Spyware More Common in Popular Software?

Keith Young asks: "Over the past month, we have seen a 1500% increase of spyware denials on our firewall primarily due to WildTangent 'spyware' installed with AOL IM 5.5 and adware installed with Weatherbug. Since many of these widely-installed types of applications have an automatic upgrade feature, how can these be tested for license agreements, spyware, and security 'irregularities'? Is this another reason to approach management to choose only open source alternatives?"

Opensource is good but...

You have to bare in mind that alot of companies have invested alot of money into there Microsoft Windows Network with all there fancy graphics packages and what not. If you have just finished signing a checking for nearly the value of the company on software licenses for your machines would you want to go to an open source operating system because some guy who works for you is moaning about spyware being stopped by the firewall. in my opinion the best way to scare somebody into changing to open source software is to tell them about the spyware that is NOT being stopped by the firewall

free apps aren't free

I know everything you can download for free isn't really that, but on the same hand as many people want to know if they have drm-crippled CDs that they purchase, wouldn't one also want to know what 'extras' get installed with a program and not just an [install] button to start and an [ok] button when finished?

GAIM

Gaim [sourceforge.net]

Just a friendly reminder in case there's anyone out there in slashdot land who still doesn't know about it. Works perfectly with AIM/ICQ and Jabber (and those other services no one actually uses ^_~) Even has a Win32 installer.

Re:GAIM

Also, GAIM doesn't have AIM Talk. I use AIM Talk regularly to talk to someone who is running AIM on a Mac OS 9.0.4 machine. (her machine can't run OS X, and OS 9.0.4 is the last stable version)

You'd be surprised how few VoIP proggies exist for OS 9 machines, and even rarer still, proggies that also have Windows clients...

Apart from MSN Messenger (which requires at least 9.2.2), AIM seems to be the only solution.

Use Gaim

I use gaim [sourceforge.net] instead of AOL instant messenger. It's got just about every feature that AOL instant messenger has, plus a slew more (plus it can consolidate chat clients). It is easy enough to use for non techies that all my friends and family are on it instead of the AOL version. There are OpenSource projects out there for everything. Check out Sourceforge [sourceforge.net]. And, if you really like the product, and it saves you some money, donate some money to the project so it can get even better.

Weather *Bug*

You know, if you install something called WeatherBug, you're kinda asking for spyware to be installed. It's practically in the name.

AIM/gaim video chat

Unfortunately gaim doesn't support AIM's video chat.

Is there something out there that does? I was looking forward to AIM 5.5 connecting with iChat to do video chat with my dad and friends; now I may have to avoid that if the AIM spyware is bad (sigh)

screensaver.com

I recently discovered that screensaver.com is distributing screensavers that I wrote with their own custom installer that includes several spyware programs, some of the worst I know of, hijacks their home page, puts advertisement links all over their computers, and requires them to agree to receive spam before they're finally allowed to install my screensaver. I've dropped their affiliate commission and demanded that they stop distribute my screensavers with spyware, particularly because it hurts my reputation and is responsible for some of my support email, but so far no response (I'll give them another day or so). Spyware bundling was not a problem I had anticipated when I wrote the EULA. Next I'll be contacting other authors I who's screensavers are being distributed in this fashion.

Weatherbug?

I know older versions of Weatherbug included Gator, but my understanding was that they had stopped bundling this garbage in favor of a more unintrusive ad-only revenue model. At least the last couple of versions I scanned with Spybot S&D and Ad-aware tested clean.

Did I miss something?

Oh, and more on-topic, YES. Spyware is a big reason why I use open-source software whenever possible.

Why even allow WildTangent?

Your company specifically allows people to play web games on company time? Make it against the rules to install WildTangent stuff. Why bother with an open alternative (if one even exists). Unless you're an entertainment software developer that needs to look at WildTangent based stuff there is *no* reason for it to be on a business computer.

Use older versions.

I use some older 4.x version of AIM. Not at my desk so I couldn't tell you the exact version.

It was one of the first ones that let you store your buddy list on the server, but it doesn't have any annoying features that suck up bandwith, along with memory/cpu cycles.

WinPatrol

I've recently become a fan of WinPatrol [winpatrol.com]. It's shareware, but will do pretty much all you need indefinitely in its trial version.

Most spyware tend to set themselves to run automatically on startup, and WinPatrol's watchdog will bark at you whenever a program does that, and let you confirm or deny. (If you register, they'll give you information about tat program to help your decision).

Most Managements

Most managements are clueless idiots, the moment you walk in to a meeting board, with an argument that open source has no spy ware, some idiot will ask you, but isn't it true that open source code can be edited by anyone ?

There is no easier way to fight the paranoia about open source s/w , if you work for PHB.

AOL advocates using Ad-Aware

Funny that AOL's own AIM Virus/Trojan Help page [aim.com] instructs the user on installing and using Ad-Aware [lavasoftusa.com] (steps 5-8).

Of course, that was probably posted long before Ad-Aware would actually remove parts of AIM itself.

Really don't like ad/spyware in stuff I PAID for!

Ok, I can dig it if someone wants to give me free software but require I allow them to install adware, spyware, trojan horses, or all my credit card numbers, etc. If I agree to these terms, then I'm stupid and deserve whatever bad things (tm) happen to me as a result. As long as it is SPELLED OUT in the EULA.

HOWEVER, I've bought software only to get ticked off because it wants to installed crap like Gator or worse on my system. Many times, this isn't part of a EULA (if there is even one). That's one way to get me ticked off. I PAID for the software to NOT be bugged! In particular, this was selfware that looked cool (puzzles and card games) and that I picked up at Target. I'm sticking with "download before you buy" stuff.

