×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fair Software Installation

timothy posted more than 12 years ago | from the high-tech-snafus dept.

Programming 499

rossjudson writes: "There's a little war going on in your computer; it's a war that you might be aware of if you're an experienced computer user. If you're new to the game, there's very little chance you know about it, but it affects you, and it gets worse, not better. The battleground in this war is your CPU, your disk space, and your system's stability." He's got a particular beef with NEW.NET, but lays out (in the article below) what he thinks is a workable, generalized code of conduct for software installation.

Fair Software Installation

These days, we all download and install software from the Internet. And that software is rarely written entirely by one entity; rather, components are combined to create the programs we want. There is an increasing and disturbing trend to ship components that perform-system level tasks and have system-level effects. These effects are magnified because many of these components are installed without adequate notification to the user (either by omission, or deliberately).

The NEW.NET domain resolution component is a good example. This component is installed by a number of freely downloadable Windows programs on the Internet. Some of those programs notify the user that they are going to install the NEW.NET software; others do not.

Installation of NEW.NET alters the basic functionality of your system: It causes your system to behave in a manner that is inconsistent with international standards. That this is done in a stealthy manner is unacceptable. The fact that NEW.NET is unstable besides is another issue that we will deal with separately.

If I am installing a program that calculates speaker enclosure volumes, I shouldn't have to worry about it redefining my network stack and destabilizing my computer.

What does a reasonable software program or component do? It should perform its defined, published task. It should not consume excessive resources. It should have a defined starting point and defined ending point. If it is defined to be a service, it should publish that fact and indicate the starting mechanism it uses.

Let me draw upon the realm of commercial software for an example of a program that is an offender. Creative's PlayCenter 2 application is used to move music to and from Creative Nomad MP3 players. It can also play media. When you run the PlayCenter application, you get the functionality you expect. When you start examining your system files afterwards, though, the picture changes.

PlayCenter installs a service, a disk detection system, and a news collection daemon. It does not attempt to inform the user that these daemon-level processes are being put in place. It does not offer the option to make them manually-startable. Worse, the news collection daemon would actually chew up all your CPU idle time.

I think creators of software have some basic obligations:

  1. Inform users when drivers, services, or daemons are being installed.
  2. Allow users to omit any of the above that are not strictly necessary for program operation.
  3. Ensure that during uninstallation, system-level components are accurately removed, "leaving no trace."
  4. System-level and daemon components must be subject to a higher level of quality control. It is possible that some level of legal liability should be present for the corruption of the system.
  5. Transmit no information from a component to any party unless specification notification to the user has taken place, and is renewed on a periodic basis.
  6. Collect no information on a user without prior agreement, and a renewal of that agreement on a periodic basis.
There's been a longstanding battle between virus writers and anti-virus software. The equivalent to anti-virus software in the component world is Lavasoft's Ad-Aware. If you haven't run it before and you have a Windows box, get it and run it. The first time can be a real shocker -- tremendous amounts of crap can build up in your system without you knowing about it.

The little war I mentioned earlier is going to get nastier soon. Uninvited components like Cydoor and NEW.NET are sure to take steps to defeat Ad-Aware and programs like it. If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques. This cycle will escalate, with each side taking new steps to ensure its dominance. Users will pay the price in decreasing system stability.

I am hard-pressed to see the difference between NEW.NET and the Sub7 trojan horse. Both subvert a computer for the purposes of others; both do it in stealth. The good folks at NEW.NET will surely disagree; they'll say that those applications that install their software inform the user, and as such, it really isn't their responsibility.

I say it is. NEW.NET makes active use of the component on your computer; I think that they cannot duck their responsibility for its behavior. They are a not passive participants; they are not a library component being used by others.

I've been beating up on NEW.NET quite a bit in this article. I suppose it's because the deinstallation of their component trashed the IP stack on my Windows 2000 system and it took me a half day to put it back together again. What the hell were they thinking when they stuffed a buggy service deep into my IP stack without telling me? I think they should have to compensate me in some way. A $250 Small claims court action here in Virginia might be a way to do it.

The bottom line is, where does it end? Software installation programs should install components that the user expects. Full disclosure should be the order of the day. There will always be violators, though. There are a couple of remedies which could help:

  1. A legal framework for "allowable" system modifications during installation can be created. By adhering to the requirements of disclosure and stability, manufacturers can avoid liability. The thread of liability may be required (although capped) to enforce conformance and responsibility.
  2. A technical framework in the operating system can establish and protect secure boundaries around the system's core. Certain operating systems already do this (Unix), but the most widespread consumer OS does not.
  3. A "signed installation" program, run by known entities, asserting that a given program and its installation don't violate the rules.
These remedies are necessary as the entities creating these components can't be counted on to do the right thing. Their business models are often predicated on the stealthy gathering of knowledge, and the altering of what goes into your computer.

Just think -- what if NEW.NET decided to start redirecting www.bestbuy.com to www.circuitcity.com? Is there a law somewhere or a technical remedy for this situation? I think there should be.


Slashdot welcomes reader-submitted features; use the story submission page if you'd like to submit yours.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

499 comments

fg (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3169646)

fp

first post! (-1, Troll)

jbloggs (535329) | more than 12 years ago | (#3169650)

first post! first time i've gotten this!

Re:first post! (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3169660)

i love it. the real fp is posted by an AC, and you go and make a fool of yourself while logged in... CLASSIC!

Re:first post! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169671)

hauhauahaa..

9h rlz (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3169687)

and u suck

Re:first post! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169702)

> i love it. the real fp is posted by an AC, and >you go and make a fool of yourself while logged >in... CLASSIC!

So mod him up! Give him his moment of glory. The two posts both came in at 2:46, the difference? This guy *WAS* logged in. Therefore I think he is the first post.

Thanks. F___ Y__ if you disagee. You are all dumb anyway.

Re:first post! (-1, Flamebait)

DirtyTroll (566579) | more than 12 years ago | (#3169688)

I shit on your haircut.

