Slashdot Mirror
Adware Vendors Buying Chrome Extensions, Injecting Ads
An anonymous reader writes "Ars reports that the developers of moderately popular Chrome extensions are being contacted and offered thousands of dollars to sell ownership of those extensions. The buyers are then adding adware and malware to the extensions and letting the auto-update roll it out to end users. The article says, 'When Tweet This Page started spewing ads and malware into my browser, the only initial sign was that ads on the Internet had suddenly become much more intrusive, and many auto-played sound. The extension only started injecting ads a few days after it was installed in an attempt to make it more difficult to detect. After a while, Google search became useless, because every link would redirect to some other webpage. My initial thought was to take an inventory of every program I had installed recently—I never suspected an update would bring in malware. I ran a ton of malware/virus scanners, and they all found nothing. I was only clued into the fact that Chrome was the culprit because the same thing started happening on my Chromebook—if I didn't notice that, the next step would have probably been a full wipe of my computer.'"
And that, ladies and gentlemen, is how the free market works.
The reputation of these plugins is worth money. The down side is that once the malware infected extensions are reported to Google, Google will kill them off in the browsers. They wont live long enough to make their money back. The adsheisters will quickly see their reputation vanish and their install base dwindle.
What makes this really bad is that it's difficult to permanently remove Chrome extensions sometimes. If I delete it, it will just show back up in a few minutes, probably because it's saved somewhere in my central account. Now with this out there...
Would anyone be surprised to learn the NSA has been doing similar tactics, strong-arming popular extension writer like ad-blockers to spy on users?
I've seen contract gigs like the following, more than once, on boards such as Guru.com. One specific contract offer wanted code that would reset the, uh, "users" homepage to a URL to be specified by the client, then make it impossible for the "user" to set any other homepage. That's it. Perhaps I'm in the wrong business. It's a lot harder than I thought to get a job as an iOS developer, but I am really good with assembly code, debugging and reverse engineering. Perhaps I should write malware for the Russian Mob.
Please mail me URLs of software employers.
FTFA : - "Chrome's extension auto-update mechanism silently pushed out the update "
Google need to disconnect their Chrome core update mechanism from the extension updates (unless ones of their own authorship). Of course, they cannot do anything about users accepting updates directly from independent extension writers.
Otherwise, Chrome is dead in the water.
The internet has ads?
I haven't seen em in years...
The commenters in arstechnica also mentioned search engine hijacking too. Maleare if you ask me?
This and advertisers circumventing adblock which was mentioned yesterday shows a war.
Is IE the only defense? Firefox has a lot more powerful API for extensions and add ons so I wonder if that is unsafe as well? However Mozilla has a greater track record in protecting freedom and privacy as an organization. Taco was an infamous extension that did what ghostery does for Firefox but a spammer bought it and ruined it.
http://saveie6.com/
The whole notion of automatic updates just doesn't make any sense.
Please assure that you're not one of those people who complain about users running unpatched Windows boxes because they turned off auto-update.
For the average non-techy user auto-update is the one thing I'd say is essential. They're not in any position to judge what parts of their system need, or don't need updates, and I'd rather that they trust in Google, or Microsoft, or even Canonical to decide for them.
Now, you can debate the fine points, about whether minor plug-ins should auto-update, or ask why Java on Windows boxes seems to want to update every third day, as does Adobe Reader, but in general I'd still argue that auto-updates are good security practice.
Three Squirrels
to my Firefox extension and they were all kinda shady. Extension development is kinda niche to begin with, so I figured they were planning something like this. I'm just surprised it took so long for people to notice.
I don't see it as a huge problem though. Most extension developers are like me, hobbiests and enthusiasts. There's really only a few big ones (like Adblock Plus and Firebug) and those are big enough they're not a target for these sorts of things.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
...these malware companies buy out AdBlock. :-/
Koans and fables for the software engineer
Many people have defected from IE due to its problems with malware and adware. Firefox, but more so Chrome seemed to be safe. So now that the awesome, "safe alternative" browser is compromised, what's next? I can't imagine there an easy fix to this. Is it time to go to yet another browser?
