eFast Malware Hijacks Browser With Chrome Clone

An anonymous reader writes with a report at The Stack that: eFast Browser, a new malicious adware which disguises itself as Google Chrome, has hijacked internet users' systems in an apparent effort to serve its own ads and harvest user activity to sell to third-party advertisers. It is able to mirror the aesthetics of Chrome as it uses the same source code, available across the open-source project Chromium. Once installed, eFast places ads across existing web pages, linking to third-party e-commerce sites or other malicious platforms.

Mirrors the aesthetics of Chome? It's Firefox?!?

Hmmm, "disguises itself as Google Chrome" and "mirror[s] the aesthetics of Chrome".

Sounds like Firefox!

Windows only

[Crowd+Computing]

The program appears to be available only for Windows.

Re:Windows only

[hairyfeet]

Uhhh...you DID read TFA, yes? Its a browser based on Chromium and Chromium is cross platform so all they have to do is compile it for Linux and OSX. And if you think its hard to get an end user infected on Linux its actually surprisingly easy using the same way most malware is spread, social engineering. Remembeer the weakest link in ANY security system is always the user, doesn't matter what the OS is.

LOL, w00t?

[gstoddart]

It is unclear whether the browser adheres to a privacy policy

LOL, WTF??? So, malware which rips out your browser, puts itself in its place, and then serves you ads and whatever the hell else it does ... and they're asking if it adheres to a damned privacy policy?

Anything which installs itself like that can safely be assumed to not give a flying crap about your damned privacy.

Why the hell they even ponder if something like this follows a privacy policy? It's malware. No, it isn't going to have a privacy policy.

Re:LOL, w00t?

[cant_get_a_good_nick]

what does privacy policy even do? The privacy policy could consist of solely "fuck you we'll do what we want" and still be a policy.

Re:LOL, w00t?

[meerling]

Kind of like the mugger that just took your wallet probably wasn't wearing a condom when he robbed you.

And yes, I know exactly what I did there, and it was intentional, so before you complain, think about it. If you still don't get it, don't bother, you probably never will.

I wonder

[NotInHere]

is it hosted at sourceforge?

Re:I wonder

[parkinglot777]

http://sourceforge.net/project... It is just an empty project in sourceforge and was registered back in 2012.

Re:I wonder

[rholtzjr]

Well there is information on the SF account isn't there?

Re:I wonder

[Khyber]

There's more information than there should be, that's for sure.

http://sourceforge.net/project... - check that out. Odds are we can find this person VERY EASILY.

Also possibly involved accounts (from checking other contributors to other projects listed from the originally-linked account):

http://sourceforge.net/u/rosha...
http://sourceforge.net/u/dllth...

eFast Bad - Google Good?!?

Wait, eFast is using the open source Chromium code to build a browser to serve ads and collect user PII, and that is wrong, but when Google uses the same open source code base to build a browser to serve ads and collect user PII that's great?!?

WTF?!?

Re:eFast Bad - Google Good?!?

[Rob+Y.]

There's just the minor side issue of fraud, asshole. If they want to provide a browser (yes, and even base it off of Chromium) and use some unique feature of it to convince people to let them serve you ads, I suppose that would be marginally okay - except the bit about hijacking websites and siphoning off their revenue streams, which seems at best unethical.

But let's not miss out on yet another opportunity to bash Google for the business model that provides you with search, email, youtube and the Chromium source tree in the first place. Perhaps you'd care to point me to alternatives that do it all for free without ad support? And don't point me to a wrapper around Google search - we're talking about viable business models that produce useful services, not simple appropriation.

Re:eFast Bad - Google Good?!?

[The-Ixian]

You better believe that's a paddlin'

lesson learned?

