Sunbeltblog comments
my question is this:
is bundling advertising software inherently bad?
doesn't the adware's presence have to be a secret or at least non-obvious, or doesn't the adware have to be difficult to uninstall in order to really be considered bad? opera used to display ads and no one called it malware...
in this particular case the adware's presence is revealed right on the download page, right under the download button... the adware would certainly be annoying, but it's presence is not exactly a secret and simply displaying ads isn't inherently a bad thing... some people accept that kind of trade-off (opera supplemented their development for a long time using that fact)...
i wish it were more clear as to why exactly this particular adware installation is bad...
Kurt -- have you ever actually used a Best Offers product?
no, but i also don't think 'you had to be there' or words to that effect are a legitimate explanation...
i'm not discounting the possibility that it really is malware, but it would be nice if someone said by what criteria that determination was actually made...
so far the implication seems to be that it's malware simply because it's bundled adware without even examining the nature of the bundling or how up-front they are about the bundling... that's why i asked if bundling was inherently bad...
my personal opinion is that there needs to be a little more to it than that in order to call it malware, but i understand that other people may have different opinions and reasons for those opinions...
Hola,
There's a reason, I believe, why this should be looked upon so skeptically. First off, how can you claim to clear out unwanted spyware, when you are bundled with adware?
Yes, I know, there is a BIG difference between the two products, but it creates an inherent conflict of interest. Especially given the fact that many adware companies carry such a "colorful" past.
But, lets focus on this exact situation. DirectRevenue has one of the worst reputations online. Involved in many illegit installations that were denied, and only cleaned up after a massive amount of public pressure was applied. This is a company that has GREATLY profited from criminal activities. Don't believe me, go check out anything on Nail.exe from Google.
But, I'm ill...so forgive if this is at all random or off.
i think you're right that we have to focus on this exact situation - but to do that we have to ignore every other instance of DirectRevenue bundling and look at whether this particular instance gets installed illegitimately and/or whether it behaves badly once installed...
other instances could very well be other *versions* and therefore be functionally different from this one...
the article didn't indicate whether it still installed if you deny the EULA, that's not something the author mentioned testing... nor did the author mention any specific bad behaviour once installed, or while attempting to uninstall..
i hope i'm not alone in thinking that a particular piece of software has to actually do something bad before it can be called bad...
Boy Kurt. You sound like an employee of said adware company.
i'm sorry if it seems that way, i'm not trying to defend the company...
if anything, all i'm really trying to do is hold the 'white-hats' up to a higher standard... i imagine the adware in question really is malware, but so far noone's offering meaningful critical analysis... it can't be malware just because of the company's shady past, it's got to do *something* bad...
if you're still concerned about that possibility that i might be an employee of that company and my webpage alone isn't enough to disuade those fears, google "kurt wismer" and compare those results with your concerns...
"i hope i'm not alone in thinking that a particular piece of software has to actually do something bad before it can be called bad..."
You'll find that stance a lonely one, I fear. We'll look at it this way.
You have a friend, he borrows your car and roughs it up a bit. You forgive him, let him have the car again and the same thing happens. Now, add this trend to two or more years, eventually you stop trusting him and he doesn't get your car.
Same theory applies here. You can only burn people so many times before you're pre-judged. Is it fair? Possibly not, but in this case the reputation has been hard earned and I see no fault in looking at them and expecting something. And/or stating that we want nothing to do with them or any products that partner with a company that has such a past.
i'm sorry, but i don't think the same theory does apply here... we're not classifying the adware vendor, we're classifying the adware itself...
the vendor certainly remains shady, but if the software itself has done nothing bad (and i'm not talking about previous versions or other bundles) then it can't be malware in this instance...
malware classification does work on the guilt by association principle - this particular instance of adware should have to do something bad before it can be called bad, regardless of who made it... you can call it suspicious, certainly, but judging it before or without analysing it is prejudice and it is not the way rational malware analysis works...
So, by your logic, I've made millions off of shady installs. Off of hijacking a persons system, off of paying, and utilizing shady affiliate networks. But I release a new version of my software and all is forgotten?
No, not how it works. Why should I trust YOUR (please note: I'm not referencing you Kurt) software, when I cannot trust you? That makes no sense to me.
Any of their software should be treated with skeptism, anyone that bundles their software should be looked at sideways. Now, if this software AND the vendor prove themselves, over time, to have changed their ways, they'll gain acceptance.
WhenU is a good example. They are still looked at, a bit, as a shady vendor. But people are talking about leaving them on systems, talking about trusting them, and how well they've turned themselves around.
It can be done, but releasing a new software and stamping a "New and Improved" sticker on it does make for an immediate trust of the software or the company.
Kurt -- One note, you cannot install this software without installing Direct Revenue's product.
Needless to say, I think any position that defends this bundling arrangement is indefensible.
aquias:
please try and follow the distinction i have already made - the software can be suspicious without being malware, they are not the same thing... i agree that the software should be considered suspicious and people should probably avoid it just to be on the safe side but that's a very different thing from saying that the adware definitely is bad...
what this really boils down to is a question of certainty - 'suspicious' software denotes the presence of uncertainty as to whether it's safe or not, but malware classification cannot coexist with such uncertainty...
alex:
that brings me back to my original question - is bundling inherently bad? there is still no indication from anyone that this particular instance of directrevenue's adware does anything bad or is bundled in a deceptive way... just because it comes from directrevenue doesn't make it malware, it just makes it suspicious...
i've already conceded that it is probably bad, so therefore the classification of spy-shield as rogue on the basis of this bundling is probably justified - but i don't know it for sure and i'm trying to see if someone else does... is certainty really too much to ask for?
Kurt, as has already been said, your stance will be a very lonely one indeed, and for good reasons. The adware "industry" is populated by people who really don't care that what they're doing is hated by most sane people, and many of them seem to simply not understand why they are so despised.
You cannot simply look at an application in isolation and deem it "safe" or "wholesome", because even seemingly safe ones may pack some kind of hidden agenda, the least of which would be to fund the continued proliferation of trash from them, financed by the one "good" app that they produce.
Therefore, we have adware by association, like it or not. If you wish to put money into the coffers of such low-life companies, then fine, but don't try crusading on their behalf expecting anyone sensible to understand you, let alone wish to join you.
I would advise you to not buy life assurance from the Mafia, but you'll probably argue that it is excellent value...
the infamous Aurora program put the nail.exe in the coffin...
get it?
Kurt,
Double speak isn't really going to work. In one breath you are telling me that judging based on past practices is wrong. In the next, you're saying that being suspicious of said software and avoiding is probably advisable. Which is it?
And I never said adware was bad, maybe some people do enjoy pop-ups.
As for certainty? Why? Why? Why? You've BURNED me, before. Why is it up to me, to hand you trust? Earn it. Guess what? That means I avoid your software and those that bundle with it, until I see changes (or if I'm testing then I pull it down to take a look at the software). That means I look at sites like this, monitor security forums, and the like.
In this specific instance, my big problem is NOT with the fact that software is bundled with adware. But the context of the bundling. A company with a WELL documented past of poor installs and practices, bundling with an anti-spyware vendor.
There is an inherint conflict of interest here.
trickyricky:
thank you for that wonderful mafia life insurance *strawman*...
thank you for also bringing up ridiculous issue of 'hidden agendas'... next you'll be telling me i shouldn't use anti-virus products made by scientologists because of their 'hidden agenda'... (one good strawman deserves another)
the only thing i am crusading for is a more rigorous and thorough treatment of malware issues... you think that wouldn't appeal to 'sensible' people? personally, i think sensible people prefer rational, scientific discourse over witch-hunts, but what do i know, i'm just a computer scientist whose been watching the malware field for the past 16 years...
i guess we'll need someone by the name of hoover to protect us from the red, oops i mean adware, threat...
What I'd like to know is, does the antispyware app install direct revenues software then immediately detect it? cos thatd be pretty stupid.
and if not...i'd still like to resign as the head of the aurora fan club.
Wow Kurt... nice low blow there. Glad to see what you resort to when you can't defend your position.
oh dear, you've found me out... yes indeed, i resort to that evil, vile, nasty thing called rhetoric... someone better go tell on me, i made rhetorical remarks...
rhetoric is a perfectly valid practice in the context of a logical argument... perhaps you'd have preferred i marked up my text in some way to make the rhetoric even more obvious?
Guys, let's cool our jets. Let's keep the comments on topic, no noise...
aquias:
"Double speak isn't really going to work. In one breath you are telling me that judging based on past practices is wrong. In the next, you're saying that being suspicious of said software and avoiding is probably advisable. Which is it?"
it's not double speak... users should exercise caution, malware classifiers should *dig deeper*...
"As for certainty? Why? Why? Why?"
do you not think some assurance of accuracy in classification is called for? when we're talking about classification we're talking about what authorities in the field say it is - don't you expect more than "it's probably bad" from authorities? you can bet various legal systems do...
the anti-spyware app was classified as rogue on the basis of bundled adware, so far without any additional details
to indicate they have thorough knowledge of the 'bad' software in question... i think they can do better...
Double speak ,double standards
Eric L Howes delisting of Spyware terminator from the Crawler Team b'stard offspring of "IBIS" so leopards can change there spots afterall if that is a precident 
oh noes it is teh adware b-x-r
Soes Kurt your from the wrong Adware brethen to expect forgiveness from these Zealots,PMSL its so funny!!!112
this is getting ridiculous... i'm not expecting them to forgive the black-hats out there... i'm not expecting them to change their opinions of the black-hats at all...
i'm expecting them to expect more from the white-hats...
Wow this is starting to look like good ol /.
Allow me to add my perspective and perhaps clarify the situation.
This bundle is bad because it is a (rogue) anti-spyware product that bundles adware. But not just any adware. It's Direct Revenue adware.
To those in the spyware research field, this is fairly astonishing. And let me explain, briefly, why.
Direct Revenue has one of the most awful reputations in the antispyware community. This is a company that has, in the past, been installed through numerous force-installs by its affiliates, to a point where it is the subject of a class action lawsuit and considerable rancor in the antispyware community. But it’s not just the past practices, it’s also the coding methodology that used, with self-resuscitating modules which practically defied removal unless one used a DR uninstaller.
DR’s products are on the removal lists of virtually all antispyware applications. Hence, it is immediately suspicious when one antispyware program chooses to go against the entire antispyware community and directly support a program which is removed by all others.
Now, DR has a new CEO who appears quite competent and the company is making significant improvements in its distribution channels, so things are turning around. But a search for nail.exe on google tells the tale rather quickly: it was not that long ago that we saw howls of agony from users with Aurora installed on their system (aka nail.exe).
As regards to the legitimacy of installing adware with an antispyware application, this goes directly against the purpose of such an application. In fact, it makes no sense. Spyware as a term is that is practically synonymous with adware, and hence, all antispyware applications are effectively anti-adware programs. There may be gray areas, such as WhenU (an adware company which has made considerable and demonstrable improvements in its practices). But in theory, it’s similar to a pop-up blocker including a program that creates pop-ups. It makes no sense.
Finally, the comparison to Opera, Eudora or AIM using advertising to fund their free versions is actually incorrect. This type of adware is one that spawns pop-ups on a user’s desktop, entirely different from in-application banner ads (like you see in AIM). It effectively turns your computer into an advertising kiosk for someone else. It is also a type of software that may mislead consumers through “relevant” popups.
We’ve exhaustively covered what makes an adware program in our listing criteria, which you can read here http://research.sunbelt-
software...ng_Criteria.cfm (I will say that since most of our business is to corporations, our listing criteria may be stricter than others, but you can get a pretty good idea as to what constitutes a listing or not in our research paper).
While I could speak at great length on this issue, I hope this clears up at least some of the confusion.
bah!
nobody caught my real error... the adware bundle was *not* the sole criteria for the rogue anti-spyware classification... the makers of spy-shield use deceptive advertising (referencing a legit product) to drive traffic to their site... the adware bundle was an additional aggravating factor...
i take back my previous criticism of the analysis on the spyware warrior site... so much focus was put on the adware bundle (which is admittedly novel for an anti-spyware app) that i overlooked the key element right at the beginning...
Kurt, this one is easy to figure out. Let's go back a few posts:
"It can't be malware just because of the company's shady past, it's got to do *something* bad..."
OK, for starters:
1. The company's shady past? How about its shady PRESENT? You don't call bundling an adware program with a bogus, rogue antispyware program shady? And not just bundling, but inextricably entwining the two so that the fake antispyware CAN'T RUN without having the adware installed? You don't detect any shadiness in that arrangement? Your common sense isn't picking up anything "inherently bad," to use your words, about that?
2. How about an antispyware program that brings up false scanning results? Because that's exactly what Spy-Shield does. It also ignores its own DirectRevenue adware installations.
3. Speaking of its adware installations -- once installed, their adware crap is very difficult to completely remove.
4. The crap slows down your PC.
And last but not least:
5. Sorry, but the company's past absolutely cannot be ignored. Period. A rapist that donates to Relieffundforsexualassaultvictims.org is still a rapist.
alex:
"it’s also the coding methodology that used, with self-resuscitating modules which practically defied removal unless one used a DR uninstaller."
that would certainly be enough to qualify it as malware in my book... however, since the company is no longer DR, is it still the case that their current software behaves in that fashion?
