The apps that get installed are "crapware." This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.
If you want to stop this kind of thing you need to get angry at the people who fund it and make money from it. That includes Paul Graham and Y Combinator.
The prospect of making money does strange things to people's perception. PG knows damn well that is garbage that provides no value (rather, negative value) to the user and just pollutes society's computers. There is no way he would defend it under normal circumstances. Who would? Good job YC, you're the new Bonzi Buddy, the PC cancer. I can't wait to clean that shit out of my elderly relatives computers when they complain of sluggishness, crashes, and intrusive ads, like the good old days.
If I recall, the things that InstallMonetizer installs are less of the "persistent memory-resident toolbar-like crap" variety, and more of the "hey, would you like us to install VLC while you're here? Maybe Firefox? Google Earth?" type. Those aren't quite as bothersome (though they still are a nonzero amount of bothersome), because they don't do anything unless you choose to launch the program.
It is worth noting that PG's "white paper" came in response to pointed criticism leveled by a broad segment of the HN community and numerous opinions that YC was adding suck to the world. PG's points were the ending point of a long HN discussion not another of his essays.
In that context, PG didn't defend the practice, so much as report the facts on the ground in the software industry - i.e. it goes without saying that some industry people will rationalize crapware as no more intrusive than other software which collects data on users.
More relevant is that YC's association with the crapware provider was unrelated to crapware. See this post from the same thread:
They're working on something new, and all the office hours I had with them were about that. They're not even in our database of companies as InstallMonetizer but as the new thing.
I've gotten several emails from InstallMonetizer to use their system on my free app, but I didn't want to ruin the customer experience by bundling adware with the application. I've probably lost a not insignificant amount of money from not trying to capitalize on my free downloads.
"If you want to stop this kind of thing you need to get angry at the people who fund it and make money from it."
I actually believe that the people making money from it are: (1) the big search engines (2) companies promoting toolbars (3) toolbar publishers.
I believe the main issue is not DIVX's Conduit Toolbar (which from what I can see is fairly transparent - see below for my notes on their installation flow), but the parasitic nature of this industry funded mainly by the big search engines themselves: Google, Bing and Yahoo.
Conduit and Babylon toolbars generate revenue via their partnerships with the big three. They get paid to help search engines gain market share and generated revenue. This revenue model is similar to a parasitic model because the product, often very inconspicuously, "attaches" itself to the browser. This "attached" entity provides no real added value to the "host" or user. It "feeds" off of the user's searches and sponsored result clicks. On top of that, toolbars are often harmful to the user by causing browser slowdowns, freezes, crashes, HTML/JS injections, ad insertions, page rendering errors, etc.
However, the worst that I have seen in this space are advertisers pushing toolbars on Google, Bing and Yahoo by hijacking the products of popular freeware publishers (VLC, Adobe PDF Reader are examples). Here's an example with VLC: http://i.imgur.com/wesQBcF.png
Users trying to get VLC are duped into running these hijacked products. Though VLC is ultimately delivered at the end of the installation, most users won't see that they are also installing several add-on components like a Conduit toolbar.
If you download from VLC.Download-Insider.com and install their toolbar you'll get the following:
I'm actually quite surprised that this is still going on and that the big search engines are still allowing them to advertise a product they clearly do not have the rights to.
Based on the installation flow, the offer was stated, albeit very discretely. I hate homepage and search takeovers as much as everyone, but DIVX appears to be doing it in a transparent way (and I'm not sure why Chrome flagged their exe as being malicious).
That's an interesting sentiment, because most of the software in the Ubuntu, Debian, and other repositories is largely free yet we don't see this crapware there.
I think the problem is that these applications get to decide what gets installed with them. There's no reason to allow them to make that decision anymore.
You missed the part where Ubuntu was sending search requests to Amazon?
Ubuntu "exists" but it is not "stable" because Canonical, the company that creates the Ubuntu distribution and is losing money [1]. Their efforts at capturing sustainable funding have been largely unsuccessful. So eventually they too will be gone.