[lkcl]

windows and macosx users, listen up. GNU/Linux Distributions have a digitally-signed audit trail that goes all the way back to multiply personally-verified GPG key signatures. *NO* malware gets through that process - absolutely none. and the reason why is very simple: anyone who dares to install malware would, by virtue of the GPG-signed audit chain, be tracked back and their reputation so publicly destroyed - forever - that they would never work in the software industry ever again.

not even microsoft or apple, no matter how they try, can replicate this audit trail, because their software installation is (a) not transparent (i.e. not trustworthy) and (b) as those corporations set themselves up as the "single choke-point" they simply don't have the time, the resources or the financial incentive to support *YOU*, the user, when *YOU* want to install some random piece of third party software.

in short, i am sorry to have to inform you that if you run the windows or the macosx operating systems, *despite* the fact that you are perfectly entitled to install 3rd party software [for now, anyway: it's getting harder to do], despite the fact that if you choose not to install 3rd party software your computer would be completely useless - despite all these things being true and perfectly valid, i am sorry to have to inform you that *if* you choose to install 3rd party software, you get everything that you deserve.

people who install GNU/Linux OSes don't do it "because it's fun" or "because they want a challenge of running command-line tools", they do it because they *know* and trust the digital audit trail based on the publicly-verifiable reputation of the 1000+ developers behind each distribution, and, because that trail exists, they can feel that they're safe from malware and spyware when they follow the install procedures that come with their OS.

of course, there are those people - GNU/Linux users - who bypass that process, and perform manual installation of random unverified online packages. such people it has to be said _also_ get what they deserve.

now, we can indeed track the MD5 checksums, and manually check the digital signatures, or even manually build the software ourselves (regardless of the OS), but the inconvenience and complexity of doing so is beyond most people - often myself included: i just cannot be bothered to compile software from source these days unless it's absolutely essential. ... but why put yourself through that?? why are you risking yourself to exposure to privacy violations and data violatinos? i genuinely don't understand why you would do that to yourself. perhaps someone could explain it to me.

Re:lesson learned?

[squiggleslash]

Last time I installed Chrome (not Chromium, but actual Chrome) on Ubuntu I still had to download it from Google trusting Google's process rather than Canonical's. So no, it didn't go through some encryption protected carefully managed central repo. And, obviously, if someone can install software from Google via downloads, they can install other software via downloads, including malware.

Re:lesson learned?

[Gaygirlie]

GNU/Linux Distributions have a digitally-signed audit trail that goes all the way back to multiply personally-verified GPG key signatures. *NO* malware gets through that process - absolutely none. and the reason why is very simple: anyone who dares to install malware would, by virtue of the GPG-signed audit chain, be tracked back and their reputation so publicly destroyed - forever - that they would never work in the software industry ever again.

Red herring. Efast didn't arrive to people's computers via official channels. Linux is just as vulnerable to malware when stuff is being installed via unofficial channels.

i am sorry to have to inform you that *if* you choose to install 3rd party software, you get everything that you deserve.

Looking down on people from your high horse doesn't grant you any wisdom, it seems. People have all sorts of different needs, like e.g. not all software is available for Linux or have a good, open-source alternative. Not even all F/OSS-software is up-to-date on official repos, either. Similarly, not being aware of all the implications of security-issues and computing in general does not mean a person "deserves" all the bad things arising from their ignorance. You just wish to toot your own horn in an effort to bolster your ego.

why are you risking yourself to exposure to privacy violations and data violatinos? i genuinely don't understand why you would do that to yourself. perhaps someone could explain it to me.

As said above: not all software is available under Linux, not all software have reasonable F/OSS-alternatives, not all hardware works properly under Linux and so on and so forth.

Re:lesson learned?

[ArchieBunker]

That may be true but the software could be full of security holes. Millions of people compiled OpenSSL while never once reading it. Turned out to be swiss cheese.

Re:lesson learned?

printf("\v"); This was published in August 1984, and credits other work prior to that, including a security critique of an "early version of Multics". It's a 40 year old attack. Your "full trust" argument is bullshit. There are mitigations for this specific trust attack, but they're not practiced widely. And other similar trust attacks aren't mitigated at all.

