's been installed on for ages - one of the reasons I don't recommend people use it.

It's in section 15 of their TOS.

Don't know if they've ever used this specifically for Bitcoin mining, but there's no reason they couldn't.

Re:Doesn't Digsby do something like this? by Samizdata · 2013-12-01 09:47 · Score: 1

Actually, you could opt out of it.

--
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.

theft of electricity... by AndroSyn · 2013-11-30 09:02 · Score: 2

Remember when all the crackers could be charged with was, "Theft of Electricity"? Now this is actual real theft of electricity.

Re:theft of electricity... by mjwalshe · 2013-11-30 09:08 · Score: 1

Theft of the Queens electricity in the UK :-)
Re:theft of electricity... by Anonymous Coward · 2013-11-30 10:32 · Score: 0

They're rustlers pardner. Let's saddle up and get 'em. Yehaaa! Who's got the rope?
Re:theft of electricity... by Anonymous Coward · 2013-11-30 14:56 · Score: 0

"Queens electricity in the UK "
And if you disconnect her from the grid is it still hers?
No wonder she's the bright light of your country, she provides the power.
celle

Add a checkbox at startup by Anonymous Coward · 2013-11-30 10:55 · Score: 0

How do you want to pay for using this application?
[ ] advertisements shown within the application
[ ] participation in email campaigns
[ ] redirecting your network traffic for market analysis
[ ] solving captchas for us
[ ] by providing processing cycles
[ ] $

Seems fair to me. Just should be visible to the user and not hidden in some EULA.

Do no evil by brucefulton · 2013-11-30 12:32 · Score: 1

Suppose this concept was used for good instead of evil. Suppose someone were to set up a benign bitcoin miner that individuals could volunteer to install and decide how much unused cpu time they were willing to allocate. Suppose, say, 85% went to some charity and 15% went to "admin overhead" and suppose people started deducting the expense as a charitable donation? Perhaps the donor might even get a bit of a cash rebate? Interested in working it through? Email me.

Re:Incorrect - Commercial Use of Others' Resources by Anonymous Coward · 2013-11-30 14:38 · Score: 0

I would think stealthy/obscured one-sided "agreements" to use the resources of others to generate revenue without their clear knowledge should get the attention of consumer advocates and attorneys general of various states?

YMMV

Re:"potentially unwanted programs" - Java Wanted! by Anonymous Coward · 2013-11-30 14:59 · Score: 0

I had to install Java (Open JDK/IcedTea) recently on a personal Linux PC to take an online JBoss admin class from RedHat. My employer already has the "real" Oracle item for programs they use internally installable on company PC's (I just did not want to the class to be "interrupted" by work activities I was running on another monitor for the work PC).
So there are legitimate uses for Java - imagine that!

It is very much a matter of "informed consent", and I think that is what is lacking in this topic's case of the PUP's stealthy EULA clauses for the bitcoin mining "vampire" software.

YMMV

Re:Do no evil + Informed Consent by Anonymous Coward · 2013-11-30 15:14 · Score: 0

Applies to SETI@home vs the "uninformed consent" involved with this PUP/EULA obfuscation.

CPU: Choose the right coin (not Bitcoin) by DrYak · 2013-11-30 15:18 · Score: 4, Informative

I'd imagine that the fact that even GPU mining is a fairly dubious proposition at this point (I can't remember if the increases in price lately allow it to still be viable if the hardware costs are already sunk but you need to pay the electric bill; but the FPGAs and ASICs aren't getting any slower or less numerous)

Indeed, for *Bitcoin*, anything under a high-end ASIC (dozens or more GH/s) is worthless and a huge waste of electricty and heat.

even donated or stolen CPU time would be close to worthless, even if doing it in Javascript doesn't impose much overhead...

The trick is choosing the correct crypto coin: there's a whole zoo of them.
Some rely on SHA256^2 hashing like bitcoin, other rely on hashing algorithme for which only CPU implementations do exist (Primecoin is a nice example, and also doubles by doing actually useful computations instead of just plain brute-forcing hashes).

In fact TFA article is wrong, this isn't a Bitcoin miner. This is a miner for Protoshare, which is currently mostly mined on CPUs.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]

Re:CPU: Choose the right coin (not Bitcoin) by Anonymous Coward · 2013-11-30 22:57 · Score: 0

Thanks for the nuance. I'd upvote if I could.
Re:CPU: Choose the right coin (not Bitcoin) by fuzzyfuzzyfungus · 2013-12-01 02:59 · Score: 1

Man, the future of FOREX is going to make the Linux DE holy wars look like minor doctrinal differences...

No GPU. by DrYak · 2013-11-30 15:21 · Score: 1

And that's a big bump in electrical use these days. Especially if they're getting GPUs involved.

Not in this case. This miner isn't for Bitcoin but for another alt-coin (with a different algoritm) which is mostly mined on CPUs.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]

Use other alt-coin (they did ProtoShare) by DrYak · 2013-11-30 15:26 · Score: 1

Who cares? If your freebie gets 100k installs, and only 1000 of them still work.

But instead of actually mining *Bitcoin* (have no idea where that idea came from) which will probably bring you 10$ a day,
do like TFA and install something which mines a different alt-coin powered by an algorithme which only runs on CPUs.

TFA's example is actually a Protoshare miner.

