Slashdot Mirror
When Does Software Start Becoming Malware?
New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."
>> When Does Software Start Becoming Malware?
When I didn't ask to install it. Toolbars (like this), automatic update services (that are silently added) and anything else that impacts my resources or distributes my information in a way I didn't choose is malware, IMHO.
Looking at you, Windows 10...
When the ratio nuisance / benefits is larger than some threshold (>=1)?
when it becomes malicious? tbh, I think it's when software does something that the user wasn't expecting or want and feels that they can't trust that software anymore.
Here is the test: Does the software do anything that I want it to do? Did I install it or did I have a choice in installing it (a real choice, not a tricky dialog box). And finally, the true test... if someone UNINSTALLED or stopped this software from functioning, would I actively try to re-enable it.
If it doesn't meet these criteria, then it is spyware, crapware, malware, or junk, and should be classified as malicious. This includes almost all programs and web pages. This is Sturgeon's law, 90% of everything is crap. But in computer science you can take it one step farther. 90% of everything is crap, and 90% of the stuff that is worthwhile is designed to keep away the crap.
Based on Skype and now Windows 7-10, I'd say that Microsoft-owned --> Malware.
coming from windows and mac, its hard to imagine youd need a definition. For a linux user, the answer is simply whenever the application does something i did not tell it to do.
when i read its changelog and its now, for example like firefox, going to include a targeted advertising system. If the application lies about its intended function, or prevents me from using my computer as I've set out to use it.
For some of us, malware is an ethos, foretold by Richard Stallman. in Linux the word of root is sacrosanct. there are no upgrades, no updates, and no communication from the system or its processes that is not controlled by or intrinsically authorized by root. For myself, Windows and Mac have been malware for quite some time.
Good people go to bed earlier.
When the software behaves counter to the stated purpose, or the company behind it lies about the what they are doing with data collected by the software, it is malware.
Sadly Windows appears to fall into this with all their recent auto-downloading of Windows 10, and extra monitoring being added to 7 and 8. I welcome a broader definition that shames such behavior, if not criminalizes it. Google is a little more upfront about this being their business model, but I still squirm at their cavalier collection of every piece of information they can get their paws on.
Toolbars are just the tip of the iceberg. All major browsers are malware because they don't isolate cookie storage (or all storage, really) between origin domains, breaking the same-origin policy. Third-party cookies then become data trojans. Intent is important here. It isn't just a vulnerability, but a design flaw continued by the fact that all major browser development is funded by advertising companies.
See for yourself how Mozilla refuses to fix a security vulnerability that is enabling billions to be made from stolen user data: Bugzilla bug 565965
# make clean sig
...such as bugs?
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Does it do what it is supposed (and documented/advertised) to do, and nothing else? Probably not malware.
Does it do all kinds of stuff that it isn't documented as doing (especially if it does it unasked)? Probably malware.
And yes, I regard programs that call home looking for updates -- if they haven't asked for and received permission to do that -- to be a (mild) form of malware, although their benefits might outweigh that.
Is this article posting Dice's way to introduce the Dice Toolbar?
Shots fired
See above. YES. If the author commits code that he knows is buggy and will cause problems. It then becomes malware.
How do you define the word "malicious"? Let me give you a case study. There is a popular Linux desktop environment called GNOME. Version 2 was very much respected and loved. But version 3 had a lot of hipster influence and they ruined the UI, making GNOME 3 very difficult to use for many people, especially power users. Now maybe the hipsters who broke GNOME 3 did not set out to cause harm. But their "make it easy for new users" philosophy had the same effect as "ruin it for power users", and their "make it work on mobile devices" philosophy had the same effect as "ruin it for desktop users". So my user experience suffers and so does the user experience of many other GNOME power users. We suffered harm because of the bad UI changes. GNOME 3 does lots of things that we users weren't expecting or didn't want and we feel like we can't trust it any longer. Does that make it the "malicious malware" that you speak of?
.