If someone writes malware for Linux, there will be malware for Linux. (And it has already happened.) The only thing keeping malware on Linux from being widespread is that most people dumb enough to install random shit from a website don't run Linux. It's what protected the Mac for so long: it wasn't a juicy target. If/When Linux reaches the masses, there will be plenty of malware for it.

You can't protect stupid people from themselves. You have to protect yourself from stupid people. That's the way the world works, regardless of your computer's operating system.

Now get off the stump in the middle of my lawn.

Re:lesson learned?

[tepples]

And, obviously, if someone can install software from Google via downloads, they can install other software via downloads, including malware.

The difference is that on a GNU/Linux distro, one can choose to go without installing software via untrusted binary downloads, and this choice still produces a useful operating environment. For example, one can choose to download not actual Chrome, but Chromium.

Re:lesson learned?

[Tom]

not even microsoft or apple, no matter how they try, can replicate this audit trail,

Yes, it can. My OS X understands signed installs just like my Debian does. Both will not let me install an unsigned package without me explicitly saying "ok, do it".

Which is exactly what this and any other malware will do. It will not be signed, it will need a user to click an ok button, and most users will do it, because 10+ years of useless windows popup-windows with pointless "are you sure?" cover-your-ass messages have trained them to hit the green "ok, whatever" button.

Re:lesson learned?

[leiz]

There is another way to go about it. If you trust Google's Linux software repository, you can install the repo's GPG key first: https://www.google.com/linuxre...

After that, all downloads from Google, e.g. apt-get install google-chrome-stable, gets the same GPG verification as anything from Debian/Ubuntu. Downloads are still over HTTP, just like Debian/Ubuntu, because the GPG verification is there to actually verify the downloads.

Re:lesson learned?

[janoc]

I am not sure how this post got moderated "Informative".

Sorry, but you are seriously ignorant about how Linux package repositories work. There is not GPG signature "audit trail". Only the packages uploaded to the repositories are signed. The distros only package the code - do you really believe (and trust) that the person who has compiled and signed the package has actually verified that it is malware free? Or that everyone who posts whatever code to Github or wherever else where the distro gets their software from is required to GPG sign it so the changes can be verified? Where did you get that idea from? AFAIK, only very few projects do this - e.g. Linux Kernel requires maintainers to sign off on every patch. However, that is not common at all and most projects don't even sign even code releases!

And how would you actually imagine the "free of malware" verification being done with the thousands of packages that are in an average Linux distro? A good example of this was the NSA weakened RNG that would up in pretty much every single Linux distribution. Or bugs like Hearbleed - the only difference between a bug and a malware is that the latter was created intentionally. Technically there is little difference and the impact can be very much the same.

So no, cryptographically signed Linux repositories are certainly not immune to malware. There has been modified code distributed through these in the past - usually because the upstream source code repository got hacked and modified code inserted there.

The only thing the Linux signed packages ensure is that the package that ends up on your machine is the same as the one released/uploaded by the repository maintainer. Nothing else. That protects only against stuff like the various crapware being bundled in the installers. If there is a hidden malware or a nasty bug in the actual code, you are screwed equally well. That it doesn't happen so often with Linux is mainly because Linux is not an interesting target for this type of criminals and scammers yet, not because of some impenetrable security.

So get off your high horse, please. You have no clue.

Re: lesson learned?

[BarbaraHudson]

You'd have more street credit if you didn't refer to it as GNU/Linux.

gnu is a small and shrinking past of most distros. L

Re:lesson learned?

[spire3661]

Thats what checksums are for....

Re:lesson learned?

[spauldo]

people who install GNU/Linux OSes don't do it "because it's fun" or "because they want a challenge of running command-line tools", they do it because they *know* and trust the digital audit trail based on the publicly-verifiable reputation of the 1000+ developers behind each distribution, and, because that trail exists, they can feel that they're safe from malware and spyware when they follow the install procedures that come with their OS.

I install Linux because it's fun and I enjoy running command line tools.

I did so back in the days when your only option for installing software was to download the source code and compile it.

I have been doing so since before GPG existed (PGP was around, but people didn't sign packages with it).

