topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday December 12, 2024, 3:59 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Nice blog post on the parasitic software hosting sites bundling junkware  (Read 31651 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
We've discussed this before and it's still as infuriating as ever.

I recently came across this new blog article written by someone who used my Screenshot Captor tool as an example:
http://thundercloud....us-software-parasite

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
That just reminded me of the last time I had to clean up a friends PC after she downloaded some piece of SW from such a site. What I expected to take half an hour turned out to be like 4 hours. I was close to telling her to just re-install Windows.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member

Not a bad post, but the company behind it looks like they've been changing their branding a lot in the background.

The blog post leads to this wordpress homepage that they picked to be "simple and blogged":
http://thundercloud.net/infoave/new/

I often find it useful to check "other things on the same top domain". One earlier version was this:
http://thundercloud.net/start/index.htm

Then one with a definitely older design is at the very top:
http://thundercloud.net/

Their business model is selling direct connection computer repair services. So the blog post is an "info loss-leader". The only thing then becomes that I as a user have no way to attest how reputable they are to fork out $90-120 for a repair session!


40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Would it not be possible to insert a clause in the license that states your software cannot be bundled with additional software or use an installer other that the one provided by the original author without specific written permission? That gives you a legal leg to stand on. And while a lawsuit is probably out of the question for most small code shops due to the cost involved, it does give you some "administrative legal" options - such as a complaint to an ISP or a search engine. It's sad to resort to some of the legal nonsense big companies use to bully or otherwise abuse the legal framework. But since it looks like this will be a permanent part of the tech landscape, it's also silly to not use it to your advantage.


Here's a thought...

How about embedding an article - with a registered copyright - in the installer or app itself. Maybe an essay on DonationCoder or the whole donationware concept. It doesn't need to be intrusive. When the installation is completed there's a link in the 'installation completed' dialog box and on the 'about' screen that lets the user read all about it. A block of text shouldn't bulk things up too much.

DMCA takedown rules don't apply to trademarks or licenses. But they DO apply to registered copyrighted works - which allows you to send notice (without hiring an attorney) to the ISP or website administrator demanding the title be taken down. Or to Google requesting the link pointing to another site that's carrying your software be removed because said software includes a copyrighted literary work that is being distributed without permission.

Might be worth a try. :)

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Per 40hz, maybe we can spin that angle in all sorts of ways. Since it's the exact same problem in all sorts of ways, aka only some five big name companies at first, let's get a friendly lawyer to draft the first warning letter that x program is not supposed to be "packaged/wrapped etc". Putt out all the bug guns. Copyright like you were saying, Comp Abuse Act, and others.

Then again from that (or another) attorney to be on standby because the first draft of the motion is the same. "You were presented with the do-not-tamper letter and ignored it...".

How deep do their tendrils go? We all joke about how many lawyers are out there, some with a little spare time on hand... what if some pro-bono counsel was on tap at level 3 to push it all the way!?

I vaguely have heard here and there about attorneys pushing 70 "aka nothing to lose", so why not go out with a few landscape changing suits for their posterity!?


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
i'm wondering if, rather than a legal solution, i couldn't add code to the installer to make it hard to bundle in this way -- make the installer detect if one of these adware wrappers have launched it, and instead of installing, throw up a big warning and refuse to install.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Putt out all the bug guns. Copyright like you were saying, Comp Abuse Act, and others.

You just need to careful not to throw everything you can think of at them  to see what sticks. Because that damages your credibility and can also cause legal problems for you down the road. It's also the sign of a legal amateur. And attorneys - especially those of of the scheister variety - are wise to it. In the USA it's generally considered inadvisable to threaten legal action unless you're actually prepared to take it. Otherwise it throws you open to getting hit with a counter-suit from them for attempting to harass or intimidate. And since these guys have attorneys on payroll (and you probably don't) you'll want to avoid getting lawyers involved on either side if at all possible.

So I wouldn't recommend trying to call their bluff or scare them. You won't. And if they're a real sleazy operation, you definitely won't be the first that tried.

I think it's better (at least initially) to enlist a champion in the form of an ISP or a Google. These folks will generally cooperate with a DMCA takedown request regardless of the merits - as has been demonstrated by the number of times a DMCA takedown notice gets abused.

But again - DMCA only applies to copyrighted material. That generally means literature or media. Computer code itself is still up for debate - and the legal decisions made on that issue have been fairly capricious and arbitrary. Bundling an essay or an instructional video - with a registered copyright - sidesteps software licensing issues and their enforceability. Because copyright is a part of public law - and enforceable (in theory) by the state rather than by individuals as it would be under tort law.