I actually don't see the difference between Ubuntu's Amazon search bar and a crapware browser toolbar.
In both cases, there are some defenses for it: it's not a terribly big problem, the developer can rationalize it in terms of obscure use cases where someone might actually want to use it, and you can always disable it once you realize it's there.
But in both cases, it's making your computer perform worse, showing you things you never asked for, and possibly breaking your expectations of privacy, just so that the developer can make a trickle of money from you.
That quote is taken a little bit out of context. The first part is referencing the opinions of others about InstallMonetizer - people said they think IM was installing crapware. PG said that crapware is a relative term, and if people have the option of declining to install something, then they deemed it to be not crapware. We can't handcuff everyone into making the same decisions we do - regardless of what we think the quality of the software and motives are. Educating users is the goal we should be shooting for, so when they see a screen with check boxes, they don't just hit agree and go on, they realize what clicking "I Agree" could entail. I think that message could be something along the lines of "Don't just agree, think before you click".
Bullshit. These kinds of installers trick people into installing things they would never install by choice. For example there are windows where ticking one checkbox disables installation of a toolbar, but ticking the next one enables a different one. So people read the text on the first one and then tick everything, which results in spyware being installed on their machine. The entire installation process for these kinds of things is like that because NOBODY who knows what they are actually wants to install spyware toolbars on their computer.
Would you consider tricking a person with poor literacy skills into signing a contract that gives them your house a moral thing to do? Why is tricking somebody into giving you full access to their computer any different? Also, much like legal contracts can still trick the literate, these installers can trick even technically proficient users who weren't expecting to suddenly have to engage in a battle of wits with their computer.
I believe that InstallMonetizer in particular designed the screen where you agree to install their crapware to look like other installers' EULA-acceptance page - see e.g. the second screenshot here http://www.little-apps.co.uk/blog/2012/11/why-was-this-other... In order not to get unwanted crapware, you have to click the Decline button, which would normally stop your desired software from being installed.
They even put the Decline button on the left, which goes against how virtually every other Windows installer (and wizards in general) are supposed to work.
Defending fraud is never acceptable. Those installers are designed to con users into economical exploitive agreements. Its no difference from sending false bills to people, or calling them on the phone and offer a "free"¹ subscription.
I have seen installers with right bottom for OK, and left to Cancel install, as is is standard. However, a few steps into the installation, a toolbar question came up where OK meant install toolbar and Cancle meaning not installing toolbar but continue install. Bascially, left button Cancel went from aborting the install to continue the install through a sleight of hand trick (deception). Since its done for economical gain, its fraud - As clear case as it can get.
Fraud: intentional deception made for personal gain or to damage another individual.²
¹: 3 year binding agreement with first month free.
If a person sends "offers of subscription" that just happen to look like a invoice, that is still fraud. It doesn't matter that people can elect not to "buy" by following the fine print that say "this is a offer".¹
If you want, I can list several similar crimes like salting the mine², the Romance scam², or the classic Nigerian scam. Each too allows the victim to opt out, each are equally fraudulent behavior, and equally illegal. The law do not require that the criminal has lied, only that deception has happened.
Giving the victim a chance to opt out does not give scammers a "get out of jail card". If it did, that would be the first thing any caught scam artist would say.
If something you didn't ask for defaults to being installed along-side what you did ask for, regardless of that thing is, it's crapware (imo).
Smashing 'next' in an installer should do the right thing: it should install the things you most likely need in the app you downloaded, in the place that makes the most sense on your system, etc. In almost no cases is the right thing installing some random ass toolbar.
At the end of the day, if people really wanted this software, the providers could default to making it opt-in and on balance they wouldn't be any the worse off for it.
There is a clear reason "I Agree" is pre-checked. Educating users is a band-aid, treating the symptom and not the cause. The cause is scummy companies like InstallMonetizer, and hopefully people like PG/YC will come to see how it hurts their brand, no matter how they think reality differs from peoples impressions of such companies.