I have been doing so since before Debian started signing their repositories.

I've watched Red Hat users install RPMs downloaded from third party sites because they had no recourse - Red Hat did not have the comprehensive package archive made possible thousands of volunteers the Debian project has (not sure what it's like now - I've heard it's improved).

I've watched Solaris users install unsigned Solaris packages they got off people in newsgroups. I've installed unofficial Solaris packages from websites - things like newer versions of gcc that someone had built that were newer than those available on the GNU disk.

So, speak for yourself, man.

Re:lesson learned?

[Tom]

Really? Let me check, certificate-based systems are entirely designed around a chain of signatures. GPG signatures are... uh... well, if it's in your keychain, it will be accepted. The workaround is to sign the package that contains the public keys.

Don't get me wrong, I like the Debian approach, it's practical and it works. But I think you are being a little too ideological.

Re:lesson learned?

[lkcl]

Last time I installed Chrome (not Chromium, but actual Chrome) on Ubuntu I still had to download it from Google trusting Google's process rather than Canonical's. So no, it didn't go through some encryption protected carefully managed central repo. And, obviously, if someone can install software from Google via downloads, they can install other software via downloads, including malware.

... and you end up being tracked, and have advertising pushed at you, and your privacy is invaded through data sharing - yes, we know. that's why the Debian GNU/Linux team took the (libre-licensed) source code for the chrome browser, did a full source code audit, *REMOVED* all of the spy-tracking, *REMOVED* all of the privacy-violating code, compiled that and released it through the standard Debian packaging system [which includes the audit trail]

if the ubuntu team are actually bothering to properly follow this process, then you should be able to [use synaptics if you are not comfortable with command-line] just do "apt-get install chromium-browser". you will get *exactly* the same source code, minus the privacy-violating code, with the added guarantee that there is, as i described in the post, the audit trail that is near-impossible to violate.

Re:lesson learned?

[lkcl]

Red herring. Efast didn't arrive to people's computers via official channels. Linux is just as vulnerable to malware when stuff is being installed via unofficial channels.

... which means that you didn't read the full contents of what i wrote before posting. in paragraph (5) i made this exact point. so you not only didn't read what i wrote, but you then detracted from the *actual* point being made, by criticising what was written without proper thought and consideration on your part.

you then go on to conclude that i must be on a "high horse", but at the point at which you clearly didn't read each and every paragraph, i lost interest in reading further because you clearly demonstrated that it was more important to you promote *yourself* (by way of denigrating others) than to actually provide a service to readers of the article.

please be more careful next time, eh?

Follow the money

[QuietLagoon]

Instead of going after those who plant the malware (in this case, the Chrome clone), why not go after those "third party advertisers" and those who place the ads on the hijacked browser?

Re:Follow the money

[wbr1]

Because they claim innocence. They thought the ads were being served on regular web pages, and had no idea that it was malware spewing it out and collecting the clickthrus,

Re:Follow the money

[LordWabbit2]

And they may very well be innocent. Just because some developer has found a way to milk their advertising for personal profit does not mean that they were behind the malware, just that they are a bunch of douches serving adverts. To be honest, would they even care? They want their adverts to be seen regardless of how it's done.

Yeah well..

[jafiwam]

If they fixed all the rampant memory leaks in Chrome in the process I wouldn't mind much.

Possible eFast Suspect

[Khyber]

Going through the SF repository for eFast, I have a name of one Mr. Isarith Mahappu K, of No: 15, Chapel Terrace, Stafford, ST163AH.

Last time I can see that property for sale on the market was 14 Dec, 2007. Odds are it is still owned, probably by this same person.

Burning Question...

[avandesande]

Can I install the Ask toolbar on it?

no indication efast == Efast Browser malware

[raymorris]

It should be noted that all we know is that someone thought about publishing something called efast. We don't know that this person is involved with the Efast Browser malware.

Which attacks need to be mitigated?

[tepples]

There are mitigations for this specific trust attack, but they're not practiced widely.