But again, I'm no attorney either - so it's important to seek out the 'real deal' and get some solid advice. ;)

« Last Edit: April 01, 2014, 09:49 AM by 40hz »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
i'm wondering if, rather than a legal solution, i couldn't add code to the installer to make it hard to bundle in this way -- make the installer detect if one of these adware wrappers have launched it, and instead of installing, throw up a big warning and refuse to install.

That's asking to play whack-a-mole in my opinion.* But I'm no coder so I don't know how difficult something like that would be to write. Or defeat...

I suppose it couldn't hurt to try.


--------------------------------------------------------------------------------------
*as in: This is a people problem - not a technical problem.

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
i'm wondering if, rather than a legal solution, i couldn't add code to the installer to make it hard to bundle in this way -- make the installer detect if one of these adware wrappers have launched it, and instead of installing, throw up a big warning and refuse to install.

For the respective user that would be too late though as once your installer runs, all the crap has already been installed.

Edit: Well, I guess you assume that if you do this your SW wouldn't be wrapped like this in the first place.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
i'm wondering if, rather than a legal solution, i couldn't add code to the installer to make it hard to bundle in this way -- make the installer detect if one of these adware wrappers have launched it, and instead of installing, throw up a big warning and refuse to install.

For the respective user that would be too late though as once your installer runs, all the crap has already been installed.

Bingo! :Thmbsup:

Good catch phitsc! ;D

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,287
    • View Profile
    • Donate to Member
We've discussed this before and it's still as infuriating as ever.

Agreed, +1,  :up:, ad nauseum.  All my software is on their site(s) and has been mangled in this way.  One of the worst things about it is the thought that unknowing Joe User thinks that I allowed them to do this, i.e., sold out.  Grrr...sets my f'ing teeth on edge.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
For the respective user that would be too late though as once your installer runs, all the crap has already been installed.

Edit: Well, I guess you assume that if you do this your SW wouldn't be wrapped like this in the first place.

the first hope would be that the site would not be able to use their wrapper if my installer made the result unusable.
the second hope would be that the really lazy sites that don't check their wrapper success, would get penalized after the fact because my installer would tell the user the reason the installer has failed and blame it on where they got the download.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
^But even with the new anti-wrapper safeguards, what would prevent them from continuing to distribute the version they already have? New users coming directly in from Google probably wouldn't be aware of what the current version number is.


Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
and there's nothing to say that they have to wrap/bundle the original install anyway.  Their 'installer' could just be a middleware (cr)app that calls the original installer from the parent site

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Their 'installer' could just be a middleware (cr)app that calls the original installer from the parent site
yeah, you'd want to try to check where your installer was being launched from and by what process -- that should hopefully tell you what you need to know.

But even with the new anti-wrapper safeguards, what would prevent them from continuing to distribute the version they already have?


i think you're assigning to them a level of determination and resilliance that is unrealistic.  the more likely scenario is they have an automated process and if a particular installer doesnt "wrap well" for whatever reason, they probably throw it onto the pile of installers not to wrap, and move on.

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Although this link is to a how-to article called 'Remove Trovi.com redirect', it turned out to be a good way to clean up my machine from other crapware problems.
It gives links to four cleaner programs and tells what order to run them in.
It's recommended by malwaretips.com as a sub-link.

Tnx for the head's-up on Softonic.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member


But even with the new anti-wrapper safeguards, what would prevent them from continuing to distribute the version they already have?

i think you're assigning to them a level of determination and resilliance that is unrealistic.  the more likely scenario is they have an automated process and if a particular installer doesnt "wrap well" for whatever reason, they probably throw it onto the pile of installers not to wrap, and move on.

I'll defer to your judgement since you're in the business and more knowledgeable than I am about these people.

But I can't help thinking once an app is in their catalog, it stays there until it gets replaced with a newer version. If I were doing what they're doing, and running an automated system, I'd be inclined to just leave an existing title where it was if it couldn't be updated to a later version.

Either way...it's a hassle no developer should have to go through just to protect their works.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Tnx for the head's-up on Softonic.

Yeah, I've been well aware of CNet's junk, but one time apparently I saw a Softonic one and wasn't aware of their reputation! However I do know in general to always go Custom, so I think my instincts at the time evaded most of their stuff, but it's hard to ever really know they haven't pulled one last trick.


TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Although this link is to a how-to article called 'Remove Trovi.com redirect', it turned out to be a good way to clean up my machine from other crapware problems.
It gives links to four cleaner programs and tells what order to run them in.
It's recommended by malwaretips.com as a sub-link.

Tnx for the head's-up on Softonic.


I'm going to try (some/all) of that soon, just to see what few goodies got left behind despite my efforts.


TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Although this link is to a how-to article called 'Remove Trovi.com redirect', it turned out to be a good way to clean up my machine from other crapware problems.
It gives links to four cleaner programs and tells what order to run them in.
It's recommended by malwaretips.com as a sub-link.

Tnx for the head's-up on Softonic.


Inspired by you, I ran an old standby, Mark Russinovich's "Rootkit Revealer".
(Forgive the now-Microsoft wrapping!)
http://technet.micro...ernals/bb897445.aspx

Mark R. made his name as a 1-man Windows expert and MS just kept offering him money until they snapped him up. I think he's a good guy. He made his "fame" in the Sony Rootkit mess by providing key details.

But bird's eye what's we're seeing is there's this whole class of junk that "good ol' " MS Security Essentials isn't picking up. Comp Security is Medium Hard. To be honest as a medium grade user I bet my meachine is only 80% at this point. There's just so much to do. But 80% is better than 20% etc...


bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Although this link is to a how-to article called 'Remove Trovi.com redirect', it turned out to be a good way to clean up my machine from other crapware problems.
It gives links to four cleaner programs and tells what order to run them in.
It's recommended by malwaretips.com as a sub-link.

Tnx for the head's-up on Softonic.

How strange... I just joined MalwareTips.com, and was cordially invited to post in the 'new members' section, and at the bottom of the page it says  (You have insufficient privileges to post here.)
For security purposes I would rather withhold my username there as of yet, but that is a very odd experience.
It did not say to look for an authentication email, nor did I get one, so I don't know what the deal is.
So I have 'membership' but no 'privileges'.

(edit) Okay they just sent me an email confirming my membership. Usually as a new member of a forum, you just get an email to click on a link, but they don't do it that way there.
Instead there is a 12 to 24-hour delay and then they just approve your membership.

(edit) Malwaretips.com forum has this special web page for assistance with malware removal.
The subsection has a 'Read Me Before Posting' sticky instructing to post your problem in a new thread, not someone else's thread, because it is very important for you to get advice specific to your own malware removal problem.
It also says it is staffed by volunteers, but the forum seems quite active.
Volunteers actually write executable scripts specific for unique user malware problems, but again, they say don't just use someone else's script or you could cause problems for your machine; post  your own problem and they will write you your own executable script at no charge to deal with your specific problem.
The ReadMe sticky there at the above link explains the whole thing in more detail.
« Last Edit: April 02, 2014, 05:42 AM by bit »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
For the respective user that would be too late though as once your installer runs, all the crap has already been installed.

Edit: Well, I guess you assume that if you do this your SW wouldn't be wrapped like this in the first place.

the first hope would be that the site would not be able to use their wrapper if my installer made the result unusable.
the second hope would be that the really lazy sites that don't check their wrapper success, would get penalized after the fact because my installer would tell the user the reason the installer has failed and blame it on where they got the download.

But you have a zipped portable installation... they can do whatever they want with that.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
You're giving them too much credit for the effort they would be willing to put in.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
You're giving them too much credit for the effort they would be willing to put in.

As it stands, does the installer ever run?  From the step by step, it doesn't appear so.

peter.s

  • Participant
  • Joined in 2013
  • *
  • default avatar
  • Posts: 116
    • View Profile
    • Donate to Member
Just a sidenote to this:

I've been looking out for better defrag sw. So of course there is Diskeeper, PerfectDisk and O&O Defrag, each 30$ (but per comp, I'm afraid, have to have another look at that prob). So I came to IObit Smart Defrag, NOW free, from being even more expensive (and slightly less good) than the aforementioned free (info from the toptenreview 2014).

I went to the IObit site, and indeed it was free - how can these people make some bucks out of their product now, I mused?

Well, you will have suspected what follows: I clicked on their download link... and was redirected to cnet, one of the most awful sites out there... Now I'm searching for some "honest" download site...


In the past, I got lots of crap from both cnet and Softonic, and on both sites / with both sites' installers, I had paid attention - in vain - to not download crapware, too, so I had avoided both sites whenever possible since...

Before reading this very informative thread today, I hadn't known that in the U.S. (= by U.S. law), if I understand well, it's perfectly legal to do what both cnet and Softonic do, vàv the respective developers? (That it's legal vàv the dumb customer, is another story, and better understable since on that side, the buggering is on purpose, given the respective small print accepted.)

So indeed, before today, I had thought that those developers wanted a max. market penetration (oops, that fits here!), and that thus, they "accepted" some of their "customers"/prospects (freeware vs. shareware) being buggered, instead of just limiting themselves to post their sw on "save" sites (= sites that also rectally feed you crapware, but only when you don't pay enough attention to uncheck their various checked buttons).