Oh, well post under your real name then, so you won't run the risk of being tainted by his money, ideas and connections, should the situation ever arise that you've done something he would be a part of. (And I doubt very much that YC operates this way anyway.)
What's that? It's too convenient to vociferously denounce someone for having an imperfect track record while doing something so grand that you could scarcely imagine the decisions he's had to make? (If you tried, that is.)
There's a reason why the word "anonymous" is often followed by "coward" -- it's abusing anonymity when you run to it as a shield from which to make pointed criticisms against actual people who will actually read what you write. Anonymity, used bravely, can provide a defense against the mob. Used cowardly, it's a defense against scrutability.
First of all, if you click on anon1358's profile you'll see 3.5k karma... about as much as you have. If you read through his previous comments they are pretty mundane, so I don't think he's just changing nicks for comments like these.
Which is to say that there are reasons to use a different name online that don't involve secretly wanting pg to give you money/help...
It's also true that people doing grand things make more decisions, and hence more bad ones. I don't think that makes discussion of those decisions somehow off limits for discussion.
Like, I'm reading anon1358's comment, and yours. Yours reads like an ad-hominem. His reads like a "As a community we seem to disagree with pg on X, maybe if we band together he will listen". I agree he doesn't seem open to hearing the other side, but I think his tone is much more constructive than yours.
It's not ad hominem -- I'm not saying he's wrong because he's a coward. I'm saying if you're going to be so judgmental and flippant about a process you probably have never been involved with, and also so personal as to call out a person by name for their own decisions, don't be cowardly when you do it.
He could have very well-placed criticisms actually, I don't make any assessment one way or the other as to that question.
Bottom line -- the guy wants to hold PG accountable to some imaginary (but popular) standard, while evading accountability himself.
That doesn't make it ad hominem. That's a phrase used in the context of a debate. jessedhillon isn't after the argument at all. He's attacking a certain behaviour.
ad hominem: "Your point about global warming is invalid because you slap your children and I don't like that."
not ad hominem: "You slap your children and I don't like that."
He basically admits he didn't even consider the arguments. He calls the person a coward for posting anonymously. He's attacking the person's behavior irrelevant to the argument. Attacking the man, and admitting he never considered the argument at all. So if it's not considered ad hominem it's just trolling.
Putting crapware in installers and tricking people into installing it is unacceptable. Of course, I can't stop people doing it, but everyone who does it knows they are hurting their users in return for money.
I am easy to connect to my account name.
Happy now? How about you now discuss the issue, rather than ranting about how we shouldn't disagree with people who have more money than us.
so let me share this -- I've watched prominent HN users (top 10 leaderboard) attack a user's company because they disagreed with that user's posted opinion about software. Given their willingness to drag employers into a pissing match, not posting under your real name, or at least making it difficult to find, is perfectly rational.
Conduit is extremely intrusive and difficult to completely remove. There is no excuse for its behavior. They very clearly know it's malware and they try everything to keep it installed.
Yes, malware. Not just crap. Crap implies merely bad, this hides from you and tries to influence you and prevent you from removing it. Nothing merely crappy does that.
The last-remaining spot that kept coming back for me was that it wrote itself into Firefox's XUL - no plugin to remove, no toolbar, no hint that it had done something like that. I only found it because I decided to grep every file in every FF directory on my system.
If it gets installed on your system, or on someone else's, and you have Firefox installed, remove all the plugins and crap and reinstall Firefox.
Let's call this what it is. Not malware, just crapware.
Every service you sign up for, everything you install for free (minus some open-source stuff), offers you something, and defaults to yes. You have to un-check boxes to send you emails, to install crap, to agree to performance tracking, etc... If I don't like the terms of something, I simply don't use it. That's why I'm on Linux, Ubuntu to be precise (and I opted out of the Amazon lens - not because I hate it, but because I simply don't buy that much stuff from Amazon).
