Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Dec 10, 2011, at 12:30 AM, Polytropon wrote: On Fri, 9 Dec 2011 13:05:05 -0600, Ryan Coleman wrote: On Dec 9, 2011, at 12:03 PM, Polytropon wrote: On Fri, 9 Dec 2011 09:38:59 -0600, Ryan Coleman wrote: It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? Uninvitedly adding toolbars, changing web browser home page and default search engine are - in my opinion - malicious acts, so the term malware may be correct here. Maybe the term spyware is also appropriate, depending on what the additions actually do behind the curtain. Note an important thing: When careless users will notice the change, they will maybe blame the authors of the original software, not the distributor. This could do damage to F/O products, at least in Windows land. Luckily, those who build from source or use precompiled packages from a trustworthy vendor don't have to care for that stuff. :-) So, wait, Firefox is Malware? Did you notice that with FF4 they changed it so that you didn't get prompted on launch it overrides your default but instead it's a checkbox inside the installer? I've never installed something in Windows so my opinion has limited fact-backup here. I don't even see from your post _what_ they changed in FF4 - the default browser? The home page? Additional toolbars? Some advertising? Hmmm… You no longer are prompted on first load of the program to change your default browser. That's done for you on the installation program. Which is *EXACTLY WHAT I SAID* ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Sun, Dec 11, 2011 at 05:32:00AM -0600, Ryan Coleman wrote: On Dec 10, 2011, at 12:30 AM, Polytropon wrote: On Fri, 9 Dec 2011 13:05:05 -0600, Ryan Coleman wrote: So, wait, Firefox is Malware? Did you notice that with FF4 they changed it so that you didn't get prompted on launch it overrides your default but instead it's a checkbox inside the installer? I've never installed something in Windows so my opinion has limited fact-backup here. I don't even see from your post _what_ they changed in FF4 - the default browser? The home page? Additional toolbars? Some advertising? Hmmm… You no longer are prompted on first load of the program to change your default browser. That's done for you on the installation program. Which is *EXACTLY WHAT I SAID* I understand your point, but what you said exactly was only that it overrides your default, and not what default was overridden. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OT: C|Net's Download.com adware, spyware, malware hijinkx.
Sorry for the cross post I hadn't seen any chatter about this on the lists. It would seem that Download.com got caught with their pants down and were re-wrapping F/OSS with their own installer and bundling adware, spyware and malware with it. NMap's author, over at insecure.org got pretty hot about it and has collected considerable information on the topic since he learned about it on Monday. http://insecure.org/news/download-com-fiasco.html http://seclists.org/nmap-hackers/2011/5 http://seclists.org/nmap-hackers/2011/6 Again, sorry for the cross post, but I know how I would feel if this were done to me (I'd be pretty pissed!) So flame me later for cross-posting and if your a software developer who also makes software for Windows users, then go and check your stuff if it's listed on download.com. So far, paint.net's software, VLC, NMap and emergeDesktop were affected. Being a part of emergeDesktop's community, I know the author their has instructed the community to not download his software from download.com, I'm not sure what steps have been taken for paint.net and VLC though. -- Chris Brennan A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Dec 9, 2011, at 9:35 AM, Chris Brennan wrote: Sorry for the cross post I hadn't seen any chatter about this on the lists. It would seem that Download.com got caught with their pants down and were re-wrapping F/OSS with their own installer and bundling adware, spyware and malware with it. NMap's author, over at insecure.org got pretty hot about it and has collected considerable information on the topic since he learned about it on Monday. Yeah, someone on my LUG list tried to claim that the TCLUG list was the reason for the /. article… stupid peons… It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? -- Ryan___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Fri, Dec 9, 2011 at 10:38 AM, Ryan Coleman edi...@d3photography.com wrote: Yeah, someone on my LUG list tried to claim that the TCLUG list was the reason for the /. article… stupid peons… It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? Some people just don't get that idea, they stumble onto a piece of software they like and don't bother to think much farther beyond that, as long as it works for them, they don't care. -- Chris Brennan A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Dec 9, 2011, at 9:41 AM, Chris Brennan wrote: On Fri, Dec 9, 2011 at 10:38 AM, Ryan Coleman edi...