I can speak quite a bit about this "industry": We (VLC) receive 1 of those offers per day.
They are liars, shady business, IP violators and are downright dangerous.
They have all those great offers for you, but they refuse to give any details as soon as you ask any question. More than half of them are "the biggest in the world" (sic). They lie about download numbers, about download size, about number of software actually installed and about their connexions. They even lie on the actual payback price.
If you refuse, they build special websites, copying yours, with your IP and trademark and register adwords with your name, in every way possible.
They also resell their solutions/websites to other people, using "Affiliate networks", so that once you take one down, 20 appear. And the guy who you took down had no idea who you were or what the software was...
They also have deals with download.com/softopedia/softonic to change/rewrap your installer, without your agreement, often violating your license; or they give back money to those websites, so they are ranked higher than normal other downloads.
And of course, open source software are never respected.
I believe OP is very polite: There are no good reasons to not shame them publicly.
> They also have deals with download.com/softopedia/softonic to change/rewrap your installer, without your agreement, often violating your license; or they give back money to those websites, so they are ranked higher than normal other downloads.
I can confirm this, it's the reason we stopped having a download altogether even though it offered features that were hard to do without a download.
Using software I wrote as a vector to spread malware is really beyond the pale.
Heck, if it was just downloads I could still somehow steer clear of it but I really hate it when companies like Oracle and Adobe bundle this with their security updates and it is checked on by default[1]!!
Even worse to realize that reputable companies such as Google, Ask and McAfee compensate them for doing it. [2][3]
That has to be a new low. Incredible, I never knew it had gotten this bad. I saw the whole download.com debacle as a bunch of jerks taking over a formerly reputable ___domain, but it looks as if this is now considered legitimate income across the board.
I believe Google Earth's Windows download does the same thing: there is a checkbox to download Chrome as well and set it as the default browser, and it's checked by default. On the download page, not in the installer.
A lot of people these days are bashing Apple and Google for creating walled gardens with their app stores, but this is really the primary reason such walled gardens have taken off. They offer a mostly crapware-free experience.
If Linux on the desktop were to get popular, I'd hate to imagine what might happen to the open source Fedora and Debian/Ubuntu repositories.
If Linux on the desktop were to get popular, I'd hate to imagine what might happen to the open source Fedora and Debian/Ubuntu repositories.
Nothing. In case you haven't been paying attention, Debian repositories were "app stores" before there were app stores. The software goes through extensive vetting and rigorous testing; no, I'm not saying every line of code is inspected, but to claim that a Debian maintainer would just blithely let crapware in is ignorant.
As for the walled gardens of Google and Apple, people are objecting to precisely that: the locked in, tinker-hostile way that the platform (not the app store) is managed. It's great that Google and Apple have finally seen the light and started curating software and making it easy to install, like it's been in Debian for nearly two decades. What's not great is telling people what they are and are not allowed to do with their property by anti-competitively denying the right the to install third party apps.
...through extensive vetting and rigorous testing...
I wanted to upvote your comment, but then I almost died laughing when I read that. Most Linux distributions are better about it now than they were many years ago, but I still remember being absolutely floored when RedHat had packaged a Perl module with a syntax error some years ago.
Same goes for Debian; some of the more "fringe packages" (those of upstream projects that haven't been updated in a while) tended to rot (compilation option changes to dependencies that silently broke parts of the program), and packages from upstream projects that changed rapidly tended to have dependency issues.
I'd also like to point out that while Debian may have had "app stores" before anyone else so to speak. The implementation left much to be desired compared to today.
Today a user simply selects an application and it gets installed. There's no prompts about whether I want the 37 additional dependencies, no text-based prompts about the configuration of some obscure package, and certainly the presentation was sorely lacking.
So yes, Debian may have had the concept early on, but as usual, Apple made something only a geek could love into something usable by everyone.
Usually there's a few tiers of packages, with the first tier packages being extensively tested and maintained, and the second tier packages mostly just provided as a convenience. I believe Debian calls the first-tier "main" and the second-tier "contrib" (and Ubuntu calls them "main" and "universe").