This is almost like how pharmaceutical scientists keep having to modify and discover new antibiotics. The current batch of drugs eventually becomes less and less effective and the bacteria become resistant, prompting us to constantly evolve the offerings.
Yeah no security risk at all to not autoupdate a platform that executes code
http://saveie6.com/
Automatic updates, by themselves, are an awful security practice. They mean that whoever writes the updates can install (intentionally or unintentionally) damaging code on all users' machines without the knowledge or choice of the user.
Automatic updates are a good security practice only if the user is willing to give their unconditional trust to the author for the entire time that the updater is running. This is not always the case. The possibility of an ownership transfer is one reason why it is not. Another is that I may not trust some companies to fully test their software before pushing it, so I don't want their updates until it is confirmed that the update doesn't brick my machine or break essential functionality.
Googles bottom line is to make advertising through its networks and its platforms as seamless and easy as possible. The only reason this model would be shunned is if its not generating appropriate revenue for google. Given the unorthodox nature of the advertisements, and the fact they circumvent per-click revenue entirely, they will probably see a crackdown.
but dont take this to imply Google cares how and when you get to see advertising. If you need proof, just try to find AdBlock Plus on the play store. google unceremoniously axed it in 2010 because the platform isnt designed to do what you want in spite of the models lucrative approach to its users as a saleable product. the ad-only vendors in Chrome will be warned to include some marketable widget or product. A cud if you will for the consumer that is their cow to chew.
Good people go to bed earlier.
People really use Chrome? Hahahahaha, I bet they also still use Facebook for purposes other than trolling, hahahaha! I think the implied relevance of this story is a good indication of Slashdot's new core audience after it was invaded by sissy effeminate momma's boys and bull-dykes.
-- Ethanol-fueled
Your comments are often dead-on, though most of the dimwitted fools
who hang out here will of course mod you down.
The bottom line is that idiots get what idiots deserve. Idiots are prey, and
smart people are predators.
Happy hunting :-)
The author was about to try wiping the OS and reinstalling. But when he installed Chrome, it would have auto-installed the extension on the clean new OS. Just lovely.
and google is your friend
and this is exactly why I don't allow auto updates. I do have it set in Windows to download them and tell me they're available so I can plan when to install them instead of just blindly rebooting the fucking computer.
In the Linux world, I don't ever auto-update at all. No Sirree. Of course, I take the time to read up on the vulnerabilities but as I tend to run Gentoo, many times the damn vulnerabilities in a feature I don't need/use or even want on my computer as it's a single user system.
Now get off my lawn so I can finish painting myself into the fucking corner while checking to see if I can still run KDE 3 on latest stable debian.
Mod me up/Mod me down: I wont frown as I've no crown
The whole notion of automatic updates just doesn't make any sense.
Please assure that you're not one of those people who complain about users running unpatched Windows boxes because they turned off auto-update.
For the average non-techy user auto-update is the one thing I'd say is essential. They're not in any position to judge what parts of their system need, or don't need updates, and I'd rather that they trust in Google, or Microsoft, or even Canonical to decide for them.
Now, you can debate the fine points, about whether minor plug-ins should auto-update, or ask why Java on Windows boxes seems to want to update every third day, as does Adobe Reader, but in general I'd still argue that auto-updates are good security practice.
And your theory holds true...right up to the point where those trusted sources (Google, Microsoft, or even Canonical) start pushing their own ad(genda), along with their mal(genda) and spy(genda).
And besides, those trusted sources don't even have to install anything on my computer for me to not trust them at all. It isn't what they do ON my system that worries me as much as what they do with my data gathered via the intertubes that they'll sell off to the highest bidder, or hand over to the government on a whim.
