Hacker News new | ask | show | jobs
by dendory 5315 days ago
There's three things here. First, adding a toolbar and screwing with user settings is freaking lame, but everyone does it and it's something that's been an accepted way to monitize software development.

However, injecting that into other people's software is low, especially if the developers aren't aware of it. CNET should be ashame.

Lastly, the way they present it to users should be plainly criminal. There's a way to offer additional programs, and that's with a checkbox. The screenshot they show is CLEARLY meant to confuse users, whereas even I would have clicked next hadn't I seen the circled text. On this point CNET should be sued for deceptive tactics, because they put NMAP (or the name of whatever you downloaded) as the title, and present buttons that are meant to deceive, making it seem like it's NMAP's own EULA.
3 comments
kermitthehermit 5315 days ago
I strongly disagree with the following part: "but everyone does it and it's something that's been an accepted way to monitize software development".

Here's why:

- bundling such software with any product kills trust in one single fire; why would I allow such a software to make it into my environment? What if there are additional hidden things inside the code which steal data from my system and send it to a third party or to the maker of the app? What if it steals my credit card info or if it uploads confidential data somewhere?

- it's a "no go" for people in corporate environments - if it has anything bundled with it (optional or not), it's not installed on any system inside the company, no further questions asked

- it doesn't matter if you offer a "paid" version without these things in it, how can I know you haven't added some other "extras" which steal data?

- if you choose to bundle software with your apps, you have some kind of issues with your business model

- bundling such software always exposes the user to all kinds of exploits, hacks and trojans

As for "optimizing" the experience of the persons on the receiving end of this crappy wrapper which shoves adware / malware / trojans down the people's throats, it's like saying we screw you over, but we intend to make it look GOOD and actually make you like it.

CNET and download.com should really be blocked at company level, along with all the security policies. They live in 2005-2006, not at the end of 2011. I doubt the guys running CNET are capable of coming up with any business model which doesn't involve making money off the software of other individuals.

link
CoughlinJ 5315 days ago
Piriform uses this to great effect. Not sure what they're taking in from their enterprise level offerings, but everyone and their brother uses their free products.
link
Zirro 5315 days ago
"but everyone does it and it's something that's been an accepted way to monitize software development"

No piece of software that I have installed during the past two years has done so, and I sure wouldn't accept it as a way of funding development. I'd rather pay for a product in that case.

Can you give a few examples from your list of "everyone"?

link
colkassad 5315 days ago
I think the Java runtime installer asks to install a toolbar. There is something else that I can't recall (flash runtime?) that asks to install the Ask.com toolbar all the time as well. Some popular open source projects too (PDFCreator).
link
marshray 5315 days ago
Hahaha, Sun/Oracle does it, therefore it's OK.

Ask me why I quit Java long ago.

link
kermitthehermit 5315 days ago
The flash download page asks you if you want to install an antivirus, I believe it's mcafee.

It's funny, though, that I encountered a "not so bright" person who simply told me "oh, I didn't know you could opt out, I was always uninstalling it afterwards".

You can also block the ask toolbar from downloading by killing toolbar.ask.com or the entire ask.com domain. It most certainly will not be missed.

link
nodata 5315 days ago
The difference is that Sun adds the toolbar installer itself (and earns the revenue from it).
link
colkassad 5315 days ago
My comment was in response to the fact that everyone is doing it, including software authors such as Sun.
link
lawnchair_larry 5315 days ago
Adobe tries to sneak Mcafee on your system with either flash or acrobat reader, which is worse and should also be criminal.
link
dlikhten 5314 days ago
Adobe does not pretent to give you an open source project like VLC player and bundle malware/adware into the installer as if VLC team did it. They even make the .exe signature identical to that of the original to fool people. Its wrong. and puts blame on the original makers. Its like if google wrapped every app submitted with ads that give only google money. The ads are annoying, and apps get bad reviews, but the app makers had no say in it.
link
vyrotek 5315 days ago
Trillian & Daemon Tools
link
pvarangot 5315 days ago
jDownloader.

Both of the free antivirus I know about for Windows (AVG and Avast).

link
Georgiy 5315 days ago
They do not injecting it, it's just a small downloader that helps to download applications even with bad connection. And potentially may use a p2p distribution, as for example some game developers upload their game clients(>1gb). Well-known companies pay per download for their software suits, and they don't really like to pay for the interrupted downloads.

Im not sure about the deceptive tactics, they just trying to get people attention, not just unmarking checkboxes without reading.

link
kermitthehermit 5315 days ago
Most trojan & trojan downloaders are also "just a small downloader that helps to download applications".

The only problem is that you will have to reinstall the OS, erase everything and need a new bank account or even a new job.

Also, HELLO, CNET, NICE TRY.

link
Georgiy 5315 days ago
Pff i just know the kitchen as i worked there for some time :) It's not a trojan or malware for sure. 3/43, http://www.virustotal.com/file-scan/report.html?id=cb2428c76...

Some crappy adware? probably :)

link
kermitthehermit 5314 days ago
What an antivirus says about some adware / adware downloader / toolbar doesn't matter - if it's adware, I don't want it; if it's shoved down my throat by some installer, I don't want it.

I had to deal with cleaning up a lot of machines in a corporate environment where the previous admin didn't care about security policies and security.

I found a gem, I think I might still have the photo somewhere, it was a PC which had so many toolbars in IE that they took more than half the height of the screen to display them all. Obviously, the "faces for yahoo messenger" and "good looking email" (incredimail) were among the installed "goodies" on that machine.

Just to make it clear, I see the adware installed by apps as exploits all kinds of assholes use on people who have no clue what security is about. Telling them they might find their bank account empty or that their email account might send emails with porn to their entire list of contacts usually gives them a hint about what they expose themselves to.

P.S.: If you really "worked" there and you stopped doing that, I can hardly see the point in defending them. Perhaps you're the guy they paid to write that adware injector ("the small downloader")? You come off as the guy who defends the company he's working for because he wants to keep his job.

Please stop trying to explain or excuse what CNET is doing. It's not ok.

link
marshray 5315 days ago
They do not injecting it, it's just a small downloader

Oh I am so going to tweet that.

link
klon 5315 days ago
Hello CNET
link