That last line sounds kind of familiar
January 13, 2015 5:13 PM   Subscribe

 
It would have been great to install Ethereal (or whatever the best packet sniffer is) and see if data from the Documents and other directories are being uploaded from the system, and if any bot nets were installed. This article had a great idea but didn't really go into any detail on what those apps/services were actually doing.
posted by crapmatic at 5:25 PM on January 13, 2015 [3 favorites]


People piss and moan about the Walled Garden of iOS, and to a lesser extent, the Mac App Store, but this sort of crap is exactly the sort of thing that Apple is preventing with their restrictions. Sure, there's plenty of crapware on the Apple App Stores, but none of them can ruin your system with impunity.
posted by SansPoint at 5:29 PM on January 13, 2015 [28 favorites]


Because when the product is free the real product is YOU.

I see what you did there, Howtogeek.com.

These days I just install Chrome, Steam, MSE, and then my games. Everything else can either be done online or, you know, get fucked.
posted by selfnoise at 5:29 PM on January 13, 2015 [1 favorite]




Remember when CNET used to be a fairly trusted source for reliable information? Another job well done CBS Interactive.
posted by zachlipton at 5:33 PM on January 13, 2015 [14 favorites]


Sweet, sweet Bonzi Buddy.
posted by GuyZero at 5:35 PM on January 13, 2015 [10 favorites]


Remember when CNET used to be a fairly trusted source for reliable information? Another job well done CBS Interactive.

I went to get my hair cut today and the lady had Judge... uh..something or other (not Judy) on, and there was a commercial for some kind of PC Cleaner software "with a five star rating from Cnet!" and I was just like damn, dudes. Remember when I read CNET on a non-accidental basis?
posted by selfnoise at 5:37 PM on January 13, 2015 [2 favorites]


us linux users are so sheltered
posted by idiopath at 5:59 PM on January 13, 2015 [21 favorites]


We ought to break the fingers of programmers who write malware. Smash every knuckle with a hammer. Perhaps there'd be some way to disable their larynx too, so they can't switch to a voice dictation system.

OK maybe I'm being a bit harsh. But as a programmer myself, malware makes me so angry. It incenses me that there are people with skills to make wonderful software who instead write code to show ads you don't want to see. Code that makes itself impossible to uninstall. And then have the gall to claim it's anything other than outright sabotage.
posted by Nelson at 5:59 PM on January 13, 2015 [46 favorites]


Oh an inb4 some smug Mac weenie says MacOS is immune. We're not. If I ever see another ad for MacKeeper I'm gonna scream.
posted by Nelson at 6:00 PM on January 13, 2015 [18 favorites]


After clicking through the installer and finishing, PRO PC CLEANER from the previous step installed itself… started running a scan… and then TALKED OUT LOUD TO US. It literally yells to you through your speakers and tells you that your PC is completely full of errors and needs to be repaired. And it does this all the time, randomly. I guess nobody told them that this was a brand-new installation of Windows.
posted by Nevin at 6:13 PM on January 13, 2015


this sort of crap is exactly the sort of thing that Apple is preventing with their restrictions.

I rather like the way Debian and Ubuntu manage to prevent exactly this sort of crap with freedom instead. Even Solaris used to do it better, I seem to remember. Windows package management is just uniquely bad.
posted by sfenders at 6:14 PM on January 13, 2015 [15 favorites]


That is my nightmare.
posted by pwally at 6:18 PM on January 13, 2015 [1 favorite]


sfenders: "I rather like the way Debian and Ubuntu manage to prevent exactly this sort of crap with freedom instead"

It's not exactly like lack of freedom is what's allowing this to happen. As the article points out, numerous times, this is the sort of crap that geeks avoid because they know better, but trips up non-geeks. What has kept Debian and Ubuntu free of this crap isn't freedom, it's that the vast majority of the user base are geeks.
posted by Bugbread at 6:20 PM on January 13, 2015 [36 favorites]


Ah yes, the casual-user-friendly world of *nix, where "Type 'man' at the prompt and hit enter. You can work out the rest from there" is considered helpful advice.
posted by DoctorFedora at 6:23 PM on January 13, 2015 [39 favorites]


Oh an inb4 some smug Mac weenie says MacOS is immune. We're not.

The first couple of times I told Mac users that the weird behavior of their Macs was because of malware that they had been assured was impossible were kind of satisfying, but after awhile it just gets tiresome.
posted by Pope Guilty at 6:32 PM on January 13, 2015 [6 favorites]


It's like reminding men that they, too, can get breast cancer.
posted by DoctorFedora at 6:35 PM on January 13, 2015 [14 favorites]


If you're boasting that, well, Solaris didn't get malware, then I think you've somewhat misunderstood the phenomena at work here.
posted by kiltedtaco at 6:36 PM on January 13, 2015 [19 favorites]


Oh an inb4 some smug Mac weenie says MacOS is immune.

You didn't read the second comment in the thread then.

Thing is, it's a lot harder to do this on the mac, and there's just not that much stuff out there. Some rogue browser plugins that you turn off when you realize the developer sold you out. Some idiotware scripts that delete stuff if you type in your admin password. Worthlessware apps that act like they are making your mac go faster. And that's about it.

I think part of this is because, for the most part, a mac does pretty much the majority of what I want out of the box. A good word processor, a way to open office docs, and the ability to create PDFs.

By the way, this article gave me PTSD. Seriously, I manage a couple hundred PCs and a handful of macs (used to be the other way around). I never had the same amount of work on the macs as on the PCs.
posted by cjorgensen at 6:37 PM on January 13, 2015 [2 favorites]


What has kept Debian and Ubuntu free of this crap isn't freedom, it's that the vast majority of the user base are geeks.

In part, sure. But it's mostly that people have taken the trouble to set up a large and well-managed repository of software you can easily install/remove/configure, and the maintainers of it are trustworthy enough not allow such nonsense to get in. There's no reason someone couldn't set up such a thing for Windows, but instead we have dozens of imitations like download.com, of varying degrees of fraudulence. I didn't mean to say that the kind of "freedom" they allow was the method by which they make it easier to avoid malware, just that they manage do so without going all AppStore.
posted by sfenders at 6:37 PM on January 13, 2015 [7 favorites]


OSX also has between 5 and 10 percent market share, so there's also the fact that targeting OSX with malware just isn't economical.
posted by Pope Guilty at 6:38 PM on January 13, 2015 [2 favorites]


sfenders: " There's no reason someone couldn't set up such a thing for Windows, but instead we have dozens of imitations like download.com, of varying degrees of fraudulence. I didn't mean to say that the kind of "freedom" they allow was the method by which they make it easier to avoid malware, just that they manage do so without going all AppStore."

