Jump to content
Objectivism Online Forum

I Hate Adware

Rate this topic


aequalsa

Recommended Posts

I bought a new computer recently and procrastinated putting a firewall or downloading firefox on it for a couple of days. I immediately contracted several adware bugs that pop up every other friggin minute of the day to tell me that my sensitive information is in danger and only their software can protect me. This of course made my computer nearly inoperable. After a few more days of trying to rid myself of the ellusive bugs, I gave up, wiped everything clean and reinstalled windows. Then vowed to never use internet explorer again.

Am I wrong in thinking that this is identical to extortion. "If you pay me I'll protect you from people like me". That could be a line out of the godfather. In a moment of rage and frustration, I thought over my options. The first that came to mind was that I could find their place of operation, go there and start destroying their personal property while offering to rent them security guards. It seemed appropriate at the time but had longterm ramifications which made it untenable.

So, at any rate, is it fair to call this "way of doing business", if you want to call it that, immoral? And would it be proper to make it illegal to put things on your computer without, at least, notifying you first? I am not sure how enforcible this would be, but aside from that it hints of regulating the internet which I am opposed to generally. If it is immoral though, then it would only be regulation in the same sense that we "regulate" murder or theft.

Link to comment
Share on other sites

Am I wrong in thinking that this is identical to extortion. "If you pay me I'll protect you from people like me".
It's not extortion, unless you think that Microsoft or anti-virus providers are in cahoots with the vandals. It's true that some popups claim to offer you protection for pay and some might actually do so, but that would be uncommon. It's more like the fact that there are millions of vandals out there, and some people are offering to protect you from the vandalism.
So, at any rate, is it fair to call this "way of doing business", if you want to call it that, immoral?
It's so incredibly annoying that I don't know why anyone would do it, so from their POV it would be immoral because it would anger clients. I guess -- is there anyone who actually likes thse stupid popups?. But you did (presumably) do something to seek those people. What is most wrong, IMO, is the idea that clicking on a link becomes interpreted as signing a blank check -- it's as though there is an implicit "By entering this site, you tacitly agree to let us do whatever we want to your computer".

If you think about the implication of an actual "notify and require acceptance" law for putting anything on a person's computer, you would end up in an intractable bind -- you'd have to put the "do you agree" window on the person's computer, but to do that you'd have to break the law, so you could never receive anything from the outside. I just don't see how you could write an effective law that wouldn't make normal internet use of computers must less valuable, and still block annoying internet software. And the real challenge would be to get every country in the world to pass such a law, since some web sites are outside the US.

Link to comment
Share on other sites

I personally never had problems with IE, but contrary to the majority of the population I am a big fan of Microsoft, and their products (especially development tools). I do remember the annoying messages that pop up right after a fresh installation of Windows on my friend's computer (saying something to the effect of your computer being infected, and giving a link to their website to fix it). If this is the same thing that you're talking about, it's not through IE, but a Windows Messenger Service. The best thing to do (in addition to enabling the firewall of course), is to disable that Service, because it's useless, and can only cause trouble - I do it on all my computers. Here's how:

Right click on My Computer icon, and pick Manage. Expand "Services and Applications", and double Click on Services. Find a service called Messenger in the window panel on the right side and double click it. Click Stop on the Bottom, and Change the Startup Type from dropdown list to Disabled. Done. No more pesky messages.

Link to comment
Share on other sites

I bought a new computer recently and procrastinated putting a firewall or downloading firefox on it for a couple of days.
I dont think laws are needed, just common sense. This was your mistake right here; the first 2 things you should do when you install windows is to download all the bug fixes/service packs from Windows Update, and then install a proper web-browser. Im not particularly anti-MS - I think that Windows and Office are great products. But internet explorer is an abomination which should be avoided at all costs.

edit: Having said that, IE probably isnt responsible for your adware problem, as much as I'd like to blame it. A lot of programs on the net install dodgy crap alongside the 'main' program, and this doesnt have anything to do with the browser youre using. Your best bet would be to only install software from reputable sources, and all the normal safety advice. The reason why a law wouldnt work is that a lot of programs which install spyware actually tell you theyre doing so, even if it's sometimes buried in small print.

To be honest, I've ceased being amazed at every new step the advertising industry takes in its apparent quest to become the most evil entity in the known universe. A few years ago I would have told you that pop-up adverts and spam email had plumbed the depths of irritation to a level it would not be possible to beat, but God was I wrong. There's a nice article Somethingawful wrote on web advertising a few years ago now, and all of it still applies.

Edited by Hal
Link to comment
Share on other sites

So, at any rate, is it fair to call this "way of doing business", if you want to call it that, immoral? And would it be proper to make it illegal to put things on your computer without, at least, notifying you first?

Yes. And yes.

Your computer is your property. no one may take it, borrow it or install anything on it without your consent.