I've had breakages in Cygwin's emacs (missing GNUTLS dependency), Fedora's node.js (mismatched version of v8), GCC 4.7 (C++11 ABI regression, widely reported), Fedora 17's sssd (broke network login after upgrade), and perhaps most galling, Fedora 16's cron (which completely failed if you upgraded from 15). That's just in the past year. I don't think any of those packages are particularly niche or stale. I used to think maintainers were making miracles...now I think they're doing just OK.
Yep, I'm aware of that. Although not every Linux distribution makes that distinction and the person to whom I replied certainly didn't leave room for that.
But in the past, even the packages in the "first tier" were often pretty busted. But even for that tier, Linux distributions are not performing "extensive vetting and rigorous testing". They don't generally test beyond relying that other components that use it work as expected, and for many components, those are only as well tested as the tests that are included with the component.
Yes, some distributions do run security analysis tools or other things on the components they integrate, but that still doesn't count as "extensive vetting and rigorous testing".
The main repository is for free software, the non-free repository is for non free software, and the contrib repository is for free softwre that you must agree to some non-free license to actualy use (because they depend on non-free software, they are just installers, or for any other reason). Those are not different tiers of software stability.
Debian has the unstable, testing and stable distros, that move on different speeds and are subject to different amounts of testing.
If you know of any commercial operating systems where those "fringe packages" receive greater testing than they do in debian I would love to hear about them.
Maybe I should have clarified, as some people obviously have forgotten that testing does not indicate the absence of bugs, and vetting is for many things.
I had hoped the addition of "not every line of code" would have made clear that I make no claim that every package in Debian is bug free. But I still insist, Debian extensively tests packages, mostly for compatibility and dependencies, not to mention bug squashing parties. They are also very careful about what's allowed in (due to being license sticklers).
Of course, all of this strays from my main point: the Debian maintainers are highly unlikely to let in crapware, as opposed to some stores that have had viruses. And that's just the stuff they (eventually) got rid of; don't start me on all the officially approved software that tracks users.
As for your opinion of the ease of use, well, you're entitled to it but it doesn't make it true. What's so hard about using apt-get or, if you can't use a keyboard, one of the graphical managers? So it asks you if you really want to install dependencies instead of just filling up your hard drive, and that's a bad thing? Does the Apple or Google way of "managing" packages even track dependencies, or are they still forcing every vender to include their own (possibly filled with security holes) copy of a library with their apps? I haven't had to answer a configuration question for years, and I've never had a dependency issue with Debian. I say this as a daily user of, developer on, and administrator of machines running Debian for the past twelve years.
You can install whatever 3rd party software you want on a Mac, side by side with software from the App Store. Note that this article is about PCs, not mobile. You seem to be conflating the two.
Name Google's PC. The article may be about PCs, but the thread definitely devolved to talking about Android and iOS, and it's already been conceded that iOS doesn't allow third party apps. If I didn't know better, I might think you were trying to steer criticism away from Apple . . .
Linux would probably do better because few people have any reason to stray outside their distribution's repositories. And these repositories are just as rigorous in their way as the Apple or Google walled gardens; Debian packages have to be signed by the GPG key of a debian maintainer who takes personal responsibility for that package, and whose identify has been verified by having their key signed by another debian member (with a chain that presumably goes all the way back to the original founders). I'm not aware of any cases of a debian maintainer being "struck off", but I'm sure there'll be procedures in place.
You would get plenty of shady sites encouraging you to add another line to /etc/apt/sources.list for cool free screensavers, but it would be a lot more practical than it is in windows to tell people to ignore them and never install anything that doesn't come with the system.
I'm not sure that's a legit fear... Linux on the desktop in 2013 is fairly 'popular' and if it were that simple to infiltrate popular repos with spyware it would have been done years ago.