"Spyware as a term is that is practically synonymous with adware"
yeah, and viruses are practically synonymous with trojans...
this reminds me of the anti-spyware coalition's rather braindead idea to use 'spyware' as an umbrella term for practically all malware inspite of the fact that malware is already an umbrella term that covers all malware... their justification was that most average folks were using the term that way, but sadly this is not the first term average folks have collectively misused to refer to all malware (anyone remember people using "virus" for that purpose?) and it won't be the last...
i hope you aren't following their lead... i think you'll find that the similarity between spyware and adware (at least those instances that fall under the malware classification) is that they're both different forms of trojan horse programs... other than the fact that some instances can be both adware and spyware at the same time, that's pretty much where the similiarity ends...
guillermo:
"1. The company's shady past? How about its shady PRESENT? You don't call bundling an adware program with a bogus, rogue antispyware program shady?"
you think they knew the anti-spyware app was rogue even before it got released? also, since when are they the ones that do the bundling? they provide the adware, it's the anti-spyware company that does the bundling...
"2. How about an antispyware program that brings up false scanning results?"
not the responsibility of the adware company... they're separate entities as far as i know, and i doubt an adware company is in a position to determine the efficacy of the software their adware gets bundled with a priori...
"3. Speaking of its adware installations -- once installed, their adware crap is very difficult to completely remove."
agree on that point, but it's only very recently that that was brought up (i brought that up as a possible omission from the original article but nobody confirmed or denied it)..
"4. The crap slows down your PC."
everything slows down your pc when you run it... there is no software that uses zero resources... theft of resources is only valid if you didn't knowingly agree to it, and the presence of the adware is made known right on the download page...
"5. Sorry, but the company's past absolutely cannot be ignored."
it can when you're classifying something as malware or not malware... that depends only on the software itself and how it's presented to the user...
if a company's past played a role then that old joke about windows being the biggest, most successful virus in the world wouldn't be much of a joke anymore... if you'd prefer a less over-the-top example, look at cult of the dead cow (makers of the back orifice remote access trojan), or l0pht...
"also, since when are they the ones that do the bundling? they provide the adware, it's the anti-spyware company that does the bundling..."
Bundling does not follow the same process as becoming an affiliate, where i sign up and get a wodge for installing someones software. where bundling is concerned, in almost all cases, an actual deal is cut and / or negotiated between both parties. And direct revenue are so big, and they've been stung so badly before (aurora bittorrent madness anyone?) that they would be insane not to follow this well worn path.
"i doubt an adware company is in a position to determine the efficacy of the software their adware gets bundled with a priori..."
True, though this would become a concern if the antispyware scanner removes the adware it is bundled with. because then direct revenue are paying them a ton of cash to install their software, but then having their revenue stream cut off immediately after installation.
"3. Speaking of its adware installations -- once installed, their adware crap is very difficult to completely remove."
agree on that point, but it's only very recently that that was brought up (i brought that up as a possible omission from the original article but nobody confirmed or denied it)..
Direct Revenue's software is well known historically for having a poor record where uninstallation is concerned. See
http://www.vitalsecurity.org/200...-in-
theory.html
for an example of stupid uninstall practices, not long after DR were trumpeting all new and improved removal procedures.
"5. Sorry, but the company's past absolutely cannot be ignored."
it can when you're classifying something as malware or not malware... that depends only on the software itself and how it's presented to the user...
Sorry but the history of adware companies cannot be ignored under any circumstances. There's too much of a history of bait and switch and endless broken promises and smokescreen spin. anyone who blindly trusts an adware vendor of previous bad repute is far too trusting.
paperghost:
"Direct Revenue's software is well known historically for having a poor record where uninstallation is concerned. See"
direct revenue is apparently not direct revenue anymore... i think they're smart enough to know that they can't change their image just by changing their name... they have to change their software and business practices too... to what extent they've done so (have they gone far enough?) i don't know, but i'm not going to assume that their current software is functionally identical to the software they had when they were direct revenue... that doesn't mean the software is good or trustworthy, it just means we don't know for sure anymore...
"Sorry but the history of adware companies cannot be ignored under any circumstances."
it can if your classifying malware... look, each type of malware has a particular definition - something has to fit that definition in order to qualify as that type of malware... there is no type of malware that includes company history in it's definition, therefore company history is a non-sequitur in malware classification...
"direct revenue is apparently not direct revenue anymore"
yes they are:
www.direct-revenue.com
they just changed the name of the software and some of the network stuff. Still the same company.
"it just means we don't know for sure anymore..."
Yes it does. Just download some of their software and try it out.
"Sorry but the history of adware companies cannot be ignored under any circumstances...
it can if your classifying malware... look, each type of malware has a particular definition - something has to fit that definition in order to qualify as that type of malware... there is no type of malware that includes company history in it's definition, therefore company history is a non-sequitur in malware classification..."
Great, except direct revenues software is adware - it displays ads. it aint malware.
if / when i find the backstory out on individual hackers who create malware, i take their past history into account when analysing their latest files. i do the same for adware makers, too. ignoring the backstory of the people behind the file ignores potential reasons for why that file came to be in the first place.
paperghost:
""direct revenue is apparently not direct revenue anymore"
yes they are:
www.direct-revenue.com
they just changed the name of the software and some of the network stuff. Still the same company."
i suggest you go back and re-read the original article... they're best offers network now...
"Great, except direct revenues software is adware - it displays ads. it aint malware."
some adware *IS* malware... by and large, if there are products designed to remove the adware it's because that adware is malware...
further, the rogue anti-spyware software in question came with best offers network (http://www.bestoffersnetworks.com/software/) adware...
"if / when i find the backstory out on individual hackers who create malware, i take their past history into account when analysing their latest files. i do the same for adware makers, too. ignoring the backstory of the people behind the file ignores potential reasons for why that file came to be in the first place."
malware classification is concerned with what effect a piece of software has, not why it exists... i'm sure it makes for interesting reading, but it doesn't affect the outcome of the classification...
malware classification is meant to categorize bad *software*, not bad people or bad companies... if you wish to categorize people or companies, be my guest, just leave the malware classifications system out of it...
hey Kurk teh adware dude maybe some new titles needed?
Sleazeware/criminalware.
Software produced by companies/individuals that have commited or been appartied to criminal activities in the past.
Have you ever heard teh expression
"You cant polish a turd ?"
Kurt. It's time to trust your source.
Alex and his team are experts in this field, if they have reason to be dubious - then you have reason to trust them.
"i suggest you go back and re-read the original article... they're best offers network now..."
I suggest you check out the best offers website -
"A division of Direct Revenue"
"some adware *IS* malware... by and large, if there are products designed to remove the adware it's because that adware is malware..."
Yes, but why are we going so generic and off topic when we're specifically talking about *direct revenue's* bestoffers software which is....adware? We're not talking about anyone else's product except theirs.
"malware classification is concerned with what effect a piece of software has, not why it exists... i'm sure it makes for interesting reading, but it doesn't affect the outcome of the classification..."
...what a bizarre thing to say. Depends what you want to do with the file - simply obtaining it then pinning it to the wall like a butterfly might work for antivirus companies, but it certainly does NOT work in the field of adware and spyware. The software pushed is intricately linked with the people who create it, and because revenue streams are so important in this area, to shut bad things down, you have to shut them down at source. You cannot do this if you do not follow the money trail. Finding out why something exists in the adware game often defines what it does - because the reason it does what it does in the first place was influenced by the money-grabbing intent of the original creator. To remove the human element from the equation is to deny yourself further investigative possibilities. Humour me with the chance that I may be right, as I've employed this method time and time again to break some of the biggest adware stories out there...and have the bad guys shut down at the same time.
paperghost:
"I suggest you check out the best offers website -
"A division of Direct Revenue""
my mistake then... it appears you've done your homework even better than the original author of the article - they said it was "formerly direct revenue"...
"Yes, but why are we going so generic and off topic when we're specifically talking about *direct revenue's* bestoffers software which is....adware? We're not talking about anyone else's product except theirs."
direct revenue's adware deserves special treatment compared to everyone elses adware?... if not, if all adware purveyors are to be held to the same standard then what's the problem with being generic?
"...what a bizarre thing to say. Depends what you want to do with the file - simply obtaining it then pinning it to the wall like a butterfly might work for antivirus companies, but it certainly does NOT work in the field of adware and spyware. The software pushed is intricately linked with the people who create it, and because revenue streams are so important in this area, to shut bad things down, you have to shut them down at source."
believe it or not but the anti-virus industry goes after virus creators too... they're just not under any illusions that that can play a part in the malware classification process...
the argument i'm seeing here seems to be this: bad software implies bad creators, and since the creators are bad therefore the software must be bad... this is, quite literally, a fallacious argument... it is an example of the logical fallacy known as 'affirmation of the consequent'...
"To remove the human element from the equation is to deny yourself further investigative possibilities"
no, it doesn't... malware classification addresses the question "is the software bad"... further investigation entails asking further questions... no one is limiting you to addressing only one question...
"Humour me with the chance that I may be right, as I've employed this method time and time again to break some of the biggest adware stories out there"
and ignore logical fallacies and throw out critical analysis? i've been part of the anti-malware space since before adware was a gleam in some marketer's eye... i see no reason why what anti-adware and anti-spyware folks do shouldn't hold up under careful scrutiny...
"believe it or not but the anti-virus industry goes after virus creators too"
Never said they didn't. I said that the AV approach to simply stopping with the file, after a nice bit of file analysis, kinda sucks and ususally doesnt get the bad guys shut down. unless you meant to put adware instead of spyware, but you keep mixing up your definitions somewhat...
"the argument i'm seeing here seems to be this: bad software implies bad creators, and since the creators are bad therefore the software must be bad... this is, quite literally, a fallacious argument... it is an example of the logical fallacy known as 'affirmation of the consequent'..."
Once again....go download a bunch of direct revenue software and try it out. Lots of people are still having issues with their software across security forums.
"i see no reason why what anti-adware and anti-spyware folks do shouldn't hold up under careful scrutiny..."
i hope you hold the adware makers to a similar level of scrutiny...seems to be pretty one sided at the moment.
....and for the record, i'm havng an increasingly difficult time trying to work out why, of all the hundreds of examples every single week of idiotic installs, you chose this particular one to zoom in on.
lets put aside all the what is / isn't file analysis for a moment, and simply focus on the *concept* of bundling an Antispwyare/adware appliction with...shock horror...*adware*.
If you can't understand that even the notion of such a thing is rather off the wall and thus deserves written mileage, before you even GET to what is / isnt file classification, then i really don't know what else to say.
Wow, is this thing still raging on? Paperghost, it's obvious to me that Kurt is either very obtuse, misguided or simply out for a good troll. It's quite clear that despite having spent a lifetime in the malware field, he is completely unable to see something that's plainly obvious to everyone else here.
That's why I gave up arguing with him. He doesn't listen because he doesn't want to listen. Maybe he's simply unable or unwilling to? [shrug]
Wow. You said it, trickyricky. I vote for obtuse -- or to put it more bluntly, just plain stupid.
"you think they knew the anti-spyware app was rogue even before it got released?"
Are you kidding? OF COURSE I think that. It's blindingly obvious. That's what these companies DO, for crying out loud.
"also, since when are they the ones that do the bundling? they provide the adware, it's the anti-spyware company that does the bundling..."
It's one and the same, Kurt. The "anti-spyware company" that you refer to is an adware company. The "anti-spyware" application is a ROGUE anti-spyware app -- basically just a ruse to get the person to install the adware along with it.
"not the responsibility of the adware company... they're separate entities as far as i know, and i doubt an adware company is in a position to determine the efficacy of the software their adware gets bundled with a priori..."
I'm not quite sure why you can't get this through your head, but for the last time, IT'S NOT JUST A BUNDLE. A simple software bundle would mean that the two apps are simply packaged together, nothing more than that, and they can be installed and run independently. Not so with this arrangement. The adware MUST BE INSTALLED for the so-called (fake) "anti-spyware" program to work. Not just a bundle -- the two are intertwined and dependent on one another in order to function.
"agree on that point, but it's only very recently that that was brought up (i brought that up as a possible omission from the original article but nobody confirmed or denied it).."
Only very recently brought up? Dude...it's a GIVEN. Have you been living under a rock for the last few years? This is the very definition of "shady" -- stuff that, once installed, can't be uninstalled without major effort. That is shady behavior, in the PRESENT, not just the past.
"everything slows down your pc when you run it... there is no software that uses zero resources..."
Oh for crying out...now, you're REALLY stretching on that one! Of course I know that every application and process has an impact on system resource. Duh! But I think you and I both know what I was talking about. Either that or you really are much, much more obtuse than I had even thought up to this point -- not having ever noticed that adware/spyware are ill-behaved apps that tend to seriously bog down a system?
"it can when you're classifying something as malware or not malware... that depends only on the software itself and how it's presented to the user..."
No, it can't. Again, this company's past (and present) CANNOT be ignored. Period, end of discussion. My previous analogy still stands.
"if a company's past played a role then that old joke about windows being the biggest, most successful virus in the world wouldn't be much of a joke anymore..."
Say what? Dude, that example is so off the mark and irrelevent that it isn't even funny.
"if you'd prefer a less over-the-top example, look at cult of the dead cow (makers of the back orifice remote access trojan), or l0pht..."
Yeah, so, what about them? What's your point?
OK, I'm done with this guy.
paperghost:
""believe it or not but the anti-virus industry goes after virus creators too"
Never said they didn't. I said that the AV approach to simply stopping with the file, after a nice bit of file analysis, kinda sucks and ususally doesnt get the bad guys shut down."
they couldn't go after the virus creators if they stopped with the file...
however, they do recognize that the malware problem is a complex one and that to deal with a complex problem it must be broken down into it's component parts... one of those parts is bad software, another is bad people... anti-malware software in all it's forms and subcategories is meant to deal with the software part of the problem...
it should come as no surprise that the appropriate ways of dealing with the software problem aren't necessarily appropriate for dealing with the people problem... in fact, one could argue that adding detection/removal capabilities for a piece of software *solely* for the purposes of advancing an agenda against perceived bad people is an abuse of power and violation of the public's trust...