A couple fo years ago one of the PCs at work got infested with a browser hijacker. It wouldn't let me access any search engine, it kept trying to use the modem dialer to make long distance calls (fortunately we had broadband and the built-in modem wasn't connected to anything), it dind't let me access the best known anti-adware sites, and it resisted all my attempts to remove it. Worst of all, though, the browser kept jumping to the "home" page from any site I did manage to access. My work at the time involved checking lots of stuff in the web (package tracking, downloading info from online journals).

I finally got it removed using a combo of anti-adware tools, anti-spyware tools, hijack this, messing a bit with the registry, and quikcly deleting files while in safe mode. From then on I used Firefox.

The people who do such things are acting immorally, illegaly, and should be prosecuted if at all possible. They should be sentenced to prison, too. What they did to my PC was vandalism.

Link to comment
Share on other sites

But you did (presumably) do something to seek those people. What is most wrong, IMO, is the idea that clicking on a link becomes interpreted as signing a blank check -- it's as though there is an implicit "By entering this site, you tacitly agree to let us do whatever we want to your computer".

If you think about the implication of an actual "notify and require acceptance" law for putting anything on a person's computer, you would end up in an intractable bind -- you'd have to put the "do you agree" window on the person's computer, but to do that you'd have to break the law, so you could never receive anything from the outside. I just don't see how you could write an effective law that wouldn't make normal internet use of computers must less valuable, and still block annoying internet software. And the real challenge would be to get every country in the world to pass such a law, since some web sites are outside the US.

I did not seek them. I had already purchased firewall software from Office Depot. It was just a number of pop-ups that I made the mistake of clicking on to exit them.

Regarding the theoretical law, I understand that to view a site it is "on" your computer. I am thinking more in terms of executable files.

Link to comment
Share on other sites

Your computer is your property. no one may take it, borrow it or install anything on it without your consent.
The question is what you have to consent to. The first time you came to this forum, you had to put something on the server that runs this board and you had to assume that you had permission to do so (it probably turns out that you were right, but you didn't know that for sure in advance). Now you've given The Remote Machine implicit permission to put things on your computer. Did you read the consent form? (Is there a consent form?)

I hate spyware as much as the next guy, but before you start claiming that such-and-such is or should be illegal, you need a foundation for using government force. Fraud is such a clear foundation: if a piece of software representes itself as being "clean" when the suppliers have knowingly installed viral/spyware, that is fraud and actionable on that basis. In lieu of an explicit representation, caveat emptor dictates that you should be cautious in what you assume a particular piece of software or web page does provide. By installing software, you are agreeing to allow the provider to do what they do; by clicking on a link or typing in a URL, you are agreeing to receive whatever it is that the page sends and/or does.

There is a very strong security method that can totally protect you from the evil software that is out there, namely unplugging the cable to the outside. You have the option to block cookies, disallow software installation, and in general keep out anything from the outside. Okay, I know that that makes an internet connection pointless, but before you go for the legal option, you should think about exactly what act you want to criminalize. Criminalizing "anything unwanted" requires there to be an objective standard for signaling "what you want", something more that the obviously too-weak "if you click" standard. How do you objectively describe the things that should be outlawed, while not criminalizing all internet traffic?

Link to comment
Share on other sites

I dont think laws are needed, just common sense. This was your mistake right here; the first 2 things you should do when you install windows is to download all the bug fixes/service packs from Windows Update, and then install a proper web-browser.

That's not really fair. Yes I know better and yes one should take precautions to avoid criminals, but that doesnt justify their behavior. Otherwise, like I mentioned before, I could go in and start destroying their merchandise and then blame them for not having enough security guards.

I am not opposed to microsoft either. Windows in general doesn't bother me, but I have had a lot better success with firefox then IE and prefer their product.

Link to comment
Share on other sites

The question is what you have to consent to. The first time you came to this forum, you had to put something on the server that runs this board and you had to assume that you had permission to do so (it probably turns out that you were right, but you didn't know that for sure in advance). Now you've given The Remote Machine implicit permission to put things on your computer. Did you read the consent form? (Is there a consent form?)

I hate spyware as much as the next guy, but before you start claiming that such-and-such is or should be illegal, you need a foundation for using government force. Fraud is such a clear foundation: if a piece of software representes itself as being "clean" when the suppliers have knowingly installed viral/spyware, that is fraud and actionable on that basis. In lieu of an explicit representation, caveat emptor dictates that you should be cautious in what you assume a particular piece of software or web page does provide. By installing software, you are agreeing to allow the provider to do what they do; by clicking on a link or typing in a URL, you are agreeing to receive whatever it is that the page sends and/or does.