I assume you're referring to David A. Wheeler's "diverse double-compiling" mitigation for the Ken Thompson attack. How are you sure that the major GNU/Linux distributors don't do this on their compile farms?

And other similar trust attacks aren't mitigated at all.

To which "similar trust attacks" do you refer, so that we can put them on the wishlist for mitigation?

Badly named

[ilsaloving]

They should have called this thing Cymothoa Exigua instead.

Cost of attending key-signing parties

[tepples]

GNU/Linux Distributions have a digitally-signed audit trail that goes all the way back to multiply personally-verified GPG key signatures. *NO* malware gets through that process - absolutely none.

By "multiply personally-verified GPG key signatures", I assume you're referring to the requirement to attend a key-signing party in person with a Debian Developer. For upstream maintainers who live outside cycling distance of a Debian Developer willing to act as a sponsor for the upstream maintainer's package, this could end up throwing out the baby (a useful application that happens to have been developed by an upstream maintainer living far from the nearest Debian Developer) with the bathwater (malware).

i just cannot be bothered to compile software from source these days unless it's absolutely essential. ... but why put yourself through that??

Because you want to use a particular program now, not wait for a few years down the road once its upstream maintainer's financial situation has improved to the point where its upstream maintainer can travel by airplane to key-signing parties.

Great Firewall

[tepples]

Why would people go to download Chrome from a site that isn't the official Google page?

One possibility is that someone lives in a country where all ISPs block downloads from Google.

Re:Great Firewall

[behrooz0az]

One possibility is that someone lives in a country where google blocks all access.

FTFY
FWIW I live in one so it's real, I assure you that one.

what's different

[bkr1_2k]

How is that different than Chrome itself? Isn't that the point of Google's browser; to serve 3rd party ads to me and track my usage?

To be fair...

[Penguinisto]

Well...

• On the OSX side - if you stick strictly to the App Store (the walled garden), *somebody* had to pay to get that dev license and the app submitted, so while not as excellent as a GPG trail, it does track back to some known entity... and while not perfect, the track record is pretty damned solid.
• On Linux - unless you strictly limit your downloads from trusted and known YUM/APT/etc repos, you're just as much at risk in Linux as you are on any other OS. The good news is, nearly everything you need can be found on the trusted and known repos that come with your distro. That said, not everything a person wants will be found there.
• On Windows - if you are sufficiently careful about where you get your executables (e.g. buy them at a trusted store, load them from known good media that you bought earlier, etc), you, well, nevermind... even the Microsoft app store isn't fully trustworthy yet.

Long story short? It all boils down to only installing things that you got from fully trusted sources (no, CNET's download.com is not a trusted source in my opinion, specifically because of the crapware/shovelware that they foist on the unwary user.) That, and avoid using fscking Windows, apparently...

Re:This program's only available for Windows

[fisted]

Where is the source to that software you're advertising in a way more obnoxious than flashing modal full-screen ads?

Re:Malwarebytes' folks have it (where's yours?)

[fisted]

[incoherent gibberish]

Sorry, I can't parse your message for the most part, maybe because it is full of advertisements.

Where exactly do I find the source code to your program?

Re:I'm confused...

[Walter+White]

It can happen more easily than you think. Google "download chrome" and see what you get. The 4th choice was some scum-bag site which may actually provide eFast.

Re:LOL: Didn't like "eating your words" fool?

[fisted]

Unfortunately I couldn't find the source code at "Malwarebytes' folks have it".
So my question stands, where can I look at the source code?

Or, for what purpose exactly are you keeping it secret?
Why are you getting so mad over a curious mind wanting to look at it?

(Let's pretend the amount of red-headed spit-spraying anger in your replies wouldn't make the answer quite obvious).

eFast Browser malicious adware ..

[nickweller]

How does this malicious adware get installed onto the system and does it run on Apple OS X, Android or Linux?