No. Crapware is some stupid program you should be able to uninstall via Control Panel (Windows) or drag from the App folder into Trash (Mac)
Anything for which the uninstall instructions (I define uninstall as 'completely remove everything related to this from my computer') go:
[To change the 404 error page]:
- Go to the Firefox folder: open Finder and navigate to Applications and right click on firefox.app
- Select MacOS, and delete the MACSearchTakeOver.js file (wtf?)
- Go to the folder Users/USERNAME/Library/Application Support/Firefox/Profiles/CHOOSEActiveProfile. Note, USERNAME = your username. CHOOSEActiveProfile will be a unique name, for example "6y5m281v.default"
- Delete the file called abstraction.js
is malware.
There is no way in hell a regular user should be expected to do that.
You notice I didn't say anything about Ubuntu -- by and large (apart from the Amazon Lens debacle), these crap/malware peddlers have left Linux alone. How would you feel if you had to edit xorg.conf or something manually because some package you installed from someone's PPA made your screen display ads every 15 minutes? :P
Conduit is malware. They go out of their way to make their software difficult to remove. If the only way to get something off your computer is malwarebytes, it's malware.
The problem isn't that it's easy to set to no. The problem is that it's defaulted to yes
That means I can't just click next, next, next, install, finish without getting "infected", and the guys making these installers knows this - and takes advantage of it to make extra money.
Legally, it's sketchy at best - the EU has a law (I believe it's a law, at least, someone back me up?) against it defaulting to yes.
Morally, it's plain wrong and taking advantage of the innocent.
What the hell is wrong with users that you won't read the screen before clicking around on buttons!?
I've been dealing with a set of users at work who could easily help themselves and continue on with their work if they would actually, you know, read the dialog boxes I spent tons of time writing to explain to them why the operation they tried was not correct and how to do it correctly. They don't want "wizard" interfaces that take them step-by-step through things, but they clearly can't use form-based interfaces that provide every option at once.
I watch them, it is their job to use this computer to do their work. In every training session I've ran, if I can get them to slow down long enough to even notice that a dialog box displayed, then they easily figure out their next step and continue on. But if I let them go at their own pace, they get confused and don't even recall that a dialog box appeared in the first place.
And it's not just non-techies. Most of the programmers I've worked with don't read the compiler's error messages. All they do is double-click the line to jump to the section of code and then try to figure it out from there, often by random-walking changes to the code until they get something that compiles. "If it compiles, it's correct", apparently. Never mind that they could save themselves a ton of time and confusion to read the error message and realize that you can't call Substring on a float!
If there weren't pertinent information on those screens, in those messages, then the installation could be done automatically. "open, next, next, next" is inferior to "open" as a user experience, but those "next" steps are there because there is important information there.
>... but those "next" steps are there because there is important information there.
The OSX ecosystem would generally care to differ with you there, where the standard installation process is to drag a .app slightly to the right in the dmg that auto-mounts and auto-opens and shows you exactly what to do. Then you run it if you feel like it. Or even run it right from that window, it usually works, and quite a few applications will even detect it and offer to move themselves to your applications folder.
Contrast this with a very common Windows install, which is run -> tell where to extract -> skip welcome screen -> uncheck shortcuts and start menu -> install -> uncheck 'run now' and 'show readme' -> click 'finish'.
Sometimes there is important information in those steps. Very frequently there is not, and it's just a waste of time, and an annoyance. Just like the 'welcome' screen in those installers. Nearly all of that could have been done in one page, instead it's split into several, literally training people to just keep hitting next.
I find it borderline unethical too, I was just trying to state that minimally savvy users shouldn't worry that stuff is installed without them knowing.
"X installs Y" reads to me as something happening without any chance to avoid it.
Well, it's not always the ignorant, it's more of lazy minded. You usually don't install the stuff that often or in a such hurry that you can't read a single dialog with 3 simple sentences. People just don't care. And then they get funny search engines installed, which again half of them still don't really care about.