"Once again....go download a bunch of direct revenue software and try it out. Lots of people are still having issues with their software across security forums."
once again, that is information that was not originally presented... if it is an instance of their software that is known to be bad then so be it...
"....and for the record, i'm havng an increasingly difficult time trying to work out why, of all the hundreds of examples every single week of idiotic installs, you chose this particular one to zoom in on.
lets put aside all the what is / isn't file analysis for a moment, and simply focus on the *concept* of bundling an Antispwyare/adware appliction with...shock horror...*adware*."
lets disambiguate the terms, shall we? 1) an anti-spyware app isn't necessarily the same thing as an anti-adware app and the software was billed as an anti-spyware app...
2) anti-adware apps deal with the part of the adware set that intersects with the malware set, however adware is not a proper subset of malware...
therefore it is conceivable that, even if it was an anti-adware app, it could be bundled with benign adware without there being any conflict of interests... it would be weird, but not necessarily unprincipled...
i realize that's probably not the case in this circumstance, but again, details on the nature of the adware were thin in the original article...
trickyricky:
"Paperghost, it's obvious to me that Kurt is either very obtuse, misguided or simply out for a good troll."
argumentum ad hominem... if there is a flaw in the logic, demonstrate the flaw, don't attack the logician...
guillermo:
""you think they knew the anti-spyware app was rogue even before it got released?"
Are you kidding? OF COURSE I think that. It's blindingly obvious. That's what these companies DO, for crying out loud."
that's a sweeping generalization... sweeping generalizations are logically fallacious... it assumes that what is true under some circumstances are true under all circumstances...
""also, since when are they the ones that do the bundling? they provide the adware, it's the anti-spyware company that does the bundling..."
It's one and the same, Kurt. The "anti-spyware company" that you refer to is an adware company. "
but it's not the adware company that actually produced the adware in question... they just helped to distribute it... the point is that the producers of the adware can't necessarily be held responsible for the actions of those who utilize their services, rather they should be held responsible for not taking appropriate steps to prevent those abuses and not taking appropriate corrective measures in those circumstances where their preventative measures fail...
""agree on that point, but it's only very recently that that was brought up (i brought that up as a possible omission from the original article but nobody confirmed or denied it).."
Only very recently brought up? Dude...it's a GIVEN. Have you been living under a rock for the last few years?"
no it is not a given... the article did not specify what the adware did, only who produced it... i have already established that saying a piece of software is bad simply because it was made by bad people is logically fallacious...
""everything slows down your pc when you run it... there is no software that uses zero resources..."
Oh for crying out...now, you're REALLY stretching on that one! Of course I know that every application and process has an impact on system resource. Duh! But I think you and I both know what I was talking about."
yes we do, and you clipped the part where i said under which conditions theft of resources applied... users *can* choose to accept the resource impact of adware...
"not having ever noticed that adware/spyware are ill-behaved apps that tend to seriously bog down a system?"
another sweeping generalization... the bad ones certainly fit that bill, but not all...
""it can when you're classifying something as malware or not malware... that depends only on the software itself and how it's presented to the user..."
No, it can't. Again, this company's past (and present) CANNOT be ignored. Period, end of discussion. My previous analogy still stands."
see my comment to paperghost... when you're dealing with the software part of the problem the nature of the company who made the software is irrelevant - that falls under the domain of the people part of the problem...
""if you'd prefer a less over-the-top example, look at cult of the dead cow (makers of the back orifice remote access trojan), or l0pht..."
Yeah, so, what about them? What's your point?"
both started as organizations of dubious legality but eventually went on to produce beneficial software.. l0pht in particular went on to become part of @stake which in turn became part of symantec... the point is that just because a piece of software is made by people who've done bad things it doesn't make the software itself bad... i don't recall anyone calling lc5 (l0pht crack v.5) malware...
Kurt, you just absolutely astonish me in your pig-headed stubbornness and utter, complete ignorance and lack of common sense. I mean, honestly: Are you for real? Or are you really that obtuse?
Actually, probably just a troll, as has been previously hypothesized. Ah well, no use continuing this discussion. You're a lost cause, I'm afraid.
guillermo:
"Kurt, you just absolutely astonish me in your pig-headed stubbornness and utter, complete ignorance and lack of common sense. I mean, honestly: Are you for real? Or are you really that obtuse?"
ad hominem... see my response to trickyricky on that subject...
"Actually, probably just a troll, as has been previously hypothesized."
yes, i'm sure that must be it... and i'm sure google is full of evidence to that effect...
You're doing a really good job of trolling here. If that's not your intention, then at least it's a very accurate simulation.
Look, what's the point of continuing? Everyone can present to you all of these well-written, well-considered, completely logical and truthful arguments, and you'd just continue to do what you do: obfuscate the real issue, and use tortured logic and hair-splitting to come up with your counter-arguments. Everyone has realized that that is what they are dealing with, and thus the back-and-forth debate that at first exploded for a while, has now come to a grinding halt. Small surprise.
guillermo:
"Look, what's the point of continuing? Everyone can present to you all of these well-written, well-considered, completely logical and truthful arguments,"
how logical can they be if i'm not only finding logical fallacies in them, but naming those fallacies?
"obfuscate the real issue, and use tortured logic and hair-splitting to come up with your counter-arguments."
disambiguating a complex problem-space is not hair-splitting... nor is careful terminology usage...
as for obfuscating the 'real issue', not only have i conceded that the anti-spyware app in question deserves it's 'rogue' classification, i have also conceded that the adware in question is probably bad and that if it behaves as has been described then it is definitely bad...
however none of that behaviour was described in the source material (if you use 'source' as a way to describe why a piece of software is bad be prepared for the consequences of impenetrable literature, challenges of it's logical validity, challenges of it's legality when some adware peddlar decides to cry foul, etc.) and the argument against the bundling was generalized to such a degree that it suffered under the weight of it's own fallacious logic...
"the argument against the bundling was generalized to such a degree that it suffered under the weight of it's own fallacious logic..."
...in an alternate universe that follows what could only be termed as "Kurt Logic," I guess that would be true.
The funny thing is, you didn't even catch the sweet irony inherent in your exhortation to me to Google you for evidence that you're not a troll ("look up my past behavior, which will vindicate me"), juxtaposed with your arguments that DirectRevenue's past pattern of behavior is irrelevent and cannot be used in consideration of its present behavior.
Go ahead, try to tell me, "but...but...the two are not the same." Riiiiight.
No one, including me, is listening anymore.
Have a good day.
To Kurt (and I'm only going to say this ONCE):
A logical argument:
1) "All Elephants are pink."
2) "Nellie is an Elephant."
3) "Therefore Nellie is pink."
Logical? Perfectly.
But you know what a person with common sense would say to that?
4) "Elephants AREN'T pink."
What's my point? Simple:
1) "An Antispyware/AntiAdware program that WON'T WORK unless Adware bundled with it also runs is NOT Antispyware/AntiAdware. BY DEFINITION. Therefore, it is MISREPRESENTED and MISLEADING." Per Sunbelt's listing criteria: "uses false, misleading, confusing, deceptive, or coercive text or graphics to induce, compel, or cause users to install the software." You really need this one spelled out to accept the classification? Come on, your artful arguments tell me you're not that unobservant.
To all others:
Look at the pattern of Kurt's remarks. He tries to NEGATE just about every assertion you make. Result? Maximum upset. Hence I am only making this one post. Let him write whatever he wants from here on out - the handling is NOT to grant power through further communication. If you just drop this thread, you'll feel better - guaranteed. (Except maybe Kurt...)
guillermo:
"juxtaposed with your arguments that DirectRevenue's past pattern of behavior is irrelevent and cannot be used in consideration of its present behavior."
no, i said their past behaviour cannot be used in consideration of whether their software is bad...
pete:
your understanding of logic is quite good - in your elephant example you clearly demonstrate the effect that starting with a bad assumption can have...
it's unfortunate that you don't see your own bad assumption by calling an anti-spyware "antispyware/antiadware"... adware is not the same thing as spyware just as elephants are not pink...
Don't think for a second that I'm in favor of adware.... and the irony of this install is akin to Aluria and WhenU in bed together... Best Offers is a bad company and this install is crazy. But I'm going to have to side with Kurt's logic on this.
Sure, if it's a company with a bad history, that places an even greater amount of scrutiny on the product. However, just because it comes from a company checkered history doesn't immediately prove guilt. Untrustworthy, yes. Automatically guilty, no.
Unfortunately the Anti-spy industry in many cases treats these untrustworthy players as "Guilty until proven innocent" (as Guillermo illustrates so well). I've even seen AS industry people take a vindictive approach to punish companies with a bad record.
If listing criteria does indeed dictate what is and isn't spyware/adware/unwanted, then the other area where the industry falls down is due process. Criteria aren’t always applied evenly across the industry. Players like Google, Yahoo, and AOL appear to have immunity where others do not. Take the example given:
[quote] Per Sunbelt's listing criteria: "uses false, misleading, confusing, deceptive, or coercive text or graphics to induce, compel, or cause users to install the software."[/quote]
That does sound bad doesn't it? But consider that a whole lot of anti-spyware software companies use this tactic in order to get users to bite: Panda, Pest Patrol (look at their home page – "They’re watching"), Aluria and more use misleading, confusing, and coercive tactics in order to induce users to install their software.
Kurt wrote: "i see no reason why what anti-adware and anti-spyware folks do shouldn't hold up under careful scrutiny..."
Amen.
Kurt is presenting very logical arguments here but the industry is not always logical. It’s subjective, biased, and motivated by profit.
Sheesh. OK, one last time:
"no, i said their past behaviour cannot be used in consideration of whether their software is bad..."
Yeah. I know what you said.
And now you're trying to tell me that YOUR past behavior SHOULD be used in consideration of whether your CURRENT behavior is GOOD.
Irony, pal. Irony.
Also, let me get this straight: You guys are comparing a legitimate antispyware company such as Pest Patrol's marketing slogans with an adware company's deliberate packaging of its adware along with ROGUE (i.e., not legitimate in any way, shape or form) "antispyware" program, such that one cannot be installed without the other? Are those the two things you are trying to equate?!
Last time I checked, companies such as CA, Sunbelt, Panda, Webroot and the others do not (a) also function as adware companies, (b) put out "antispyware" products that give false results (c) require an installation of adware in order to install themselves, and (d) have histories of force-installs of their software.
When any of the above companies begin exhibiting that behavior, then maybe, just MAYBE, you will have a valid argument. Until then, no dice.
TheCaptain,
It might be a good idea to announce your affilliation. Based on your IP number, you are an employee of IAC, parent company of Ask.com, iWon, etc.
Just my 2 cents.
guillermo:
""no, i said their past behaviour cannot be used in consideration of whether their software is bad..."
Yeah. I know what you said.
And now you're trying to tell me that YOUR past behavior SHOULD be used in consideration of whether your CURRENT behavior is GOOD.
Irony, pal. Irony."
irony is invoking 'irony' under the banner of a logical argument to illustrate what's wrong with challenging an apples-to-oranges comparison while endorsing an apples-to-apples comparison...
"Also, let me get this straight: You guys are comparing a legitimate antispyware company such as Pest Patrol's marketing slogans"
don't look at me... near as i can tell only one is guy making that comparison and he ain't me... while i agree that companies that might otherwise be considered good have been known to employ scare tactics, i don't think it's pertinent here except possibly to underline the presence of a double standard...
So Good old c'ptain Kirk =ASK head of internet security blah-blah and Alex Eck is head honcho at Sunbelt.PG is an unemployed scouser with a knack for waxing lyrical and rox0ring teh adware man...Sorry Kurt who are you ?
theCaptain is my after hours handle for saying what I think. Opinions expressed are solely my own and not motivated by my daytime affiliations. Sadly I forgot to make my post last night (having written it at home) and had to post it from the office in the AM. I will now go out and purchase a copy of ghostsurf. 
Sigh...Well, TheCaptain has been outed, and Kurt STILL doesn't get it.
Time to call it a day on this thread.
Outed? LOL. My alter ego is a known entity at other places. That's how William Gates put it together. He probably didn't even need the Personally Identifiable Information that was disclosed in violoation of the website's privacy policy to do it either.
Regardless, you didn't make your alter ego known to others HERE, including me, until Alex and William figured it out. So, yes, outed.
..."unemployed scouser".
LOL :P
william gates:
"Sorry Kurt who are you ?"
someone who's already given more than enough information about himself for others to determine that i am not the mouthpiece of some adware company... i'm not employed in the adware industry or anywhere in the anti-malware industry (unfortunately)...
not that it matters... my arguments should be judged on their content, on their merits, not on where they come from, especially here were the majority of participants are posting pseudonymously and where there's no real authentication of people's identities anyways... hmmm, judged on their content - that sounds a lot like my main argument, that bad software should be judged on it's content/on what it does...
of course the participants here seem to prefer appeals to authority (argumentum ad vericundiam) so to put it in those terms i'll posit that the authority here is alex eck and his own posted documentation specifies criteria for judging advertising software as bad that does not include the history and/or character of it's creators...
guillermo:
"and Kurt STILL doesn't get it."
it is a well established practice to judge the creators of bad software as bad based on the fact that they created bad software... to then go and judge the software as bad based on the fact that it was made by bad people creates a circular argument... the only thing i don't get is why it's so hard for people to see that...
Kurt,
Educated and intelligent people get your argument. And yes, of course, everyone's arguments should be judged on their merit. I think we've completed this discussion.