There are a ton of good people who work to keep those repos clean. Lets not trivialize their contribution by acting like anyone and their mother can make changes to the repo for a popular distro. Sure, a black[/grey] hat can make their own repository, but who in their right mind will use it?
>Linux on the desktop in 2013 is fairly 'popular' and if it were that simple to infiltrate popular repos with spyware it would have been done years ago.
What on earth are you talking about? Linux on the desktop is just above line noise. If hackers don't bother targeting Mac's ~10% desktop share, why would they bother targeting Linux' ~1%?
infiltrating a repo is probably not the hard part, the hard part is getting a linux app that people would want to install.
AFAIK, 0 QC or checking is done on the contents of a repo. additionally, there have been enough times in the past where someone has just straight up rooted the servers that the repo lives on ...
AFAIK, 0 QC or checking is done on the contents of a repo. additionally, there have been enough times in the past where someone has just straight up rooted the servers that the repo lives on
Are you talking about debian/fedora repos? Because if so, that is simply false. Both have heavy QC, and the packages are all signed by the developers keys, and the OS checks those keys.
App stores are just are likely to turn to crap. I've had lots of friends complain that they bought an app, and then an "upgrade" shoved advertisements in.
It's not third-party ads, it's first-party ads, which is slightly better.
Like OP, I have a lot of sympathy for software developers trying to sell in a world full of people who don't think they should pay any dollars for software. They are still gonna pay, just in terms of their privacy and computer security.
May be the case on iOS but with Android I've had apps that stick extra shortcuts on my homescreen and spam notifications every few hours. This makes battery life and usability a lot worse throughout the phone until you can find and kill the offending app.
This is similar to saying "what stops a bad guy with a gun is a good guy with a gun". Alternatively, you could regulate, i.e., locking down the platform and sandboxing all third-party apps.
A better alternative would be for google not to publish this shit on their store but still allow useful background notifications and allow third party manual installation.
I want to switch to Android, but I fear needing to have constant vigilance over what I install. Like running a Windows install but forced to use Java as well.
However, it's still preferrable to Apple's draconian policies.
You must've forgotten Path fiasco, with its quiet uploading of user's full address book to company's servers, which turned out to be - SUR-PRI-SE - a "standard industry practice". Wall garden sanctuary my ass. Same rotten ethics, except far less visible.
As a result, you're now asked if you want the app you installed to be able to access your address book. Do you somehow feel that exe's on windows are more transparent?
If desktop Linux was widely requested by the general public, PC vendors and download sites would heavily promote custom Linux builds complete with pre-installed crapware, dubious defaults and quite possibly broken upgrade paths and most consumers would never know the difference. They'd probably have their own whored-out repositories too.
But Linux will never be in heavy demand as a brand. No great number of people will ever want to have Linux for the hell of it. The only way Linux could experience an upsurge in popularity would be through a mass increase in consumers' awareness of crapware and similar phenomena. And that could thus only be a small upsurge.
> The only way Linux could experience an upsurge in popularity would be through a mass increase in consumers' awareness
This is definitely not true. The following scenario seems to be quite possible: Due to the various problems of Windows 8, developers massively revolt and most applications are either written to older API's, or use cross-platform environments like C#, Python or Java. This essentially changes the Windows API from a moving target to a stationary target; as a result, Wine catches up -- it reaches near-100% app compatibility, perhaps with the aid of a donation from a philanthropist, Google, or some other player. OEM's recognize the cost savings possible from avoiding the Microsoft tax, and with good software compatibility now possible, they start selling discount models with Linux instead. Microsoft stops issuing new licenses for Windows less than 8 to try to pressure developers to port their stuff to Windows 8 by forcing customers to upgrade. But the move is too little, too late: The customers revolt, and since the alternative is already out of the bottle, people jump ship en masse due to lower prices and Windows 8's shortcomings.
Is this a particularly likely scenario? No. But it seems plausible, and it's not due to crapware, or consumer awareness about anything other than price tags.