Re:Write them & quit the "innocent" routine tr

[fisted]

So to summarize, you're heavily advertising a proprietary closed-source program that security-aware people are supposed to execute on their machines no questions asked.
You advertise this program in the name of stopping obnoxious advertising, the irony of which seems to be lost on you.
Plus, you get angry when being inquired about whether one could take a peek in.

It figures. I have no further questions.

BTW, if you want to make me look like a troll, don't use my +5 Informative comments as the base of your argument. Use those at -1, it will be more effective. HTH

Re:Summarize this troll - you FAIL... apk

[fisted]

If it was actually safe, you wouldn't need to go out of your way like this, trying to make everyone believe it is, in boldface no less, spamming your ads all over the place.

Re:Answer this simple question too Fisted... apk

[fisted]

do[] Symantec\Norton, Kaspersky, AVG, McAfee/Intel, or MalwareBytes open source their code

No, they don't. Are they trustworthy? No. Are they shit? Yes.

What's your point?

P.S.=> - & again "summarize this" -> http://it.slashdot.org/comment...

You want me to summarize one of your comment? Uh oh, I can try.
"Mentally retarded crackpot is off his meds again, types random gibberish into his web browser."

OK?

Re:Fisted you failed

[fisted]

Sorry, I can't see the source there. Where is it?

Re:What? No "summary" this time?? LOL! apk

[fisted]

Your hilarious show couldn't underline my point more clearly.

Re:Aha: Who's off his meds? You are... apk

[fisted]

Okay, let's assume your program is actually safe.

Then you keeping the source secret can only mean one thing: Your source code is shit and you know it.
What is it, have you written it in Visual Basic?

Re:Answer this simple question too Fisted... apk

[KGIII]

Hey now... There's nothing wrong with open source. There's something wrong with stupid people. Those people will remain the same regardless of source. Also, you can't steal what is given away so if they're giving the source away then it wasn't really stolen. ;-)

Re:Fisted you failed

[Kisame217]

Hats off to you for shutting up APK.

Re:Really? Where is it?? apk

[fisted]

Okay, but where do I find the source?

Re:Summarize this troll - you FAIL... apk

[fisted]

Okay, but where do I find the source code?

Re:Answer this simple question too Fisted... apk

[fisted]

That's nice and all, but where can I have a look at the source?

Re:Write them & quit the "innocent" routine tr

[fisted]

That doesn't explain where I can find the source.

Re:Malwarebytes' folks have it (where's yours?)

[fisted]

Interesting. Where can I read the source, though?

Re:This program's Windows only too

[fisted]

I'm having a little trouble finding the source of your program.

Re:This program's only available for Windows

[fisted]

I don't understand. Where is the source again?

Re:I don't owe you it. It's mine, not yours. Get i

[fisted]

How could I possibly write such a summary without being able to see "your ware"?
It can only mean you must be willing to provide your source code, so where exactly can I find it?

Re:Where's your "summary" now suddenly vs.

[fisted]

I'll gladly summarize "your ware". Where is the source code I need in order to do that?

Re:Explain why I can't find a 'summary' now?

[fisted]

Okay, where is the source?

Re:I'm not obligated to give it to you

[fisted]

I never said you're obligated. I'm questioning why you keep it a secret if there's nothing wrong with it.
I'm looking forward to see the source code.

Re:This article PROVES differently... apk

[KGIII]

The article only proves that people are stupid. It doesn't prove that it is inherently bad. You should know that. I'm also not a zealot or anything. I think closed source is just fine. However, it's not inherently evil. It's just that people can take advantage of stupid people regardless of how the source is licensed.

Re:~60 antiviruses from 3 diff. sources say it is

[fisted]

Little reality check: Were I a user, why would I want to read the source code?

gents like myself, software engineers/programmers

Thanks for the laugh

Re:Learn to read. I told you YOU can't have it

[fisted]

I'm not sure whether this comment contains the information i'm looking for.
A reminder: I'm looking for the source code.

Re:Interesting: Where's your "summaries" now?

[fisted]

My *what*? Hosts file engine? I guess if I wasn't able to configure a firewall and a DNS resolver, *and* dumb enough to think abusing the hosts file was reliable I might have written som-- oh, wait, no. Not even in that case. Nevermind.