Well, there's at least two - Adblock Plus and Adblock Edge, which is a fork. So it would take a few more dollars to both buy them both AND re-license it with a mean lawyer who takes out the forking permission rights!
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
unless you like getting ads rammed up your ass
Adsuck works well.
What good is increased security against theoretical security flaws in Windows that tend to be very difficult to take advantage of when one of the updates completely wrecks the OS? I work in a repair shop and we have non-booting machines coming in constantly due to botched automatic updates. Funny enough, the machines that we kill updates on and install Firefox and Avast don't seem to raise any more problems until a hardware failure happens or a user does something stupid like download "Paris Hilton Sucks Cocks.jpg.exe" which no security software will stop anyway. Even if the OS suicide doesn't ever happen, updates cause lots of fragmentation and scattering of OS files, reducing performance in ways that can only be partly recovered from. Why does Windows get slower over time? Answer: runtime installers and Windows updates.
tl;dr: Updates hurt more than they supposedly help.
but also the out-right ripoffs of popular ones like adblock.... in this regard, firefox addons > chrome 'store' by a mile. chrome may render faster but fuck this shit, google. go away already.
Specifically, can we assume that any extension loaded into Firefox via the official extensions repository, is open-source, and that someone from Mozilla is checking the extension before an update is released?
Mose extensions, add ons and tool bars are crap... Even before the advertisers and malware guys hack their way in.
Enjoy your hot wet sex video!!!!!
I disagree auto update got a bad rap because MS and others pushed updates that had nothing to do with security or system fixs. So MS and others created this problem with non tech people, now we all live with it because ..ya just cant trust anyone to do the right thing, use auto update for security and OS bug fixs ONLY.
Jack of all trades,master of none
I have noticed that quite a few of the free and freemium utilities out there that have been mysteriously "corrupted." For instance reputable utilities for removing or repairing PUA infestations that suddenly start including trojan payloads of their own. Others have been gutted to the point of near or complete uselessness and only act as nagware to purchase a former and quite often shady competitor's payware version instead.
Any sufficiently advanced influence is indistinguishable from control.
Betty White's birthday was yesterday, comrade.
No, it was January 17, 1922.
She might have celebrated it yesterday and that's a good thing for two reasons. First, many people of that generation are no longer around and second because no one really celebrates their actual birthday... one instant you are warm and cozy in the only environment you have ever know and the next you are in a cold, noisy place with bright lights and someone may even smack you on the ass! And, while some may grow to enjoy that last little bit, the first time is not fun.
Underlying code of IE extensions too can be updated silently. Ignore browser use stats. Overall Chrome extensions have more users than IE extensions. There are more Chrome extensions that IE extensions. It's a bigger market. If you are shopping for extensions to convert which do you buy? The ones with the most users.
Stop being an ass, especially when you've got the definitions backwards. Birthday is the day of the year. Birthdate (or DOB=date of birth ) is the actual date in history you were born.
http://forum.wordreference.com/showthread.php?t=2597655
Do evill only if it pays more.
So you sit down and check on the health of your machine, you go through logs reading on what is vulnerable, and then you manually apply security patches.
How is this relevant in a discussion about what is best for a normal user again?
The normal user can barely be trusted to check in their car for a scheduled service let alone go through security updates one at a time. Like it or not the number of security threats caused by malicious updates is infinitesimal compared to the number of security threats caused by bugs which haven't been patched.
I just went through my chrome extensions. When you go to Settings then Extensions, (on a chromebook anyway) there is a permissions link for each extension. I checked through mine and found a calculator I installed had access to all my tabs and my browsing history, clearly something a calculator does not need. So I clicked the trashcan icon. It's gone. I searched for a new calculator (I like on that goes up next to the box where the web address is. I clicked on a couple to install them. When you click on one that has special permissions, chrome warns you before installing. I found one that has only one special permission, to access the clipboard. I think this is reasonable, since I often paste numbers into a calculator.