WeatherBug alternative

It took me a while, but I finally found Weather Pulse [tropicdesigns.net]. It scrapes data from weather.com, displays a systray icon, and shows detailed forecasts. All without any spyware or ads.

Spyware and Adware

If the Spyware and Adware software makers told the users what the software will be doing on their machine, the users most likely would not install it.

I recall there was a plug-in for Kazaa that removed the Spyware/Adware and kept Kazaa working. Diet-K was the name I think.

By my definitions, Spyware and Adware are malware and unethical to force the users to install with the free or shareware software.

Many PHBs confuse free or shareware with open source software and claim that open source software contains spyware/adware. I've ran into that before, they need a clue-by-four upside their head to convince them otherwise.

Re:I am a Mac user.

Interesting, if true!

But when I clicked on the link, it returned "Not found", and even an extensive search of the site revealed nothing.

You're either a great troll (people click Insightful without clicking on the link?) or there's something odd going on.

And yes, I did remove the "here" from the end of your URL and tried a bunch of other things and nothing got me to the link :-(.

D

Re:I am a Mac user.

Whatever man. I administer nearly 200 Macs and use them almost exclusively for personal use. I've never ran across any kind of spyware for Mac OS X. The link you posted is bogus. Care to provide some more convincing evidence of what you claim?

I have never seen an installer...

for ad-supported software which states the following:

Hey, we're going to install software on your machine that pops up advertisements whenever you do anything on the internet, and sometimes when you're not! Also, we'll record all the sites you go to. Hope you don't mind!!!! LOL

Re:Sick of the spin on this site

-----
There is nothing wrong with Directed Advertising, get it?
-----
Nothing wrong with door-to-door evangelists stopping by during dinner either.

-----
First of all, how is it stealing when we clearly state in our EULA what we're doing?
-----
A jerk that hides behind an EULA is still a jerk.

-----
but rather ask them if we can use their data to make adverts which are more successful
-----
As long as you specifically ask me for each and every piece of data each and every time you want it and give me the option to say "No, and don't bother me ever again" then I'm okay with it.

-----
and get better adverts about stuff they might be interested in
-----
I know what I'm interested in. I don't need to pay you to figure it out for me. Directed advertising works for advertisers and for sheeple. Don't hold up a zombie citizen as an example of how you're serving _ME_.

-----
But you feel the need to impose your choice on them.
-----
Funny. You were just talking about telling consumers about things they "might be interested in". You're selectively forcing your choices on them.

-----
Instead of charging people to use GPL'd software, you "charge" them by agreeing to set free their own personal hard work and sweat.
-----
Darn sure of it. Don't be mad at me because I've ditched your little monkey for my OSS alternative. Groups that lobby for laws such as TCPA/DRM which make my OSS alternative impossible to achieve only prove my point about their character.

-----
I could point to 100 times as many Open Source projects out there that could severly [censored] up your computer. But that's OK, is it?
-----
Yes, it's okay, because the OSS projects aren't charging money, they aren't gathering info and collating databases, they aren't selling my name and info to any clearinghouse with a dollar. At the same time, because it's free, I don't hold them accountable. If you charge me money or make use of my information then I should be able to hold you accountable for anyone who misuses my data which you sold to them.

The fact that "directed advertising" hides behind multiple levels of database clearinghouses makes me sick. See my statement about the EULA.

-----
Let's face it, if we offered you a job, you would jump at the chance
-----
You're right. The same guy that's milking our society dry is funding directed advertising because it feeds his profit margin and helps him figure out new ways to milk the economy dry. Nice vicious circle which keeps me scraping for any job available.

+++ATHZ

Re:No

So if I get something for free, I should just expect to be spied on? That my privacy will be invaded?

/example/
Say, would you like a brand-new weather cover for your car? Oh, good. *small print* oh, by the way, we're going to watch everywhere you drive, everyone who gets in, what songs you like to listen to on the radio, what your gas mileage is, what sorts of add-ons you buy and install, what sort of add-ons you don't buy but feel compelled to install anyway, and what conversations you have while you're driving. Even when the weather cover isn't on.
//

Sounds a little different when you're talking about a car, huh? Just because a company *chooses* to give something away does not mean that I should have to give up my privacy to them or anyone else!

Re:No

I think that you didn't read my post completely. The problem is not the software packages that *always* contained spyware/adware/license-mods/etc, but the ones that get an auto-update and install the latest crap. As for the $25.00 cost, what will stop your favorite anti-virus vendor from adding the same "features" into their latest engine download? Trust me, this is only the beginning to "surprises" being added into software on the fly.... --Keith Young

Re:I am a Mac user.

I have not come across any major apps I use on OS X that have a built-in "Spyware", much less have tried to hijack my browser (Safari). There are the occasional free/shareware games etc. that I have downloaded which try to call home when they are launched. Any thing that displays such behaviour is trashed immediately.

A suggestion to OS X users: get a copy of Little Snitch [obdev.at]. Any time an "unauthorized" connection is innitiated from your Mac, Little Snitch will "blow the whistle" on the offending app. It is also vey easy to set up a list of un/authorized apps and the port(s) they are not/allowed to talk on.

After I started using it, I was a little surprised at how many junk/spam email I found calling home either to pull in some content or to log which email@address had actually clicked on the spam. Previously, I knew this was going on (email/web-bug), but I was just surprised at how prevalent it had become.

cheers- raga