- it does things to your computer that you did not ask it to do
- it downloads software you did not ask it to download
- it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)
I will go by the definition of malicious as "characterized by malice; intending or intended to do harm"
:)
Oracle has the intent of causing harm by installing the ASK toolbar? Yes -> malware, No -> not malware.
ASK has the intent of causing harm with the toolbar? Yes -> malware, No -> not malware.
Buuuuuuut....
I will also go by the definition of pernicious as "having a harmful effect, especially in a gradual or subtle way" To bring up a new classification perniciousware (or pernware)
Is ASK toolbar causing a gradual, subtle harmful effect on the user's computer? I don't think it's possible to answer no to this question. For me it's of course, at the very least by consuming resources (disk space, memory, cpu time) on unwanted software. So it's pernware
Is Oracle causing a gradual, subtle harmful effect on the user's computer by including the ASK toolbar, specially when it's the default installer behavior to install it? Yes (not no here either)-> Java installer is pernware.
Both Malicious and Pernicious definitions supplied by Google search
As a side note, I would say most big players are having serious pernicious behaviour on software distribution. By automatically configuring the startup of their apps/services without asking; bundling software which has little to nothing to do with the provided one (i.e: Flash including an antivirus...) etc. And ofc the well known un readable by general layman EULAs which gives them superpowers to do mostly anything they want with YOUR computer, software, and data.
Worst thing is. The smaller players uses these as excuses to do the same, and people has "accostumed" to this, and pay no longer any notice. Opening wide breaches in most security and allowing anyone with malicious intent to do anything they want...
The Universe is shrinking all around my head.
Putting anything on my computer for your benefit without making absolutely sure I know what is going on, is MALWARE.
Or will you let me put a key logger on your PC in order to 'ensure quality'.
excitingthingstodo.blogspot.com
...it's called iTunes.
When it:
1. Installs without permission
2. makes any unnecessary network connections
3. tracks the user and uploads any data not relevant to functionality (with or without permission, mandatory or not)
4. injects code into the bootloader, filesystem, or anywhere else that's not strictly necessary
5. localfunction/desktop software that requires the user to 'log on' to a vendor portal and/or has 'dead man' switches that require subscriptions (adobe suite)
6. abuses system GUI conventions (skinned applications)
7. is bundled with irrelevant 3rd party plugins, addons, or extensions for marketing purposes (browser search toolbars, apple itunes/quicktime on windows etc)
When the software changes how some other software that is already installed on the computer behaves when the user did not expressly indicate that they desired it, it is malware.
It is insufficient to conclude that the user desires how such software might modify the behavior of other software when it is bundled by default with with yet another piece of software that the user did express intent to want to use . In many ways, such software would resemble a trojan.
File under 'M' for 'Manic ranting'
A good example of this is the recent update to Dropbox that changed my Autorun/play settings to transfer everything to the Dropbox folder. WTF? I didn't authorize that, in fact, I had Autorun/Play disabled using a GPO. The fact that Dropbox felt they were entitled to change a GPO applied systemwide setting makes them as evil as microsoft in my books and I've told them that it's a good way to have a lawsuit filed under the Computer Misuse act since I do run Windows Pro and have a number of GPO's created to solve what I consider security issues. As part of the note to them, I've actually consulted a Tech Lawyer familiar with the Computer Misuse Act and hired them to investigate whether we'd have any standing under that law for suing them but haven't heard back from them yet.
What we need to do is begin using the same laws they'd use to voice our displeasure about these toolbars and other unwanted crapware against the very companies doing it. Make it cost them any profit they make by everyone filing an individual lawsuit and not ask for a class action. The damn lawyers make all the money and we the victims are screwed, blued and tattooed all over again.
Grayware, also known as PUPs (Potentially Unwanted Programs). It's these programs that may not be malware in of themselves in terms of causing direct damage within their own code, but rather act as a conduit to other forms of malvertisements. For example, Adobe Flash or JRE would be, or rather should be called a form of Grayware.
Life is not for the lazy.
When it's written by Symantec?