@d3photography.com wrote: Yeah, someone on my LUG list tried to claim that the TCLUG list was the reason for the /. article… stupid peons… It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? Some people just don't get that idea, they stumble onto a piece of software they like and don't bother to think much farther beyond that, as long as it works for them, they don't care. I should add that I often go to download.com for things like winrar, putty, etc., but I know enough to NOT use the Adobe Downloader from adobe.com, check to make sure there's no extra stuff riding along… We have a problem here in Minnesota with Zebra mussels. Tanker ships from Europe didn't filter their ballast water and now we have them in our lakes. They rode tankers from Europe to the Great Lakes, fishing boats from the Great Lakes to smaller lakes… and now it's an infestation. Why? Because they were too busy to take time to figure out what they were doing. [http://www.dnr.state.mn.us/invasives/aquaticanimals/zebramussel/index.html]___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Fri, 9 Dec 2011 09:38:59 -0600, Ryan Coleman wrote: It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? Uninvitedly adding toolbars, changing web browser home page and default search engine are - in my opinion - malicious acts, so the term malware may be correct here. Maybe the term spyware is also appropriate, depending on what the additions actually do behind the curtain. Note an important thing: When careless users will notice the change, they will maybe blame the authors of the original software, not the distributor. This could do damage to F/O products, at least in Windows land. Luckily, those who build from source or use precompiled packages from a trustworthy vendor don't have to care for that stuff. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Dec 9, 2011, at 12:03 PM, Polytropon wrote: On Fri, 9 Dec 2011 09:38:59 -0600, Ryan Coleman wrote: It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? Uninvitedly adding toolbars, changing web browser home page and default search engine are - in my opinion - malicious acts, so the term malware may be correct here. Maybe the term spyware is also appropriate, depending on what the additions actually do behind the curtain. Note an important thing: When careless users will notice the change, they will maybe blame the authors of the original software, not the distributor. This could do damage to F/O products, at least in Windows land. Luckily, those who build from source or use precompiled packages from a trustworthy vendor don't have to care for that stuff. :-) So, wait, Firefox is Malware? Did you notice that with FF4 they changed it so that you didn't get prompted on launch it overrides your default but instead it's a checkbox inside the installer? -- Ryan___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: C|Net's Download.com adware, spyware, malware hijinkx.
On Fri, 9 Dec 2011 13:05:05 -0600, Ryan Coleman wrote: On Dec 9, 2011, at 12:03 PM, Polytropon wrote: On Fri, 9 Dec 2011 09:38:59 -0600, Ryan Coleman wrote: It's still not malware, it's bloatware. Why would you not go to the development website to get the program anyway? Uninvitedly adding toolbars, changing web browser home page and default search engine are - in my opinion - malicious acts, so the term malware may be correct here. Maybe the term spyware is also appropriate, depending on what the additions actually do behind the curtain. Note an important thing: When careless users will notice the change, they will maybe blame the authors of the original software, not the distributor. This could do damage to F/O products, at least in Windows land. Luckily, those who build from source or use precompiled packages from a trustworthy vendor don't have to care for that stuff. :-) So, wait, Firefox is Malware? Did you notice that with FF4 they changed it so that you didn't get prompted on launch it overrides your default but instead it's a checkbox inside the installer? I've never installed something in Windows so my opinion has limited fact-backup here. I don't even see from your post _what_ they changed in FF4 - the default browser? The home page? Additional toolbars? Some advertising? Hmmm... However, installing proprietary stuff along with the desired F/O software and changing user settings without dialog or notification _could_ deserve the term malware to apply. It's _not_ that those are a dependency! -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
