Consumer Friendly Downloads? 169
* * Beatles-Beatles writes to tell us Yahoo and AOL will be offering a new anti-spyware initiative to begin next year. The new initiative will allow vendors to get their software "certified" as easy to remove and not containing spyware. From the article: "It creates market incentives that will change how consumers see software," said Doug Leeds, Yahoo's vice president for product justice. Backers of the initiative believe that consumers wouldn't benefit much from a system in which good products simply display seals of approval. "They are looking for us to do it for them," Leeds said."
Recycled versign? (Score:5, Insightful)
Maybe this is a good thing. The interweb won't be the same.
Re:Recycled versign? (Score:3, Funny)
Re:Recycled versign? (Score:2)
if it's installed a service maybe, or a couple of libraries that it needs.. drag and drop won't cut it - you have to go hunting with a root shell.
Re:Recycled versign? (Score:2, Insightful)
Re:Recycled versign? (Score:2)
Or maybe COAST (Score:2)
And.... people won't care (Score:5, Interesting)
Re:And.... people won't care (Score:2, Funny)
Re:And.... people won't care (Score:3, Informative)
So, since the certification costs money for the hardware vendors, and doesn't really tell you anything new, if their internal QA is competent, many vendors skip it - unless their OEM sales tell them they have to do it, so that dell/hp/ib
Re:And.... people won't care (Score:3, Informative)
Take Softpedia [softpedia.com] for instance, and check out their page for Buddy Spy [softpedia.com]. Notice the "100% adware, spyware free" banner on the left side, as well as the "Report spyware" link (on right, same level as program name).
It's probably nothing fancy, just a peer and user review syst
Re:And.... people won't care (Score:2)
Nor the average geek... (Score:3, Insightful)
Tell me ONE (1) extension you have installed that does not say "UNSIGNED" in red black font?
Do you panick when you see those? do you avoid installing such extensions.
What is the meaning of that field anyway?
Re:And.... people won't care (Score:2)
In theory, the drivers not being certified to work with your OS may kill any support contract you have in place with the OS vendor (in this case, MS). I'd call that a valid reason to return the product myself.
Re:And.... people won't care (Score:2)
This reminds me of another article (Score:5, Insightful)
Don't get me wrong, I think spyware is bad. I also think a big company only supporting a few software titles (and probably charging a bit to do it) is bad too.
I'd really prefer to see some kind of meta-moderated system by users to rate software as clear of spyware as it would give small vendors more of a chance. Otherwise, we will just further entrench big monopolies.
AOL/Yahoo are backing TRUSTe (Score:2, Insightful)
TRUSTe, an organization that already certifies and monitors Web site privacy and e-mail practices for businesses, will rely on testing by two outside labs for the vetting. It would not name the labs.
A user-run system of moderation is a great idea though. Although TRUSTe seems to be somewhat independant we have just recently seen that the big media corporations aren't exactly the most trustworthy entities when it comes to our personal privacy *co
Problem: Humans suck. (Score:4, Informative)
Well, I don't know about that, those systems can cause problems, too.
I have come across a few very suspicious programs on download.com (where they use a rating system on satisfaction with the program)
Also... there is the problem of trolls, plants (that is, if the spyware pals decide to just sit and make new accounts and do it all manually), and kiddies.
===
Perhaps I am too much the cynic?
It *could* work...
It would have to be *really* well thought out and programmed. It would also need to get a good following rather quickly and remain free.
Small business owners will pay, though. (Score:5, Informative)
Ah, my friend, but you forget that is for for small business owners such as myself who couldn't care less about the variety of software -- we just want our stuff to work. Do you know how much time I spend playing "IT Guy" for our company? It is truly not fun.
Give us our MS-Office, our devices that plug in correctly, our specialized apps, and just make everything work. We'll pay extra.
Re:Small business owners will pay, though. (Score:2, Insightful)
Re:Small business owners will pay, though. (Score:3, Insightful)
Your rant exemplifies why I would prefer doing it myself versus hiring someone. It's not being cheap that's the problem.