Of the remaining extensions that I have installed that have special permissions, they are reasonable, for example an extension to take pictures can use the camera, a video chat extension can use the camera and microphone.
My main point is, it is actually very easy to uninstall a chrome extension, it is easy to find extensions with special permissions (and there are not that many that have them).
Have you ever tried to disable Chrome / Chromium auto-update? I had to find the 'task' and make sure it does not run, there is no other way to block. This is beyond the capability of a majority of users. It seems Google wants the auto-update to run no matter what.
Other than 'feature bloat' - and may be closing few security issues - there are no great advantages to a newer browser anymore, at least on the desktops.
Tat Tvam Asi
get a clue, dope! if a platform can execute code, then it's the worst thing to have auto update! it's because the auto update patch could be malicious or poorly written and cause damages. what people are saying here (if you bothered to read) is that if you wait to manually update then any broken patches will have caused an uproar and be removed.
Get a clue!
One new thing is Mozilla pushing updates at me while I am using their product. As It is Saturday night, and I work in IT, i found my self working. Ok. Happens. While I am working feverishly on browser-access-to-console stuff, my browser locks up. Oh.. I was suppposed to know it was time for an update? Another is Java. Was take a remote/virtual training when the Java powered screen scraper (which worked great!! thanks NX for the Fedora compatible version!) decided that the JVM was not current (1.7_45 vs 1.7_51) and quit. SO I lost 20 minutes of class while I scrambled for a fix. Any cloud/Interweb based service could change how it works at any second,. Is this acceptible to businesses that think the sugary sweet cloud is so dreamy, but in reality its so far from a secure and predictable platform. Now this blatant demonstration of how the unwiting user is riding a rollercoaster in the dark, and fed chuff by and advertising machine that feels obligated to clamp ones eyes open like that scene from Clockwork Orange. The latest is now Verizon's Anti-Neutrality powers - http://www.csmonitor.com/Business/Saving-Money/2014/0116/Net-neutrality-ruling-How-Verizon-decision-affects-consumers Used to be that the Internet was a path to good information, it seems as comfortable/predictable/business-ready as a funhouse..... thats not too fun. Can we start a new internet?
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
We need a extension to blacklist these adware & malware extensions. When someone finds then they report it and get added to the Blacklist Extension that can warn the user so they can uninstall it or prevent it from being used in the first place.
citation demanded.and how many schools in the uk are actualy running biometrics systems.the uk public maybe lazy,stupid and many different ways of dumb,but not all of them.if you are going to try and prove that google are just another bunch of money grubbers,it helps the case if you get basic facts right.
And some automatic updates are badly borked, and screw up everything six ways from Thursday. Let someone else test them, I'll download and install when they've been proven.
AC
But no security holes are over taken advantage of by hackers in browsers. Especially ones already patched
Whenever I see adds on a webpage, I inspect the elements, see what is serving the adds and add it to my router's block list. Bam no more adds.
Mean what you say...say what you mean.
Do these developers who sell the extensions even get paid? Or do they get scammed too?
and this is exactly why I don't allow auto updates. I take the time to read up on the vulnerabilities but as I tend to run Gentoo,
You got me, as soon as you said GENTOO. Ok another self flagellating penguin. Either that or a frustrated MSCE that moved over to Linux a few years back just to really experience some excruciating pain instead of hearing others scream in agony all the time to tech support about WINDOWS UPDATE. Oh the irony.
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
Oh you're so cute. The user's not allowed to judge, yet the manufacturer is refusing to judge. Ergo, spam runs rampant. Your statement doesn't solve the problem.
No, Firefox isn't safer. Mozilla sold out last year.. This came up when Wips bought up a number of plug-ins, including BlockSite, and installed spyware with a ransomware "opt-in" feature. (Opt in, or we block Flickr, etc.)
Mozilla policy: "These features (spyware, etc.) cannot be introduced into an update of a fully-reviewed add-on; the opt-in change process must be part of the initial review."