However, you tried hard. You are +1 insightful. Thanks for posting.

Lies (-1)

Ralph JewHater Nader (450769) | more than 12 years ago | (#3169665)

Just as "open source" software infiltrates your system likes a virus, the jews will subvert any community they come across and leave after they have sucked it dry.

Quality control in open source? Bah! (-1)

October_30th (531777) | more than 12 years ago | (#3169666)

System-level and daemon components must be subject to a higher level of quality control

Like the well documented and audited quality control of the open source community?

fair widening! (-1)

Klerck (213193) | more than 12 years ago | (#3169669)

.I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you

Re:fair widening! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169721)

Oh no! It's Klerck! Run for the hills! Alert the military!

uh. i have no clue what he's talking about (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3169676)

neither

apt-get

nor

./configure && make && make install

has ever done this to me.

seriously, where is slashdot going?

Re:uh. i have no clue what he's talking about (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169711)

seriously, where is slashdot going?
It never said News for Linux Nerds.

A subscription based corporation is obligated to go where the money is.

Re:uh. i have no clue what he's talking about (0)

Anonymous Coward | more than 12 years ago | (#3169764)

'nerd' in the windows sense is derogitory. i don't know why you would want to be identified as one.

you know the type. they walk around think they know computers. and then friends ask them for help, and they are all like 'you need to do blah and get new drivers, and reinstall this, and reinstall that'. it's really fake smartness. i'd refer to them more as jackasses.

Re:uh. i have no clue what he's talking about (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169784)

"nerd' in the windows sense is derogitory. "

Fortunately, when its referred to in the Linux sense, it means its wonderful.

That should be a big consolation when you sit at home whacking this saturday night. "gee, i'm a nerd, but a linux nerd, because that's better".

Cluefuck.

Re:uh. i have no clue what he's talking about (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169800)

yeah basically. because with linux, i won't be home this saturday night, tending my computer farm, tied to a pager, getting lonely, and wacking it

i'll be out having a good time, not worrying about computers

linux means you do your computer stuff when and where you want to, and forget about it the rest of the time

windows means you're a slave to the machine

Re:uh. i have no clue what he's talking about (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169841)

Yeah, I got sick of this Slashdot horseshit too.

I've started viewing monolinux [monolinux.com] recently because it's just Linux stuff and it's generally crap-free. Some levi guy recommended it awhile ago and I'm pleased so far.

What do you mean "your computer". (5, Funny)

lynx_user_abroad (323975) | more than 12 years ago | (#3169679)

If you're running someone elses software on it, it's no longer your computer. They own it.

In most cases they're gracious enough to let you keep doing things with it, but make no mistake about it.

It comes down to a question of how much you trust the person/company who wrote the software.

Re:What do you mean "your computer". (0, Offtopic)

einer (459199) | more than 12 years ago | (#3169729)

I disagree. I run linux and I run downloaded binaries with userland permissions not as root. Also, by your logic, since an operating system (unless your name is Linus) was written by someone else, there is no computer on this earth that is usable AND yours.

Re:What do you mean "your computer". (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3169774)

Do you, by chance, know what a joke is?

Re:What do you mean "your computer". (0)

Anonymous Coward | more than 12 years ago | (#3169780)

Your are absolutely right.

Re:What do you mean "your computer". (0, Flamebait)

Alpha Prime (25709) | more than 12 years ago | (#3169796)

I mean MY computer. If it comes into my office or into my home, I'll either control it completely and without reservation, or it goes out. I would not trust Microsoft or Redhat to KNOW what I wanted, and I surely would not trust anything influenced by the RIAA or the government. I may install Microsoft XP on a machine, but the router has a semi-permanent block on microsoft.com and any other thing like doubleclick that would steal information.

You see, its a battle of wills, and I'm the most stubborn individual on the planet and I will NOT be told how to use something in my possession.

Re:What do you mean "your computer". (0)

Anonymous Coward | more than 12 years ago | (#3169823)

I don't think that just because I'm running somebody else's software, that I have given them my computer. WTF?

Java atleast is coming from the idea that Java software does not control your computer outside the sandbox, without specific allowance; that's much more agreeable.

I'm personally sure this trend will continue. SELinux has firewalls essentially around each application (if I understand this correctly), that are trying to preclude bad software from modifying stuff it shouldn't. Viruses, worms should be defeatable at the operating system, with application support. Should your microsoft document be able to send mail? Well, if you're doing a mail shot, yes. Otherwise, if it is a document you just received from John Doe over the mail; no way.

We need OS support. OS's should assist installation of software. It should also prevent that software from fiddling with things it's not supposed to.

Good idea (4, Insightful)

crumbz (41803) | more than 12 years ago | (#3169682)

This is one area where open source software can really pull ahead of Microsoft. Provide excellent documentation of the software and the coding as well. That's all folks. As shoddy as Microsoft's image is regarding security, they won't be able to have it both ways. Not to pick on them, as there are plenty of other targets (AOL being another), but they do have a poor track record in this arena.

The most direct benefit of this initiative is well-written code. Well-written code that undergoes peer review from impartial others is the best thing we can do to further this industry.

Re:Good idea (0)

Anonymous Coward | more than 12 years ago | (#3169715)

That's precisely where open source still has a long way to go. Documentation is often either completely lacking or outdated (which is the worse alternative: Nothing beats trying to make software work when the documentation says this and the program does that.) Real time support via newsgroups, irc and real life contacts is excellent, but written documentation, oh my god...

Re:Good idea (3, Informative)

Anonymous Coward | more than 12 years ago | (#3169825)

No, no, no, New.net is not to do with Microsoft's .NET thing. It's some weirdass domain level company that buggers up your IP stack. There aren't any links in the article, but you can find more here [new.net] .

None of the weird domains run on my boxes, so I suppose that's a good thing right now... *g*

What does open source have to do with it? (2)

JohnDenver (246743) | more than 12 years ago | (#3169835)

Before you crap out an idea, maybe you can establish some context as what you're talking about. Try using a first sentence or a snippet from the main article to highlight the points that you are agreeing with, because I can't tell if you're accidentally posting in the wrong thread or if you're opinions are just stupid.