Re:Small business owners will pay, though. (Score:2)
Re:Small business owners will pay, though. (Score:2)
A chain of trust ... (Score:5, Insightful)
It all boils down to:
- Do we trust AOL and Yahoo to be honest in this sort of thing.
- Do we trust that AOL and Yahoo have the technical capability to effectivelly detect both reported and not yet reported forms of spyware.
Re:A chain of trust ... (Score:5, Insightful)
- Do we trust AOL and Yahoo to be honest in this sort of thing.
Yahoo have no problems helping the Chineese government hunting down dissident journalists, and other US companies have been shown to actively help surpress free speech and democracy. So no, I certainly dont trust Yahoo in this. I do trust that Yahoo will do anything, given enough money.
Re:A chain of trust ... (Score:2)
I bet this is just something new to add as part of the 'feature' list for an ISP partner (Definitely AwOL, but Yahoo will probably re-package it for others such as SBC Yahoo! [yahoo.com] perhaps). At least after a certain exclusive period for AOL. Another bullet point for the marketing brochure, website and commercial.
Re:A chain of trust ... (Score:2)
Just sayin'
Re:A chain of trust ... (Score:2)
Really? I missed that story - link please!
I know Google helps the Chinese government censor the web by blocking certain search terms within China, but I wasn't aware they'd directly aided the Chinese in tracking down individual dissidents, like Yahoo! allegedly has.
Here you go [justfuckinggoogleit.com]
Re:A chain of trust ... (Score:2)
Now, do you trust this company as a barrier against Spyware, which seeks to profit off of said information?
When I read this story, the first thing that popped into mind was when MS took over Hotmail and how they implemented a policy of "we're going to crack down on spam throug
Re:A chain of trust ... (Score:3, Interesting)
Add: Do we trust AOL and Yahoo to make a valid definition (perhaps this is what you meant by honesty).
Even before they start, 'spyware' is not enough, and 'malware' ill-defined, to define installation of 'hidden extras' I do not want. These are both companies who package things I don't want as default options in their own installers - not a good start, even if they're 'up front' about it (and include separate uninstallation procedures).
If there's
Four words (Score:5, Funny)
Re:Four words (Score:3, Insightful)
What do I as the user care if AOL "certifies" a programme is easy to install? If software followed the Windows XP guidelines (sufficient to qualify to show the logo), it would already be easy to install. Therefore, the good guys already have an incentive to seek certification - from Mic
Good idea... (Score:5, Insightful)
I'm not exactly saying infinite monkeys/infinite typewriters, here, I'm just saying we've only had one major company do this so far (as far as I know)
Re:Good idea... (Score:3, Insightful)
Re:Good idea... (Score:2)
Ultimately, my Litmus test for this will be whether or not Realplayer is considered spyware. If its not, then Yahoo has sold out, and I won't trust them for anything other software.
What about the vendors? (Score:4, Insightful)
Re:What about the vendors? (Score:2)
for example, ULead do this a lot - you download the full (or nearly full) package but it expires after a number of weeks. if the program expires, you try de/reinstall, the time limit is still reduced or expired.
does this behavious still count in some small way as spyware - the fact that they don't deinstall *everything*, and thus can track a reinstall?
short of us
Captain Cynical Returns (Score:5, Insightful)
I find it hard to believe that any company, regardless of their otherwise good intentions, would refuse money from a company as Sony. In short, it may work in stoping the small spyware vendor but this is not nearly enough.
Simon.
Re:Captain Cynical Returns (Score:5, Insightful)
If Sony waved a couple of million dollars under your nose to claim that their rootkit wasn't malware, would you really turn it down? You can retire on that - hell, invested properly, your kids can retire on it. All just for saying "Hey, you know what, this DRM isn't so bad after all..."
If you genuinely would turn it down, then I applaud your ability to stand by your principles; I really don't think I'd be able to myself.
Re:Captain Cynical Returns (Score:2)
start spyware monitoring/announcement website
declare many things to be dodgy
extort money from vendors
profit!