That said, where can I find the source code of your program?

Re:Wouldn't be useful to you: You can't code

[fisted]

Why are you spamming dozens of the same comment, and where is the source code to your program?

Re:You can't code, you wouldn't understand it

[fisted]

Please email me the source.

Re:You couldn't understand it in the 1st place

[fisted]

Yes. Wait, no. Wait, yes. Wait, whatever.
Back to the topic: Where's the source?

Re:Learn to read - I told you YOU can't have it

[fisted]

What makes you believe I can't code? Where is the source code to your program?

Re:Am I obligated to give you my source? No

[fisted]

Yes, but where is your program's source code again?

Re:Learn to read. I told you YOU can't have it

[fisted]

No, but where is your program's source code again?

Re:Learn to read: I told you YOU can't have it

[fisted]

tl;dr. Where is your source code?

Re:Learn to read: I told you YOU can't have it

[fisted]

Maybe. Where is your program's source code?

Re:You don't know how to code

[fisted]

I'm not sure what makes you feel qualified to judge that.

I'm starting to believe that you don't have the source code yourself. You're probably distributing someone else's program and they aren't giving you access to the source code, maybe for the reasons you're projecting on me.

Re:You don't code. You wouldn't understand it

[fisted]

Where is the source code to this marvelous software-engineering masterpiece?

Re:Where's YOUR code others like then?

[fisted]

Of course you aren't. Back to the topic: Where is the source code of your webscale enterprise application?

Re:Learn to read: MalwareBytes' folks have it

[fisted]

Perhaps. But I *still* don't know where I can find the source code of your low-time-to-market streamlined business automation solution.

Re:Learn to read: MalwareBytes' folks have it

[fisted]

Why isn't the source code available when there's nothing wrong with the program?

Re:I don't see programs others like from you

[fisted]

But why isn't the source code available when there's nothing wrong with the program?

Re:LOL: I spent 24++ yrs. building those

[fisted]

Your ideas are intriguing to me and I wish to subscribe to your source code.

Re:LOL: I spent 24++ yrs. building those

[fisted]

while (!seen_the_source())
    ask_for_the_source();

That said, where is your source code?

Re:Learn to read: MalwareBytes' folks have it

[fisted]

Your newsletter is intriguing to me and I wish to subscribe to your ideas.

I'd also like to read the source code of your program, I'm not sure if you noticed. Where can I find it?

Re:Seeing is believing: I don't see your program

[fisted]

Your source code is intriguing to me and i wish to subscribe to your source code.

Re:Learn to read: I don't want it misused

[fisted]

To clarify, I host [APKs] software on my on one of my personal servers (not Malwarebytes owned or related) and have it listed on the hpHosts site, but this is not an endorsement by Malwarebytes - only me personally.

I think I'll just leave this here.

That said, where's the source code?

Re:Learn to read: Malwarebytes' folks have it

[fisted]

I've just shown you code that's likely better than your Visual Basic program.

That said, where's the source?

Re:Learn to read: MalwareBytes' folks have it

[fisted]

Are you trying exponential growth here? Is that what happened to your source code, too? (Which is /where/ exactly, btw?)

Re:Learn to read: I told you YOU can't have it

[fisted]

TL;DR. Where's the source?

Re:He's a Malwarebytes' employee

[fisted]

Still it means that your claim that malwarebytes recommends your sh^Hoftware is nothing but a lie. So with that gone, there's one more reason to want to look at the source code, before not using your program anyway.

How can I obtain said source code?

Re:Chrome's code was used for malware... apk

[KGIII]

I don't disagree with that. I disagree with the premise that the problem is open source and not stupid people. No, my friend, the problem is stupid people. I'm not sure how we'll work around that. You'll get stupid people doing stupid things no matter what the source licensing is. Look at all the idiots who argue that a hosts file isn't any good for anything. See? Stupid people. They'll be stupid people even if the source is locked away.