This is one area where open source software can really pull ahead of Microsoft. Provide excellent documentation of the software and the coding as well. That's all folks.

How would this make open source less susceptible to hosting a stealth component, or how would this prevent stealth components from piggy backing during an installation?

It seems that you think this is a security issue that can be solved like MS Outlook holes which allow scripts to propigate email. Unfortunately, all operating systems are susceptible to stealth code sneaking along with trusted software. There's really nothing you can do about it other than legal recourse.

he has some valid points...but.... (1, Insightful)

Em Emalb (452530) | more than 12 years ago | (#3169684)

"The NEW.NET domain resolution component is a good example. This component is installed by a number of freely downloadable Windows programs on the Internet. "

When you install something for FREE from the internet, you can't assume it will work as you want it to. Also, just because it works on your machine does't mean it works on everyone elses. this is pretty redundant IMO.

I am sorry the software screwed up your IP stack, but can you seriously expect to get money from them in small claims court for free software? Nobody forced you to put it on your machine.

Re:he has some valid points...but.... (4, Insightful)

mansemat (65131) | more than 12 years ago | (#3169717)

When you install something for FREE from the internet, you can't assume it will work as you want it to. Also, just because it works on your machine does't mean it works on everyone elses. this is pretty redundant IMO.

NEW.NET is only a component. You could also find NEW.NET in commerical software that you pay for.

In that case you've PAYED for something. Do you still assume is will work as you want it to?

What a day to be without moderation points...

Re:he has some valid points...but.... (0)

Anonymous Coward | more than 12 years ago | (#3169730)


His point is that the installer for another piece of software put it on his computer without telling him.

Re:he has some valid points...but.... (2, Insightful)

DahGhostfacedFiddlah (470393) | more than 12 years ago | (#3169745)

If someone gives you a free hot-dog that happens to contain poison, can you take them to court?

Sorry for the stupidity - but it's the first analogy I could think of. The program/component was misrepresented (as something that wouldn't fuck with the IP stack), and that misrepresentation caused damage to his computer and a certain amount of time getting it to work again. I don't agree with punishing free software developers for bugs, and there's little precedent, but just because it's free doesn't mean that the creators can't be held liable.

Re:he has some valid points...but.... (0)

Anonymous Coward | more than 12 years ago | (#3169816)

Of course you can!
He might also be committing a criminal offense.

Re:he has some valid points...but.... (0)

Anonymous Coward | more than 12 years ago | (#3169758)

The "new.net" software must be meant for complete f'ing retards.

My daughter is 11 years old and she clued in enough to know you don't load crap like this on a computer.

I mean, really. I'll bet you call yourself a "computer professional", too.

You're ruining the meaning of the word. Promise me you'll drop out of the business.

Re:he has some valid points...but.... (5, Insightful)

Hiro Antagonist (310179) | more than 12 years ago | (#3169762)

Funny; I grabbed all of my application software, from StarOffice to Opera, for free, off of the Internet, and it seems to work just fine. So do the numerous other, smaller applications, like 'mutt' and 'ssh' -- they haven't trashed my computer, either, and they were free.

I think what the author is trying to get across is that the user needs to be informed; and while this is taken for granted in the free software world, it seems to be largely absent nowadays in the world of commercial software.

When a Debian package is going to make changes to a configuration file, it asks me first (unless I tell it not to); when most Windows-based installers decide that it's time to replace the IP stack with a Jell-O recipe, it just goes ahead without informing the end user of squat. While Microsoft has made this easier, it's not totally their fault (for once); and it's something that applications developers need to keep in mind.

Re:he has some valid points...but.... (2)

UsonianAutomatic (236235) | more than 12 years ago | (#3169765)

Right... especially when the EULA of whatever software you install indemnifies the creator of any damage the software might cause your system.

It's like suing tobacco companies after getting cancer/emphysema after years of smoking cigarettes that have a GREAT BIG SURGEON GENERAL WARNING on them.

EULAs unenforceable (3, Insightful)

coyote-san (38515) | more than 12 years ago | (#3169834)

First, EULAs have not been upheld by the courts. Especially when they "shock the sensibilities." That's why UCITA is trying to write enforceability into law.

Second, the EULA you saw focused on the main application being downloaded. It is unlikely that this EULA will discuss embedded applications with any depth, at most you might see a paragraph making vague references to third-party applications.

Third, one of the cornerstones of contracts is that it's an conscious, INFORMED agreement between multiple parties. One or more parties may decide to remain ignorant, but once one party begins to deliberately withhold pertinent information that another party wants it's a whole new ballgame. As the author points out, there is absolutely no reasonable way anyone could ever expect an application that computes the size of a speaker enclosure cause a critical part of the OS's network stack to be changed.

Finally, I think this situation is so outrageous that it's getting close to gross negligence, not just negligence. You can contractually limit your exposure due to negligence (you made an honest mistake), but you can't contractually limit your exposure due to gross negligence (you knew there was a problem, you know your inactions would cause harm to others, but you didn't give a damn).

A better analogy is that you bought a hot dog. Okay, this is a little iffy, but most people understand that some cheap hotdogs have filler and they'll pay more for a "100% beef" hotdog. But now you learn that you're now sterile because the hot dog producer has been dumping dangerous chemicals in the brew, but hey you agreed to this risk when you bought those cheap 'dogs.

Quite frankly, I don't see what... (0)

Anonymous Coward | more than 12 years ago | (#3169686)

... this has to do with Beowulf clustering. Can someone help me out, here?

Thank you.

Creative Playcenter? (4, Informative)

alen (225700) | more than 12 years ago | (#3169692)

First the software gives you a custom install option. Second it took me all of 5 seconds to turn off disk detector. Third how many average computer users will know what to do when reading a screen that tells them it has to install something. A while back Kodak thought 9 clicks to install it's software was too confusing for the average user. What about this?

