topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:12 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Et tu, Sourceforge?  (Read 7758 times)

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Et tu, Sourceforge?
« on: December 20, 2014, 01:24 PM »
In a world where even Sourceforge bundles malware (why dignify it by calling it pupware?), is the era of recommending cool software over? I thought one of the talking points of open source software was that it was more secure because you had access to the source code? How about the source code to that malware?

In the "good old days" of unwanted software bundling, you could just people to pay attention because the installt going to try to install something, just hit Decline, Decline, and just say no to the extra stuff. Hey that still works with Java and the Ask Toolbar! But nowadays with most other stuff, you can decline everything that pops up and still end up spending half a day un-junking all your web browsers. And forget recommending software to less technical people, I was recently asked to recommend an antivirus, I recommended Avast, but I ended up being the one installing it. It's a good thing to because the direct link from Avast's web site goes to cnet downloads, and most people are going to just click straight on that cnet bundleware installer. If he had done that, my friend would have been mad at me for getting more malware on his system. (I was able to find a link on the Avast forums to a post with a non-bundleware installer for Avast).

When a developer agrees to this, I no longer trust the developer anymore. Once you decide it is OK to bundle malware with your software, the bundling of malware becomes the primary purpose of your software. I know some developers write software for free because they simply love to make cool software. Maybe over time, some developers feel like they've been burned by users making impossible demands for the developers' limited time, and this is their way to get revenge against ALL of the users, and in their minds, they are finally getting paid for their work. Thankfully some developers have still rejected that mindset.

The fact that you can't even trust Sourceforge now pisses me off to no end. This is how we are going to forced into app stores for everything, I guess. I'm grateful that DC will never be a party to these shenanigans.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #1 on: December 20, 2014, 04:11 PM »
^^ +1: I had pretty similar disgusted thoughts only the other day when I was downloading/installing something from SourceForge. Luckily for me, MBAM seems to detect these "PUPs" before them being installed, and then quarantines them.

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #2 on: December 20, 2014, 06:46 PM »
Yeah, the stuff like OpenCandy ticks me off too.

However, part of that is because if I don't want to install the crapware, I have to read the dialogs carefully and click and check the appropriate spots, even if they are grayed out like they're unavailable.  I think that honestly, I would be slightly less annoyed if the crap-wrapper defaulted to not installing anything extra at all unless you explicitly opt in during the process.  (I can't remember, did OpenCandy start out that way?)
vi vi vi - editor of the beast

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #3 on: December 21, 2014, 03:44 AM »
In all fairness, i do think there is a big distinction between bundling apps (like opencandy does) and adware on one side, and malware on the other.  And i think there is every reason to acknowledge this distinction.

If a developer wants to "bundle" his apps with other tools that are "OPT-IN", so that they will not install by default by a distracted user, and those other tools are easily uninstallable without leaving crap, and are not harmful to the pc, then I have no problem with that.

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #4 on: December 21, 2014, 07:52 AM »
If a developer wants to "bundle" his apps with other tools that are "OPT-IN", so that they will not install by default by a distracted user,

Does anyone actually use opt-in? I don't think I've ever seen anything other than opt-out. I'm more concerned about the cases where you opt out of everythng, and in spite of that, you find something has taken over the home page, search engine of every installed web browser.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #5 on: December 21, 2014, 08:19 AM »
If a developer wants to "bundle" his apps with other tools that are "OPT-IN", so that they will not install by default by a distracted user,

Does anyone actually use opt-in? I don't think I've ever seen anything other than opt-out. I'm more concerned about the cases where you opt out of everythng, and in spite of that, you find something has taken over the home page, search engine of every installed web browser.

By default, OC was opt-in.  There were tools for developers to change it to opt-out, which I disagreed with.  Not sure about the state now.

And also a point- is it sourceforge?  Or is it the developer?
« Last Edit: December 21, 2014, 08:24 AM by wraith808 »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #6 on: December 21, 2014, 10:18 AM »
^AFAIK Sourceforge is promoting it - but (at least for now) it's up to the developers whether or not to participate.

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #7 on: December 21, 2014, 05:27 PM »
Relevant NANY 2015 project

That would be awesome

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: Et tu, Sourceforge?
« Reply #8 on: December 21, 2014, 05:33 PM »
MBAM seems to detect these "PUPs" before them being installed, and then quarantines them.

You know, I need a good kick to go ahead and get the premium version of MalwareBytes Anti-Malware, and that may be it.

Side note: Is it just me or does the recent MalwareBytes UI makeover make it look like fake anti-malware? It's bad enough that I have to explain to people that it is very legitimate in spite of having the name MalwareBytes! I guess it's fake anti-malware's fault for being so slick-looking.