Sony waved a couple of million dollars under your nose to claim that their rootkit wasn't malware...If you genuinely would turn it down
I'd accept it, put the money beyond jurisdiction into a Swiss Bank account, sell the company, have plane tickets standing by just in case, start a new website denouncing the original one which stopped telling of the Sony evil, and wait for the next million dolla
Re:Captain Cynical Returns (Score:2)
I wavered on that ethical question for a moment. Then I remembered that I'm too stinking proud. A lifetime of money (which would get spent all the same) wouldn't be worth hating myself until I'm dead (and the kids growing up all tristed and warped because dad developed a psychosis).
Re:Captain Cynical Returns (Score:5, Insightful)
It's a lot harder to fight back against the fly-by-night spyware vendor who is looking to collect some quick info - maybe even dangerous info like credit card numbers and banking site passwords - then disapear. You can't hold those people accountable. You can't threaten to stop using their services. You can't even sue them, if you can't find them.
Ideally, we'd be able to find a tool that's entirely trustworthy for routing at malware, but as you said, that's simply not going to happen. That's why I'm generally careful with what I download, but still run a few competing anti-malware apps, just in case I get something borderline one of those products choses not to flag for whatever reason - questionable dealings or simple ignorance of the malware's existence.
Having one more tool at my disposal for IDing spyware, even an imperfect tool, seems like a good thing. How useful it is will depend on what reputation Yahoo/AOL can build for being forthright.
Re:Captain Cynical Returns (Score:3, Insightful)
It's not just about spying or offering an uninstall link. For example, the Ask Jeeves folks make a toolbar that is bundled with a cute little utility named Smiley Central that is heavily advertised on game and kids sites. Wh
Just another bad idea ... (Score:1, Interesting)
Obviously a "trust system" is needed, but not one based on payments to a single company
Re:Just another bad idea ... (Score:3, Interesting)
And people will buy it or into it. Not because Yahoo is some pillar of faith, virtue, or savior in disguise, but b
A Good Start would be their toolbar ... (Score:1, Insightful)
Damn straight-parent deserves a nod (Score:2)
I hit this story strictly because I find yahoo toolbar annoying to yank on far too many pc's
We need an open source version of apt-get for win (Score:1)
What we need is an equivelent of Linux's apt-get and synaptic, but for installing windows 32 programs. Make repositories for GPL, open source, shareware, commercial software. Obviously commercial software would require purchase but the repository should include all types.
Hmmm... I wonder if I can code this... I'm sure it would at least be doable for Free Software applic
Re:We need an open source version of apt-get for w (Score:1)
Re:We need an open source version of apt-get for w (Score:3, Insightful)
Re:We need an open source version of apt-get for w (Score:2)
Heck, I've seen installers that bundle the entire
Since on Windows, there are no 'shared' libraries in the true sense (every app is supposed to have its own copy of dependent libraries - writing to System32 is a verbotten, although there are still badly written installers tha
For Great Product Justice (Score:5, Funny)
Re:For Great Product Justice (Score:2)
Install mania (Score:3, Insightful)
The problem isn't the software. It's the people using the software! As long as they don't know what they're doing there will always be others abusing this.
Re:Install mania (Score:2, Interesting)
Fear Will Make Money (Score:1, Insightful)
The recent mess with Sony's rootkit, security threats all over the place, and scares over the latest batch of nasty viruses have the average Joe-User terrified. Your average Techie like yourself and me know better and have enough smarts to keep safe, but Grandma sitting at her PC chatting in AIM will be scared out of her bloomers.
Its the reason why Antivirus companies are racking in the dough with virus definition update subscriptions and also why Adware
Re:Fear Will Make Money (Score:2, Informative)
Do you mean Ad-Aware? If so their personal edition is still available for free download,
http://www.lavasoft.de/ [lavasoft.de]
Products is the second section in the left hand navigation bar, Ad_Aware personal is the fourth link. Easy.
Sandboxing (Score:4, Interesting)
What we need is application sandboxing; that is, restrict an application's access to system resources when it runs (think chroot jails but on a much grander scale). The key to this (as with any security system) will be to balance security with usability, i.e. not make it so anal that you can't actually do anything. You'll still have ignorant users, but at least they will opt into insecurity rather than inherit it by default.
Crucially, this is something we nerds can do for ourselves and not rely on others whose agendas are opaque.