Think I'm kidding? Ever try to REMOVE Symantic "antivirus" crap?
-Styopa
When it gets a Microsoft logo on the box.
I have been seeing a lot of hate on Systemd online...can you explain (or direct me to a link that does) why it's so hated?
This is just like the define obscenity problem. You know it when you see it.
Windows "telemetry". Malware--and after years of zealots on this site tossing that around and me disagreeing, this is not something I say lightly.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
So when a user doesn't realize that printing consumes ink, all software that can print can be classified as malware?
1. ads
2. tries to lure you into installing additional, non-wanted software (such as bundling McAfee with Flash Player, or Safari with iTunes, or the ask toolbar)
3. Has a nag screen (WinZIP "I agree")
4. its sole purpose is to spy on you (the ask toolbar again fall into that category)
With Chrome, when you disabled third-party cookies, and the browser use "window.name" to trace you.
1. If it installs without my permission
2. If it ignores me when I turn off certain settings.
Not that I can think of anything that meets those. ;)
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
If it does something that a reasonable user would not expect, it is malware. I don't care if it's documented because those bastards will bury their evil deeds in twenty pages of legalese.
-- Will program for bandwidth
Answer: When it's Windows 10.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
Seriously? ANY AND ALL software that is bundled with a legitimate download is malware. Java still pushes Yahoo malware in their installer, and Flash still tries to either install CrapAfee, or Chrome, considering I didn't ask for that, it it crapware, malware, junkware, etc. Any and every ad injecting piece of software is malware. Any crap like WaJam, Bikiniland, or ask toolbar is malware.
It really doesn't take a genius to know where the line needs to be drawn.
The above rant brought to you by a malware author.
Do not look at laser with remaining good eye.
If the software serves anyone other than the user of the device it's running on, then it's malware.
The simple answer to this is when we cant choose how the software behaves. If I can't choose weather or not to install something then your application most likely contains malware. When i cant uninstall it, close it, or reject it it is malware. When it interferes with my operation of my computer it is most likely malware. If you have to trick me or use psychology to get me to install it then it is definitely malware.
Basically if I don't choose or have a choice in having your software on my PC then it is malware.
The Ask toolbar is not a gray area. It's malware. Oracle knows it's malware, but they don't care. I don't even believe Talos security researchers are confused about the Ask Toolbar. They are simply afraid to go against a 600 lb. Gorilla in the industry. It takes Microsoft to force Oracle to do the right thing.
There are a lot of posts about bundled software being installed by default (like toolbars), but this is just the example from the article's intro. The article is actually about the "Infinity Popup Toolkit". This is not an application that you install on your PC - it's a bunch of JavaScript and Flash code that runs from a web page. Its purpose is to bypass your popup/ad blocker and security controls so that it can show you popup ads.
The question was whether this should be considered malware, since the definition of malware is somewhat vague. The conclusion was that it clearly is malware and should be blocked. This is seems quite obvious, since the software's intention is to ignore your wishes (blocking popups) in order to show you ads. It's quite clear that no one would WANT to run this software, because if they wanted to see popups (which is no one ever), then they wouldn't turn on their popup/ad blocker in the first place.
The current Flash installer, Java updater, any program that push some other un-related (from a purely technical point of view, not a business agreement point of view) piece of software that is generally seen as an hassle for the user on the receiving end.
I mean, how many people stopped using IE because of all those useless toolbars (ask and others)?
How many calls to tech support or close relative geeks to ask how to remove that McFee trial that will sometimes install alongside the latest Flash update?
Run time environments of all kind of software should be held to higher standards, because of their central role in the computing environment... I have personally removed Flash and Java from my work computer, I just avoid the sites/software that require them (I had to leave Flash on the HTPC because there are still content sites that require that garbage and I am not the lone user of this other machine).
This is not even only about gathering personal data, any software comes with bugs, potential security threats or just annoying registration pop-ups... distributing third-party software is not something that should be taken lightly.
While I largely agree, the issue is not quite as black and white as you paint.