-K
"it is a well established practice to judge the creators of bad software as bad based on the fact that they created bad software... to then go and judge the software as bad based on the fact that it was made by bad people creates a circular argument... the only thing i don't get is why it's so hard for people to see that..."
I get the argument totally, HOWEVER its a commercial world out there. The commercial world works on reputations.
In fact they have a name for it in Business - Goodwill. Ask anyone who manages a company, about Goodwill - where a company is worth more than the Sum of the Assets. People pay more for a "percieved" quality product/brand....and vice versa - will avoid something that has a bad reputation.
Anyone here going to buy Enron shares? (not sure if they are disbanded or not as I am a UK resident, but if they were ressurrected, then the onus would be on them to prove to the Investors that they were cleaner than clean - because they are selling).
If you don't get that argument you may understand one of Criminality. If you have a previously convicted peadophile, they are banned from working with all children - based on their past behaviour (at least here in the UK). Why are they banned from working with children - because its likely that they will reoffend and no one wants to take that RISK.
If someone repeatedly commits the same offence, they are given harsher and harsher penalities for each subsequent crime. eg if I kill one person, i may get 10 years in prison, kill 2 and that may go up to 30 years, kill 3 and I could be in there for natural life.....
Thus, as Direct Revenue is trying to sell us something - ie its their product, onus is on them to prove that its a good product, not on us to believe their words. They have years of bad reputation......
So does that mean their products are inherently bad? No it does not mean that. What it does mean though, is that they have to be more open than other companies are if they want to re-earn our trust. (Every company out there starts out with a blank slate, and gradually after useage/reading reviews and the like, we build up our own ideas of what they are like).
As far as I am aware, although Alex may correct me, this has not been done. If they have nothing to hide, they should not mind documenting the various things that this particular "bundle" will do. What could it hurt? Nothing as far as I can see.
E.g What registry keys it affects, what system files are changed, what files it installs?
So what does all this boil down to? We have a maker of previously "bad software" producing new software. Is this new software clean? May be - maybe not.
Will I download this software and try it? No I won't because the source is unreputable. For the same reason, I wonuld not buy a Laptop from some random person who approached me on the street. Laptop may be perfectly legitimate, but I doubt even you Kurt would buy it? Or would you?
Finally, the reason that its up to the Antispyware community to partially label software producers as well software, is because of what the consumers want. When we download software, it interacts with the rest of our other software. Its not like buying a dodgy toaster - which if it dies, won't neccesssarily affect all your other appliances eg your washing machine, dishwasher, radio etc. With computer software, one bad piece of software can wreck thousands of pounds of information held on the computer. Therefore, its important to consumers, that they are informed before hand of possible "bad reputations" so they can avoid them. I refer you back to the person on the street selling you a laptop - would you buy it?
Nor is it like when you make a purchase from a high street store. When you do that, there are protections built in by law - consumer protection acts and the like, 7 day guarantees etc.
Without a proper regulatory body, it means that REPUTATION becomes much more important.
Well said, K1. And one more point that has repeatedly been either ignored, glossed over or simply overlooked by the apologists here is that the so-called "antispyware" product that they are trying to sell is -- once again, it needs to be said -- a *rogue*, FAKE antispyware product. It deliberately gives false positives! (And if you do not believe that this is done deliberately, then you have some learning to do about how these companies operate.)
"Thus, as Direct Revenue is trying to sell us something - ie its their product, onus is on them to prove that its a good product..."
Exactly. The onus is on them -- and just by virtue of the fact that they are (a) associating themselves with a fake antispyware product, (b) requiring their adware product to be installed before the so-called, useless, fictitious "antispyware" program is installed, and (c) trying to pass this off as a legitimate antispyware solution -- they fail miserably.
"t is a well established practice to judge the creators of bad software as bad based on the fact that they created bad software..."
There you go, using the wrong tense again. Not "they created," past tense -- but rather "they are creating," present tense.
"to then go and judge the software as bad based on the fact that it was made by bad people creates a circular argument..."
This is not what I'm basing my judgment on at all. There is no circular argument here. Their CURRENT practices are shady and reprehensible. I'm willing to even throw out the indisputable fact that the company engaged in egregious behavior in the past. Just for you, guys, to make you happy, I'll ignore that. It doesn't matter. Their present behavior is still egregious, as I described.
"the only thing i don't get is why it's so hard for people to see that..."
Perhaps because there is nothing to see?
The thing that I don't understand is so hard for you people to see is just the simple common sense and basic logic that should be blindingly obvious to any intelligent person here. So many people (mainly, lawyer types, or people that are desperately trying to defend their own bad behavior), equate "intelligence" with expertise in obfuscation and deflection. When in reality, it is much simpler than that, and if you want to break it down to its *simplest* form, it boils down to The Golden Rule. If you are trying to follow that rule, do you sell fake, useless "antispyware" software that gives false positives and goads people into also installing adware? No, you do not. In my mind, at the end of the day, after all word-mincing is finally done, it's as simple as that.
k1:
you make a good argument for something i've already been agreeing with - that is that one should be suspicious of software created by people with a shady past...
what i don't agree with, however, is automatically equating that with being definitely bad or lumping that in under an existing malware classification that isn't based on suspicion...
existing malware classifications are based on sofware behaviour and presentation, and while i absolutely agree that some software shouldn't be trusted even when it fails to meet any malware definition i don't think that alone justifies giving it a malware label and implying (as that does) that the software is definitely bad...
i think what this underlines is the need for a secondary classification system based on trust/suspicon/reputation... i've agreed since the beginning that this kind of software probably shouldn't be trusted, and i agree that users of an anti-whatever product probably would like to be notified when they have shady software on their systems, but lets not call the shady software something it isn't just because we want to draw their attention to it...
guillermo:
"And one more point that has repeatedly been either ignored, glossed over or simply overlooked by the apologists here is that the so-called "antispyware" product that they are trying to sell is -- once again, it needs to be said -- a *rogue*"
that hasn't been overlooked... it's been conceded... not only that, there's been secondary admission of concession... there really is no point in harping on a point your opponent has already agreed to multiple times...
""t is a well established practice to judge the creators of bad software as bad based on the fact that they created bad software..."
There you go, using the wrong tense again. Not "they created," past tense -- but rather "they are creating," present tense."
strictly speaking, we can't analyze software they haven't finished making yet... therefore my tense is correct...
""to then go and judge the software as bad based on the fact that it was made by bad people creates a circular argument..."
This is not what I'm basing my judgment on at all. There is no circular argument here. Their CURRENT practices are shady and reprehensible. I'm willing to even throw out the indisputable fact that the company engaged in egregious behavior in the past. Just for you, guys, to make you happy, I'll ignore that. It doesn't matter. Their present behavior is still egregious, as I described."
this STILL judges the software based on the character of the people who made it and therefore is still a circular argument... i never specified judging the software based on the creators PAST behaviour, so the tense argument you seem to be making here falls down...
"it boils down to The Golden Rule. If you are trying to follow that rule, do you sell fake, useless "antispyware" software"
i've been talking about the adware that was bundled with it... i've already conceded that the rogue anti-spyware was really rogue...
"that hasn't been overlooked... it's been conceded... not only that, there's been secondary admission of concession... there really is no point in harping on a point your opponent has already agreed to multiple times..."
You say you concede to it -- but then in making your arguments, you completely ignore it. That is not a concession, in my book.
"strictly speaking, we can't analyze software they haven't finished making yet... therefore my tense is correct..."
What the hell are you talking about, "haven't finished making yet?" It's finished, it's here, you can download and install it right now!
"this STILL judges the software based on the character of the people who made it and therefore is still a circular argument..."
No it doesn't. As I stated many times before, I am judging the software based upon what it currently does -- it's current behavior. You're just not reading. Again: Let's throw out, for the moment, the fact that the company engaged in force-installs and other reprehensible behavior in the past. That is a fact, but we will ignore it for the sake of this argument.
It changes nothing. For the sake of the argument you're trying to make, it doesn't even matter who made the software, or the character of the same. I make my judgments based upon the software itself (the rogue antispyware and the adware that installs along with it). Whether or not you even take into consideration the character of the makers of the software, the conclusion is the same.
"i never specified judging the software based on the creators PAST behaviour, so the tense argument you seem to be making here falls down..."
Look at it again. You were trying to make the (false) point that I was creating a circular argument by judging this software based upon the fact that it was made by bad people (which assumes a history of bad behavior). Although it is true that the software is made by people with a history of bad behavior, this is not the argument I was making at all. Once again: Throw out the fact that it was made by such people -- heck, let's even lie and say it was made by people that have a history of GOOD behavior. It doesn't change a thing. The software itself, in its current form, is reprehensible.
"
i've been talking about the adware that was bundled with it... i've already conceded that the rogue anti-spyware was really rogue..."
Sorry pal, but you can't separate the two in order to further your flawed arguments, just as you cannot install one with installing the other. They are inextricably intertwined and in cahoots with each other. You say you concede to the fact that the adware is bundled (and not just bundled, but required for installation of) the rogue antispyware -- and then you proceed to completely ignore that fact and try to address the adware separately. You can't compartmentalize the two.
You guys argue like lawyers -- adding false layers of obfuscation and complexity to something that in reality is much simpler and direct.
I love these two statements by theCaptain:
"Don't think for a second that I am in favor of adware..."
"Opinions expressed are solely my own and not motivated by my daytime affiliations."
So, you're not in favor of adware, but you work for a company that is associated with adware -- but we're expected to conveniently ignore that fact when considering the opinions that you express here. Right. I think that about says it all.
"is bundling advertising software inherently bad?"
In itself, no.
However, I would like to see ONE example of a company that does this which does not also:
1) Advertise one thing (like the Antispyware product) and do something else (false positive, doesn't detect actual spyware) => this is the very definition of FRAUD
2) Do something on your system without your knowledge of it (remember Tetrimania and "tsadbot.exe" in the early days?)
3) Or any one of the many listing criterias various legitimate antispyware companies use to determine "malware".
So no, Kurt, bundling IN ITSELF is not bad. Since this is true, try to find a bundled advertising software you like, download and install it on your system, and let us know how it went.
Exactly. And essentially the point I was trying to make, oh, about 40 or so posts ago., in my very first post in this thread.
I don't think anyone (besides Kurt, and maybe theCaptain, anyway) was interpreting this as simply an innocent "bundling of software." Software bundles in and of themselves are perfectly fine -- but that's not the crux of this discussion, now, is it?
guillermo:
"You say you concede to it -- but then in making your arguments, you completely ignore it. That is not a concession, in my book."
because i'm talking about something else... a different part of the whole...
""strictly speaking, we can't analyze software they haven't finished making yet... therefore my tense is correct..."
What the hell are you talking about, "haven't finished making yet?" It's finished, it's here, you can download and install it right now!"
ok, please make up your mind then, because before you said they were currently making it... they can't be currently making it and finished making it at the same time...
""this STILL judges the software based on the character of the people who made it and therefore is still a circular argument..."
No it doesn't. As I stated many times before, I am judging the software based upon what it currently does -- it's current behavior. You're just not reading."
excuse me, but every time i've said that the software has to be judged by what it does instead of who made it you've responded with "the company's past absolutely cannot be ignored."... not once have you agreed with me that software can't be judged as bad on the basis of it's behaviour alone - that is until now... it seems like you're trying to weasel out of your previous statements...
""i never specified judging the software based on the creators PAST behaviour, so the tense argument you seem to be making here falls down..."
Look at it again. You were trying to make the (false) point that I was creating a circular argument by judging this software based upon the fact that it was made by bad people (which assumes a history of bad behavior)."
it does not assume a history of bad behaviour... they could have no history and still be bad people by virtue of doing something bad right now...
"Once again: Throw out the fact that it was made by such people"
but previously you said "No, it can't. Again, this company's past (and present) CANNOT be ignored. Period, end of discussion."... please make up your mind - either you can ignore these things in certain contexts or you can't...
""i've been talking about the adware that was bundled with it... i've already conceded that the rogue anti-spyware was really rogue..."
Sorry pal, but you can't separate the two in order to further your flawed arguments,"
separating them is a requisite for breaking the issue down into it's component parts - otherwise known as analysis, part of the foundation of critical thinking... since when is critical thought not allowed?
"You guys argue like lawyers -- adding false layers of obfuscation and complexity to something that in reality is much simpler and direct."
i'm sorry you feel breaking an issue down into it's component parts makes it more complex and obfuscated... it is most certainly not false, however..
OK, so what's a kosher bundle? FULL DISCLOSURE: I'm WhenU's marketing VP, and I have strong opinions on the subject that (usually) match those of my employer.
obi wan:
"So no, Kurt, bundling IN ITSELF is not bad. Since this is true, try to find a bundled advertising software you like, download and install it on your system, and let us know how it went. "
no, that's quite alright... i was just trying to establish something... while i now know that the anti-spyware in question is rogue even without the adware bundle, at the time it seemed like the argument being made was that it was rogue simply because it was bundled with adware produced by a known adware company...
there can be 2 possible reasons - either bundling adware is inherently bad, which you agree is false, or the adware itself does something bad, which wasn't established in the source article at all...
simply saying it was a 'known bad version' of their adware would have been enough to correct the problem but the implication from the way it was presented was that it was bad simply because of who made it...
as it stands the mention of the adware bundle in the original article only adds the property of suspicion to scenario and quite frankly i expect more from a malware analysis than suspicion... it doesn't need to go into full details of the adware when describing why spy-shield is rogue, but it should at least indicate that the adware matches an instance where a thorough and complete analysis was performed...
Kurt, I semi-agree with most of your underlying arguments, but the case in question is (at least) the exception that proves the rule. Have you actually downloaded this bundle?