And what is this new.net thing?

Re:Creative Playcenter? (3, Insightful)

mansemat (65131) | more than 12 years ago | (#3169739)

This is just one example. What if somebody else doesn't give you the choice to turn of those components?

His point, I think, is that we need full disclosure about what the software install on your computer that is above and beyond the corse software function.

Sure most people will never read that crap, but it should be available for those of us who want to know what all that extra shit it they've installed on the computer just so you could, for instance, dump songs from your harddrive to you MP3 player.

Re:Creative Playcenter? (1)

mansemat (65131) | more than 12 years ago | (#3169755)

damnit... I should preview once in a while. Forgive the typos above please :-(

Re:Creative Playcenter? (5, Informative)

Jinky (565098) | more than 12 years ago | (#3169812)

And what is this new.net thing?

new.net is a company that tried to get a shit load more top level domains added, but couldn't. So, they went and made their own database for them all. (ie: .golf, .xxx, .love, .mp3, etc). The software installed by new.net mentioned in the article is basically a redirect when trying to go to those domains.

Say, for example, I had a site called www.stuff.mp3. Under nearly every ISP out there, this obviously would not work. The new.net software modifies the system to be able to recognize it. Outside of this software, the only way to get to this address would be to go to www.stuff.mp3.new.net.

I think that made sense :)

Keep it simple (1)

Anonymous Coward | more than 12 years ago | (#3169693)

Software monsters tend to contain a lot of features which the user isn't aware of or ever uses. That's why ordinary users don't become suspicious when their system does something unexpected. They are used to not knowing everything about their configuration. Simple tools, created for precisely one task each, make it easier to recognize "additional functionality" software.

Re:Keep it simple (2, Insightful)

Sorthum (123064) | more than 12 years ago | (#3169770)

The problem with this idea is that end users generally don't want to know the nitty gritty details about their machines-- they just want the damned things to run. That's why this standards idea is such a good idea-- it keeps the end users happy because programs such as the old AOL versions won't mess with settings without telling you about it, and it makes those more knowledgable happy because they're not having to rebuild IP stacks (as an example) because some buggy code made it into a final release.

Legal Framework? (5, Insightful)

dgb2n (85206) | more than 12 years ago | (#3169697)

I was with the author all the way up until the point that he mentioned a legal framework for enforcement.

While all of those objectives are admirable, at the mention of involving governmental organizations in the enforcement of such standards I begin to get nervous. We live in a litigous society in the US as it is. Do we really want to enable a new class of lawsuits based upon violation of software installation standards.

Sure, publish some guidelines and get corporations to sign up agreeing to adhere. I'm just not sure I need or want legal protection to enforce it.

I certainly don't want to have my installation routines prescreened by the legal department before I can ship my code. Sheesh.

Re:Legal Framework? (0)

Anonymous Coward | more than 12 years ago | (#3169761)

Oh, yes. Corporations and individuals will always do the right thing. All legal systems are unnecessary because everybody is very nice at heart, and given a choice between right and wrong will voluntarily choose right. There is no need for any recourse. All legislatures and judicial bodies are actually misguided and a waste of time. Thanks for letting us know.

Re:Legal Framework? (2, Insightful)

hagardtroll (562208) | more than 12 years ago | (#3169789)

I think the "Legal Framework" needs to be built into the code as well as the law.

The O/S should be the O/S should be the O/S. No third party application should be able to change the functionality or performance of the O/S.

The Application should be the application should be the application. No OTHER application should be able to change the functioning of the original application.

If the browser is an application that is part of the O/S that can be modified by a differnt application, then you never know what to expect.

If I want to run App A, later install App B. App B shouldn't be able to change App A unless that is what is advertised to do.

App B shouldn't be allowed to mess up App A or the O/S. If it does, that behavior should be detected and stopped.

That way if App B fails to work, it can be removed and the O/S and App A can go on their merry way.

Re:Legal Framework? (1)

stoolpigeon (454276) | more than 12 years ago | (#3169810)

I could not agree with you more.

Creating more laws is not going to solve anything. Putting more people in court will not benefit anyone but the lawyers.

Why does everyone think that the government is the best tool to fix every problem-- when it is so obvious that they have done a pretty poor job to this point?

(And the legal system is the government so that is what you suggest)

As always buyer beware (especially when you are paying nothing).

Many good points- but please- NO more laws. We have way too many already.

.

Re:Legal Framework? (0)

Anonymous Coward | more than 12 years ago | (#3169838)

Isn't there already a law about stealing the resources of a computer you do not own? My point is that there may already be law dealing with software that does this type of thing.

Huh? (0)

Anonymous Coward | more than 12 years ago | (#3169701)

What the @##$% is new.net? Going to http://www.new.net doesn't reveal any obvious software.

Anyone want to start a software company? (4, Insightful)

cperciva (102828) | more than 12 years ago | (#3169705)

It seems to me that "scumware" is starting to take on proportions very similar to "wormware"; as the author notes, there seems to be little difference between the subseven trojan and the new.net software (or, I might note, whatever that horrible program was which made yellow links pop up everywhere).

Since anti-virus software doesn't seem to scan for these, perhaps someone should create a product which operates similar to antivirus software but instead scans for a dictionary of scumware?

Yeah, Brother! (3, Informative)

jackjumper (307961) | more than 12 years ago | (#3169708)

The other day I discovered that I couldn't burn CDs at 10x any more. In fact, I had to slow down to 2x in order for it to work.

This led me on a chase through my computer. Through a combination of Ad-Aware, Startup Cop, and Process Explorer I managed to get rid of a bunch of leftover or not wanted CRAP that was hogging up my system!

Quicken, for example, had two programs that started up every time my system started. There was a Lexmark printer application running, even though I no longer have the printer and had uninstalled the driver!

And don't even get me started on Real One...

What a pain in the ass...

Re:Yeah, Brother! (0)

DirtyTroll (566579) | more than 12 years ago | (#3169750)

I shit on your haircut.