There are something around 2 Billion users with Windows installed on their computer. Regardless of your personal opinion about updates, they should be enabled by default, with no user prompt asking them at install time if they want updates. This is the same argument for mandatory immunization; the species as a whole benefits from herd immunity. If you are arguing against automatic updates, and malware-scanning-by-default, then I think you have a fundamental confusion about how the Internet will survive when infected devices are counted in the billions rather than the millions. Regardless of your distaste for the business practices of companies like Adobe and Oracle, their auto-updaters save the world billions in damages by reducing the number of vulnerable users.
There are other areas where best practices should not be up for debate by the user. My car doesn't ask me if I want to use my ABS brakes when I stop, nor does it stop dinging at me if I drive without a seatbelt on. You may value your personal freedom to choose, but society at large benefits when fewer people crash or die. The needs of the many outweigh the needs of the few, or the one.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
1. Software that is installed without the fully informed consent of the user.
2. Software that performs previously unknown or other functions not specifically alluded to, in a repeatable manner.
3. Software that performs functions nonconducive to the secure functionality of a host computer system.
4. Software that installs other software without the fully informed consent of the user.
5. Software that communicates with other hosts without the fully informed consent of the user.
6. Software that degrades the performance of the host system with no clear benefit to the user.
Examples and notes:
1. sideloaders such as the Ask Toolbar and other Browser Helper Objects (Bonzi Buddy and Gator spring to mind) which are bundled with software that you actually ask for, such as when you download installers from SOURCEFORGE and CNET.
2. Such as when Microsoft disabled SSL3 by default in the February 2015 IE11 Security Rollup rather than fix the SSL3 vulnerability.
3. Such as when software opens a port through the firewall and leaves it open (sorry no examples spring immediately to mind but I have known this to happen).
4. See #1.
5. Microsoft's "security" updates that are actually CEIP and other telemetry daemons.
6. Full-on antivirus packages that absolutely HAVE to scan EACH and EVERY file, library, script, document and bitmap on opening! Not sure if the ones that HAVE to run a full scan in the background when the system starts up is worse but that can be demonstrated to increase waiting time for a usable desktop from a couple minutes to several HOURS.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
There is also the fingerprint aspect as well. Visit eff.org's Panopticlick with vitually any web browser, and it will almost always have a unique fingerprint. If web browser makers actually gave a rat's ass about security, they would have an identical add-on, font path, and browser type as everyone else across the board.
When doing something not Prima facie without asking.
- it does things to your computer that you did not ask it to do
Like a bug?
- it downloads software you did not ask it to download
Like all Google software that auto-updates?!
- it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)
This is a good one though.
Tuesday.
There is a difference between software that tracks, and collects information about you and redirects you to sights in order to gather advertising revenue, and software that implements functionality in a way that you don't agree with. When you implement something you have to choose a way implement it, some people may not agree with that implementation but does make it malware, choices have to be made. Systemd may have been the wrong choice but I don't believe it was a bad choice made out of malice, or a desire to make money of its users.
Malware is any software that functions to benefit a third party rather than the user.
If your installer/updater is installing some app/toolbar/etc in addition to the application I want it to install -- that's malware.
If your installer/app/updater is changing settings in my browser or any other application on my system -- that's malware.
I want to write a letter, if your "letter writing app" is sending a copy of the letter or meta-data about the letter or my writing of the later to a third party -- that's malware.
If I'm playing your off-line single-player game and you're collecting data on how I play it -- that's malware.
If I'm playing your on-line multi-player game and you're doing anything with the data I'm sending you other than sending it to the other players -- that's malware.
If your search engine is doing anything with the search request I'm sending you other than fulfilling my search request -- that's malware.
If your app is displaying ads -- that's malware (unless it's an ad locator application).