Jorge Villalobos, Mozilla management-level employee: That's outdated, since we don't enforce that policy. As long as the feature is opt in, it is acceptable to introduce it in an update.
63 add-ons from Wips were found by a search last year.
Are you trying logic on a paranoid rant with bursts of all-caps for emphasis? You must be delusional as well. Industrial strength antipsychotics are the only viable counterargument to that.
Advertisers, ad-blockers selling blacklist, ad-blockers selling whitelist, anti-malware scanning ad-blockers which sells whitelist, ad-blockers bundled with anti-malware scanning other anti-malwares which scans ad-blockers which sells whitelist, ......
It's going to be interesting.
Adverts is just a different kind of spam email. Therefore before long, the same techniques will be applied to it and Bayesian self learning filters will take care of it.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
There is a reason I set windows to notify me of updates, but not download them or install them until I tell it to... ;)).
and then of course it gives a list, and I can look at what the updates are, decide if I don't want any of them (like *not* doing the "Windows Genuine Advantage Notification" update
Anyone who lets the 'system' automatically download and patch things on them without any idea of when it's doing it, or what it's doing, is pretty stupid... exactly for this reason, auto-updating plugins with spammed/compromised ones.
That's why you'd never do this on a production server (or desktop)... just what you need, come in 8AM tomorrow morning to find everything broken/all kinds of problems, and you have no idea what went on even until after an hour of digging you discover an 'automatic update' happened overnight and applied something that broke all your stuff. (And Murphy says, of course, that it will happen at the most critical moment - like when you have that delivery deadline and suddenly you're in a panic wasting time trying to fix the thing that 'automatically broke').
Chrome **does** warn about new permissions, in fact it's more than that - it just disables them, and leaves you a message - "Such and such extensions requires new permissions, so it has been disabled.", and it's up to you to go and re-enable it.
I should be getting my car serviced now?
Gentoo isn't actually that bad, though it does require a little more understanding of how the system works than something like Ubuntu. It does have a fairly decent package management system though, and because most of what you're using is compiled it tends to be a fairly fast system to use.
Each to their own. For me, computers have gotten fast enough that I don't really care about a few milliseconds here or there, and am currently using a Ubuntu derivative now for ease of package management (and because this particular one has a DE that I can't find elsewhere yet, as it's too new). But I did use Slackware for nearly 15 years before I decided I wanted something that was less involved for the package management. That's the beauty of the system -- you can do what you want with it, and there's many many different paths to accomplishing the same goal.
by asking users about updates after an ownership change.
What this exposes is that the autoupdate process is only as good as the integrity of the vendor. Once the vendor decides to use this as a mechanism for other ends it becomes yet another liability. And whether this is suitable for the typical end user depends upon whether one thinks it is a good idea to slavishly follow the lead to where ever their marketing wants to take (and take from) the user. And in a closed environment, disabling updates might actually be a good thing -- stability over debugging what that last round of patches broke.
Rogue updates from a vendor wasn't a problem for a long time but of late we have a new browser update that breaks something ftp depends on (killed an automated podcast update system) on Win7 and a systems patch that disabled a bunch of functions to 'prepare' the system to be upgraded to R2 (which wasn't going to happen as it was not free...). Recovery from backup worked... Should not be necessary, although the liability is always there.
So what we are really discussing is the degree to which we are prepared to allow the vendor carte blanche to modify our systems with little opportunity for pre-screening -- is this a good idea?
And some automatic updates are badly borked, and screw up everything six ways from Thursday.
Wouldn't that be Tuesday?
If it's opt in, you're an idiot for complaining. This is how it's supposed to work.
Wrong, birthday is the day a person was born. What people celebrate each year is the anniversary of that day.
Glad I don't use Chrome. Fuck Google, fuck Google services and fuck Google software. It's all shit.
Hi there APK! Glad to see you are posting security tips again. Now tell us again about that hosts file!