Ah, okay, that makes more sense. I haven't kept up with Windows 8, but wasn't that what Microsoft was planning to do? Did they change plans, or was my understanding incorrect?
posted by Bugbread at 6:40 PM on January 13, 2015


CNET is absolutely evil.

And yes, I learned the hard way. :(
posted by BlueHorse at 6:44 PM on January 13, 2015 [2 favorites]


Microsoft has an App Store for Windows 8. It is primarily Aero based stuff, which many Windows users utterly hate.
posted by daq at 6:45 PM on January 13, 2015


but this sort of crap is exactly the sort of thing that Apple is preventing with their restrictions.

Well, except for the part where they try to extract as much personal information as possible to sell on to advertisers.

It incenses me that there are people with skills to make wonderful software who instead write code to show ads you don't want to see.

Yeah, depressing how many people end up working for Google or Facebook instead of doing something worthwhile with their skills.
posted by indubitable at 6:49 PM on January 13, 2015 [9 favorites]


one thing I still chuckle about from the early days of the graphical web was seeing promotions offering "free downloads!!!" with no clue as to what these downloads were. I am amused by the thought that there would be a stampede of people attracted by "free downloads" back then, no matter what the downloads were. I guess there are still people attracted by free downloads?
posted by jayder at 6:51 PM on January 13, 2015 [6 favorites]


The difference with facebook and google is that you know you're getting the ads. This is sneaky shit designed to take advantage of the majority of people.
posted by feckless fecal fear mongering at 6:53 PM on January 13, 2015 [6 favorites]


What has kept Debian and Ubuntu free of this crap isn't freedom, it's that the vast majority of the user base are geeks 'nobody'.
posted by ennui.bz at 6:54 PM on January 13, 2015 [4 favorites]


There is a huge difference between "I guess I'll end up seeing some ads in the process of finding the [information |connection with my loved ones] that I was looking for" and "the entire user experience of my computer is fundamentally changed and made 1000x more annoying because I tried to install a program that would play a movie file".
posted by idiopath at 6:56 PM on January 13, 2015 [19 favorites]


It is primarily Aero based stuff, which many Windows users utterly hate.

Aero, is that what they're calling Metro now? I thought it was exclusively that. I've not yet tried Win 8, been wondering how that's working out for them. Anyway, the Windows App Store seems to be even worse than the Apple one.
posted by sfenders at 6:58 PM on January 13, 2015


Is Aero that weird overlay that appears on laptops and desktops that would kind of make sense if it were a touchscreen environment but even then is stupid as fuck because everything's different sizes and accessing actual functionality (like "move this thing into this folder FFS") is left as a guessing game?
posted by feckless fecal fear mongering at 7:03 PM on January 13, 2015 [5 favorites]


but this sort of crap is exactly the sort of thing that Apple is preventing with their restrictions.

Well, except for the part where they try to extract as much personal information as possible to sell on to advertisers.


Indubitable, are you implying that Apple is in the advertising business? Because they have a pretty well established track record of actively working to thwart tracking of personal information through Do Not Track and preventing things like device tracking through MAC addresses. I may just be misinterpreting what seems like kind of an ambiguous statement, though.
posted by DoctorFedora at 7:03 PM on January 13, 2015 [4 favorites]


Wait, when did Aero stop being the Windows Vista shininess and become the part of Windows 8 that explicitly isn't the Aero interface? Or was that just an innocent brain fart on someone's part who meant to refer to the Interface Formerly Known as Metro?
posted by DoctorFedora at 7:04 PM on January 13, 2015 [3 favorites]


Quiz. Select the most likely answer.

Friend: "Hey, Bugbread, can you help me with my computer? It's super slow, and it crashes all the time. Do I need more memory or a new CPU or something? This computer isn't that old."

1) Bugbread: "Oh, I see the problem. You've installed all kinds of spyware and malware."
2) Bugbread: "Oh, I see the problem. You've looked at cat pictures and argued politics on Facebook."
3) Bugbread: "Oh, I see the problem. You've watched cat videos and listened to music on YouTube."
posted by Bugbread at 7:06 PM on January 13, 2015 [8 favorites]


Bugbread: "Quiz. Select the most likely answer."

Please tell me it's #1. Please!
posted by InsertNiftyNameHere at 7:09 PM on January 13, 2015 [4 favorites]


Aero and Metro are two different things. Aero is Win7, Metro is the Win8 full-screen(-ish) interface.
posted by Greg_Ace at 7:10 PM on January 13, 2015 [2 favorites]


Download this useful app to tell you the answer!
posted by feckless fecal fear mongering at 7:10 PM on January 13, 2015 [2 favorites]


Ah thanks Greg, now I know it is Metro I hate with the fire of a thousand suns.
posted by feckless fecal fear mongering at 7:11 PM on January 13, 2015


feckless fecal fear mongering: "Ah thanks Greg, now I know it is Metro I hate with the fire of a thousand suns."

Are there people who actually like Aero?
posted by InsertNiftyNameHere at 7:14 PM on January 13, 2015


Ha ha ha, what a bunch of suckers!

*runs a registry defrag*
posted by turbid dahlia at 7:17 PM on January 13, 2015 [4 favorites]


InsertNiftyNameHere: "Are there people who actually like Aero?"

Me, I guess? Not like I sit around thinking "Aw, yeah, gonna sit back and look at some transparent window borders! Livin' the life!" or anything, but on the occasions where Aero is disabled (like when I switch back from playing a game, and it takes a second or two for Aero to be reenabled), I think, "Huh. Pre-Aero windows looks retro, but I definitely prefer the Aero look."

Metro, on the other hand...
posted by Bugbread at 7:20 PM on January 13, 2015 [13 favorites]


It was most assuredly a brain fart; Aero was the shininess introduced with Windows Vista, which was itself widely disliked for its resource-intensiveness. That, and the uncomfortable novelty of the security-enhancing User Access Controls, was what caused Vista to stumble in comparison to XP and 7.