PrimeCoin is another example which is still mined mostly on CPUs (and in addition to mining also produce scientific data)

Then there are stuff like Quark Coin which use all the candidate for SHA-3 as hashing algo (and don't have good GPU implementation yet, and no ASICs at all).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]

Re:Incorrect - NOT "Full" Disclosure! by Anonymous Coward · 2013-11-30 15:28 · Score: 1

From the MWB page's quote of the relevant EULA section:

"...mathematical calculations for our affiliated networks to confirm transactions and increase security. "

Confirm WHICH transactions and WHOSE security? I think an aggrieved user could make a legal case that this language is deliberately obscuring who benefits, and in what way. Considering the use of their resources to benefit someone else is what is really happening, it should not be hard to conclude that this is fraudulently intended.

Signs of the future... by Anonymous Coward · 2013-11-30 15:29 · Score: 0

I've you thought this was bad, come back in a couple of years,where licenses will say, they can transfer your bitcoins to them ;) :) =D

Incorrect, also the coin by DrYak · 2013-11-30 15:29 · Score: 1

That not the only incorrect thing.

The mined coin isn't bitcoin, it's protoshare.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]

Re:Idiot. by Anonymous Coward · 2013-11-30 16:45 · Score: 0

This.

GPU Mining+Stolen Electricity is still profitable by billstewart · 2013-11-30 18:59 · Score: 1

Stealing CPUs for mining probably isn't worthwhile. Using your own GPU isn't particularly worthwhile (unless it's winter and you have electric heat, and aren't buying new hardware.) ASIC miners are available surprisingly cheaply on eBay and IIRC DealExtreme, and if you're going to buy mining equipment, the best choice is probably them or maybe FPGA boards. But from what I hear, GPU mining with stolen electricity is probably still profitable, at least if you're infecting machines yourself; not sure if it's profitable if you're also renting botnet time.

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks

Re:GPU Mining+Stolen Electricity is still profitab by sjames · 2013-11-30 20:06 · Score: 1

Near the beginning of the month, some group or another was exploiting a PHP vulnerability to get web servers to mine bitcoins for them. I saw multiple attempts every day in the logs.

If you're stealing all the CPU cycles it's apparently still worth it to someone.

good thing that by Anonymous Coward · 2013-12-01 04:50 · Score: 0

this...

However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves."

.. will in no way prevent malwarebytes or any other security software vendors from flagging such softwares as bad and offer to delete them.

to the perpetrators of this scam... fuck you.

Culprits already fingered? by Anonymous Coward · 2013-12-01 06:50 · Score: 0

If the culprits are already fingered, then denounce them widely on the internet and whoever they are commercially associated with in this bundling scheme and drive them out of business (and if its not easy to remove then it is big bucks lawsuit time) Someone creative might come up with an App that would bombard the miner's result pickup site with endless garbage just for fun

Python interpreter overhead by tepples · 2013-12-01 11:04 · Score: 1

What does Java do that a piece of Python\Perl\Ruby\Lisp script can't do

Run on Java ME phones is one. Acceptable performance through recompilation to native code is another. Last time I checked, Python, Perl, and Ruby were interpreted, with expectation that inner loops would be factored out into a library written in C++ and called through ctypes or the other languages' equivalents. Java threading also beats Python's Global Interpreter Lock.

Flashblock by tepples · 2013-12-01 11:24 · Score: 1

I save cycles on a PC with a 1.6 GHz Atom CPU by setting plug-ins to click-to-play. It used to require an extension called Flashblock, but now it's starting to get built into browsers.

Chase savings accounts pay 0.01% APY by tepples · 2013-12-01 11:29 · Score: 1

you'll be lucky to make more than your bank would have given you for the same amount of cash in a savings account.

I moved my money to Ally CDs because Chase savings accounts pay 0.01% APY.

And at least that doesn't "devalue" over time.

While fiat currencies inflate, Bitcoin keeps on deflating.

Mining pools by tepples · 2013-12-01 11:39 · Score: 1

From what I know, miners only get a fee from the blocks that THEY mined. Not from other miners' blocks.

When a miner in a mining pool scores a block, the pool's owner earns the minted coins and transaction fees and then pays 98 percent of that to the miners in the pool proportional to the number of hashes that each miner contributed to a block.

Mine coal where the coal is by tepples · 2013-12-01 11:41 · Score: 1

Eventually you will hit a plateau where the people with cheap electricity and the latest asics will make money

Just as people invest in coal mining where coal is plentiful, people will invest in Bitcoin mining where electric power is cheap.

Similarity with Linux by DrYak · 2013-12-02 13:17 · Score: 1

Man, the future of FOREX is going to make the Linux DE holy wars look like minor doctrinal differences...

I think the parallel with Linux is valid on a lot of point.
Not only have recent history seen an explosion of variants:
(There are many alt-coins just as there are many linux distributions).
But on the long term, probably is will resolve itself in the same way:
A couple of widespread mainstream variants (like Debian, Redhat, Ubuntu, openSUSE) (same in the crypto-coin world: Bitcoin and Litecoin are apparently here to stay, and happy at their position)
A few others for more specialist uses (like Gentoo, Knoppix, SystemRescueCD) (probably in the crypto world some *actually anonymous* coin will emerge).
And then a whole bunch of entries that nobody has ever heard of and are almost not used.

But there's a small difference:
- Low popularity linux distro, end up usually abandonned
- Whereas, low use coins end up being the playground for troll-traders.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]

Slashdot Mirror

Bitcoin Miners Bundled With PUPs In Legitimate Applications Backed By EULA

194 comments