Or ask why Java on Windows boxes seems to want to update every third day, as does Adobe Reader
I hate to break it to you, but updating your Java plugin is NOT sound security practice.
Completely disabling and uninstalling your Java plugin is sound security practice; the Reader plugin should be turned off as well.
It doesn't matter, how up to date you think you are ---- the latest Java has more security holes than a sieve in it. Yeah; some of them will eventually be found, and exploited, and malware deployed. Then 3 months later, Oracle will come out with the next quarterly update, to fix the bug that has been getting exploited in the wild for 3 months.
All the folks running JAVA6 will still be SOL, because only Enterprises can afford the ridiculous Oracle extended support prices. Meanwhile the majority of Java applications people are using require Version6, and will not work with JAVA7 or newer.
Meanwhile.... Updating to the latest patch release of JAVA7 does not automatically remove or disable JAVA6.
Meanwhile.... when the typical user installs the Java update; there is always some offer for Adware or some random Toolbar or browser, that will get installed, because the user is just clicking next -- and not looking for the obscure box to uncheck.
Automatic updates from well-established trusted companies are one thing.
For others.... I would rather see Google automatically "shut off" these extensions, and only turn them on or update when requested by the user.
Google is not in any position to judge what addons of their system need, or don't need updates
These folks have no business installing random bits of extension addon bits in their browser. They are armed and dangerous, with any extension installation feature.
Also Google is not equipped to make this decision for them for each plugin --- Google employees do not curate the updates, before they get forced: check the release notes for the update, and manually approve it.
I should be getting my car serviced now?
Probably! Using an unpatched car can lead to poor performance, leaks and crashes.
What was that Google said about ChromeOS not "torturing it's users with malware threats. Turns out ChromeOS can run local code (extensions and "packaged apps") and with this comes the malware.
Actually, I use Adblock Plus. I've never tried Adblock Edge; I guess I'll look into it.
But still, whatever plug-in we're talking about, there's always the chance that the owner can be bought out. For, in the words of the most beloved children's entertainer of our times: They drove a dump truck full of money up to my house! I'm not made of stone!
Koans and fables for the software engineer
It's "opt in or else". If you don't opt in, it messes up your browser and is hard to uninstall.
I don't feel that you made an accurate comparison. You car is made by $X manufacturer but in this case all the aftermarket addons which you have purchased at a myriad of other locations (i.e. window tint, car stereo, cup holders, car chargers) will also pop in and make their own changes.
So in this case the store that sold you your Clarion deck will stop by and fix your stereo but also leave a GPS tracker or mute your system to play their own wares.
Updating Chrome is one thing because Google doesn't want to mess with the PR nightmare when someone finds out their update streams popups like mad but some one off developer who makes a LOL Cat extension probably isn't making any money to begin with will have no problems bending one way or another for a couple of quick bucks. Both get equal say over the clock cycles on your system. Does that really make sense to you?
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Debian. Can't beat it.
Conduit and those amazing javascript injected price checkers are killing the internet. I have had at least 10 family members, friends and work colleagues come to me the last year in order to remove conduit from their PC. And they varied widely in browser of choice: Chrome, IE and Firefox.
Conduit, Search protect, and price grabbers need to be put to court soon so they can stop making money from distributing malware and browser hijackers.
Gentoo isn't actually that bad, though it does require a little more understanding of how the system works than something like Ubuntu. It does have a fairly decent package management system though, and because most of what you're using is compiled it tends to be a fairly fast system to use.
Each to their own. For me, computers have gotten fast enough that I don't really care about a few milliseconds here or there, and am currently using a Ubuntu derivative now for ease of package management (and because this particular one has a DE that I can't find elsewhere yet, as it's too new). But I did use Slackware for nearly 15 years before I decided I wanted something that was less involved for the package management. That's the beauty of the system -- you can do what you want with it, and there's many many different paths to accomplishing the same goal.