Metro, on the other hand, was Microsoft's ill-conceived attempt to unify desktop and tablet user experience with Windows 8.
posted by The Confessor at 7:22 PM on January 13, 2015 [1 favorite]


What I'd like to see is a review of what happens when you make a good-faith effort to decline all the extra installs. How much of the freeware on Download.com or whatever is inherently tainted, versus being bundled with malicious crap? Obviously YTD is bad news from top to bottom - what else?
posted by Holy Zarquon's Singing Fish at 7:23 PM on January 13, 2015 [2 favorites]


Metro asks the tough questions. Why bother having a separate tablet and laptop? Why bother having a separate fork and knife? Why bother having a separate shower and toile
posted by DoctorFedora at 7:24 PM on January 13, 2015 [48 favorites]


Bugbread: "InsertNiftyNameHere: "Are there people who actually like Aero?"

Me, I guess?
"

Fair enough. I guess I'm still stuck in my old ways from when using Aero would sap your CPU and GPU of most of their energy. I got in a habit of turning that fancy OS crap off so the hardware I paid my own money for would be best put to use making my games look pretty rather than my OS. Not an issue these days.
posted by InsertNiftyNameHere at 7:26 PM on January 13, 2015


InsertNiftyNameHere: " I got in a habit of turning that fancy OS crap off so the hardware I paid my own money for would be best put to use making my games look pretty rather than my OS. Not an issue these days."

Yeah, I suspect it's because I skipped Vista and went straight to 7, so by the time I was using Aero for the first time, it no longer used a notable amount of resources. Plus, when you play games, it's apparently not running in the background anyway. That may also be a difference between Vista and Windows 7, I dunno.
posted by Bugbread at 7:29 PM on January 13, 2015


The difference with facebook and google is that you know you're getting the ads. This is sneaky shit designed to take advantage of the majority of people.

As of right now, if I do a Google search for "download firefox", the top result is malware/adware/crapware/whatever-we're-calling-it. Yes, there's a little icon next to it that indicates (barely) that it's an ad, but don't tell me that's not taking advantage of people — Google taking money from purveyers of malware and then looking the other way when they get top billing.
posted by indubitable at 7:30 PM on January 13, 2015 [13 favorites]


indubitable: "As of right now, if I do a Google search for "download firefox", the top result is malware/adware/crapware/whatever-we're-calling-it. "

I think the difference in user experience is one of the things that makes conversations like this go so roughly. Here's what I get when I do a Google search for "download firefox".
posted by Bugbread at 7:38 PM on January 13, 2015 [3 favorites]


I'm pretty sure I installed BonziBuddy. In my defense, I was ~12.
posted by BungaDunga at 7:48 PM on January 13, 2015


All I can think of is the time I found that all of the internal e-mail of a government development bank was being routed through a third party server because many of the employees had installed some "stationary" add-on for Outlook. They were all mad at me because I took away their kitten and lighthouse backgrounds.
posted by ob1quixote at 7:52 PM on January 13, 2015 [31 favorites]


People piss and moan about the Walled Garden of iOS, and to a lesser extent, the Mac App Store, but this sort of crap is exactly the sort of thing that Apple is preventing with their restrictions.

Yes, the walled garden is pretty effective at addressing this kind of thing, but inside that garden it doesn't always smell of roses. A few years back I finally came to realize it's not the wall around the garden that's the real problem, it's how things are run inside those walls.

From about 1994-2009 or so, I was quite the Apple/Mac supporter, and that slowly decreased since, and over the last year have finally given up on them creating things I want to use.

For a long time, I eagerly awaited new OS updates in anticipation of all the new things I could do. Now I dread them for finding out what they are going to take away. Where I used to have many options when it came to how I handed my workflow, now I find my options limited to "The Apple Dance," where the OS calls the shots and workarounds are a pain in the ass. Those incessant slide-y update notifications just inform me that soon my machine or device will be slower if I download them, and the problems I actually want to be fixed will be ignored and new 'features' will be added, that often require buying new hardware to actually use.

The rate of change has made many long-standing issues sent to "Why bother? The next hardware/OS/software update will somehow fix this" purgatory. The last few years of updates make things look a bit smoother, and the new hardware makes them run faster, but I rarely see things get better beyond the occasional stroke of luck where they finally get something to work that was supposed to work a year before, but now you need the new OS to get it to work, and tough shit if it just happens that the new OS either wont install on your machine or will make your machine irritatingly slow.

I can play the "why bother" game too.
Dear Apple:
I'm sorry it has to be this way, but Apple, you used to be helpful, useful and a great pal to be around, but over the years you've changed and become a real asshole who values my money more than what you can bring to the table, and you're no fun to hang out with anymore. Besides, for the last year I've been having the most wonderful, productive, entertaining, and amazingly stable time with this Windows 7 gaming computer I built. I haven't been this pleased with a computer in almost a decade.

I hope you're not too miffed. Byeeeeee!
/rant over

Apologies about the rant. To come pack to the point, I've had a very malware/spyware/virus/eviladdon-free year with my Win7 box with a combination of:

Symantec Endpoint Protection (it's okay to groan at this one, but seriously, it has given me little trouble and stopped the really nasty stuff from hitting me)

Malwarebytes (for all the little crap that used to get through SEP until I installed the next one on the list, now it's just there for redundant checks now and then)

CryptoPrevent - I picked this one up after the new cryptovirus last November came out on one of the computers at work. It is essentially an automatic policy generator that blocks even the little stuff from installing and spreading on my computer. I can't recommend this one enough.
posted by chambers at 7:56 PM on January 13, 2015 [14 favorites]


A friend's mom once got a piece of malware on her Windows box that displayed a permanent online casino ad in the center of her screen that couldn't be moved, lowered, or minimized.

Her response was to arrange her windows on the desktop around the ad so they wouldn't be blocked.