That means I can't just click next, next, next, install, finish without getting "infected", and the guys making these installers knows this - and takes advantage of it to make extra money.
This has to be one of the oldest tricks in the books, and you should never click next, next, next, install, finish. Even if it is legitimate software, I won't blindly keep clicking unless I know the installer from previous experience.
This is the equivalent of "I accept the T&Cs" and then complaining later that Facebook/Twitter/Instagram/whoever are doing something you didn't agree to when you never read the terms to start with (ok, bad example to some degree, I know those T&Cs can be legal and tricky to read but you get the point I'm trying to make)
<quote>ok, bad example to some degree, I know those T&Cs can be legal and tricky to read but you get the point I'm trying to make</quote>
I think it is a great example! The effort required to comprehend the terms for those is so onerous that a small fraction of users take the time to even try.
We might be in a better place if, when faced with such a situation, we declined to use the service because of the lengthy and opaque T&Cs.
Defaulting to "no" would be better, but I can't fully agree with you in the "innocent" part because the real problem are users that can't use a computer, and this is just a tiny annoyance compared to other things that can happen if the user "can't read" and clicks next, next, next without thinking.
I would rather say that this kind of behaviour is one of the tiny little things that make computers harder to use in general.
We all know of relatives that just use their computer for Facebook and Farmville, and get "infected" by a needless virus scanner and/or alternative browser every time they have to update Flashplayer.
It is so vicious that even people that are aware of this kind of practice may get caught. The fact that users "can't read" (but equally often programmers also "can't write") is no excuse.
It doesn't only affect users who don't know better. I can't tell you the number of times I've hurried through an installer only to realize I forgot to pay closer attention and uncheck a checkbox.
If I download a program and install it then that's my intention. I don't intend to install other software along side of it.
Just saying, this isn't an issue about people not knowing how to use a computer. It's a dark pattern that hurts everyone.
Unfortunately, this wasn't the case for me. I always uncheck boxes, always unsubscribe to newsletters that I'm pre-enrolled in and such. I haven't used DivX probably in a year or more, but all of the sudden the past several days it kept popping up asking me to update. I decided since some day I may need it I'd update it rather than just install it, or rather than spend time looking for an option to temporarily stop the pesky update request. I clicked install, was watching it go and drinking a coffee at at the last scene I say it blink on the screen about bing for less than a second then it automatically skipped to the next page. I wasn't able to read what the page said but I knew it had just probably installed some bing crapware. Listening to the other commenters it sounds like the auto advance/click issue was particular to me and not sure what caused it. But so in my particular case I didn't have an option to decline but for most everyone else who does there is still a high chance they will automatically click ok, since installers ask so many questions that require yes to continue and then they throw in one at the end they think you will ignore and click yes. That it is opt-in is one problem the farther bigger problem is uninstalling it. First in Chrome having to uninstall the plugin, then changing the new conduit homepage in Chrome, then needed to uninstall from Safari, as well as change the homepage back as well as change the default search engine. For Firefox it was more complicated as it even changes a 404 page. Then also found yesterday a new Conduit folder in my home directory. While for us technical people here it's not much of a challenge but think of your parents installed DivX. They most likely would have no chance of removing all of that and next time you visited them you would say mom I told you to use Google while are you using Bing. She'd say I don't know it just appeared one day (like on PC's where IE's toolbar is about 200 pixels high from add on toolbars). Also on Twitter they have been unapologetic and rude with some customers. Fortunately for me as mentioned I almost never use DivX so I simply installed the program and will never return, but people who use it often may have a harder time leaving it. Finally, to note, less than a week ago even Google Chrome alerted users downloading the PC version that the app included malware to which the company said just ignore that it's a false positive: http://forums.divx.com/divx/topics/chrome_warns_divx_update_... to which people then ignore it and wonder why all of their browser settings have changed.
It has a rather obvious "install conduit search powered by bing" checkbox.