Ya same thing here oddly enough. I still yearn for the simplicity and stability of Slackware. Trouble is I do audio recording (high bit rate) and there is no stock setup for compiling audacity, jack and ardour in rt prio modes in Slackware. I had it working a few times but talk about self punishment. First recompile the kernel with a rt optimization and 1000hrz, then setup so that alsa audio has rt prio with a config file change. Reset user privileges to allow for software with higher privileges to all work correctly. Could be a fantastic system but I didn't want to create my own distro so I switched to those who already did it.
and therein lies the problem if there are security updates, or critical fixes you have to be the distro manager for all your chosen software. BUT AT LEAST WITH LINUX IT IS POSSIBLE. I am now of the opinion that if you create a distro which is stable enough, secure enough IE can updated browsers independently of everything else by doing it in a non system wide way and just from a home directory, then can and bottle up the thing for your hardware and dupe it so that you can just re-install exactly the same thing without having to go through the agony of updating software at all. This is exactly what I do now with Debian. I freeze a good install and just use firefox current installed and updated independently of /usr. WORKS LIKE A HOT DAM and is very secure as long as my core c libs are current which they are. I have gotten over 4 years out of a Debian audio setup that way and am still on the 2 series kernel. But am going to do up a separate 3 series shortly WHEN I HAVE THE TIME!
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
"a cosmonaut"?
I think you need an edit there!
The comparison is fair, you're just hung up on what is important to update. I'm talking about updates in general replying to a person who was talking about the process he uses to deal with security updates. Whether that update is %insert small plugin% or %insert critical OS flaw%, the problem could lead to equally serious issues for the user if exploited.
I'm like the OP, in the sense of the car I go as far as changing my own oil, and checking the vehicle log-book to find out what my next service will actually entail, however I'm not the general driver, the general driver can't even get their service done at the right time.
Ignore the analogy and just think about the mentality for a moment. Would a person who can barely cope with paying someone else to look after something sit through and manually work through a list of security publications and system updates? Hell no. Yet this is the general type of users we're talking about, and it is precisely this reason why auto-updates are necessary in a general case.
This is a good example of how the free market works. The utopian "if you build it, they will come" part works fine, but then the whole thing is fucked up by a few greedy assholes. it is those greedy assholes that force regulation- but the Ayn Rand Kochsuckers prefer to purge their simple little minds of the evil inherent in Man.
"Automatic updates are a good security practice only if the user is willing to give their unconditional trust to the author for the entire time that the updater is running. "
most users are willing to give unconditional trust to the first popup that asks for it. I would far rather that be the OS or browser company than a malware vendor.
But most of us don't want to pay twice as much for the same hardware. We are funny that way.
Of what's in the post I replied to. Ghostery: Stooping to NEW lows.
"... Then they laugh @ you. Then they fight you. Then you win..." - Ghandi
You trolls lost the fight against me LONG ago: Right @ the start in fact, so - prove otherwise, & disprove my points on hosts files, instead.
Clue-New NEWS/Newsflash - Crap you're doing is ONLY "tipping your hand"/showing me your 'tell' as to the quote above (I know it, you know it, & anyone reading with 1/2 a brain does also...)
* :)
(Fact: You're unable to disprove points I make in favor of custom hosts files giving users of them added speed, security, reliability, & even anonymity - all you have now is your LAME trolling + technically unjustifiable downmods to *try* to weakly "hide" my posts + their points you can't disprove -> http://ask.slashdot.org/commen... - nothing more).
APK
P.S.=> Bottom-Line? Thanks - It's very apparent/obvious you're 1 of 3 types of people:
1.) Malware maker or botnet master
2.) Advertiser
3.) Maker of an INFERIOR competitor to my app
Take your pick - either way? You FAIL (based on your illogical off-topic effete TROLLS' "retaliation/reaction") - Your fav. color MUST be "transparent"- since I see RIGHT thru you...
... apk