The horror.
posted by RobotVoodooPower at 8:03 PM on January 13, 2015 [9 favorites]


To quote Terry Adams of NRBQ; "Well, it might be credit or it might be barter... But they always find a way to make you pay, pay, pay!"
posted by lotusstp at 8:24 PM on January 13, 2015


oh...I get it. y'all want your free stuff to also not have any cost. tldr - buy something good or go online. easy peasy.
posted by j_curiouser at 8:32 PM on January 13, 2015


This is precisely why I use and recommend Ninite. That, and Pirinform's Crap Cleaner are the top recommendations I make for my clients. The ONLY site that PC users *need* to visit outside of Ninite is adobe.com to download the horrid flash installer since Adobe had Ninite yank it from their site.BTW I have been using getfirefox.com for years to download Firefox.
posted by lotusstp at 8:33 PM on January 13, 2015 [23 favorites]


All this reminds me of what I read of Core War.

Core War is a programming game created by D. G. Jones and A. K. Dewdney in which two or more battle programs (called "warriors") compete for control of a virtual computer. These battle programs are written in an abstract assembly language called Redcode.

At the beginning of a game, each battle program is loaded into memory at a random location, after which each program executes one instruction in turn. The object of the game is to cause the processes of opposing programs to terminate (which happens if they execute an invalid instruction), leaving the victorious program in sole possession of the machine.

posted by sebastienbailard at 8:34 PM on January 13, 2015 [2 favorites]


lotusstp: "This is precisely why I use and recommend Ninite."

Jesus. I don't need that now, since my computer is pretty much as I want it, and I won't need it in case of a crash, as I'll just restore from a backup, but for my next fresh install, that looks amazing!
posted by Bugbread at 8:36 PM on January 13, 2015 [1 favorite]


I rather like the way Debian and Ubuntu manage to prevent exactly this sort of crap with freedom instead.

Isn't it less about freedom (which certainly, Linux has in spades), than it is that the miniscule market makes malware-makers go meh? It's like security through obscurity, or rather, security through lack of a userbase.
posted by Apocryphon at 8:43 PM on January 13, 2015


Apocryphon: "Isn't it less about freedom (which certainly, Linux has in spades), than it is that the miniscule market makes malware-makers go meh?"

He clarified later that by "with" he meant "while having", not "by". Like "I went to the store with my friend", not like "I bought the food with money".
posted by Bugbread at 8:45 PM on January 13, 2015


sudo yum install trust-maintainers

If you're really paranoid you compile and run new software in a sandbox and check what it's doing via truss/strace. None as root of course.
posted by benzenedream at 8:52 PM on January 13, 2015 [4 favorites]


That's cool and all benzenedream but is completely beyond the reach of >99% of people.

Linux users are the computer equivalent of the 1%.
posted by feckless fecal fear mongering at 8:54 PM on January 13, 2015 [2 favorites]


The greyed out looking buttons on cnet dialogues are actually still enabled, so you can decline most of the crapware if you are very careful.
posted by monotreme at 8:54 PM on January 13, 2015 [1 favorite]


The greyed out looking buttons on cnet dialogues are actually still enabled, so you can decline most of the crapware if you are very careful.

Designing a UI like this is the computer version of the "Stop Hitting Yourself" abuse-game from junior high.

j_curiouser: A lot of the stuff laden with this crap is actually free, even open source. However, scumbags still repackage these programs and trick people into using their dodgy installers.

Yup. As a naive linux user, I managed to completely screw up a relative's Windows machine by installing an ssh client on it, having got said client from something like cnet.

Linux users are the computer equivalent of the 1%.

Sure, but how often do you find a man page with a half dozen carefully explained examples of common usage of the command you're trying to figure out?
posted by sebastienbailard at 9:20 PM on January 13, 2015 [3 favorites]


Are there people who actually like Aero?

I like aero. It's purty and I like the general win7 aesthetic more than I did XP.

I even like Metro on the living room box. It seems well suited to an hdtv across the room.
posted by ROU_Xenophobe at 9:20 PM on January 13, 2015


Metro, dammit, not Aero. Sorry for the confusion. Shame on me for drive-by posting.
posted by daq at 9:31 PM on January 13, 2015


I rather like the way Debian and Ubuntu manage to prevent exactly this sort of crap with freedom instead.

No they prevent it by only catering to 0.00237% of all users.
posted by Ratio at 9:32 PM on January 13, 2015 [4 favorites]


ROU_Xenophobe: "I like aero."

OK, OK, I take it back. I was dinging MS not the people who like some of their UI features. I guess I'm simply still resentful of MS for unleashing the crap that was Vista on the world.

Let us all now redirect our combined hatred at the universally despised thing that is Metro.

No, scratch that. I have learned from the mistakes of my misplaced snark. If you like Metro, fine. Good for you. Every mefite is entitled to their own opinion. All are welcome here. Well, except for the cat de-clawing bastards, but I digress.
posted by InsertNiftyNameHere at 9:33 PM on January 13, 2015 [1 favorite]


Mistakes were made
Boxes were checked
Buttons were clicked
posted by blue_beetle at 10:09 PM on January 13, 2015 [4 favorites]


Well, except for the cat de-clawing bastards, but I digress.

Is this the thread to discuss circumcision?
posted by Chrysostom at 10:13 PM on January 13, 2015 [3 favorites]


[x] check here to circumcise your cat with download
posted by feckless fecal fear mongering at 10:16 PM on January 13, 2015 [19 favorites]


We ought to break the fingers of programmers who write malware. Smash every knuckle with a hammer.

This inspires a question along the lines of "Lennon or McCartney", who do you hate more: malware writers or bike thieves?
posted by 445supermag at 10:17 PM on January 13, 2015 [1 favorite]


Malware writers. Bike thieves have a chance of being brought to justice.
posted by feckless fecal fear mongering at 10:18 PM on January 13, 2015 [2 favorites]


I feel like an old person when I say this: I remember the days when you could get freeware that was actually free, had no malware, and was pretty damn good. Wtf happened to those days. SourceForge is even a mockery of its former self, a den of lies, ads and malware. FileZilla, a staple of the free from programs, comes with stupid malware now.
posted by [insert clever name here] at 10:44 PM on January 13, 2015 [3 favorites]


[insert clever name here]: "I feel like an old person when I say this: I remember the days when you could get freeware that was actually free, had no malware, and was pretty damn good. Wtf happened to those days."