Worth noting that uTorrent is doing exactly the same thing now. And for those who will immediately assume the worst, I installed it to grab the humble bundle that I'd just bought, surprised to see that what once was the micro and trustworthy uTorrent was now yet another piece of scumware.
I laughed that it also indicated that it would be auto-updated from thence forth. It is an unfortunate situation that updates in PC software now means "addition of crapware".
Tangential to the topic, but I can recommend Tixati as a new "I need a small, efficient, unbloated (with additional software) and free torrent client" alternative to what uTorrent has become.
Best part: "Select MacOS, and delete the MACSearchTakeOver.js file"
DivX as a brand is dying. Desperate times etc...
I've always hated their player and bloatware. In fact I was surprised that they survived without doing something like this earlier.
For many people changing the searchengine is not a change they can revert themselves. Neither is having less space because of an additional toolbar. Both changes hurt them. Malware.
If it's malicious, that is, changes things without express consent, then it's malware. No debate. End of story. Malware is a parasite.
Crapware is something that's installed and shows up on your desktop, may even start automatically and produce pop-ups all the time, but doesn't alter the behavior of other applications. It's just junk, but it's not inherently detrimental or damaging. Crapware applications are barnacles.
Because VLC is a merely player, not a system-wide DirectShow component which can be reused and composed in processing pipelines by all third party Windows-applications.
That said, there are a million other codecs you can/should install in place of DivX which is fully DivX-compatible and able to decode and encode DivX video properly.
DivX specifically is not so useful now that windows (7? vista?) bundles good MPEG-4 decoders for both ASP and AVC (but on XP-class hardware, it was more performant than XviD). I think the DivX software bundle includes an encoder, so there's that.
There's still a few reasons directshow is still relevant:
- Getting video thumbnails for .mkv, .ogg, and .flv files in windows explorer
- Adding postprocessing filters (deblock, aspect ratio correction, pixel shaders, subtitling) to media players that don't otherwise support it (windows media player)
- Adding AV format and container support to your existing media player, for formats that Microsoft don't bundle decoders for (e.g. H.265, VP8, theora, daala, silk...)
Presumably, you might want DirectShow codecs for use in something else. VLC is just a binary blob; you can't harness its power to do, say, batch watermark insertion.
Installing separate decoders for every single format is just dumb and a waste of time. Something like LAV Filters will handle pretty much everything you throw at it, and on top of that you just need a media player like MPC-HC and a decent subtitle renderer like xy-vsfilter. Incidentally, this is pretty much exactly what CCCP gives you with a simple single installer.
At this point, I think the only codec CCCP installs by default is LAV, and it may not even include any other codecs anymore; it's called a codec pack mostly for historical reasons. The main advantage of CCCP is that it has sensible default settings and a good configuration app. It also installs various non-codec DirectShow filters for stuff like subtitle support.
Gabest's FLV Splitter is a FLV decoder. Personally I do not think 2 codecs are commonly understood as a codec pack but HN strongly disagrees.
The funny thing is that when people complain about codec packs in general it's that they bloat your system with tons of codecs you do not need, not that you get one codec for nearly everything and one for FLV.
VLC is excellent player. For OS X, there is also open-source software Perian which brings support for wide range of video decoders as a QuickTime component.
I find that vlc (a la ffmpeg) doesn't implement the divx codec properly in some cases.
In vlc, some of the videos that i have get slower the farther along you are in the playback stream. Yet with the Divx Player, the media plays back fine.
It's only for some media, but it's a problem nonetheless. I suspect that it may have something to do with it being a somewhat reverse-engineered codec in ffmpeg?
Incorrect audio-sync was a known issue back in the early days of MPEG4 encoding.
Getting it right was very, very hard, and some tools even came with options to "tweak" the output-stream to get things synched up, specifically tailored for the behaviour of the Frauenhofer MP3 decoder.
I suspect some videos encoded using these tools may render and synch "incorrectly" on newer players not aware of the workaround done in the past to make improper codecs behave properly, even though they may be 100% within spec.