Some people would say Ubuntu already went down this path with the automatic installation of Amazon advertising in a pretty intrusive way (imho at least)
As I understand it, Fedora's packaging policy is more or less the same as Debian's. Free software only (stricter than Ubuntu), though there are some practical differences. They don't like packaging emulators that are primarily useful for non-Free ROMs. It is also my understanding, different than Debian, they don't like packaging software that no longer has a maintaining developer. Also no external kernel modules, no prebuilt libraries, etc.
Open source repos should be ok, assuming that their admins don't start allowing this crap in. They haven't done so far, with the one exception of the Ubuntu amazon thing.
A risk might be drive-by malware that adds stuff to /etc/apt/sources.list though, however to do this you would need drive-by malware that can bust into the root account, or to get the user to enter the admin password.
They've 'taken off' because they are the only game in town. A real test would be to provide such a 'curated' store alongside an open economy. Then that claim would mean something.
You may be right about the industry as a whole, but I'm betting you're wrong about this particular instance based on what I know about PG and YC.
When I was reading the original TC article, I was thinking that there is actually an incredible opportunity here to create a legitimate ad network that would allow desktop developers to monetize similarly to how it's done on the web - to basically become the DoubleClick of the desktop world.
Why should ad supported desktop apps be any different than ad supported mobile or web apps?
Edit: These downvotes are pretty surprising, I didn't realize I was even being controversial. Can someone explain why creating a legitimate, privacy-respecting ad platform which allows desktop developers to monetize their applications in a manner that's almost exactly the same as ad supported web and mobile apps is that awful?
I'm not even saying that's necessarily what they're up to, I can just see where there's a tremendous opportunity to try and clean up the industry, and how, based on the people involved, the author and the commenter above could very easily be jumping to the wrong conclusions.
Desktop apps with built-in ads are okay. I've used a few here and there. I've also seen shareware model software that has ads that can be turned off by registering. That's fine too. In this case the ads are part of the application. They live within it. Uninstall the app, and the ads are gone. Such ads also tend not to invade users' privacy outside the app. They might send stuff about what you do in the app, but if you don't like it you can uninstall the app.
One of the key words here is "toolbar." It's in the same class as "HIV," "ebola," "herpes simplex virus," etc. Saying you're bundling third-party adware such as toolbars and "browser helpers" and similar is like saying you're purposefully giving someone a disease.
IT professionals managing Windows networks spend god-awful amounts of time removing such junk from Windows PCs. Not only do things like this invade privacy, they often slow down and break peoples' computers.
Still no. One thing destroys your life (or significantly alters it), the other installs some crap on your computer. You can always format and reinstall a computer.
"Can someone explain why creating a legitimate, privacy-respecting ad platform which allows desktop developers to monetize their applications in a manner that's almost exactly the same as ad supported web and mobile apps is that awful?"
Tracking IP and even MAC addresses? Hello? Spyware is spyware.
Also: ads are ads. If your product does nothing respectable (as opposed to selling eyeballs to advertisers under false pretenses) that is worth paying for it to anyone, that's bad luck. It doesn't justify deliberately and systematically messing with the rational decision making process of people, and that others are already doing that is no justification either, nor that they have been doing it for so long.
The same level of tracking is done on the web, constantly. And you don't need to give any sort of permission for it. What is different is gaining root/Administrator access on the machine in order to ensure the tracking is done vs a client side browser script asking if it can run. And then using that access to install a rootkit or mess with the registry to ensure tracking software starts on reboot, etc. That is what is annoying.
Because your browser is incredibly carefully sandboxed, and your desktop is not.
Worse yet, even the low level of sandboxing that desktops posses are almost always defeated by installers: "This installer requires administrator privileges to run"
... aka. yes, you will take our spyware-crapware-rubbish, and you'll love it, or you wont use our app. Capish?
You don't get that with websites. That's why it's ok.
(Incidentally, this is the same reason why its not ok on mobile platforms, where your options of permission are to read your contacts and make phone calls and 'services that cost money' or no, you can't play this game of Cat Pong your friends are talking about...)