There is a very strong security method that can totally protect you from the evil software that is out there, namely unplugging the cable to the outside. You have the option to block cookies, disallow software installation, and in general keep out anything from the outside. Okay, I know that that makes an internet connection pointless, but before you go for the legal option, you should think about exactly what act you want to criminalize. Criminalizing "anything unwanted" requires there to be an objective standard for signaling "what you want", something more that the obviously too-weak "if you click" standard. How do you objectively describe the things that should be outlawed, while not criminalizing all internet traffic?

I am not certain I could lay out all of the circumstances it should be illegal, being not-a-lawyer and not-a-programmer, but I think it would need to be done similiar to all criminal law. There are not seperate laws for stealing gum as opposed to stealing candybars. Theft is theft. I think it's pretty much the same here. By clicking on a site-say something you are trying to look up on google, they would have the right to put the things you are looking at there, buttons with programs and addware you can download, advertisements on that page,etc but not the right to download permanent self-reinstalling executable files on my computer without my permission. The illegal part might have to do with the permanence of the programs but I'm not certain. I would be interested if anyone has a clear dilineation in mind regarding the different types of things that can be done with web pages from good to bad.

Link to comment
Share on other sites

I did not seek them. I had already purchased firewall software from Office Depot. It was just a number of pop-ups that I made the mistake of clicking on to exit them.
Ah, well, that explains it. I assume the popups appeared when you agreed to click on a link to some web page (and you didn't understand that doing so would start a popup program). And then you didn't know that clicking on the popup itself is taken to be a form of consenting. There's a common understanding that clicking "close" results in the program termination, which is usually true but not always. The question is, should there be a law that says "close means close". More or less, I'd say that's not a bad idea but god help us if they actually try to write such a law, because then they will pass a law requiring programs to immediately terminate when you click close -- we could then dispense with the nicety of checking the dirty bit and henceforth require users to remember to save before exiting. You expectation that clicking "close" would, in fact, just close the program is a reasonable one, so the question is how we can state that expectation explicitly, and still allow computers to function normally.
Regarding the theoretical law, I understand that to view a site it is "on" your computer. I am thinking more in terms of executable files.
The basic idea -- "you can't put something on another person's computer that can be executed" -- is sort of the right idea, but your browser is executing this page right now (whenever it is that you're reading this). Java and HTML freaked me out when they first became part of my computer life, though I'm calmer about that now. Java still freaks me out.

Another approach is to distinguish permanent from temporary executables, esp. things that are on disk vs. just in memory. However, there's probably a copy of the executable code for this page on your disk somewhere: should caching be outlawed? You've pointed to one of the most important distinguishing features -- "permanent self-reinstalling executables". The problem is that ordinary software that you actually want will do this without being overt about what they are doing (examples: MS Messenger, Real Player -- and whatever OS you're using). Criminy, I just discovered that, somehow, Photoshop Elements is running right now on my machine, even though I haven't been using it this week.

The problem, as I see it, is that objectively distinguishing between things which you want vs. things you don't want is really hard, in computerland, but attention should be focused on what constitutes adequate notice and indication of permission to transfer permanent self-loading data. What I mostly want to not have to do is explicitly click "yes" to a thousand component pieces being installed when I add some piece of software.

Link to comment
Share on other sites

I hate spyware as much as the next guy, but before you start claiming that such-and-such is or should be illegal, you need a foundation for using government force.

The browser hijacker installed itself without warning, without asking for consent. I don't see how such actions could possibly be termed legal or moral under any circumstances.

Suppose you leave your car in a valet parking. Next they modify your car's stereo. now it won't play certain CDs, it won't tune certain stations, and will jump to an all-ad station every few minutes regardless of what you're doing. Now, if a valet parking company was going to do this, should they even notify you about it first?

There are all kinds of websites thatr equire certain software. The honest one will let you know, will ask whether you want it, and some will give you alternatives if you choose not to install it. Some even let you know about harmless cookies.

The dishonest ones will either break into your PC without warning, or will misslead you into clicking something. That is criminal activity any way you look at it.

Link to comment
Share on other sites

The browser hijacker installed itself without warning, without asking for consent. I don't see how such actions could possibly be termed legal or moral under any circumstances.
The issue of legality is totally different from the question of morality. There are many consumer-protection laws that prohibit businesses from doing perfectly moral things, based on the fact that the average consumer is too ignorant to take care of himself. From the perspective of morality I think the vast majority of software providers operate on the shady side of morality, because I don't think they deal with the concent problem at all well. If you've ever installed Windows on a computer, and then checked the fine details to see what actually happened, you'll understand what I mean. "I never actually said it was okay to install that", "I didn't ask for that to be the default", and so on. They do take advantage of people's ignorance and laziness, and to some extent I'm grateful because if I had to click "Yes, accept" a million times when I install Windows or whatever software, then I would go nuts.