I've been using the Internet since the Trumpet/Winsock days, and, honestly, I don't think things have gotten that much worse. You can still get actually free, malware free, good software. Lots of it. You need to uncheck some boxes, but you've almost always had to do that. You didn't way back in the early 00s, but the software wasn't all that great back then.

The big differences that I can see are now that:
1) Bundling is happening with software from major companies (both in the sense of "When you install freeware from a major company, it asks if you want to install something else, too" and in the sense of "When you install freeware from a minor company, it asks if you want to install something from a major company, too" (like "Do you want to install Google Chrome?"))
2) There aren't many non-shady repositories now. You used to be able to trust Download.com (to some extent), and, if memory serves me, Tucows and...wasn't there one with a name like "Big Dog" or something? But now you need to be vigilant of checkboxes on any site.
posted by Bugbread at 11:11 PM on January 13, 2015 [1 favorite]


Malware writers. When you have your bike back, it's actually yours, not a tool for some cybercriminal enterprise.
posted by el io at 11:42 PM on January 13, 2015 [3 favorites]


I hear those holiday season tech support for family stories, and I wonder: what are these people DOING to their computers? This article answers that in part. They're installing things like this. Then: "The computer says it's slow, I better click here".

I heard that the deal to bundle the Ask toolbar with the JRE was one of the last things that McNealy did at Sun, before Oracle bought it. I'm tempted to think this was his "fuck you, I'm out" statement, but no, he thought it was a genuine great idea.
posted by thelonius at 12:17 AM on January 14, 2015 [1 favorite]


Windows RT was great for this. You got Microsoft Office and Internet Explorer with Flash support and Windows Explorer and Windows Media Player and a built-in PDF reader. Plus built-in antivirus, plus sandbox so nothing installs, plus OneDrive for backing up your files. So your non-geek user would have (1) Office for all their work and work-ish stuff, (including saving to PDF) (2) web pages and games and video online (3) a way to read PDF files without Adobe Reader (4) no way to infect themselves with horrible malware (5) automatic cloud backup of their precious files.

Sadly, it didn't work, but I have great hopes that Windows 10 might bring all this together in a plausible fashion. Windows x86 plus Office 365 rather than RT, but still, built-in antivirus, PDF reader and so on. Reduce the support burden considerably.
posted by alasdair at 12:37 AM on January 14, 2015


alasdair: "Windows 10"

Anyone have any idea why MS is afraid of Windows 9 and therefore going straight for 10? Win98 similarity? Or is this Windows 2, but in binary?
posted by InsertNiftyNameHere at 12:52 AM on January 14, 2015


FileZilla, a staple of the free from programs, comes with stupid malware now.

I actually ended up installing the FileZilla adware the other day because I just did not see it coming. Actually there were several flavors "offered" one of which was MacKeeper! But the one I got changed was a browser hijack. Which took me to Yahoo search! Are they mixed up in all this somehow?
posted by atoxyl at 12:55 AM on January 14, 2015 [1 favorite]


I have installed
spyware
that was in
my bundle

and which
you were probably
hoping
to avoid

Forgive me
the checkbox was there
so small
and still checked
posted by langtonsant at 1:02 AM on January 14, 2015 [31 favorites]


alasdair: "Windows 10"

Anyone have any idea why MS is afraid of Windows 9 and therefore going straight for 10? Win98 similarity? Or is this Windows 2, but in binary?


Apparently, enough software is coded to request the Windows version and just check the first digit after the name "Windows" to see if it's running on Windows 95/98 that it was better to just skip it outright.
posted by DoctorFedora at 1:03 AM on January 14, 2015 [8 favorites]


I actually ended up installing the FileZilla adware the other day because I just did not see it coming. Actually there were several flavors "offered" one of which was MacKeeper! But the one I got changed was a browser hijack. Which took me to Yahoo search! Are they mixed up in all this somehow?

They aren't, but Sourceforge is. There must be a kickback of some kind though, as the clean installer is hidden behind the 'Show additional download options' link on the download page.

The other option is to use Chocolatey - sort of apt-get for Windows. Filezilla is on there.
posted by netd at 2:16 AM on January 14, 2015


Nelson: "It incenses me that there are people with skills to make wonderful software who instead write code to show ads you don't want to see."
Bills gotta be paid.
posted by brokkr at 3:03 AM on January 14, 2015


chambers: From about 1994-2009 or so, I was quite the Apple/Mac supporter, and that slowly decreased since, and over the last year have finally given up on them creating things I want to use.

I could have written that myself, even including the buying a windows gaming machine.

If I may ask you and the others in this thread, how does an IT-professional who hasn't used a windows machine in 12 years get started on crap-proofing her machine? Last time I was current, I would have installed McAfee, Process Explorer to see what was running, and a malware scanner whose name I've since forgotten. Seeing how McAfee fled to Belize and I don't know what's supposed to be running anymore, this doesn't get me anywhere.

Even anti-virus programs now seem like malware, or at least that they could contain malware. CNET has joined the dark side. Looking at the state of computing makes me want to close my eyes and install nothing, ever, that's not on Steam.
posted by cotterpin at 3:08 AM on January 14, 2015


I've been using the Internet since the Trumpet/Winsock days, and, honestly, I don't think things have gotten that much worse. You can still get actually free, malware free, good software. Lots of it. You need to uncheck some boxes, but you've almost always had to do that. You didn't way back in the early 00s, but the software wasn't all that great back then.


I don't know. I remember some pretty great software on both windows and Mac available in the late 90s/early aughts that was really good. Some was nagware, some was donorware. A lot was just free. Many of the names are lost to the sands of time and my poor memory. But this was Mac and PC. Graphic converter, ACDSee, several MP3 ripping programs (back when that's how the world got its MP3 players) and video converters. I even had something- lord knows what it was, called "sister-ware", where the developer kindly asked you pass his contact details on to your sister (these days I would find that kind of gross, but back then it was vaguely charming.) I'd say 3/4 of my computer was freeware. (The other 1/4 pirated. Sorry, I'm only human) and the same was true for my husband who was Mac at the time.