However, I laugh because you have windows problems. You are +1 insightful. Thanks for posting.

And WTF is NEW.NET? (2, Insightful)

grnbrg (140964) | more than 12 years ago | (#3169709)

Anyone? Anyone? Bueller?

A URL or something?

Google just points you to http://new.net/, which doesn't look like anything.....

Re:And WTF is NEW.NET? (0)

Anonymous Coward | more than 12 years ago | (#3169756)

http://new.net/
That's it. You found it. Honestly. Notice how their top level domains aren't the usual ones? That's why you need special software (or a new.net friendly provider or your own DNS-server) to resolve these addresses. So they try to spread their little system modification as wide as possible by having shareware and freeware authors include it in their software installers. That results in many people using their software without explicitly downloading and installing it.

Re:And WTF is NEW.NET? (3, Informative)

rossjudson (97786) | more than 12 years ago | (#3169773)

NEW.NET supplies a new series of top level domains. They aren't doing this with anybody's authorization; they have simply shipped a trojan with a ton of popular free software packages that alters your IP stack to point to their TLDs. If you go to new.net and click on "enable", a Java applet will install this stack-altering crap on your system, after you foolishly allow it to do so. But, really, they install with a lot of different "free" packages.

Re:And WTF is NEW.NET? (1)

oni (41625) | more than 12 years ago | (#3169794)

I have no clue. This 'article' was poorly written. I propose that in the future, submitters be required to be sober and free from mind-altering substances.

Let me guess, you're running Windows? (1)

Yoda2 (522522) | more than 12 years ago | (#3169710)

The best thing about my Atari 800XL [retroplayers.com] - no IP stack to alter.

Re:Let me guess, you're running Windows? (1)

Zalgon 26 McGee (101431) | more than 12 years ago | (#3169775)

But there are several efforts underway to bring a stack to the Atari 8-bit.

See

http://home.columbus.rr.com/ksiders/ice.htm

for a list of 6502 efforts underway.

Property Questions (5, Interesting)

Loundry (4143) | more than 12 years ago | (#3169713)

I've long maintained that I do not think that information is property, and I therefore can't agree with things like Intellectual Property laws.

This post raises some interesting thoughts: are my computer's CPU cycles and my system's stability my "property"? Do companies have a right to infringe on those things? Do I have a right to sue if other companies infringe on those things without my explicit permission?

Don't mod me up; I just want to see the discussion that ensues. :)

Re:Property Questions (1)

dynamicexpression (566301) | more than 12 years ago | (#3169747)


if information is not property - you probably wouldn't mind telling my your passwords, pin codes and bank account information? after all, that information doesn't belong to you, right?

;o)

Re:Property Questions (1)

Loundry (4143) | more than 12 years ago | (#3169824)

if information is not property - you probably wouldn't mind telling my your passwords, pin codes and bank account information? after all, that information doesn't belong to you, right?

Good point! I certainly would not want you to have that information.

At the same time, if you did manage to acquire that information, I cannot rightly call it "stolen" since no property is missing. I cannot see how something can be called "property" if it cannot be stolen.

Perhaps the true crime is fraud, since your use of that information would constitute what is incorrectly called "identity theft" (which is truly fraud). Is it truly a crime for someone to have your password if they never use it? Not that I endorse or condone having others' passwords without explicit permission, I just want to raise the question.

Re:Property Questions (2)

BitwizeGHC (145393) | more than 12 years ago | (#3169799)

Your computer system and your CPU are your property. They are physical, tangible objects that you paid money for.

Companies using your property for reasons that you didn't authorize, through subterfuge, are clearly in violation of your property rights. And "By clicking here, you agree to yadda yadda" is BS, particularly concerning software components you aren't told about.

Re:Property Questions (1)

ccarr.com (262540) | more than 12 years ago | (#3169832)

No one should use your computer for any purpose that you do not authorize, any more than they should drive your car without asking you. You don't need to agree on whether information is ownable to agree to that.

Here's a somewhat strained analogy: suppose someone used a projecter to create a billboard on the side of your house. It doesn't damage the paint, it just turns your house into a billboard. Never mind who, if anyone, owns the information content of the ad -- they shouldn't do that to YOUR HOUSE.

GIGO (1)

plone (140417) | more than 12 years ago | (#3169720)

Honestly, what do you expect when you install shitty software. Creative software is pure garbage, just use a free player such as winamp or sonique. I have never had to use ad-aware because I simply stay away from spyware infected software such as Kazaa and grokster. Consequently, my system is stable as hell and runs much quicker than expected.

Re:GIGO (2)

rossjudson (97786) | more than 12 years ago | (#3169751)

Well how about when you have a Creative Nomad Jukebox on your system and you need to move files over to it? it isn't a normal drive. I'm not trying to give advice to super smart guys like you, who obviously don't need anybody's advice on any topic.
I do agree with you; Creative software is crap. No argument there. Wish I didn't have to use it.
So how are people supposed to know what is "spyware infected" and what isn't?

Re:GIGO (0)

Anonymous Coward | more than 12 years ago | (#3169792)

"Well how about when you have a Creative Nomad Jukebox on your system and you need to move files over to it?"

Use one of the other 3rd party tools to do the same thing

Re:GIGO (1, Funny)

Anonymous Coward | more than 12 years ago | (#3169811)

Great idea. Winamp is well known for connecting to the Nomad jukebox.

Great fucking idea.

Are they all that stupid where you come from, or did you get off the short bus?

Here is an idea... (1)

Filter (6719) | more than 12 years ago | (#3169737)

Try running an OS that doesn't actively obscure installation routines. That empowers you to pick and choose the components you want installed. Half of the problem is that Microsoft uses the same techniques to change your configuration all the time. They lead the way with this kind of BS, installing one piece of software requires the installation of other pieces, like it or not, tell you about it or not. Media Player and IE are examples. DirectX, Visual Studio, ...

It used to drive me nuts!