"Grab them by the pussy" -- President of the United States of America
if the program is written in AutoIt:
AutoIt and Malware
Web browser and system architecture (CPU) operating system plug-ins screen size. Those are all collected by Windows anti malware or any virus scanner product. The antifraud option in web browsers tracks every website you visit. The majority of Windows software for online games are classed as PUPs. Voice recognition software for windows and Apple systems collect's speech patterns randomly to improve their products speech recognition rate. JavaScript is a nuisance and Microsoft Windows is spyware with a load of spyware products like anti malware paint programs and all the other registration key software. If your system doesn't have a password encrypted hard drive with a password encrypted home directory then it isn't worth having. All user agent strings should be: .
Yes, that too. They can better standardize their headers, and/or they can add some noise to the signal to throw off the fingerprinting, which can be done without any kind of concerted effort.
Just mentioning this for completeness: there is also the IP address, but that has other solutions, and isn't a web browser's responsibility.
# make clean sig
For starters check out this list of complaints.
Some of them might not matter to you or might be already corrected but surely some of them will stick.
I was convinced I don't want systemd on my computer when I've read Poettering calling su "a really broken concept" as a a rationale for making a su-replacement a part of systemd.
Other red flags I see are the scope of what systemd and its components are responsible for, the inability to get rid of it from most distros that adopted it and sudden disappearance of distros that are not based on it.
Add to it the hostility towards anyone complaining about it and you end up with a picture of a suspicious software that you probably don't want to run on your hardware.
Next question!
Malware is software that takes any action on the user's computer that was not expressly authorized by the user.
Windows 10.
Systemd.
Etc.
...and you turn off automatic updates, you're running version 24, and they still block flash... hmm..
WHen it starts installing stuff on your computer without asking. Exhibit: Windows 10, taking up huge amounts of bandwidth and dropping up to 6 to 10 GB of "install" files when you never asked for it.
Software becomes malware whenever it does anything the user, had he been given an informed choice, would have chosen to reject.
(This includes surreptitious installation, hidden misfeatures, information leakage, etc.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Um, like how Microsoft by default makes Bing your search engine in IE, Firefox, Chrome, and Safari? And changes your homepage to be MSN.com?
Like that?
So does Microsoft consider Microsoft to be malware?
Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
Potentially Unwanted Programs - they neatly fill that gray area
Systemd is actually the best defense I've seen against Linux malware. Systemd has very effectively prevented my Linux systems from even booting fully. Obviously, it's much more difficult for my systems to get compromised when they're pretty much unusable because systemd got stuck so early on in the boot process!
Odd, I thought open source was free as in speech, yet here you are trying to oppress dissenting views.
It is you that needs to "shut your whiny little fucking mouth" and accept that other people have opinions and needs, and your choices don't fit them both.
I know it when I see it. But it's an interesting question.
The simplest is "it does something the user doesn't want". But this gets bogged down in questions.
I propose that any software that fits (1) AND (2) is malware, *no exceptions*.
1- The software does ANY of the following:
- Hides its presence from the user (registry malarkey, malicious RAM stuff, etc)
- Tricks the user into being installed (packaged in other software, straight up virus piggyback, checkbox you must unclick)
- Is inside a package via sponsorship, deception, or coercion of the pacakger, as an addition to an actual product (including most of the download.com stuff)
- Fights user attempts to uninstall (including disabling unrelated features, reinstalling itself, etc)
*Sponsorship should handle all cases where a packager includes an element in the package that is not why you chose to get the package. Coercion includes, say, a government or company that forces by law or other method to include code in such a package, and deception involves a packager who is not aware of the malware they are packing along.
2- The software does EITHER of the following:
- Is not strictly needed for the operation the user intends, offering a data leak (personal data, envelope information about user activity) or unarguably malicious feature (blackmail, data deletion, display of advertisements) instead of its advertised or apparent purpose.
- Is installed entirely in secret and from an activity that should not result in software installation.
By this definition, you could argue that some elements of Windows 10 qualify (and they probably do), that the Ask.com garbage pile qualifies (and it definitely does), along with drive by downloads. This excludes a game that shows you advertisements, but includes one that installs an advertising thing on your desktop.
What am I missing? Gimme some false positives or false negatives with this pls.