(And omg I forgot about tucows being a freeware repository! There was a dog one. I feel like it was dog pile but I might be confusing that with file pile. Then locally, there was execpc bbs, which was a huge repository of freeware. I say local, but I believe many people connected from all over the country/world proto internet.)
posted by [insert clever name here] at 4:39 AM on January 14, 2015 [2 favorites]


And a friend of mine created a program back then. I think it was "right click MP3 converter" though I may have some of the specifics wrong. He got a lot of donations from it for a long time.
posted by [insert clever name here] at 4:45 AM on January 14, 2015


> but this sort of crap is exactly the sort of thing that Apple is preventing with their restrictions

Yes! They have created for the first time in all history a garden of pure ideology, where each worker may bloom, secure from the pests of any contradictory true thoughts.
posted by Poldo at 4:47 AM on January 14, 2015 [1 favorite]


Is this the same as this?

https://noscript.net/?ver=1.9.9.05
posted by evil_esto at 4:50 AM on January 14, 2015


If I may ask you and the others in this thread, how does an IT-professional who hasn't used a windows machine in 12 years get started on crap-proofing her machine? Last time I was current, I would have installed McAfee, Process Explorer to see what was running, and a malware scanner whose name I've since forgotten. Seeing how McAfee fled to Belize and I don't know what's supposed to be running anymore, this doesn't get me anywhere.

Don't install anything unnecessary. Get Office if you need that (LibreOffice is free), install games you like from Steam, run Chrome or Firefox with AdBlock. Use VLC to play media. Everything else is pretty useless.
posted by sonic meat machine at 5:11 AM on January 14, 2015 [2 favorites]


Anyone have any idea why MS is afraid of Windows 9 and therefore going straight for 10? Win98 similarity? Or is this Windows 2, but in binary?

Because programs check the windows version string for "Windows 9" in order to detect 95/98 machines. I am not kidding.
posted by sonic meat machine at 5:13 AM on January 14, 2015 [6 favorites]


I always wonder about how cavalier lots of people are about installing browser extensions.

It seems like people are unaware about how much access a browser extension has to your computer. I think it won't be long before we start hearing about how many of them include adware, keyloggers, and other bad stuff.
posted by zixyer at 5:14 AM on January 14, 2015 [1 favorite]


one thing I still chuckle about from the early days of the graphical web was seeing promotions offering "free downloads!!!" with no clue as to what these downloads were. I am amused by the thought that there would be a stampede of people attracted by "free downloads" back then, no matter what the downloads were. I guess there are still people attracted by free downloads?

Yes.
My Dad. I've already sent him this article. I have had to clean his computer SO many times over the past year because of this crap. I have tried to explain that free isn't free is you don't know what you are doing. I have showed him how this stuff gets in.

Drives me nuts. There are several factors that make him a perfect target. He likes to think he's more techy then he is. At one time. relative to most people he was. Thing is he hasn't kept up with how the internet and things have changed. He also like to play around. So free software that he can check out is like candy. He is still living in the time where he got some pretty good free stuff and there wasn't such and avalanche of crapware floating around. He dosen't like being told what to do and that he's messing up. And as much as i love him I do think there is some agism and sexism at play in him taking the info I give him seriously. He's finally listening but it's been like I tell and show him and then he has to go out and try again, to prove something, to prove that he's smarter then the crapware people.

I love this article. I'm sending it to not on my Dad but all the people at work who have gotten me to help with computer problems with this crap.
posted by Jalliah at 5:29 AM on January 14, 2015 [2 favorites]


I've always been paranoid about downloading anything from Cnet or Softonic so are there any download aggregator sites that are actually legit?
posted by any major dude at 5:46 AM on January 14, 2015 [1 favorite]


I've always been paranoid about downloading anything from Cnet or Softonic so are there any download aggregator sites that are actually legit?

No, because the problem is in the aggregation, not necessarily in their intent. It is impossible for anyone to vet hundreds or thousands of programs to ensure that they are not malicious.
posted by sonic meat machine at 5:54 AM on January 14, 2015


The suggestions of ninite are great, and I'd highly recommend it.

My personal choice for much of that sort of software is PortableApps. Every application there lives fully within its own folder, all (or almost all) the apps are open source, and none of them require formal installation beyond the simple unpacking. Uninstallation is simply deleting the folder.

Plus, I put them in my Dropbox so I can grab them easily from any other Windows machine. My desktop and laptop are automatically synced with these applications, with the same settings. Works out great so far and probably helps to avoid certain problems.

I try to stay away from the standard program installations as much as I can. Portable Apps for the small-to-medium stuff. Steam for games. Only install the work-related stuff as needed (Photoshop, pycharm, Office, etc.) Use Chrome for any flash content so I don't have to deal with Flash Player crap, and my portable app PDF viewer (Sumatra) or Chrome for PDFs so I don't have to deal with Acrobat's problems.

This keeps my boxes relatively minimal without me feeling like I'm missing out on anything.
posted by honestcoyote at 5:59 AM on January 14, 2015 [14 favorites]


"the problem is in the aggregation, not necessarily in their intent. It is impossible for anyone to vet hundreds or thousands of programs to ensure that they are not malicious"

In the Free Software community this is done many times over. But we have at least enough review of the source code, and curation is driven by users and their needs (not typical users mind you, mostly developers or system administrators - but these users are the primary feedback path regarding whether a program should be included).
posted by idiopath at 6:13 AM on January 14, 2015 [1 favorite]


I don't understand how CNET hasn't been shamed out of existence.
posted by sudama at 6:19 AM on January 14, 2015 [2 favorites]


Dogpile was a meta-search engine, I don't think they had downloads.
posted by Horselover Fat at 6:22 AM on January 14, 2015 [1 favorite]


[insert clever name here]: "Some was nagware, some was donorware."

Man, I'd forgotten about nagware. That's something I'm happy has passed. Not that the idea was bad, mind you. But now, as long as I'm careful not to install bundled software, I can get good free software that doesn't intentionally annoy me. With nagware, it was just a guaranteed perpetual annoyance unless you paid.

cotterpin: "If I may ask you and the others in this thread, how does an IT-professional who hasn't used a windows machine in 12 years get started on crap-proofing her machine?"

I feel like it's actually easier now, but it may be because I don't crap up my machine as much. Avast for antivirus, and...then just don't install random dumb shit. It's not like back in the day when you needed an antivirus program and a dedicated firewall program and a dedicated this and a dedicated that. A lot of it is built into Windows now, and, believe it or not (if you haven't been using Windows for 12 years, it may be hard to believe), a lot of it works pretty well.
posted by Bugbread at 6:25 AM on January 14, 2015


What my relatives computers sometimes seem to feel like.