They advertise that they convert 60-85% of their installs. When that percentage of users installs crapware they're clearly being tricked into it. So it doesn't look like this is a trustworthy company at all.
Goto their site: http://www.installmonetizer.com/AT_advertisers.php and checkout their advertising partners. Babylon and JackpotRewards are hardly the kind of "advertisers" to get excited about. Babylon has several toolbar partnerships (I have worked on these) and I can imagine how their partnership with Install Monetizer will just lead to another toolbar offer being presented to the users during install time.
Here, you are coming off as a sycophant who is blindly supporting PG and YC without checking your facts which could be the reason for your downvotes.
i agree - i wouldn't mind a text ad next to my unarchiving tool (which i don't use all that often so as to not justify payuing for one). But they need to be unobtrusive like google's text ads.
But therein lies the problem: a tool that you don't use often (hence a low number of ad impressions), and an unobtrusive ad that you might not even see, let alone click. That's unlikely to earn enough money to be worth it. The developer either has to drop the advertising revenue model and try another, or crank the ad model to questionable ethics. Sadly, some developers opt to do the latter.
Exactly this. I'm often advising people to install VLC when they are having problems with Windows Media Player, but whenever I tell them to google for it on their own they end up with some toolbar infested crap.
So now I specifically instruct them to go to videolan.org.
Probably the ads. For a while, Google helped made this even worse by paying companies like Dell to set the default search on new PCs to specially-customised version of Google with far more prominent ads that were less clearly distinguished from normal search results.
Dell has been installing crap since at least 2006/07. Thats when I started wondering why all new PCs at a certain company where all infected just few days after purchase. Then I realized this thing (myway?) was being installed by default.
I really didn't think it was ever a Google product though. Correct me if I'm wrong.
This just happened to my friend yesterday when I told him to install VLC. I think he may have clicked an ad instead of the first search result. I saw three pages for different add-ons and toolbars with several pre-checked checkboxes apiece. After unchecking and clicking through it just exited (hopefully) and launched the VLC install program.
After reading some comments and noticing that you're one of the VLC lead developers (awesome software, by the way!), I am wondering if you have a way to make VLC notify its users at the first launch (after install) and tell them something like
"You have installed VLC, it should have come without any additional software such as tool bars or file compressors. If this was not your case, you probably installed it from a third party that arbitrarily and without our consent added external programs. We recommend you to install VLC from videolan.org, etc."
That way, casual users will at least be aware of the external installs problem.
VLC is open source. It would be trivial for a rebundler to remove that warning. If they are violating the license already, there seems to be no impediment to changing the code for personal gain.
Yeah, it usually is trivially easy. If I were to do it, first thing I'd do is to look for the string in executable and patch it by hand with a hex editor.
The really sad part of malware that is tied to freeware or shareware is that the whole thing is a self-inflicted downward spiral. The software authors will tell you they need that malware money because nobody pays for shareware anymore. You know why I stopped downloading and buying shareware years ago? Malware.
And the really unfortunate thing is that a few big bad apples can and did ruin it for everyone else. I don't have time to figure out who is going to install shit on my system vs who isn't, so I just assume everything is bad and avoid it all, with the exception of a handful of known-good products (like VLC) from known-good sources (the author's own websites).
The end result is an ecosystem in which new useful tools (even ones that aren't malware peddlers) now have a near-impossible time creating a critical mass of users, so any money to be made in that market can only come from these terrible spammy practices, which is just sad.
This is why the Mac Gatekeeper is an awesome idea. Unfortunately they fucked up the implementation. Also they are the only CA so they can control who signs apps or not.
Please please please create auto-subtitles functionality for VLC on the Mac. I switched from Windows recently and there's nothing compared to Media Player Classic for easy subtitles. Thanks thanks thanks.
On Media Player Classic you can easily download subtitles for whatever movie you're watching by going to File>Subtitle Database>Download. It will search a DB online somewhere then let you choose and automatically load them into the player. This is something I've not found on any video players available on the Mac. It would be an awesome if it was coded into VLC.