Re:Sandboxing (Score:2, Interesting)
Re:Sandboxing (Score:2)
this is a neat idea. snag is, 99% of windows applications have to be installed as administrator mode to work, and ?50% have to run as admin to work!
another snag is that windows XP home is crippled in terms of file protection/security. With XPpro you can set file protections, ownership etc, this has been almost entirely stripped out in XPhome, so you can't actually try and lock th
Re:Sandboxing (Score:2)
And therin lies the problem. You can achieve most of the effect of this idea by running as non-admin - but it will either not be restricted enough to make any difference, or be so restricted you
Submitter is a link spammer, does /. care? (Score:5, Informative)
It's a small price to pay for free advertising. Find a story, summarize it in 5 minutes, post to slashdot, and get a pagerank boost that advertisers would pay hundreds (or maybe thousands) for. (Text links on high-ranking sites is big business - just ask oreilly).
Slashdot should at least put a ref=nofollow in the links to submitters (or better yet, only link the submitter's name to his/her user page).
Re:Submitter is a link spammer, does /. care? (Score:5, Interesting)
This is obviously becoming a problem and represents what I consider to be a breach of ScuttleMonkey's journalistic integrity.
Re:Submitter is a link spammer, does /. care? (Score:2, Funny)
Slashdot? Journalistic integrity?
Pull the other one.
Re:Submitter is a link spammer, does /. care? (Score:2)
It doesn't. Otherwise metamoderators would be influenced by who was moderating, instead of how they moderated, and that would break the system.
Hmmm (Score:1)
Copy the seal of approval? (Score:3, Interesting)
Maybe I'm missing something here but what's to stop a spyware producer from just copying the seal of approval and sticking it to the front of his product? The threat of legal action I hear you cry. I don't think Mr Spyware Producer really cares all that much about breaking the law so that's hardly a deterent.
Perhaps if AOL made it public knowledge they would send "da boys" round if they caught anyone copying the certificate that would slow some people down. Perhaps a fitting punishment would be being crushed under a million AOL cds pushed one at a time through a giant letterbox.
Re:Copy the seal of approval? (Score:2)
"Developers earning TRUSTe's certification will not be permitted to promote that fact, said its executive director, Fran Maier. Rather, TRUSTe will issue a "white list" of trusted programs that partners Yahoo Inc. (Nasdaq:YHOO - news), America Online Inc., CNET Networks Inc. and other Web publishers may use in determining whose software they wish to ally with or distribute."
This is so transparent: (Score:2, Troll)
Re:This is so transparent: (Score:2)
Yes, but in a good way! (-: This will make no sense to you unless you have seen "The Rocky and Bullwinkle Show", featuring Rocky the flying squirrel, Bullwinkle the moose gradute of Wassamatta-U, and the two pseudo-Romanian villains who were always plotting to do them in. Meant as a humorous reference to those whacky corporate CEOs and all the mad-cap schemes they come up with to try to defeat Open Source.
I see my parent comment got modded troll,
Better Way (Score:2, Interesting)
The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.
That's how we have always done things in the Un
Re:Better Way (Score:1)
Another way to say this, even for the less computer savvy who don't even care what "source" is: "Use open source software". Ever since I made the switch to OSS, I worry much less about spyware, adware, crippleware, annoyware, etc. To top it all off, I don't copy commercial software anymore... so, I don't worry about that either. The fact that something comes, signed, from a repository I can trust means much
Re:Better Way (heh) (Score:2)
Re:Better Way (Score:2)
I'm not the one you were responding to, but I'll answer for myself:
No, I don't use OpenOffice.org, but I do use OpenBSD. The base system has been audited extensively, and the ports receive audits, too. About half of the ports I use were done by myself, and in about half of those cases, even the program itself is all mine.