I keep clicking for that free lobster dinner, but so far all I have are some crabcakes from TJ that have been in the back of the freezer like, forever.

Pls unsubscribe google thx.
posted by malocchio at 6:36 AM on January 14, 2015


In the Free Software community this is done many times over.

And yet horrible security flaws in even core libraries still occur (OpenSSL). Software is so complex that even source code review (when it happens) does not always find hidden issues... but at least open source software holes have to be clever.
posted by sonic meat machine at 7:33 AM on January 14, 2015 [1 favorite]


I would put malware and huge accidental security issues in separate categories.

Just try getting a program that changes unrelated OS settings into any Free Software repo, see how long it lasts.
posted by idiopath at 7:40 AM on January 14, 2015 [3 favorites]


I think the reality is that most folks don't install a lot of software: Office perhaps, maybe Photoshop or some of the other Adobe apps. Accounting software. Maybe some stuff that came with a printer or a scanner. A lot of managed software also comes through Google and MS.

The only things I do see people I know installing (and removing) frequently, are games. And those are majority managed by walled gardens like Steam or the other publishers. Steam has probably done more to stop malware than every piece of anti-virus code ever written.

Most of the crap I've seen in the past few years has come via browser exploits.
posted by bonehead at 7:43 AM on January 14, 2015


Because programs check the windows version string for "Windows 9" in order to detect 95/98 machines. I am not kidding.

It's the Y2K bug all over again. We have learned nothing.
posted by tommasz at 7:52 AM on January 14, 2015 [2 favorites]


All this reminds me of what I read of Core War.

Me too. I think it's a pretty good analogy, but we could take it a step further and think of it as an ecosystem. There are limited resources (clicks or dollars) and there is a large "transition zone" between industrial computing and the Internet, like the edge of the forest. That transition zone is where innovation can capture a larger share of resources before the other parties have a chance to react. It's a zone of disruption.

In the real world, those zones have high turnover, and high diversity. Those are good things. They also tend to be exploited by weeds, which people don't like, and which can have negative consequences. It's also a war waged partly by camouflage, where as long as nobody notices, you can carry on without too much worry, until you're too big to stop. As soon as people start to notice 20 acres of thistles next to the community garden, or that CNET hasn't been weeding out malware, people are going to take notice. If it's really bad, they might even do something about it.

Either way it's quite interesting to watch.
posted by sneebler at 7:53 AM on January 14, 2015 [2 favorites]


The main key here is there is no technical fix to shitware, the fix is social and organizational.

With Free Software you have a process that is truly end-user centered, because the whole thing is run by end-users. With occasional exceptions like Ubuntu sneaking Amazon.com into their desktop the user-run and user-centric approach keeps the bullshit out. The user doesn't directly deal with the software vendor, and the people in charge of the repo use collective experience and guidance to keep shit out.

With Apple you have a single entity in charge, and they have everything to lose if people find their source of software unreliable (also, they use a pretty significant amount of Free Software in their infrastructure). The user doesn't deal directly with the software vendor, and the people in charge of the App store use corporate standards and user feedback to keep shit out.

If it's just the user vs. the software vendor, the software vendors can, and do, specialize in fucking users over. And if they don't they will be replaced by another vendor that is more willing or more skilled at screwing users over.
posted by idiopath at 8:04 AM on January 14, 2015 [2 favorites]


Linux users are the computer equivalent of the 1%.

I get that you're just being snarky here, but this statement really bugs me.

Linux users are experts*. They are people who have devoted time and energy to mastering the computer in ways that most people can't be bothered to do. They are not winners of some sociopolitical lottery** that has handed them mastery of The Computers while everyone else toils in darkness.

Mastering Linux requires, literally, an Internet connection, a working computer of virtually any age or price point and the willingness to give up your free time for the next couple of years to learn all of this stuff.

I think a better analogy is professional musicians. The main difference*** between me and someone who can make money playing the guitar is that the professional has spent years of their life studying and practicing.

Which is fine. You shouldn't need to be a musician just to listen to the radio or a computer expert just to type up an essay in Word.

But please don't disparage expertise. I know Linux geeks can get unbearably smug, and it's fine calling out asshole behaviour. But to dismiss expertise because it is expertise leads to all kinds of bad things (e.g. climate change denialism, abstinence-only sex ed., etc.)

Let's not do that.

* More precisely: Linux users tend to be experts, although not all experts are Linux users and most experts know and use more than one operating system.

** Well, beyond being privileged enough to have these first-world problems.

*** Yes, there may or may not also be this thing called 'talent' that has something to do with it.
posted by suetanvil at 11:56 AM on January 14, 2015 [8 favorites]


I can't get my relatives to stop falling for this malware crap. I can't get them to quit listening to talk radio either. What can I do.
posted by Monochrome at 1:06 PM on January 14, 2015


I get that you're just being snarky here,
...
But please don't disparage expertise.


I wasn't. I was trying to point out that Linux users are a rarefied few, responding to benzenedream's comment about how 'easy' it is to avoid malware in a *nix environment.
posted by feckless fecal fear mongering at 1:49 PM on January 14, 2015


I recently bought a new laptop, and for a while I was thinking I might keep windows and dual-boot it. So, the first thing I did was I searched for Firefox. Between the mental overhead of dealing with the confusion generated by doing a bing search in IE on windows 8, I accidentally clicked the first (malware, paid ad) link instead of the second (actual first result, actual firefox) link. That alone messed up the computer something horrible and I was very glad for the Windows recovery partition.

But it's been over a decade since I set up dual-booting last and it turned out that setting up Ubuntu for dual-boot and encryption is non-trivial, so I ended up just blowing away everything and single-booting Ubuntu.
posted by ckape at 1:54 PM on January 14, 2015 [2 favorites]


The greyed out looking buttons on cnet dialogues are actually still enabled, so you can decline most of the crapware if you are very careful.

It's worth noting that some users have not only minimal computer literacy, but also mediocre or rudimentary knowledge of English as a foreign language. If all you know is "click the NEXT button", these checkboxes won't even register.