Re:Here is an idea... (0)

Anonymous Coward | more than 12 years ago | (#3169760)

But open source is the same! If I want to install libtiff, it requires me to install libjpeg, too!!

Re:Here is an idea... (2)

alen (225700) | more than 12 years ago | (#3169777)

I think Real Player is the king of unwanted components. And when you turn them off from running in the system tray, they turn back on. Unbelievable.

Re:Here is an idea... (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3169837)

Ummm Windows doesn't obscure the installation routines, it forces (or allows, however you look at it) the developer to choose their method of installation. Microsoft develops an installer, but they're about the only developer that uses it. Most developers use InstallShield or another program to build their installation front-end, and it's up to the developer to decide how much control over the installation they give the users.

In the end, as long as it has a custom install option that allows me to dictate the location and/or existence of each component, I'm fine. It's a complete pain in the ass when a piece of software is misrepresented or doesn't even tell you it's installing something else, though. Again, though, that's not an OS-dependant thing, as developers could do the same thing on any OS that permits/utilizes binary installers. You can avoid that by using open source software and just compiling everything yourself, but even then are you looking over the code you're compiling first to make sure it's not doing something odd in a background thread?

There is a "signed installation" system out there (4, Informative)

Dynedain (141758) | more than 12 years ago | (#3169738)

You say one of the solutions is:
A "signed installation" program, run by known entities, asserting that a given program and its installation don't violate the rules
Guess what? That already exists for Windows (which is the platform you are obviously complaining about)...its called WHQL Certification.

interesting article (3, Interesting)

Str8Dog (240982) | more than 12 years ago | (#3169740)

RIAA and MPAA have made huge strides to protect thier copyrights. But the same companies would see no problem with this type of deception. We really want the government to say away from regulating the computer industry, but untill they do this BS will continue to get worse. The average AOL user has no idea and are building a army of zombie DOS machines and now an army of zombie marketing harvesters....

Standards Board (1)

mlknowle (175506) | more than 12 years ago | (#3169741)

What about creating a shareware/freeware standards board? SW would be submitted for review, and the board would examine the software, and decide if the readme is honest, and if it does what it says it does (and not more...). After that, software could bear a 'seal of approval.'

This kind of thing is entirely contingent upon widespread use, and strict enforcement - perhaps download sites could ensure that SW they post bearing the 'seal' is legitimately approved.

Because software (esp. small programs, shareware, etc) is provided by so many different sources, it is impossible to rely on the provider's reputation - because most people will have no prior experience with them. The solution is a community one; an organization which is widely trusted, rather than more draconian measures...

Treat them like what they are a VIRUS (0, Redundant)

DaedalusLogic (449896) | more than 12 years ago | (#3169749)

Conduct like this is truly writing a virus in a pretty package. There needs to not only be monetary consequence but jail time if it can be proven they new this program would damage TCP/IP. Let's get serious about our right to privacy and start making these people pay for criminal acts. Whether it is invasion of privacy or funds lost from system damage. Symantec and McAfee need to start treating them like viruses too... when there are cases that the vendors have not explained their program sufficiently. What are some opinions... I'm a more than a bit biased and I'd like some ideas, not flaming or non-constructive criticism.

If Spyware would only follow these rules... (5, Interesting)

jjhall (555562) | more than 12 years ago | (#3169753)

I installed Kazaa the other day at home, knowing it would attempt to install the BDE3 (I think) viewer. Since my hard drive is NTFS, I created the BDE directory under my second account, and used NTFS permissions to be only readable/writable by the "Administrator" account. I thought that would stop it from installing. I was wrong, however. The program simply installed inside of a different directory.

It doesn't run because I did the same thing to that directory, but it still installed when I took fairly advanced measures to prevent it. The fact that programmers are writing applications that users have no control over is a step in the wrong direction. I don't want the "3D Advertising Projector" on my system, yet it installed anyway. That to me sounds like something Norton should be protecting from...

I do write simple programs for personal use for myself. I have given a few to friends, but I never install a "Jeremy in 3D" viewer or anything like that. Note to programmers: If it is ABSOLUTELY ESSENTIAL to the operation of the program, go ahead and force installation, but tell the user what it is and why you need it. If it is not essential, simply put a check box to not install it. Or at least instructions on how to safely remove it.

I understand that Kazaa is trying to make some money by forcing ads, but when people won't even install their software because of the ads, they are shooting themselves in the foot. If they used simple HTML banners, I probably wouldn't go to the trouble to block them.

Another thing that annoys me greatly is the Real Player (whatever they are calling this version) notification program. It pops up ads and new version notifications near the systray. There is not an option ANYWHERE I can find to disable that function. They used to have the real icon in the tray that you could close. And they had an option to keep it from loading. How much of my system resources is it taking to check in the background for new updates/ads? There are a few things I need real for (unfortunately) or I would uninstall it and be done with it. If I try to play a stream that won't play with the version I have, I will upgrade on my own. I don't need a resource hog app telling me when to upgrade.

Re:If Spyware would only follow these rules... (1)

kson34 (71110) | more than 12 years ago | (#3169847)

BDE is the Borland Database Engine. It probably is required by the program to run (or the authors are hiding their spyware as BDE), a lot of programs written in Delphi or C++Builder require this (for database access).

Real has long been spying on what you listen to, and practicing such general bad privacy pracices that I refuse to have even antiquited versions of the real player on my system. Even windows media player (before 7.0, which seems as bad as real) is better.

I mean, if you are installing freeware from a commercial company, buyer beware, you should expect that their may be hidden (or well disguised) nasty spyware there. It's like a non-technical friend who complains about all the virus's he gets downloaded warez from Morpheus, and asks me how to stop getting all of his viruses. Personally on Windows, I won't install anything unless I know a fair amount about the source of the software. One tip in 2000/XP is to run as a user rather than someone with administrator access. A lot of software won't install properly (needs access to Registry, and installing DLL's), but harmless, properly written software will (you can still write to HKEY_CURRENT_USER which is all most software should need, unless they have COM dll's to register).