"because i'm talking about something else... a different part of the whole..."
Yes, you certainly are talking about something else. Certainly not talking about the crux of the matter at hand, are you?
Once again: You cannot talk about "a part of the whole" while ignoring the whole. You can't claim you are "breaking an issue down into their components parts" while at the same time dismissing the most important parts as being irrelevent to the discussion.
"ok, please make up your mind then, because before you said they were currently making it... they can't be currently making it and finished making it at the same time..."
You're getting all caught up in a stupid game of petty semantics, aren't you? When I said you were using the wrong tense, I was arguing against your assertion that I was judging the company on past behavior, on things it had previously done or previously created -- as opposed to its current output, which is the product at the heart of this discussion. The point was that regardless of any past behavior, this particular product that we are discussing is evidence that the company is indeed still in the business of creating an egregious product.
"excuse me, but every time i've said that the software has to be judged by what it does instead of who made it you've responded with "the company's past absolutely cannot be ignored."..."
That is only because you keep insisting on ignoring not only the companies' past, but also their present behavior. And taking it even further, you insist on ignoring one component of that behavior (the fraud inherent in the rogue antispyware application), while claiming to "acknowledge" it, when making your arguments.
"not once have you agreed with me that software can't be judged as bad on the basis of it's behaviour alone - that is until now..."
Wrong. My very first post, if you were reading, says exactly that. While it is true that the company's past should not be ignored (because again, this issue cannot be compartmentalized as you seem to insist on trying to do, but rather, it must be taken as a whole), it is also true that I never made that a requirement for judging the merits, or lack thereof, of the software itself.
"it seems like you're trying to weasel out of your previous statements..."
That's funny. I think the weasel moniker more readily applies to the likes of people like theCaptain, but maybe that's just me.
"it does not assume a history of bad behaviour... they could have no history and still be bad people by virtue of doing something bad right now..."
Right.
"but previously you said "No, it can't. Again, this company's past (and present) CANNOT be ignored. Period, end of discussion."... please make up your mind - either you can ignore these things in certain contexts or you can't...""
Once again, as I've said over and over again: The company's past cannot be ignored, as this entire matter MUST be looked at as a whole. It cannot be compartmentalized so that the adware is considered separately without acknowledgment of the fraudulent antispyware application that it is packaged with. They are partners in crime. By the same token, the company or companies involved should be taken into consideration, and that includes their histories.
However, strictly for the sake argument, mind you, since you were so insistent on telling me that I was making the circular argument that "because a company's past is bad, and the product is therefore made by bad people, then the product must be bad," I was willing to throw that out. Strictly for the sake of your argument, you see, to illustrate that the case against this product would be strong either way. It is still an egregious product, no matter how you slice it, even if the company's past is overlooked. But in any other instance other than for the sake of making that narrow argument, the company's past should NOT be overlooked.
"separating them is a requisite for breaking the issue down into it's component parts - otherwise known as analysis, part of the foundation of critical thinking... since when is critical thought not allowed?"
Nice try, and I would agree 100% with your statement, if not for the fact that you are ignoring and/or summarily dismissing some component parts completely, in favor of one component only. You say you're breaking down the issue into its component parts, but actually in your world, it appears to have only one part: the advertising software. I don't see you paying any attention to the other parts.
I am an applications analyst, and in any such analysis and "critical thinking" that I've been involved in, a requisite of that has been to consider the problem as a whole, to look at the big picture, and to never, EVER lose sight of the other components of a problem or proposed solution while working on one particular component. Never should one component be analyzed without also considering how it fits into, is associated with, is influenced by, or influences, the other components.
"i'm sorry you feel breaking an issue down into it's component parts makes it more complex and obfuscated... it is most certainly not false, however.."
No, it's not the breaking down of the issue that inherently makes it more complex and obfuscated. It is your deliberate layering of FALSE (yes, false) layers of complexity into the issue, obfuscation of the real issue at hand, and refusal to fully acknowledge other factors in the equation in order to further your own arguments that is making this a tedious affair.
I guess at this point, since I doubt you are going to change, we'll just have to agree that we will never see this eye-to-eye.
But I will repeat Alex's first comments that started this whole thing: "Oh boy, this takes the cake." "Absolutely unbelievable."
Yes. Alex has it right, and in my opinion, any attempt to dilute that simple reaction is just so much whistling in the wind.
Kurt, I posted this before reading your other post to Obi-Wan (scrolled past it, I guess). But I have to say you actually posted something there that I mostly agree with.
"while i now know that the anti-spyware in question is rogue even without the adware bundle, at the time it seemed like the argument being made was that it was rogue simply because it was bundled with adware produced by a known adware company..."
I think it mostly seemed like that only to you, and that the others here recognized it as rogue by virtue of the article's mention of the results they obtained on antispyware scans, and the fact that it is listed as rogue on Spywarrior.com. But regardless, at least now you realize that your initial impression of the arguments that were being made was incorrect.
"or the adware itself does something bad, which wasn't established in the source article at all..."
Agreed, it wasn't established in the source article. I would argue again, however, that simply the fact that it is packaged as a requirement in order to install rogue software doesn't exactly give the underlying adware high marks or instill consumer confidence, now, does it?
Even if the adware itself does nothing but the usual annoying adware things, such as popping up ads, phoning home my Internet activity to marketers, and so on, its association with a fraudulent antispyware program should be enough to give one pause as to whether it is "good" adware (if indeed there is such a thing).
But I do agree that there could have been more of a thorough malware analysis done on the adware in order to inform us of exactly what it does, or there could have simply been a statement that it is "known bad adware."
I would venture to guess, however, that the article's author did not take it upon himself to determine whether the adware was "good" or "bad," since it is the general position of that site (and of all people I have met, for that matter) that any and all adware is by its very nature unwanted, and therefore "bad."
And this is where we obviously do not see eye-to-eye.
I do not agree that the statement, "bundling adware is inherently bad," is false. Adware is a different beast than other applications, and there are other factors involved. In most instances, the method of bundling is what comes under scrutiny. For example, as I am sure you are aware, adware frequently uses bundling tactics such as:
1. Misleading or scant descriptions of exactly what the adware is and what it will do if one installs it.
2. Requiring that the adware be installed in order to install the desired program. (Most other software "bundles" do not carry such a requirement, and the different applications in the bundle can be chosen to be installed separately.)
...among other bad tactics.
However, your statement that the article could have been more specific about the nature of the adware itself and what it does when running on a system, rather than offering specifics only on the rogue antispyware application, is well taken, and I agree with that.
Perhaps Alex, or Ben Edelman, could pop in again and fill us in on the specific behavior of this particular adware.
Guillermo said: "So, you're not in favor of adware, but you work for a company that is associated with adware -- but we're expected to conveniently ignore that fact when considering the opinions that you express here. Right. I think that about says it all."
As usual your logic is flawless. It's the same logic that says - If it comes from a company that had made adware in the past, it must automatically be bad. The point I've made is that there is lack of due process (and add scientific method) in the industry and twice now you've proved my point with statements like the one above. And yet again, your premise is incorrect – I do not work for an adware company. The views expressed are my own.
Guillermo said: “I do not agree that the statement, "bundling adware is inherently bad," is false. Adware is a different beast than other applications, and there are other factors involved. In most instances… “
In most instances?!?! Again, using a blanket generalization to prove one’s point is inherently a flawed argument.
Yes, all the adware bundle implementations that I've seen to date are bad. But again, the premise that all adware is bad automatically based on “most instances” is a false one.
Adware + Software = Bad Install
This is a true statement in the case where:
Adware has been installed without informed consent
Adware is fraudulent
Software is fraudulent
Software is worthless
[I think everyone agrees here that in this particular case, the install is definitely bad]
Currently, Guillermo will be 100% correct in his assertion that "bundling adware is inherently bad," despite his flawed logic and generalizations. But not because he believes that all adware is bad therefore all installs are bad.
Imagine that you could get software that would provide you 100% protection against all malware (virus', spyware, phising, etc). It would do this without any system resource overhead and with an unequivocal 100% privacy assured guaranteed. No longer would you need to have AV software, 3 different AS software, a firewall, etc. Complete protection - no worries. All free except for you are shown 3 ads during the day that are tailored to your needs/wants/desires. That is a value proposition that some customers will probably find attractive saving them annual fees plus scanning time, etc. Users have affirmed this business model and accepted intrusive advertising in the TV industry (and in some respects for content on web sites), because the content is good enough that they are willing to make that trade off rather than part with hard earned $ (Pounds, Euros, Yen). It’s a trade off and consumers make. Therefore it is possible that:
Adware + Software = Good Install
The assumption here is that the content (software) is good enough to warrant the intrusion. That is a subjective judgment call that should be made by consumers but is currently being made by Anti-Spyware companies. However, in every informed consent adware implementation that I’ve ever seen, in my opinion, the content or value provided is no where near good enough to warrant the intrusive nature of the software. Nor probably will it ever be due to the economics involved. The economics dictate that adware can only afford to be bundled with crapware. (How much and 3 ads per day afford?) Customers are not willing to accept a higher level of intrusion therefore it can’t be effectively monetized. The bottom line here is that customers are relying on the Anti-spyware software (and paying) to make that judgment call for them. That level of trust means that there is a responsibility to use a sound methodology and/or clear philosophy in your determinations.
[BTW, IMO The overt adware business model is doomed because it will never be able to afford the value to make the trade off acceptable to consumers, and it will never be trustworthy enough to assure your privacy.]
Guillermo, what dept. do you work for at Sunbelt?
theCaptain,
Guillermo doesn't work for Sunbelt, I don't even know who he is.
I agree with him completely though.
So Alex, you agree with Guillermo completely... but how do you feel about what theCaptain said?
Wow. This is just too easy. I have to congratulate theCaptain in his mastery of making an accusation and then unintentionally shooting down that same accusation, all in the course of a single post.
Guillermo said: "So, you're not in favor of adware, but you work for a company that is associated with adware -- but we're expected to conveniently ignore that fact when considering the opinions that you express here. Right. I think that about says it all."
theCaptain responds: "As usual your logic is flawless. It's the same logic that says - If it comes from a company that had made adware in the past, it must automatically be bad."
...which, of course, is a statement that I never made. One does not need to look at the company's past in order to figure out that this current arrangement is bad.
Then theCaptain goes on to say: "And yet again, your premise is incorrect – I do not work for an adware company. The views expressed are my own."
As Alex correctly pointed out, and as you have even acknowledged, you work for a company that has direct ties to adware. If you're trying to get into petty semantics argument about the difference between the two, I'm not biting.
"The point I've made is that there is lack of due process (and add scientific method) in the industry and twice now you've proved my point with statements like the one above."
Oh yes, I've unfairly judged you as being an employee of an adware company, based only on the "scant" information that Alex gave about your originating IP which places you squarely in their court, and your statements admonishing us all that your statements are your own and not associated with "your daytime affiliations." Oh, shame on me for making such an "unfair" judgment! Please.
And then for the clincher: "Guillermo, what dept. do you work for at Sunbelt?"
Uh, and you were saying something about unfairly judging people? You were trying to make an argument about false premises? You were trying to admonish me for making some sort of "baseless" assumption?
And now with that hilarity out of the way, to address his other points one by one:
"the premise that all adware is bad automatically based on 'most instances' is a false one. "
...and it is a premise that I never established. You are the one that is trying to pin that on me. The very reason that I said "most instances" instead of "all instances" should have tipped you off that I was not trying to establish the premise that you are accusing me of establishing.
And then, miraculously, you start making a bit of sense:
"This is a true statement [that it would be a bad install] in the case where:
Adware has been installed without informed consent
Adware is fraudulent
Software is fraudulent
Software is worthless"
Let's take these individually:
1. Installed without informed consent: The person downloads the so-called antispyware program based upon the false belief that it is a useful security utility. Upon running the installation program, the user is then informed that in order to install the antispyware program, an adware program must also be installed. In my book, that would qualify as "without informed consent." The user is not aware of this arrangement until after the purchase of the fraudulent "antispyware" program. It doesn't have to be a stealth-install in order to qualify for the first category.
2. Fraudulent adware: What would you define as "fraudulent adware"? Perhaps, adware that pops up advertisements for software such as the fraudulent antispyware program? Because I looked, and that is exactly what this adware does. Some of the ads it brings up are for legitimate products, but it did bring up a pop-up for the fraudulent antispyware program itself.
3. Software is fraudulent: I believe we have well established that the antispyware software is fraudulent.
4. Software is worthless: By virtue of being fraudulent and gives false positives, we can easily establish that the "antispyware" software is worthless.
So, 4 for 4 in my book. The last three findings can't really be argued. The first point may be argued a matter of degree in defining "informed consent," but even then, it's 3 for 4. That is enough for a condemnation as far I am concerned.
"But not because he believes that all adware is bad therefore all installs are bad."
I don't believe that; never said that. I've never encountered an adware program that I didn't want to get rid of, this is true, but that does not translate into believing that all adware is bad or that all methods of its installation are bad.
However, I believe that we have sufficiently established that THIS particular one is bad.
"The assumption here is that the content (software) is good enough to warrant the intrusion. That is a subjective judgment call that should be made by consumers but is currently being made by Anti-Spyware companies."
Yet...somehow...you don't see any consumers complaining about the judgments that the antispyware companies are making about removal of said content. Gee, I wonder why that would be? Anyone care to hazard a guess?
"separating them is a requisite for breaking the issue down into it's component parts - otherwise known as analysis, part of the foundation of critical thinking... since when is critical thought not allowed?"
The cog in the machine, by itself, serves no useful purpose. It's what the cog does to transfer power that gives it value.