There are a number of recurring themes I see here, and I see examples that muddy the waters further.
"Installs without user consent" /v/qn switch, so I never see any form of "consent", but I've consented to install a game that requires this runtime version in order to function. Malware?
Counterargument: I install a game from Steam. A copy of the required version of MS VC++ Runtime is installed with a
"Sends data to a third party without user consent"
What *exactly* lives in the usage data that Microsoft gets? It's unclear, but I'd like to think that if Microsoft realized that 90% of its users clicked 'start' at least five times a day, the people in the planning meetings for Windows 8 would have had a hell of a lot more leverage. If Microsoft got data that read, "user 1363959 clicked 'start' a total of 418 times in the last 30 days", I'm fine with that. If Microsoft gets data that says "Voyager529 clicked 'start' 418 times, and then typed the following 15 sentences...", I'd be less okay with that. Is the issue here the fact that, even if I look at the data dumps, they're not terribly user readable the ultimate problem? Would something like the Steam Hardware Survey be viable for Microsoft? Is "allow telemetry [accept/decline]" enough either way?
"Is bundled with other software"
Ghostscript is bundled with PDFCreator, and it's wonderful. AVG Secure Search is questionable - it ultimately shows Google search results, along with different sets of ads, but it at least gives a 'safe/unsafe' indicator which is probably a good idea for many people. Many Slashdotters have Chrome installed, is Chrome 'not malware' when installed from Google.com/chrome, but malware when installed with CCleaner? Comodo Dragon has a few extensions bundled in to assist in safe browsing. Malware? The aforementioned VC++ Runtime - malware? Bundling alone is not enough.
Conversely, "not-bundled" isn't a dead giveaway, either. Cyberlink's installers of paid-for software, by default, changes your default autoplay settings and has a super-difficult-to-disable 'feature' of regular pop-up notifications letting you know that you don't have their latest, greatest, kitchen-sink edition...malware?
"Buggy code"
This goes hand-in-glove with the concept of "Microsoft deciding what is and what isn't". The Ask toolbar was flagged as a result of working as intended. Having buggy code is a matter of human error and is (hopefully) intended to be rectified.
Here's how I would judge whether a piece of software is malware or not:
1. Explain what your program is intended to do, and who gets copies of any data the software is privvied to, to a five year old. Are you uneasy with writing that description on the front page of your website?
2. Does the CEO of the company have this software installed on his/her computer? Did he/she do so by hitting 'next' repeatedly?
3. During the installation, were there any questions unrelated to the nature of the installation of the code you wrote? If so, was the nature of its requirements reasonably explained, and was any form of opt-out clearly labeled (i.e. not using quadruple-negatives to confuse users who would otherwise intend to opt-out)?
4. Does your software include an uninstaller that leaves the computer in a state that is indistinguishable from a computer that never had it installed in the first place?
While I agree on systemd as the default being utterly demented for Debian and a complete violation of the principle that Debian stable must be rock-solid, you can replace it with sysvinit after installation, or even before if you give the installer some configuration.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Hehehehehe. Well, sane init-systems usually manage to give you a shell so you can find out what is wrong, but systemd finds that this is beneath it as you have obviously insulted its creator by using it not exactly as was ordained.
And that is the real core of the criticism on systemd: It is a misanthropic POS, that does not respect its users one bit. Resembles its creator in that way.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Malware is software I don't want it on my machine and cannot uninstall easily.
"Easily", in this case, being using the mechanism appropriate for that particular OS. Uninstall a program dialog / apt-get uninstall / whatever.
That's it. Crap I don't want, and can't get rid of easily. Yes, that means I may call IE is malware (it increases surface attack area on my machine, and I cannot remove it), while someone else does not.
~D
This sig has been enciphered with a one-time pad. It could say almost anything.
How do you determine whether the author KNEW the code was buggy?
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Programmers and software creators will do whatever benefits them the most (and makes them money). It's a safe bet someone is paying someone to help get their spyware and other adware type crap onto our PCs in any way possible!