Two more examples (2, Informative)

rogerl (143996) | more than 12 years ago | (#3169767)

Real Player: Real Player assumes that you want their "service" running at times. It assumes that you want it to be your default media player. You try and turn some of these off via there options screen. Sometimes it works, Sometimes it does not.

Weather Bug: This is another one. It just starts running and does not give an option to turn it off. I had to hack the registry to get rid of it.

Oh well... I am slowly converting to completly Linux...

What New.Net is: (5, Informative)

PunchMonkey (261983) | more than 12 years ago | (#3169776)

new.net is a company who decided that instead of waiting for the new top level domains to be approved, they'd just start up their own root domain servers and sell the new top level domains themselves.

So if you want to buy sweat.shop, you can go to new.net and do just that.

The software in question is a "plugin" that "fixes" windows to use their dns servers when requesting a domain that ends in ".shop" or whatever.

For more info, don't be so lazy and click on the "About Us" button at the bottom of the new.net homepage

http://www.new.net/about_us_mission.tp [new.net]

I submitted a story about this on slashdot long ago and, surprise! it was rejected. I'm sure I wasn't the only one who thought this site and company is worth discussing.

-- Punch the Monkey!

I don't like new.net either (0)

nil_null (412200) | more than 12 years ago | (#3169786)

I did a backup of my Win2k system and did a restore on different hardware. I didn't know what new.net was at the time but apparently it was on my system. However, new.net didn't work after the restore causing my TCP/IP stack to be unopperational too. It was looking for newdot~2.dll, when only newdot~1.dll existed. Apparently it doesn't take into account long filenames and uses the 8.3 character filename. I didn't know what it was at the time and just made a newdot~2.dll to get on the net. Of course I was even more unhappy to find out what it really was.

One more example of why... (1)

talks_to_birds (2488) | more than 12 years ago | (#3169787)

...everyone should avoid Window$ like the plague.

In fact, this is also why I avoid RPM's and the like, whenever possible, which is always...

Read the README; read the INSTALL; if necessary edit a couple files to taste; then it's

./configure

make

make install

These are your friends.

It's my computer.

I want to know what's on it, and where.

t_t_b

Screw it (2, Insightful)

drivers (45076) | more than 12 years ago | (#3169788)

I'm switching to free software.

Re:Screw it (0)

Carp Flounderson (542291) | more than 12 years ago | (#3169843)

Actually, theres no such thing as free software. If someone tells you otherwise, they are not giving you a complete set of facts. Often the "cost" of free software comes from its inferior design, inferior stability, or inferior security. These are all caused by OSS projects' lack of effective and centralized program management and quality assurance processes. So far, nobody has been able to solve this problem and it has largely been ignored because its a huge liability for "free" software.

Not to pick... (1)

talks_to_birds (2488) | more than 12 years ago | (#3169801)

...but for those of us who, thankfully, don't get out much, WTF is this NEW.NET cr*p, anyway?

t_t_b

heh... (1)

talks_to_birds (2488) | more than 12 years ago | (#3169817)

<blush>

and for those of us who apparently do not read:

"new.net is a company who decided that instead of waiting for the new top level domains to be approved, they'd just start up their own root domain servers and sell the new top level domains themselves.

So if you want to buy sweat.shop, you can go to new.net and do just that.

The software in question is a "plugin" that "fixes" windows to use their dns servers when requesting a domain that ends in ".shop" or whatever.

For more info, don't be so lazy and click on the "About Us" button at the bottom of the new.net homepage"

</blush>

t_t_b

Slashdot Hypocricy (1)

AintTooProudToBeg (187954) | more than 12 years ago | (#3169804)

NEW.NET should be responsible for its clients actions (notifying users about the install process).

Napster should not be responsible for its clients actions (downloading copyrighted material).

daemons? (3, Funny)

room101 (236520) | more than 12 years ago | (#3169815)

daemons? what are those. I don't think they exist on windows. (;-)

On windows, they are "services". They give you exciting service. Way better than those unix daemons. They only talk to you in your head and tell you to burn things. Or at least, that's what they do to me. Maybe I'll post an "Ask Slashdot" to get further insight. Oh, maybe not, the voice in my head says that it will get rejected.

New.net and other various spyware. (0, Redundant)

akula1 (463239) | more than 12 years ago | (#3169818)

I work tech support for the residence halls at my university and have seen this occurring more and more frequently. New.net is a perfect example because the only way to remove it is to hunt down uninstall instructions on various newsgroups, alt.comp.virus, if i remember correctly. Not only is this program on almost every users computer I touch, but its probably responsible for about 20% of the "my internet just stopped working, and no I don't know why" calls I receive.

Maybe its time for Symnantec, Trend etc... to add "spyware" detection to there AV products.

Windows Users (2, Informative)

jyak (112533) | more than 12 years ago | (#3169822)

Take control back of YOUR computer with all the proper utilities. Go to onlythebestfreeware.com [onlythebestfreeware.com] tto get the best free utilities to rid your computer oof unwanted items.

Three words: Package Management System (2, Insightful)

JonKatzIsAnIdiot (303978) | more than 12 years ago | (#3169830)

A package management system is the user's first and best defense against this type of thing. With it, a user can always determine which files are needed for which applications, and vice-versa. You can check what is going to be installed before you do it. While a malicious/ignorant software vendor could put malware into a package file, at least all of the files that make up that package can be determined later on. No other software management system can provide that information as easily. Not installer programs, and not even the sacred install-from-source routine.

i concur (2)

SubtleNuance (184325) | more than 12 years ago | (#3169842)

If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques.

If this begins (too late?) than I fully expect our friends @ NAI or Symantec to add this trash to their virus software. Anything that tries to protect itself from being removed is a virus. %insert_your_own_windows_joke_here%.