So while I agree that complete source code review is sort of an utopia, it's definitely possible to have much of the s
No problem (Score:2)
Download.com (Score:3, Informative)
AOL / Yahoo selling advertising (Score:1, Interesting)
I just never understood... (Score:2, Interesting)
Re:I just never understood... (Score:3, Insightful)
*cough* *choke* You'd ACTUALLY DO this? Even when I knew no better than to run Windows, I got ahold of the MS-port of Emacs, guaranteed to find all files hidden everywhichway on your system (and able to read binaries in hexl-mode as well; you can get an idea of what a program does this way). I always simply deleted the
Already exists (Score:4, Interesting)
I always tell people that Open Source apps typically do not have any of that crudware in them while most freeware does have that crap embedded, and then point them to various websites that track what freeware has what spy/crap/ad ware in it. I have never been burned by an OSS project and it's windows download/installer.
so look for the OSS label!
Re:Already exists (Score:2)
I don't and I know that it would be dam easy to make me install an open source spyware.
I just trust that someone in the community will actually read the sourcecode (even if it is just out of curiosity) and post a note on slashdot (or something like this) to get the spyware down in case. But I still think I'm naive here.
However, most of my software comes from my distro and I suppose that the package maintainer checks for spyw
it never ceases to amaze me... (Score:1)
Band-Aids to fight Cancer (Score:2)
All operating systems could really benefit by something like this, of course with the way windows is built it wou
How about an anti-AOL CD-dumping initiative? (Score:3, Interesting)
You have to first build trust to ensure trust. By the way.......you've got SPAM!
Standards (Score:2)
FTA: "Leeds said applications and the way they are distributed change so often that companies like Yahoo have a difficult time keeping up. A certification program, he said, will allow Yahoo to keep monitoring a partner's practices."
Uh... how will a certification program help? Does Leeds mean that they will only certify specific version releases? ...that if the company releases an upgrade or patch, that each one will have to be re-certified? Won't this just slow down software releases?
And how long before
Yahoo! (Score:2)
Because Yahoo! would never want anything to do with spyware, would they?
Oh, wait...
I use GPLed software (Score:2)
money making scheme? (Score:2)
The problem is:
Either it is difficult and/or expensive to get through the process, in which case a lot of good software won't make it simply because it's freeware, cheap shareware or the author doesn't care enough, or it's easy and cheap, in which case I don't see how it can be good enough to not f
Who's looking for who to do it? (Score:2)
Re:Who's looking for who to do it? (Score:3, Interesting)
That comment reminds me of the film critic Pauline Kael's famous line after Richard Nixon's landslide victory over George McGovern in 1972: "I can't believe Nixon won. Nobody I know voted for him." Of course they hadn't. Kael lived in the cocoon of Manhattan liberalism.
AOL has about 27 million subscribers worldwide. That's more than the entire populations of say, Australia (20 million) and New Zealand (4 million) combined.
I'd say AOL is relevant.
Re:Who's looking for who to do it? (Score:3, Funny)
Oh thank goodness... (Score:2)
That sounds like a great idea. Let's certify software to make sure that it doesn't do anything that it shouldn't. And of course, everybody's going to want to get this certification, right? Because, every piece of software that we install on our system, we've had a chance to make sure that it's "certified" [slashdot.org], right?
It makes about as much sense as certify everybody who promises not to commit m
Are software apps the problem? Or is it ActiveX? (Score:2)
Much needed for the average user (Score:3, Interesting)
Re:Much needed for the average user (Score:2)
Have you never heard of a phishing scam? It's where the cyberthief sets up a whole bogus website, corporate insignia and all, to fool people into typing their credit card numbers into this data trap that they think is their bank's website. Now, what difference would breaking *one* *more* crime make to this sort of person?
(-: Ooooh! I have an idea! I'll end burglary by going around town slapping stickers on the front
AOL's program for determining malware (Score:2)
if(malware==true)
{
if(vendor =="AOL"||vendor=="Sony"||vendor=="Microsoft"||ven
return "All clear";
else
return "AOL is on your side, keeping you safe from malware";
}
Liability? (Score:3, Interesting)
Not likely to work (Score:3, Interesting)
Notice there is intentionally nothing about what it would cost or how developers apply.
Call me paranoid but... (Score:2)
This is probably just the market at work but it's herd not to see the same business planning behind both decisions.
Why this Sucks (Score:2)
Wha
Re:AOL certifies software as 'easy to remove'??!!? (Score:2, Insightful)