I'm guessing the DivX-player (which sounds like a very stuck in the past kind of thing) uses old codecs and are able to account for this, by not following spec while rendering these "tweaked" video-files.
I use Ninite to set up a new computer, there are some elements that I generally skip (Office/anti-virus trials), but it can install a lot of useful programs without having to download dozens of installers.
CDex is good but sadly Sourceforge are no longer trustworthy. As far as I know they're currently only bundling crapware with installers with the project maintainer's permission, but I'm not sure it's a good idea to rely on this remaining the case.
The apps are portable versions (made with permission of the original developers) that are meant to be installed on flash drives, but you can click through to the official project pages of each one to find the desktop versions.
IMO, the big problem here isn't so much the install as the uninstall.
Think that installing Conduit will add value to my computer? Then go ahead, default it to "install" - but let me uninstall it in the usual way.
It's the fact that most of these programs are designed to be as hard to uninstall as possible that's the big problem. And as soon as you're trying to stop me uninstalling your software, IMO, you're basically making malware.
It seems like someone who makes decisions for DivX got a bit greedy. I am curious why Bing though? It seems to me like all the shady "Install this too?" dialogs are for Bing toolbars and such.
Google [1] and Ask [2] isn't better either, they are offered with most updates of Adobe Flash and Java. Guess everyone will sneak something in if given the opportunity.
Sorry I am not following you. Are you trying to say its okay to bundle/install 3rd party products that are considered good/acceptable? If so keep in mind humans have different tastes, what maybe considered good by you or me may not be by others. It is considered unethical to bundle programs since the days of Bonzi Buddy.
I think Bing is more willing to spend money to get traffic. You can easily get $5 a month in Amazon credit from their rewards program just by using Bing. They have a few other interesting promotions, such as starbucks cards and XBox Live Gold membership. But I'm sure this is costing them a decent amount of money.
I guess you never had random apps offer to install Google Chrome and make it default browser (which I consider being spyware wrt non-tech-literate users).
I have had to use the about:config features of Firefox to remove these search engine redirects. The regular dialogs never seem to fix it all. One example, while I was able to use the default dialog to fix the search engine from the top bar, the right click look ups all went to the unwanted engine.
True. While reading it the second time, "How dare you wedge such a nullity when everyone uses google?" and "voit-la' a disgusting bing search page." made me laugh out loud and almost C|N>K.
> it doesn't count as malware unless it resists switching search providers back
Bullshit. If installing software changes random settings on my computer, it's malicious. If it was a default in the app itself, that's a different matter.
This actually might be a first for OS X freeware. Certainly I've never seen (or heard of) a 3rd party toolbar/whatever bundled into an OS X package before this.
Oops - I just realised that myself. Still a) that's /really/not common enough parlance to be using in a support forum and b) that usage just trivialises the (very important) issue, at least in my ear. I don't get the impression that Conduit are taking this seriously. Still, I guess I'll never forget the name for that icon now :)
As much as I sometime dislike Apple's walled garden App Store it does prevent things like this from happening (on iOS, at least).
Sandboxing of Mac App Store apps is also another good step, but we still need ways to install system components like codecs without giving away the keys to the castle.
As an aside, I've been trying to figure out how to use dtrace to get a log of all files touched by an application or installer (including sub-processes). If anyone has a good solution I'd love to hear it.
"Rarrgh!! They are not giving me a thing for free!!"
People don't click on ads. People don't even see ads anymore. And people don't want to pay for software. So to continue offering a free product, they need to monetize it somehow. They do this by bundling other software (not malware).
This is the reason the industry is moving in this direction.
Maybe you don't care because you use Xvid or VLC or something. Great! You are not affected.
Don't like it? Invent an alternate monetization scheme. You'll clean up.
I think we should look to our routers for a solution.
I would happily pay extra for a LinkSys-FooBar that acts as a NetFlow aggregator, as a fail2ban proxy as a decent cache, and gave me reporting and storage out of the box.