Ive been very happy with Ad-Aware, and as the author suggests, the first run on my own machine was a real eye-opener. I have some frineds in a local PC clone shop, and they run AdAware on almost all their repair/re-stage jobs -- they have been amazed at the numbers of Malware apps they have found running on people's PCs.

Disclosure, choice and the future (rant) (5, Insightful)

legLess (127550) | more than 12 years ago | (#3169844)

That's my summary of what we need: disclosure and choice. The user must know every single non-required system modification, and have the choice to not install any of them.

But this won't work, of course. Our favorite example is Microsoft, who blithely says, "It's all required; it's all part of the OS; either take the package or don't." Making choices confuses people, see, and we want to avoid that.

Without being elitist at all, some of what they say is true. One reason Microsoft has succeeded is that they remove those scary choices from the users. It's the software equivalent of "bread and circuses" - don't bother people with the details, wow them with flash, and they'll mostly ignore what goes on in the background.

This succeeds because it's what people want. My 72-year-old mother doesn't know about patches and updates and service packs, and for fuck's sake she shouldn't have to. For good or ill, most people view computers as slightly cantankerous, very expensive toasters. They have no idea that they have, sitting on their desks, a little machine that can do very nearly anything. They want to do a couple things, and they want those things to be easy.

I can see a couple ways for this to go:
  1. Special-purpose machines. Instead of one computer, you'll have a few little ones. A web pad in the kitchen that downloads recipies, a glorified word-processor in the study hooked up to a printer, maybe with accounting software. Most people will go to Office Depot and spend a few $hundred on a black box, kind of like a cell phone now days, then throw it away when a newer model appears. Microsoft is set to own this market.
  2. General-purpose machines. Geeks will still want a real, live computer that they can control. This is only going to get harder and harder. Twenty years from now, I bet there'll be fewer general-purpose computers than there were twenty years ago. The after-market parts business will dry up as copy-control gets more and more intrusive. I mean, I can build a box from a bunch of parts, but I can't build a fucking motherboard or hard drive.
Computers have to get easier to use while at the same time getting more complicated and doing more things. The only way to do this is to remove end-user control of the device. Fewer scary options, fewer things to screw up. For the most part this is a good thing. Most people using PCs today are basically helpless aside from a few well-known command sequences.

The hard fight will be to retain control of real computers while consumer boxes get dumbed-down. What will make this possible (IMHO):
  1. No DRM. Period. This will kill general-purpose computing forever.
  2. More standardization. As the parts market shrinks and specialty boxes become more common, it'll be harder for ASUS (e.g.) to sell mobos into the after-market channel. There will be consolidation, but as long as #1 above is avoided it shouldn't be fatal.
  3. Concentration on software quality. The OSS community generally goes a better job of this than closed-source, but it will have to get better. Quality alons isn't enough; as we know, 500% better isn't better enough if you don't have good marketing.
This is a long, winding rant, and has gone a little off-topic. Back to the point: I don't think this situation will get better, or at least not in the way we hope. It's going to be incredibly difficult to hold software manufacturers liable for anything; it'll be even harder to hold them liable and let OSS off the hook.

The best hope, I think, is operating system diversity, which at this point means forced licensing of the Windows source code. If you can use Microsoft Windows that basically bends over for any cute-looking virus or trojan, or (e.g.) IBM Windows that flat-out refuses to install anything that isn't digitally-signed and verified (assume, for the minute, non-DRM verified), what would you pick? What would your mom pick? What would you want your mom to pick?

Some choice quotes (4, Insightful)

mblase (200735) | more than 12 years ago | (#3169845)

Some choice quotes from http://www.new.net/about_us_guiding.tp [new.net] :

"New.net will seek to work with ICANN to ensure stability in the Internet, and we will attempt to work in the best interests of all parties to not interfere with anything that ICANN plans to do." (Clearly, the author of this article would argue with the use of the word "stability".)

"New.net is building a more open registry business that also will enable other parties to introduce new domain name extensions to the millions of users that have access to New.net domain names. New.net will determine which extensions to release in the future, applying the standards set forth below." (You call that open?)

"We are building a DNS infrastructure that is at least as reliable as the root servers that serve .com, .net, .org, .co.uk, and other top-level domains." (I don't consider having to install special software just to get to a URL "reliable", but maybe I'm narrow-minded.)

Shoe's on the Wrong Foot (2, Insightful)

bumski (308461) | more than 12 years ago | (#3169848)

The author makes a lot of good points, but in the end, he's placing the responsibility for preventing unwanted, system-level changes on the wrong party.

Installing or modifying "system-level" components such as drivers, services, and daemons shouldn't be possible for anyone without administrative privileges. If the operating system fails to distinguish between normal users and administrators, then it's the OS that needs to be fixed, rather than the practices of innumerable software suppliers.

And if the user chooses to run always with administrative privileges, well, he deserves what he gets.

Mac OS X Software installs... (5, Informative)

MidKnight (19766) | more than 12 years ago | (#3169853)

One of the thing that is impressive about applications that are written natively for OS X is the installation procedure: it usually involves a complex procedure called "copying". All hyperbole aside, it is that easy.

For instance, I installed MS Office on my laptop a while ago (still waiting on Sun & Apple to resolve their differences & build StarOffice for the Mac). The entire procedure was:

1. Insert Office CD
2. Drag-And-Drop a folder onto my hard drive
3. Start using it.

Installing applications from the Internet is even easier. I'm a happy registered user of OmniGraffle [omnigroup.com] , a diagramming and graphical tool that makes other programs like it feel worthless. The installation process for that is:

1. Download the file, which unpacks as a disk image & it automatically mounted.
2. Drag & Drop the application.
3. Start using it.

Another nifty feature is that, to the high-level graphical interface, an application appears as a Bundle [apple.com] , and therefore it looks like a single executable file. To the regular user, this is a far more intuitive presentation of what an "Application" is. However, if you whip up a terminal & go poking around a bundle, you'll see that it's really a collection of every file the application needs to work.

Mark my words, the Winblows platform will be emulating this behavior within their usual UI 5 year lag.

--Mid
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...