Although I've never been hijacked, infected or attacked, I can easily imagine the provider of such vandalware to have in mind evil intentions and so they are no doubt acting immorally. But if the immorality arises from the lack of explicit permission, then most software providers are immoral. Being misleading is not criminal; while I would agree that it is immoral, such an argument is pretty ineffective in a society where, for better or worse, little white lies are considered to be morally acceptable. "Criminal activity" has a specific meaning, which has to do with the law. I'm not sure what US laws there are against Trojans: but I would be extremely surprised if the law were written so that it only criminalizes improper actions and doesn't also improperly restrain trade.

As you say, some sites inform you of harmless cookies: the vast majority don't. This is morally comparable to the Trojan-installing web site.

Link to comment
Share on other sites

I did not seek them. I had already purchased firewall software from Office Depot. It was just a number of pop-ups that I made the mistake of clicking on to exit them.

Clicking on a popup cannot result in software being installed on your machine. I assume that what actually happened is that you clicked on it, and were then asked if you wished to download and run a program. If you clicked 'yes' (or 'run'), this would constitute consent.

The browser hijacker installed itself without warning, without asking for consent.

I seriously doubt this is what actually happened.

Another approach is to distinguish permanent from temporary executables, esp. things that are on disk vs. just in memory. However, there's probably a copy of the executable code for this page on your disk somewhere: should caching be outlawed?
Webpages (= HTML documents) arent executable, they are just textfiles which contain the content of the page along with formatting information. Unless your browser contains horrible security holes, visiting a webpage cannot cause anything to be exectuted on your machine without your consent. Edited by Hal
Link to comment
Share on other sites

Webpages (= HTML documents) arent executable, they are just textfiles which contain the content of the page along with formatting information.
HTML text is executable code, which causes your browser to do thing like type letters of certain shapes and sizes, load some other page automatically, display pictures and play sounds. It's not e.g. Intel machine-code, but it is nonetheless executable by your browser. The Java mouse-over stuff is particularly cute since all you have to do is incautiously pass your mouse over a link to do something, extending the boundaries of "consent". It is true that Java and HTML do not give unrestricted access to the user's computer, but it is still executable code. There isn't a substantial difference between data and code.
Link to comment
Share on other sites

I seriously doubt this is what actually happened.

I'm not some newbie who clicks on everything he finds, then wonders how things got there.

I had two browser windos going. One to a shipping company (I was tracking packages), on the other I was searching for info on second-hand bookstores. Suddenly I see the Windows message saying I need to restart the PC in order to finish installing the software. What software? Well, the hijacker.

I did try to root it out before rebooting, but I couldn't find anything amiss. Nor did I know what had been installed.

Link to comment
Share on other sites

HTML text is executable code, which causes your browser to do thing like type letters of certain shapes and sizes, load some other page automatically, display pictures and play sounds. It's not e.g. Intel machine-code, but it is nonetheless executable by your browser.
According to this definition, any textfield would be 'executable' since it causes your texteditor to display words on the screen, and mp3 files would be executable because they cause your audio player to make sounds. Executable code = machine code, generally speaking (or object code in the case of a language like Java/.NET). This distinction can certainly be blurred by file types such as scripts and MS Word macros, but html files are definitely not executable by any standard definition.

Here's some definitions pulled from the web supporting this:

http://www.pcmag.com/encyclopedia_term/0,2...&i=42842,00.asp

http://www.webopedia.com/TERM/E/executable_file.html

http://en.wikipedia.org/wiki/Executable_file

There isn't a substantial difference between data and code.

I'd argue that theres a significant difference, namely that running non-executable code cant damage your computer. One of the first things you teach internet newbies is that they shouldnt run .exe files because they could contain trojans, whereas things like .txt and .mp3 are never going to cause damage.

Edited by Hal
Link to comment
Share on other sites

Interesting things happen when you write in 370 assembler and forget to stick the return at the end of the supposed code block, and it starts to execute your data.

This kind of practice has been deemed to be illegal already. Our friend Sanford Wallace has paved the way for this kind of suit.

FTC files suit against spyware companies

Link to comment
Share on other sites

This kind of practice has been deemed to be illegal already. Our friend Sanford Wallace has paved the way for this kind of suit.
Huh? Omitting the return is just a common bonehead programming error. Is the government really making programming errors a crime?
Link to comment
Share on other sites

Huh? Omitting the return is just a common bonehead programming error. Is the government really making programming errors a crime?

Sorry David, I thought I hit the right reply link, quess I missed. I meant that for

Am I wrong in thinking that this is identical to extortion. "If you pay me I'll protect you from people like me". That could be a line out of the godfather. In a moment of rage and frustration, I thought over my options. The first that came to mind was that I could find their place of operation, go there and start destroying their personal property while offering to rent them security guards. It seemed appropriate at the time but had longterm ramifications which made it untenable.
Link to comment
Share on other sites

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...