Anecdotally, it seems to me that the custom-install option (which is an easy way to avoid unwanted extras) is getting buried deeper these days.
posted by ersatz at 2:28 PM on January 14, 2015


I wasn't. I was trying to point out that Linux users are a rarefied few, responding to benzenedream's comment about how 'easy' it is to avoid malware in a *nix environment.

Actually it was a comment on how hard it is to really avoid malware and rootkits, even with lots of technical skill.

sudo yum install [software_name] is a common Linux command line idiom. It means, as root, install a package and let it do whatever it wants to your system. Not very different from downloading from a Trusted Site(tm) and clicking UAC buttons on Windows.

On Linux, you still have to have trust that the repository maintainers are not trying to screw you whenever you install something. Signed code only means that you have someone to point a finger at later, not that the intent of the code is benign. Checking a large executable's behavior or auditing for security holes is a non-trivial endeavor even for experts.

The canonical publication on how vulnerable software can be: Reflections on Trusting Trust, by one of the authors of UNIX.
posted by benzenedream at 6:54 PM on January 14, 2015


In the abstract, a young girl's grandma could get away with slipping her a rouphie as easily as a random dude at a bar. The context, motivations, and incentives are relevant, and are very different between a Linux distro, an App Store, and CNET.
posted by idiopath at 7:13 PM on January 14, 2015


There's no significant malware in a linux environment because it's not worth anyone's time to write it for such a small market. Crooks go where the money is.

The myth of thousands of expert software engineers reviewing each linux package line by line is just a myth. Linux folks should stop being quite so smug: just look at the serious flaws in libSSL, one of the most important libraries in world.
posted by monotreme at 10:55 PM on January 14, 2015 [1 favorite]


Yes, um, that's common in Linux sure. In the same way that if you had a gajillion dollars it's common to say "oh, just have the assistant deal with it."

The vast majority of people do not live in this world. That is all I am saying.
posted by feckless fecal fear mongering at 11:14 PM on January 14, 2015


On Linux, you still have to have trust that the repository maintainers are not trying to screw you whenever you install something.

This is basically why I switched from Ubuntu to Debian. Debian is the kind of democracy you'd have if democracy were designed by programmers, and I remain quite confident that on the rare occasions when a Debian update makes my computer work less well, it's not because some C-suite asshole has made a deliberate business decision to do that in order to sell me something.

All my home boxes run Debian, so I guess I'm in your 1%. But I also fix and maintain PCs for quite a few other people in my little country town.

Most of my customers were always going to be somebody's customers, because they have no clue about how to sysadmin their own PC, to the point of being completely unable to find the Control Panel and so frightened of breaking something that they don't even try - this, in most cases, after years of using Windows XP. Many of them took my advice about how to respond to XP end-of-life and let me set them up a Debian box.

When I get calls from my Windows customers, it's because their PC has got itself into some horrible state of disrepair again, and needs decrapifying and tuning and updating again.

When I get calls from my Debian customers, it's because they've started seeing warnings about Flash or a browser being out of date and can I please remind them how to do an update. That's pretty much it.

I make much more, per customer, off my Windows customers than off my Debian ones.

The ONLY site that PC users *need* to visit outside of Ninite is adobe.com to download the horrid flash installer since Adobe had Ninite yank it from their site.

Yeah, that annoyed me as well.
posted by flabdablet at 11:48 PM on January 14, 2015 [2 favorites]


benzenedream: "sudo yum install [software_name] is a common Linux command line idiom. It means, as root, install a package and let it do whatever it wants to your system. Not very different from downloading from a Trusted Site(tm) and clicking UAC buttons on Windows."
Well, uh, except that on Linux you don't have to first go googling to find the Trusted Site™ between paid malware ads.

I just installed Linux Mint on an old laptop at home a couple weeks ago. There's a nice graphical interface to help you find and install software, as well as notifications for installing updates with an icon for how urgent the update is (e.g. security updates get a big red 5). No CLI tricks necessary yet - except for setting up vim, which isn't something your average Joe should be doing anyway. So instead of spending all my time doing command line magic, I'm rediscovering Counter-Strike 1.6 after a 10 year hiatus. Yay, Steam on Linux!
posted by brokkr at 12:31 AM on January 15, 2015 [1 favorite]


Unless you require some very specialized software for which there is no Linux variant, Ubuntu is excellent for the average computer user these days.

No expert knowledge required.

And no, the reason there is no blatant malware for Linux has nothing to do with how many or few users there are, it's solely a result of the software distribution model. That model is much closer to the walled garden of Apple than the mess that is Windows.

The big difference being that, rather than having an autocratic corporation pulling the strings, there is a democratic community guided by free software ideals, as codified in e.g. the Debian Social Contract.

Subtle malware is a whole other can of worms though.
posted by uffda at 3:11 AM on January 15, 2015 [1 favorite]


If I felt like paying for Crossover, Linux would be far more viable for me.
posted by Pope Guilty at 6:10 AM on January 15, 2015


There's no significant malware in a linux environment because it's not worth anyone's time to write it for such a small market.

I disagree.

Certainly, there's no Linux equivalent for the shady crapware you find on PC download sites, but Linux is the operating system of the majority of the world's servers. Gaining control of even a small fraction of those is going to be worth a lot more than showing ads on some peoples' PCs. The reward for cracking Linux security is enormous.
posted by suetanvil at 9:58 AM on January 15, 2015 [5 favorites]


Good point. Malware targeting linux servers at something worthwhile like a bank is likely written by professional criminals, unlike the script-kiddy level of malware targeting grandma's PC.

Such malware would be designed to be extremely hard to detect. I hope bank IT staff do things like checking the signatures of downloaded packages, but I suspect they don't.

I expect to see a bank robbery that turned out to be performed by malware made public in the next few years.
posted by monotreme at 6:46 PM on January 15, 2015


Checking the signatures of packages isn't something you do, the package management software does it for you whether you ask it to or not, and it will complain if you try to install packages without first installing the public keys for the repo maintainers so packages can be validated.
posted by idiopath at 6:55 PM on January 15, 2015


« Older If they say I never loved you, you know they are a...   |   "I'll be honest: I don’t want to stay up until 4... Newer »


This thread has been archived and is closed to new comments