Then a simple QA site can let people know the answer to "Why has my laptop dialed to crapware.com 5000 times this month?"
Just add in a feature that stores all your photos and videos and lets you upload the better ones for granny to see and you have a home hub that actually is not a games machine in disguise.
That's applying technology to a, fundamentally, people problem and it may not yield predictable results. Such solutions aren't going to appeal to the vast majority of non-tech savvy people (and hosted solutions are arbitrary at best, censorship-inclined at worst) therefore will not make a dent in the actual proliferation of "crapware".
In short, anything that requires more effort than is necessary to install crapware, will not see adoption rates higher than the crapware itself.
I think that there will be a home hub, a technology helper, supplemented from the cloud, but anchored to the family home network point, that is the natural place to deliver a wide variety of services, digital backup, net nanny, finacnes fridges etc.
Make something the gateway to the house and that something will be defended by house owners as much as the physical house itself - it becomes the virtual avatar for the house.
You'd pay a hell of a lot extra for such a router. It wouldn't be much help in finding out what happened though.
Such a thing would be much better implemented as a windows application firewall. It would be able to detect which app did it, which dll initiated it (so you can catch IE extensions in the act), and it would have a hard drive available for storing the results. This sort of tool does in fact exists as part of pretty much every antivirus product.
Every time one of these issues pops up with users crying foul, I can't help but grin, and be reminded of the popup-days of yesteryear.
Ah, the good old days - where a video player hijacking your homepage was nothing. People didn't get annoyed until it started spewing popups with "Your PC is not optimized! Click HERE", "You WIN! Click HERE". I bet if divx did that, they'd really make some money.
> In short, though: More support for formats to be decoded, best HW acceleration available as open source, much less hacks in there compared to FFDShow-tryouts, uses vanilla-based ffmpeg libraries instead of the mess that is in FFDShow-tryouts, as well as LAV Filters just being still in active development compared to FFDShow-tryouts being dead.
FFDShow still offers more extensive video/audio postprocessing options over LAV Filters, but most people are probably not even aware that they even exist.
Anyway, personally I would highly recommend using CCCP if you're on Windows - it doesn't ship with any useless extras (like most codec packs you might find on the internet) and is pre-configured to maximize compatibility and playback quality - you get better quality than VLC will offer, for example. And if you throw madVR on top of that you can make it even better with top of the line rendering and scaling (though the difference isn't admittedly that big).
I would recommend __against__ CCCP and any other codec packs. Codec packs in general are pieces of software ripped from the original installs and put together in ways the orignal author didn't expect. Thus it will crap out with a high probability (or even if not, it will create all kinds of issues like consuming CPU / memory for no good reason, Explorer crashing when trying to generate previews, etc).
In addition, using those codecs without the original install kit is against the license in almost all cases (just because "you can download it freely" doesn't mean you can redistribute it). Finally, many codec packs are infected by malware (although CCCP might not be, I have no experience with it).
I've been running CCCP for years (I think at least 5 or so), on multiple computers, and have never had issues with CCCP. The only reason I have to update is for codec features, like hi10p.
I agree with your comment on licensing. I haven't ever looked into CCCP's reuse of codecs.
CCCP was created exactly because other codec packs had all of the problems you're referring to, so that various anime fansub groups had an alternative they could direct people to. The developers have always been quite careful about licensing and not breaking stuff.
https://news.ycombinator.com/item?id=5092711
The apps that get installed are "crapware." This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.
If you want to stop this kind of thing you need to get angry at the people who fund it and make money from it. That includes Paul Graham and Y Combinator.
More about the YC funded InstallMonetizer:
http://news.ycombinator.com/item?id=5059806 Y Combinator is funding the future of spam in Windows (467 comments) https://news.ycombinator.com/item?id=5086043 InstallMonetizer quietly starts editing website, privacy policy http://news.ycombinator.com/item?id=5059454 Y Combinator-Backed InstallMonetizer Is A Selective Ad Network For Desktop