The cog you are trying to break down - the "adware" - by itself does not add value (unless you WANT the advertising it provides while taking up your bandwidth and CPU cycles). In addition, have you been able to get the adware without the rogue spyware?
As a network engineer myself, ANYTHING I add to the system runs the risk of enhancing or breaking one or more other things. You do need to analyze the part by itself, but you canNOT call the analysis complete without also taking into account how it functions as part of the whole. Otherwise, one might say your "critical thinking" is biased
Note: I'm beginning to agree with Pete's observation...
My original challenge:
"So no, Kurt, bundling IN ITSELF is not bad. Since this is true, try to find a bundled advertising software you like, download and install it on your system, and let us know how it went. "
Your response:
"no, that's quite alright... "
That really sums it up, doesn't it?
amanda:
"Kurt, I semi-agree with most of your underlying arguments, but the case in question is (at least) the exception that proves the rule. Have you actually downloaded this bundle?"
no, and i don't think i should need to...
if someone says it's bad (as the source article's author seemed to be doing) they should say why it's bad...
guillermo:
"Kurt, I posted this before reading your other post to Obi-Wan (scrolled past it, I guess). But I have to say you actually posted something there that I mostly agree with."
that's nice to hear... so the parts on their own you objected to but the whole, the place i was going with it all, is mostly ok... good to know - perhaps there's something to be learned there about the presentation of an argument...
"I think it mostly seemed like that only to you, and that the others here recognized it as rogue by virtue of the article's mention of the results they obtained on antispyware scans, and the fact that it is listed as rogue on Spywarrior.com. But regardless, at least now you realize that your initial impression of the arguments that were being made was incorrect."
i admitted that particular error in the 27th comment... and then on multiple occasions conceded the fact that the antispyware in question really was rogue...
"Agreed, it wasn't established in the source article. I would argue again, however, that simply the fact that it is packaged as a requirement in order to install rogue software doesn't exactly give the underlying adware high marks or instill consumer confidence, now, does it?"
honestly, that seems pretty standard as far as advertising supported {anything} goes... it's not exactly like i get to opt out of commercials on conventional tv without opting out of the channels that are showing them... likewise with radio.. and ad supported dial-up internet service (which i have in fact used)...
"Even if the adware itself does nothing but the usual annoying adware things, such as popping up ads, phoning home my Internet activity to marketers, and so on,"
to be honest, pop-ups would be enough for me to classify it as malware... the purpose of pop-ups is to make sure the ad is right in front of whatever else the user might be doing and informed consent doesn't cover that as nobody agrees to being constantly interrupted while trying to work or get whatever they're trying to get done done... a single ad window cycling ads should be as far as an instance of adware goes if it wants to stay 'benign'...
and sending gathered info back to a 3rd party would qualify it as spyware which could only be legitimate with informed consent AND the ability to opt out of that feature at install time or any other time you choose...
"its association with a fraudulent antispyware program should be enough to give one pause as to whether it is "good" adware (if indeed there is such a thing)."
i still think an adware company isn't in the position of determining the 'goodness' of the software their adware gets bundled with... not just from a logistics point of view but also from a technical point of view - their software gets bundled with applications from all kinds of different fields so in order to determine the quality of those apps they'd need experts in all those different fields to analyze the app before a bundling agreement could be reached...
"I would venture to guess, however, that the article's author did not take it upon himself to determine whether the adware was "good" or "bad," since it is the general position of that site (and of all people I have met, for that matter) that any and all adware is by its very nature unwanted, and therefore "bad."
And this is where we obviously do not see eye-to-eye."
indeed... i accept that some people will accept the advertising trade-off because i have accepted it in certain circumstances (though nowadays i tend to lean more towards open source software) and i know that many others have as well.. i also know that some people will never accept that trade-off or understand why some people do - and i understand this perspective also because i know someone who likes to read spam and i can't understand why...
obi wan:
"The cog in the machine, by itself, serves no useful purpose. It's what the cog does to transfer power that gives it value.
The cog you are trying to break down - the "adware" - by itself does not add value (unless you WANT the advertising it provides while taking up your bandwidth and CPU cycles)"
see my most recent response to you (rather than that one to guillermo)... the adware is most definitely a 'cog' in the machine and i guess if i'd given a better picture of what the machine looked like earlier on this entire conversation may have been a lot different...
ultimately i was looking to break down the entire bundle and in the case in question it was definitely implied that the adware was bringing 'something' to the table (not anything good mind you)... i thought that what that thing was deserved more examination than it got...
" My original challenge:
"So no, Kurt, bundling IN ITSELF is not bad. Since this is true, try to find a bundled advertising software you like, download and install it on your system, and let us know how it went. "
Your response:
"no, that's quite alright... "
That really sums it up, doesn't it?"
that's a personal choice... not everyone makes the same choices...
Kurt: I have to take issue with your position on pops:
"to be honest, pop-ups would be enough for me to classify it as malware... the purpose of pop-ups is to make sure the ad is right in front of whatever else the user might be doing and informed consent doesn't cover that as nobody agrees to being constantly interrupted while trying to work or get whatever they're trying to get done done."
People can and do agree to see a few pops per day in exchange for free downloads. And adware that caps frequency (showing an average of no more than 2-3 pops per day) generally garners extremely high CTR and conversion rates (lots of clicks AND lots of people actually making purchases after clicking). People don't click and buy unless they find the ads useful and timely. If you are about to book a flight or purchase a digital camera, and the adware pops you a competing offer to get the same deal for significantly less elsewhere, that's not an interruption -- it's a benefit.
But of course the vast majority of adware programs just drown people in a flood of irrelevant popups as fast as possible rather than focusing on actually trying to provide real value to the user with each ad served.
Kurt said: "no, and i don't think i should need to [install bundled adware]"
You mean you don't WANT to install ANY bundled adware? Even the 'good' ones that you were putting up such a defense for? Horrors!
Kurt said: "if someone says it's bad (as the source article's author seemed to be doing) they should say why it's bad..."
It misleads the customer with a fraudulent, fake, useless, rogue antispyware program purchase. It then requires the customer to install adware along with it (something that wasn't evident to the customer before the purchase). Its antispyware scans come up with false positives, misleading the customer into thinking that his/her system is infected with malware that it is not infected with -- perhaps leading to even more paranoia and purchases made under a false pretense. The adware's EULA is not shown front and center, and is a typically convoluted read, once found. There is no attempt to fully indicate what the adware will do on a system once the adware is installed and running. The adware pops up ads for fraudulent software. The adware resists full uninstallation; a (true) antispyware utility is required to get rid of it entirely.
Honestly, now: Do I really need to go on? What else, pray tell, might you, or anyone else, require as an explanation as to why this is bad?
Kurt said: "that's nice to hear... so the parts on their own you objected to but the whole, the place i was going with it all, is mostly ok... "
Nope. False conclusion again. As I have been telling you, "the whole" of this matter is what you consistently have refused to acknowledge in your arguments…until now (as I see by your paragraphs that follow this). And the place you were going with this all was...well, mostly around and around in circles, but certainly to no place that is "mostly ok" with me. I agreed with you on precious little, that's for darn certain. But I was simply pointing out a few things in your post to Obi-Wan that I did agree with. A rare occurrence in this thread, to be sure.
Kurt said: "i admitted that particular error in the 27th comment... and then on multiple occasions conceded the fact that the antispyware in question really was rogue..."
Again, your so-called "concessions" read instead like summary dismissions. They were always tempered and diluted by the fact that you then discounted the knowledge that the adware is packaged with fraudulent antispyware. Your modus operandi was to (a) claim that you "recognize" or "concede" to the fact that the antispyware program is fraudulent, and then (b) apparently say to yourself, "OK, now that I've said that, I can fully ignore it and argue my points based upon the adware only, completely discounting the fact that the two components are full partners in crime." Again, as I've said, you were examining a single component while ignoring the rest, while claiming that you were not ignoring them. A nice little game you were playing there; hope it was fun for you.
Kurt said: "honestly, that seems pretty standard as far as advertising supported {anything} goes...it's not exactly like i get to opt out of commercials on conventional tv without opting out of the channels that are showing them... likewise with radio.. and ad supported dial-up internet service (which i have in fact used)..."
Wow. Now let me get this straight: You are trying to compare (a) a FRAUDULENT "antispyware" program that only notifies customers after their purchase that adware must be installed along with it, with (b) commercials on convential TV?!?
1. Conventional TV and radio is FREE and supported by commercials.
2. Everyone understands that #1 is the arrangement from the get-go.
3. Nothing fraudulent is going on.
4. The customer is not duped into purchasing a product that says it is one thing but actually is nothing of the sort.
5. Ever heard of TiVo and DVR? I can easily skip over commercials if I want to, with this extra purchase. Tell me an equivalent to this with the fraudulent antispyware/adware arrangement. Tell me how I can "skip over" the adware and run the antispyware program independently. I can't. And even if I could, the antispyware program is completely useless anyway.
Really, Kurt, you can’t be serious this this comparison.
Kurt said: "to be honest, pop-ups would be enough for me to classify it as malware..."
OK, and since the prefix "mal" means "bad," and this adware does bring up pop-ups -- even pop-ups for fraudulent products -- then what is our logical conclusion? Come on, you can say it, I know you can. That's right: The adware is bad.
Kurt said: "the purpose of pop-ups is to make sure the ad is right in front of whatever else the user might be doing and informed consent doesn't cover that as nobody agrees to being constantly interrupted while trying to work or get whatever they're trying to get done done... a single ad window cycling ads should be as far as an instance of adware goes if it wants to stay 'benign'..."
Well, the main purpose of pop-ups is one thing: to make money. But regardless, I can agree with you that a single ad window cycling ads is preferable to multiple pop-ups. But since that is your stated requirement for deeming an adware program "benign," and this particular adware program pops up multiple windows and does NOT just cycle ads, then again, what is our logical conclusion? Ding! This adware is not benign! Now wasn't that easy?
Kurt said: "and sending gathered info back to a 3rd party would qualify it as spyware"
...which is what this adware does, so again, what is our logical conclusion? That's right: this adware qualifies as spyware according to your criterion.
Kurt said: "which could only be legitimate with informed consent AND the ability to opt out of that feature at install time or any other time you choose...
... and this FRAUDULENT antispyware program does not provide a way to opt out of the installation of the adware along with it, so...what is our logical conclusion? Bingo! It is not legitimate! I think you're finally seeing the light.
Kurt said: "I still think an adware company isn't in the position of determining the 'goodness' of the software their adware gets bundled with..."
You got that right. No argument from me there, although we might be coming to the same conclusion for different reasons. I hold that the adware company is not in the position of determine the 'goodness' of the software it is bundled with simply due to the fact that adware companies are typically populated by the type of people that I would not trust one whit in determining the 'goodness' or 'virtue' or 'ethical quality' of ANYTHING that they are associated with.
Kurt said: "indeed... i accept that some people will accept the advertising trade-off because i have accepted it in certain circumstances (though nowadays i tend to lean more towards open source software)"
Good decision. I find myself leaning more towards open source these days also. Unlike you, I have never accepted advertising trade-offs in software, and by taking that stance, I have never found myself in a situation where I lacked for a certain functionality that I couldn't get without accepting such a trade-off. I found that there was ALWAYS something out there, some alternative that offered the same or near the functionality I wanted, but without the ads.
By your response to Obi-Wan, it sounds like your view of adware is actually much dimmer than you let on, since at the same time you keep stating things that play into the hands of the adware maker's defensive stratagem, you also make the "personal choice" to NOT install ANY bundled adware at all. So, I can reasonably gather from that statement that the stuff doesn't serve any useful purpose to you. Small wonder, huh? I have yet to meet anyone that actually says, "I like adware! I find it very useful!" And still...there must be gullible people like that out there, whom I suspect don't even realize where the pop-ups are originating from ("my computer is telling me I need to buy this"), and whom then act upon it...unfortunately to the tune of many millions of dollars for the adware business. A sad, dishonorable way to make a living, in my book.
A few typos in there (as usual with my posts -- editing on the fly)...
The one I should point out is that "dismissions" should be "dismissals," of course.
Wow! This is still going on? OMG!
Seems like Obi-Wan and Guillermo have the bases covered, overall.
I did find one point interesting by Amanda: "People can and do agree to see a few pops per day in exchange for free downloads. And adware that caps frequency (showing an average of no more than 2-3 pops per day) generally garners extremely high CTR and conversion rates (lots of clicks AND lots of people actually making purchases after clicking). People don't click and buy unless they find the ads useful and timely. If you are about to book a flight or purchase a digital camera, and the adware pops you a competing offer to get the same deal for significantly less elsewhere, that's not an interruption -- it's a benefit.
"But of course the vast majority of adware programs just drown people in a flood of irrelevant popups as fast as possible rather than focusing on actually trying to provide real value to the user with each ad served."
Amanda's point in the manner of exchange (2-3 RELEVANT pops per day for free software) is what I would expect of an ethical adware company, and an ideal scene for it. Sadly, corporate America is driven by PROFIT, not ETHICS and EXCHANGE. Open source comes closest to the latter, as this type of software is written by the many for the many (sounds like a decalaration of independence to me) and the members of the community themselves can review and keep ethics in place on each other. This is what has megacorpUSA (Microsoft, etc.) scared - they can't control it (no single target to zero in on).
But I digress. Ads have their place - in benign banners on web pages, commercials, and the like. Adware is too intrusive, in my opinion, and for that reason alone will never be widely accepted. (I've never had a commercial hijack my car while I was driving it to advertise to me; compare that to adware hijacking my computer!)