Cnet is "best", since there, you can find lots of often highly informative user reviews (whilst their editor reviews are the usual crap), and so, for getting information, I often go to cnet, just for reading; on the other hand, the often high information value of those user reviews there convey a very respectable image to that site, in the eyes of the uninitiated, so it's been a very smart move of them to have instigated such often high-quality user reviews, which on the other download sites, can NOT be found (or far from this quality)...

And lately, indeed, very often, those cnet user reviews have taken a weird virage: Users highly praise the given sw, but also just give 1 or 2 stars instead of 4 or 5, complaining about all the unwanted crapware that also had been shoved into their... with.

This perfectly illustrates what mouser said above, and what I had thought until yesterday: That the respective developer at least gave his consent for this sodomy.

Which brings us back to the possible illegality of that act, and I've got four ideas on possible action(s):

- What about another "shareware developers' org" which takes class action?

- We all think the people behind cnet et al. are multi-millionnaires now: What about their personal responsibility, even if their respective sites "own nothing"? What I want to say: If you introduce an action against some shitty site, if they lose, they simply vanish, so the cost will be on yourself, but with cnet et al., ain't they rich enough (and have too much to lose, too, by vanishing), in order to be always there after they lose the action, so your risk to sue them isn't that big after all, IF what they do is illegal, and at least when they shove unwanted crap behind the scenes (i.e. without any (pre-) checked check-box), and for which they did NOT get the developer's consent, I cannot imagine all this is perfectly legal?

- Alternative to the previous point: In Europe (= European Union), in some countries, there are quite harsh laws, so that not ANY multimillionnaire over here can do whatever he wants to do, and there possibly might be various ways to sue U.S. crap shovers over here in Europe, for their European wrongdoings at least (= shoving crap into European asses, too, I mean), and as far as I know, European rulings are executable in the U.S. (and vice versa), in many cases (i.e. if all the necessary conditions for that have been observed) - now you don't tell me they are in the Caribbean or in China/Congo, and cannot be effectively sued anywhere?

- Most such soiled sw has got more or less extended help files; don't fall these under copyright law? Or do they fall under copyright law only when they are to some extent, and/or of they've got a certain "style"? Cf. my posts, over multiple given names: It's clear as day, from European law (applicable in the U.S. as far as copyright infringement is concerned, too) that all my writings have a very personal style, by which they are perfectly protected any misuse (= any republication, other than by myself, in any other forum, etc., except the one to which I posted them (originally or afterwards), and a similar effect could apply to "your" respective help files: Whenever your personality shows in them (well, this would even apply to Ultra Recall's help, by omission so total it gets a style of its own! ;- ) ), your sw going with such a help file should be protected?


If you think I should replace some chars by asteriskes, please tell me, that's what the fine edit function's for. ;-) But then, look here, in order to see with your own eyes that even google/YT has got some sense of sensitive humour / outrage lately:

some three other versions of this, and then http://www.youtube.c.../watch?v=zQ36S3d1CaU (this latter one with more than 2 million views) ;-)

And no, I'm not entirely into that sort of humor: (full length = abriged to latter half, i.e. the boys went down after the first quarter of an hour, offered help, were rebuked, THEN only took the 15 min. you can see here in the vid (I almost choked from laughing): http://www.youtube.c.../watch?v=tf4TIWECZ30 EDIT: Here's a better version, without the black beams: http://www.youtube.c.../watch?v=acWXj-Wjmsg

This one is politically incorrect, and only should be a treat for perverts (but then, almost 5 million of this mud film's lovers on YT!); I'm very happy though to have seen it straight to the end: Just see the very latest 5 seconds: incredible stunt!: http://www.youtube.c.../watch?v=xf-V400X6EY (or is it a sw trick?)

EDIT 2 : And here's another VERY good one:

"Advanced SystemCare Ultimate - Ultimate Protection and Ultimate Performance - Protects you against viruses, spyware, hackers, phishing, botnets and more" - Well, the catch is that comes from IObit, via cnet, too...

EDIT 3 : Back to serious matter: Above, I forgot to ask, Why are cnet and then Softonic hits 1 and 2 on google for e.g. "smart defrag download", and for myriads of similar searches? Why doesn't google relegate such smock sites to page 3? What's the interest of google (or the nsa behind google???) in PUSHING such people? Just total absence of decency, or is there some other explanation I didn't get yet (if we leave out nsa paranoia)?
When the wise points to the moon, the moron just looks at his pointer. China.
« Last Edit: April 03, 2014, 07:39 PM by peter.s »