Bottom line: The POWER OF CHOICE of the consumer is what repeatedly gets violated, and thus has earned adware a negative connotation. Until and unless the adware makers address this point, they will always be considered "bad".
(Amanda, I hope you get this point for your superiors - do a survey to find out what consumers most hate about Adware, and what they think could be done to improve it, rather than take my opinion. I think you'll find this point borne out. Some people, like me, will never be accepting of it. Many others will, though, if this one point - power of choice, informed, upfront and honest - is granted to the consumer. Then your industry will have a chance to earn some goodwill and respect. It takes longer to make a profit, but it's far far less risky in terms of loss of profits due to bad will generated, lawsuits, etc.)
Peace to all...
Hi Pete. My superiors already get it; we don't need to do surveys to know that users must be in control of the desktop. That's why we do dirt simple disclosure and easy uninstall, with a toll-free number for live help on each ad served. That's why we show fewer and more relevant ads.
The point is not to avoid lawsuits but to serve both consumers and advertisers (our twin masters) better. A fully opted-in consumer is more valuable to advertisers, and the more relevant the ad, the more likely that people will click and buy (people who are tricked into clicking are worthless to advertisers).
Of course, you have to be willing to tolerate a smaller business to operate with this level of transparency.
Re: the intrusiveness of adware ads -- well, that's what can make them so valuable to consumers if done right. While the bundling business model is often compared to ad-supported TV shows, from the consumer perspective, the experience of the ads is different. It's more like when you're about to buy Cheerios at the supermarket but a tag on the shelf says Wheaties are on sale, so you choose Wheaties instead. Or you're driving the family to Disneyworld and a billboard urges you to stop and Eat at Joe's.
You can't make billboards or shelf tags go away, but you can close a popup or uninstall the program that generates them. So an argument can be made that adware -- when done right -- is the ultimate in consumer choice and control.
Unfortunately, very few companies do it right, but I think that will change over the next year, through a combination of legal challenges, "name-and-shame" efforts, and (most importantly) through the demonstrated success of companies that operate with greater transparency and focus on consumer choice, value and control.
...did anybody actually try the application in question yet?
amanda:
"People can and do agree to see a few pops per day in exchange for free downloads."
just because they click the agree button doesn't mean they're giving informed consent... you can't tell them what they'll actually be doing when the pop-ups pop up, you can't give them enough information for them to predict how it's going to affect/interfer with their computer usage, therefore when they click the agree button they are not fully informed...
"And adware that caps frequency (showing an average of no more than 2-3 pops per day) generally garners extremely high CTR and conversion rates (lots of clicks AND lots of people actually making purchases after clicking)."
capping frequency just means there's less motivation to try and get rid of it... figuring out what's going on on their computer and what to do about it takes a lot of effort for the average user and if there are few ads then it's not a compelling enough reason to put that effort in... imagine, however, what would happen if the barrier to getting rid of the adware were lowered... if there was a button on each ad window clearly marked "never show me ads again" how high do you think the ctr and conversion rates would be then?
"People don't click and buy unless they find the ads useful and timely. "
or unless the ad window pops up right where they were about to click anyways and they happen to be prone to impulse buying (which i gather a significant portion of the population is)...
guillermo:
i considered responding to your post point by point but then i realized that my response to just about every point would be the same - i wasn't talking about that...
i don't know what more i can do... i've stated repeatedly what i was talking about... in one case i just responded to you when you were talking about adware on its own and you come back and imply i was talking about rogue anti-spyware/adware bundles...
it's clear to me that we actually mostly agree since you stated you mostly agreed to the post to obi wan that contained all the parts of my arguement put together...
until you accept that 'separation' is part of analysis and start respecting the divisions being drawn between the different parts of ideas and concepts instead of suggesting that what was said about part A was actually said about part B or a union of parts A and B and thereby twisting the meaning of everything said into an impressive array of strawmen, i'm affraid i don't have anything left to say to you except "i wasn't talking about that"..
paperghost:
" ...did anybody actually try the application in question yet?"
the point of posting a malware analysis is to tell people why something is bad so that they don't have to try it themselves and see what's wrong with it first hand...
Kurt:
"just because they click the agree button doesn't mean they're giving informed consent... you can't tell them what they'll actually be doing when the pop-ups pop up, you can't give them enough information for them to predict how it's going to affect/interfer with their computer usage, therefore when they click the agree button they are not fully informed..."
Actually we can and we do provide full disclosure. The software doesn't interfere with computur usage in any way. It shows pops when it appears (to the software) that the message may be useful to the user.
"capping frequency just means there's less motivation to try and get rid of it... figuring out what's going on on their computer and what to do about it takes a lot of effort for the average user and if there are few ads then it's not a compelling enough reason to put that effort in... imagine, however, what would happen if the barrier to getting rid of the adware were lowered... if there was a button on each ad window clearly marked "never show me ads again" how high do you think the ctr and conversion rates would be then?"
WhenU has lowered that barrier. There is a toll-free number for live help displayed on every ad so that even the most clueless user who cannot find the Add/Remove in the Windows control panel can simply pick up the phone and call for help.
"or unless the ad window pops up right where they were about to click anyways and they happen to be prone to impulse buying (which i gather a significant portion of the population is)..."
What's wrong with impulse buying? As long as the pop doesn't seek to trick the user, or cover up the site they are visiting, what's the big deal? But WhenU is actually more focused on comparative shopping, not impluse buys -- the idea is to present the consumer with other options that are relevant to what the user was in the midst of searching for, not to distract them with irrelevant impulse buys.
Kurt:
"until you accept that 'separation' is part of analysis and start respecting the divisions being drawn between the different parts of ideas and concepts instead of suggesting that what was said about part A was actually said about part B or a union of parts A and B and thereby twisting the meaning of everything said into an impressive array of strawmen, i'm afraid i don't have anything left to say to you except "i wasn't talking about that".."
Well, glad to see that after all of that, we apparently agree on most points (although boy, it sure wasn't looking like that for most of this thread).
I have to say that I was NEVER arguing that separation is not an important part of analysis. I do not have any problem at all with examining specific components of a multi-part issue. But I DO have a problem with examining just one specific component while ignoring/dismissing/failing to take into consideration the other components. As I've said, any such analysis that loses sight of how the particular component under examinination fits into, is associated with, is influenced by, or influences the whole, is an inherently flawed analysis.
That is what I saw that you were doing, and I called you on it. Perhaps the reason you thought that I, and others, were applying an argument that was about Part A to Part B, or joining the two, is simply because of the fact that they ARE joined, intertwined, codependent...'bundled,' if you will. You took our examination of the individual components as part of the whole and misconstrued it as a failure on our part to be able break down the argument into individual components. In reality, we simply refused to take your approach of analyzing a single component within a vacuum, excluding every other component of the equation.
Eventually, especially in your post to Obi-Wan, you brought those other elements into your argument, treated them as equals, and incorporated them into your analysis of the singular component (the adware) that you had been focusing on with blinders attached, to the detriment of your "critical thinking." We were trying to get you to approach your analysis with this broader view in mind, rather than refusing to see the forest for the trees, and eventually you did that, to your credit.
And so lo and behold, after you had finally done this, it turned out that you are in agreement with the rest of us on most, if not all, points.
Well, that was fun. If we are in agreement, then I guess this argument is over.
Have a good weekend, all.
100th post! I win! :P
Kurt said: i don't have anything left to say to you except "i wasn't talking about that"..
I second that. It's not even worth the time to try and correct. Let it be.
Kurt said: imagine, however, what would happen if the barrier to getting rid of the adware were lowered... if there was a button on each ad window clearly marked "never show me ads again" how high do you think the ctr and conversion rates would be then?
I think that this is an important point. The issue here is the direct relationship between content and value being derived. Looking that the TV model – in the consumers mind, there is a direct relationship. To turn off the commercial, the value must go away (TIVO excepted). However, with adware there is not a strong direct relationship between Adware A and Software bundle B's benefit. Very few examples come to mind of software that would fit this category... LOL except perhaps security software – when you turn it off, your security goes away. [Yikes, I think I just said that security software is a great candidate for bundling with adware, oh noes, I’m gonna get it now]
In other words, the problem here is that adware is delivering ads whenever the user uses the machine (or surfs the 'net), not just when they are deriving the benefit of the downloaded software.
" ...did anybody actually try the application in question yet?"
the point of posting a malware analysis is to tell people why something is bad so that they don't have to try it themselves and see what's wrong with it first hand...
But....this is a blog. A *blog*. I've never seen anyone on here claim this blog is here to "analyse" anything. Its simply Alex E waxing lyrical on the latest spyware news, along with some of the rest of the Sunbelt gang. If they *do* post analysis here, well bonus. But surely if you want cutting analysis of what something does, then you should go to Sunbelts research centre pages.
Alex's initial post also never claimed to analyse anything. That is his right as blog owner. He simply links to a story about a rogue antispyware app which has the cheek to bundle in software from a notoriously controversial company and (quite rightly) says OMGWTFBBQ.
The whole malware analysis thing came from yourself, unless I'm mistaken (and i can't be bothered reading the above from scratch).
The execution and intention of the post wasn't about researching / analysing what direct revenue's software does.
i would suggest, if you wanted that, then a blog isn't the first place you'd go looking for it? Its certainly not where I'd go looking.
amanda:
""just because they click the agree button doesn't mean they're giving informed consent... you can't tell them what they'll actually be doing when the pop-ups pop up, you can't give them enough information for them to predict how it's going to affect/interfer with their computer usage, therefore when they click the agree button they are not fully informed..."
Actually we can and we do provide full disclosure."
full disclosure of all the information it is in your power to give, but it is outside of your power to tell them what the pop-up window will cover when it comes around...
"The software doesn't interfere with computur usage in any way. "
covering a portion of the screen (inherent to pop-up methodology) that is probably already in use by another application and possibly of great interest to the user IS interfering with computer usage...
""imagine, however, what would happen if the barrier to getting rid of the adware were lowered... if there was a button on each ad window clearly marked "never show me ads again" how high do you think the ctr and conversion rates would be then?"
WhenU has lowered that barrier. There is a toll-free number for live help displayed on every ad so that even the most clueless user who cannot find the Add/Remove in the Windows control panel can simply pick up the phone and call for help."
well, i don't know about the other folks here but if i found a pop-up with a phone number on it, i would definitely NOT call that number... sorry, it's not comparable to putting the uninstall button right on the ad window, it doesn't lower the barrier nearly as much...
"What's wrong with impulse buying?"
i have a decidedly utilitarian streak so i won't pretend to have an objective answer to that...
paperghost:
""the point of posting a malware analysis is to tell people why something is bad so that they don't have to try it themselves and see what's wrong with it first hand..."
But....this is a blog. A *blog*. I've never seen anyone on here claim this blog is here to "analyse" anything. Its simply Alex E waxing lyrical on the latest spyware news, along with some of the rest of the Sunbelt gang. If they *do* post analysis here, well bonus. But surely if you want cutting analysis of what something does, then you should go to Sunbelts research centre pages."
alex' post pointed us to a page that described what seemed very much like the results of an analysis... except that it included mention of adware without indicating what was bad about the adware or even if the adware had been examined at all... in essense, it seemed incomplete...
"The whole malware analysis thing came from yourself, unless I'm mistaken (and i can't be bothered reading the above from scratch)."
the source article contained the results of a malware analysis...
"the source article contained the results of a malware analysis..."
It is NOT "malware analysis". It is a *blog entry* that may or may not assume some pre-aquired knowledge, and describes what the latest rogue antispyware tool does. I mean, that's just too bad. All blogs do this, because they are primarily looking to cater to the readership they have built up, and some pre-aquired knowledge is a given, especially in this subject field. Suzi posts on her blogs sometimes two or three times every few days..to assume she has to include every single piece of info on everything written down is madness. That's why blogs have categories and search engines.
The thought also occurs to me that maybe all these posts should have been made on the SWW site, considering that's where all the confusion seems to be stemming from?
I mean this whole thing is stupid anyway - you're saying the writeup on the Spyware Warrior is missing information on what Direct Revenue's software does.
Well humour me for just one second and use the mighty power of her search engine, or (even better) Google - problem solved.
Not only are you seemingly demanding that her blog does something it was not designed to do (it is a NEWS SOURCE....*not* detailed malware analysis), you are also (through this) having to turn a blind eye to the very structure of a blog and its inter-related nature which would solve your supposed "problem" in seconds...namely categories and built-in search engines, and (as a lat throw of the dice, if you still cannot find out anything about Direct Revenue software), Google. This seems to be a very artificially contrived problem at this point.
Last post, ever.
paperghost:
""the source article contained the results of a malware analysis..."
It is NOT "malware analysis". It is a *blog entry*"
it is a blog entry about a peice of malware the author analyzed, written in such a way as to inform the reader as to what the author discovered... ergo it contains the results of the analysis...
"All blogs do this, because they are primarily looking to cater to the readership they have built up, and some pre-aquired knowledge is a given, especially in this subject field."
some pre-acquired knowledge should not mean knowledge of the precise version of adware bundled with the rogue anti-spyware app...
"Suzi posts on her blogs sometimes two or three times every few days..to assume she has to include every single piece of info on everything written down is madness. That's why blogs have categories and search engines."
she doesn't have to include everything, but she should have included 5 simple words ("a known bad version of") to qualify her inclusion of the adware bundle... she either did look at the adware closely enough to know that it was a known bad version (in which case her presentation misrepresents the scope of her effort), or she didn't (in which case her analysis really is incomplete)... i'm going to assume the former, but that's an assumption that ideally i shouldn't have to make...
"The thought also occurs to me that maybe all these posts should have been made on the SWW site, considering that's where all the confusion seems to be stemming from?"
well, it's true that my comments are out of band, but that's an odd remark coming from you all things considered (http://www.vitalsecurity.org/2006/03/how-far-do-
you-go-with-classification.html)...
had i posted it there i imagine it would have seemed much more like a personal attack than it was meant to be...
"I mean this whole thing is stupid anyway - you're saying the writeup on the Spyware Warrior is missing information on what Direct Revenue's software does.
Well humour me for just one second and use the mighty power of her search engine, or (even better) Google - problem solved."
no, problem not solved... that would tell me what some versions of direct revenue's adware does... it wouldn't tell me what the specific version in question does...
"Not only are you seemingly demanding that her blog does something it was not designed to do (it is a NEWS SOURCE....*not* detailed malware analysis),"
i'm only expecting an indication of thoroughness... even from a news source that shouldn't be too much to ask...
"you are also (through this) having to turn a blind eye to the very structure of a blog and its inter-related nature which would solve your supposed "problem" in seconds...namely categories and built-in search engines, and (as a lat throw of the dice, if you still cannot find out anything about Direct Revenue software), Google. This seems to be a very artificially contrived problem at this point."
none of those things would have told me what this particular version of direct revenue's adware does because this particular version was not uniquely identified...
not that i needed it to be uniquely identified... like i said before, 5 simple words ("a known bad version of") would have sufficed...
Kurt,
Gotta agree with Paperghost and others on that... "a known bad version of" would've been nice but not really mission-critical in this particular discussion.
"covering a portion of the screen (inherent to pop-up methodology) that is probably already in use by another application and possibly of great interest to the user IS interfering with computer usage..."
WhenU doesn't pop on top (though comparison shopping units do overlap a small portion of the product page being viewed to which they refer).
"if i found a pop-up with a phone number on it, i would definitely NOT call that number... sorry, it's not comparable to putting the uninstall button right on the ad window, it doesn't lower the barrier nearly as much..."
The toll-free # is sort of a fail-safe for less tech-savvy folks... each unit also has several links to unistall instructions on it.
Didn't mean to hijack this into a WhenU-specific discussion though... the broader issues raised are more interesting.
Kurt's argument seems to be based on the premise that there are actually "good versions" of DirectRevenue's adware as opposed to versions that are "known to be bad."
I'm certainly not aware of any DirectRevenue product that fits into the former category -- including the particular example in question. It looks like it's just another packaging of Aurora to me. Ever had to deal with nail.exe? "Known bad" would be an appropriate description of that nice little piece of crapware. Anyone know of any DirectRevenue products that DON'T fall into that category?
amanda:
"Gotta agree with Paperghost and others on that... "a known bad version of" would've been nice but not really mission-critical in this particular discussion."
well, gee... i guess i wasn't expecting a huge debate on every little point, the formulation of the argument, and the protocol by which it was expressed...
""covering a portion of the screen (inherent to pop-up methodology) that is probably already in use by another application and possibly of great interest to the user IS interfering with computer usage..."
WhenU doesn't pop on top "
then it's hardly the pop-up methodology to which i've been referring...
""if i found a pop-up with a phone number on it, i would definitely NOT call that number... sorry, it's not comparable to putting the uninstall button right on the ad window, it doesn't lower the barrier nearly as much..."
The toll-free # is sort of a fail-safe for less tech-savvy folks... each unit also has several links to unistall instructions on it."
that's STILL not a button that launches the uninstall wizard... ergo it still doesn't lower the barrier as much as an uninstall button on the ad window would...
guillermo:
"Kurt's argument seems to be based on the premise that there are actually "good versions" of DirectRevenue's adware as opposed to versions that are "known to be bad.""
no, at no time did i state or imply that there was any such thing... there's a huge difference between something being known to be bad and something not being known to be bad... further there's a huge difference between something being known to be bad and something only being suspected to be bad...
a malware analysis is not complete until the analyst has thorough knowledge of what is being analyzed, until all those things are _known_...
you can futher examine the adware in question if you like, and that will certainly improve the situation, but it won't change the omission in the source article...
"no, at no time did i state or imply that there was any such thing... there's a huge difference between something being known to be bad and something not being known to be bad... further there's a huge difference between something being known to be bad and something only being suspected to be bad..."
Demanding that a malware analysis state whether a DirectRevenue product is "known to be bad" or not, inherently carries the implication that you believe that there are versions of their products that are either "bad" or "not bad."
Also, in my opinion, demanding a malware analysis that states whether a particular DirectRevenue product is "known to be bad" or not is akin to demanding an in-depth analysis of whether a particular Al-Qaeda terrorist cell is known to be bad or not.
guillermo:
"Demanding that a malware analysis state whether a DirectRevenue product is "known to be bad" or not, inherently carries the implication that you believe that there are versions of their products that are either "bad" or "not bad.""
'fraid not... you've oversimplified the equation - there are 2 properties there, both of which can be true or false, that gives 4 possible states: known bad, known not bad, not known bad, and not known not bad... the 2 'not known's boil down to the same thing, of course, but that still leaves 3 states, not just 2 as you're claiming above...
"Also, in my opinion, demanding a malware analysis that states whether a particular DirectRevenue product is "known to be bad" or not is akin to demanding an in-depth analysis of whether a particular Al-Qaeda terrorist cell is known to be bad or not."
this implies that direct revenue adware is bad by definition (ergo bad by virtue of being made by direct revenue) which contradicts your previous claim to be judging the 'badness' based on what the software does rather than who made it... assuming you really do judge it based on what the software does rather than who makes it, so long as direct revenue are still in business the possibility exists that there exists an instance of their software whose 'badness' is at the very least undetermined and possibly (improbably) not bad...
but looking beyond that, while you seem to be focused on "bad" and "not bad" in this context, i am equally focused on that AND "known" and "not known"... a complete analysis should not leave any unknowns, if possible... i suspect this is leading us to not see eye to eye...
"'fraid not... you've oversimplified the equation - there are 2 properties there, both of which can be true or false, that gives 4 possible states: known bad, known not bad, not known bad, and not known not bad..."
Okie dokie...so even including "not known," my statement still stands. First, you make a false assumption that the article in question is supposed to be a thorough analysis, which as Paperghost pointed out so well, it is not. Second, your demand that such an analysis state whether something is "known to be bad" or not inherently implies that there are versions of DirectRevenue products that are either (a) known to be good, or "not bad", or (b) unknown to either good or bad.
So, my original statement (a couple of posts ago) still applies: Your demand inherently implies that you believe that there could be versions of DirectRevenue's products that fit either of the latter two categories. I had stated that I certainly am not aware of any that do, and asked if anyone knows of any known "good" or "NOT bad" DirectRevenue products. Or, to use your new category, any "unknown to be either good or bad" DirectRevenue products. I certainly am not aware of any of products of theirs that do not fit into the first category, "bad," using even your own criteria for determining whether an adware product is bad. So I ask again: Is anyone aware of any DirectRevenue products that would fall under these two latter categories? You are making the assumption that there are actually "versions" of their products that might, and I am telling you that based upon experience, I have not found one yet.
"this implies that direct revenue adware is bad by definition (ergo bad by virtue of being made by direct revenue) which contradicts your previous claim to be judging the 'badness' based on what the software does rather than who made it..."
Nope, afraid not. False conclusion, once again. I am judging based upon the actual SOFTWARE products that I have seen by this company -- INCLUDING the particular one we are talking about in this thread. (Yes, I tried it on a virtual machine.) It definitely fits your criteria for "bad" adware. I am judging solely by the software products themselves. I also thought I made it abundantly clear that I believe that the company's past should be taken into consideration -- but that even if it is NOT taken into consideration, as you keep demanding that it should not be, the conclusion is the same. The software product itself STILL bad. Go up to my previous posts and you will see that this is exactly what I was saying all along. No contradiction here at all.
Man, you are certainly good at going around and around and around in circles with an argument that should have been (and WAS) put to bed a long, long time ago.
You just keep hammering on a point that is inherently unreasonable (see Paperghost's explanation again of WHY it is unreasonable), just beating that long-dead horse (actually pretty much just a grease spot by now), into the ground, muddying up what should be, and IS, a cut-and-dried conclusion. If you don't believe me, just try the software. Your "unknowns" will be "knowns" in an instant. Never mind that the original blog entry article didn't do the "in-depth analysis" that you are demanding. Do it yourself, then. Or just take my word for it as someone who did try it. It's bad. It's KNOWN BAD, even according to your own criteria. And that is all there is to it.
Geez, man, is it any wonder that your name anagrams to "Writes murk"? This is the distinct feeling I get when reading your posts. I keep thinking that your common sense should kick it at any moment, and you'll realize that what everyone else is telling you is true, and that your demands are not only unreasonable but moot -- but alas...
guillermo:
"First, you make a false assumption that the article in question is supposed to be a thorough analysis, which as Paperghost pointed out so well, it is not."
i made no such assumption... i'd suggest rereading my response to him if i thought it would do any good, but i don't...
the author was writing as an authority, as someone who KNEW what that rogue anti-spyware app was all about... that implies they performed an analysis somewhere at some point... the article itself was to communicate to the reader what the author discovered about the rogue app... on that basis alone it is incomplete because it leaves an unknown... that could be because either the original analysis is incomplete OR the article simply misrepresents the actual analysis effort... whichever the case it results in an ambiguous statement about why the adware was considered bad...
"I had stated that I certainly am not aware of any that do, and asked if anyone knows of any known "good" or "NOT bad" DirectRevenue products."
if only that were enough... there's an old axiom that states you can't prove a negative... it applies here... you can't prove there are no good versions of their products so in formulating a logical arguement you must make allowances for the possibility that one exists... otherwise you're committing the logical fallacy of argumentum ad ignorantiam/argument from ignorance, where you argue something is so because it hasn't been shown to be otherwise...
further, until such time as EVERY instance has been analyzed there most certainly are instances where the 'badness' has yet to be determined by definition... and since you can't be certain you analyzed every instance you can never accurately state that there are none whose 'badness' has yet to be determined...
"I am judging solely by the software products themselves."
and i'm not stating otherwise, merely pointing out that comparison you made between direct revenue's adware and terrorist cells contradicted that...
a terrorist cell is bad by definition, the comparison implies direct revenue's adware is bad by definition... this is not consistent with judging based on what the software does...
"Geez, man, is it any wonder that your name anagrams to "Writes murk"?"
argumentum ad hominem...
"the author was writing as an authority, as someone who KNEW what that rogue anti-spyware app was all about... that implies they performed an analysis somewhere at some point..."
Sigh...I keep waiting for your common sense to kick in, but it never does.
It was more than enough analysis for me, for Alex, for just about ANYONE else that would read that article. You, sir, seem to be the sole holdout. That should tell you something. Alas, it probably won't.
The rest of your response is just so much more yada yada yada, blah blah blah. Ridiculous that you just keep hammering on what is a really, really stupid, and now absolutely moot, point.
I have nothing else to say to you except that your incredibly stupid, stubborn, ignorant, circular, unreasonable, hair-splitting, word-mincing, indefensible, little-to-no-common-sense arguments really "take the cake. Absolutely unbelievable."
wow all of this commotion and i missed it? maybe this is the new slashdot.
this kurt guy is hilarious. anyone that doesn't know or refuses to accept what directrevenue is all about has no business arguing anything here.
guillermo:
"It was more than enough analysis for me, for Alex, for just about ANYONE else that would read that article. You, sir, seem to be the sole holdout. That should tell you something. Alas, it probably won't."
oh, it tells me something alright... about something much bigger than this particular conversation, but something you don't want to hear...
"Ridiculous that you just keep hammering on what is a really, really stupid, and now absolutely moot, point."
perhaps i think what and how things are communicated to the public at large is more important than you do... perhaps i've even been around long enough to have seen similar problems evolve in a related field...
"I have nothing else to say to you except that your incredibly stupid, stubborn, ignorant, circular, unreasonable, hair-splitting, word-mincing, indefensible, little-to-no-common-sense arguments really "take the cake. Absolutely unbelievable.""
once again - argumentum ad hominem...
brad salinger:
"anyone that doesn't know or refuses to accept what directrevenue is all about has no business arguing anything here."
then it's a good thing there isn't anyone here who fits that bill...
LOL!
kurt, i hope you stick around here...this blog could use some comic relief every once in a while.
After all has been said, the original question still remains:
Kurt asked:
"is bundling advertising software inherently bad? "
How about plain Yes or No answers here with maybe 1 line of qualification. What do you say?
I should qualify the above question - we're not talking about THIS specific bundle, but in general, is every adware bundle automatically bad?
the answer is no... bundling advertising software is not inherently bad... it's usually only bad when that advertising software also happens to qualify as malware (spyware, trojan horse, etc)...
unfortunately a great deal of adware does qualify...
A TALE OF FREE SUSHI.
I got a great deal on some sushi the other day. In fact the company tells me they will provide free sushi for me as long as I want. Only problem was that it came with tapeworm eggs. Now don't get me wrong the sushi was wonderful. But the tapeworms are starting to grow a bit now. They don't really bother me but some people say they are bad. Should I listen to those people? I mean how can one tell if these particular tapeworms will be bad?
Now I found this company that claims they get rid of tapeworms with a special pill - however some people say they also bundle tapeworm eggs for a different variety of tapeworm in the pills - their pills do not get rid of their tapeworms. Should I order these?
Are they bad?
Is the pill company bad?
Are the bundled tapeworms bad?
Are tpaeworms inherently bad?
well, if your name is fry and you got the worms by eating ancient egg salad sandwiches after waking up in the year 3000 then i'd say keep the worms...
by the way, nice strawman...
Commenting by HaloScan