"They are liars, shady business, IP violators and are downright dangerous."
This is completely prejudice! You've never met Install Monetizer, and don't know if they participate in the same activities as the companies that you're referring to.
"I believe OP is very polite: There are no good reasons to not shame them publicly."
This is childish, and I'd expect better from any contributing member of VLC.
I'd give him some lenience...for anyone who distributes desktop software via the web, there is a continuous battle against fake or wrapped distributions.
So when earlier it was mentioned, I assumed "They have to have a different angle on this; they're a YC company." And seeing a strong thread title and no evidence for it other than "The industry they're in is ridiculously seedy", I thought maybe HN was in rush to judgement mode.
So I thought I'd try, you know, installing something.
I don't know how since I always check for crapware, but I ended up with babylon having taken over my firefox browser.
I removed it, but - just checking - oh look, there it is again.
Luckily, chrome is my go-to browser, (which explains why I haven't tried more brutal removals), but it is definitely not as simple as uninstalling.
Jeez, I'm surprised that the people who created this filth aren't in prison. It's one TINY step away from botnet territory, which actually lands people in prison.
Botnets don't usually include a low-prominence opt-out link / checkbox / something that might not look quite like a button. Maybe they'd walk free if they did...
Comment in elaboration, somewhat delayed because (all evidence to the contrary) I do sleep sometimes:
Some folks mentioned that this could be misleading, so to clarify: my research methodology, to the extent it can be called that, was a) open up the IM website, b) take a look at their advertiser partner wall (they don't have a developer partner wall, so I wasn't able to view the end-user experience directly), c) Google the first name that popped out: [babylon translation software], d) clicked the first link and downloaded, e) clicked past the first screen, which let me override my system default of Japanese such that y'all would be able to read the rest of the installer, where industry experience suggested to me that the action would be.
Sorry if I gave folks the impression that this was the InstallMonetizer application -- the impression I was trying to leave was "This is the core line of business for one of their marquis advertisers."
It is terrifying that it is this easy to get an intelligent and well-versed member of our community to download and execute a relatively-unknown binary, just to "see what it does".
I should probably start doing more of that other kind of hacking.
It's funny that you mention Babylon - I've talked to one of the devs who was in the core of developing their "toolbar" and it is essentially malware which hooks anything and everything possible in Windows and tries its best not to give up when being uninstalled.
Things like it and Conduit (another toolbar/malware company) are probably the biggest "botnets" out there, all "legal".
I don't think there's an implication that a YC company would be more moral, just that they'd be doing something a little more interesting or subtle than the same old crap sleaze balls have been pulling for years now.
It's like finding that someone has got through the YC selection process based on a business model which involves putting "sex, horny, porn" in the title of each page on their website.
That rings kind of hollow after Blecharczyk ("among the nicest of all the people we've funded") was outed as an unrepentant habitual spammer. YC is demonstrably not immune to scumbags, which is not to say that other angels and VCs do better.
So this is potentially a little misleading. Is the screen shot of the installer actually a screenshot of InstallMonetizer in action, or is it just an existing / previous installer created by one of their clients (but not using InstallMonetizer).
I'm not a fan regardless, but I just wanted to make sure we're getting the right picture here. I came away from your comment believing this was a screen from their (InstallMonetizer's) actual installer, and I think everyone else did too. However, after reading pg's comment below, I'm no longer so sure that is the case.
The installer screenshot seems to be for the software at http://www.babylon.com/. I think Patrick's point was that InstallMonetizer is promoting some scuzzy companies.
The sad fact is that pretty much every aspect of monetizing and advertising websites is seedy. Unless you're directly selling a product, the road to profitability is full of moral compromises.
There's isn't even a cancel button! Hopefully at least the top right X cancels the installation rather than just respawning the popup and requiring manual killing from task manager.
It pops a modal dialog saying that if you cancel the software won't get to be installed. I don't have a screenshot handy, but I get the feeling it was worded a bit verbosely to prevent people from guessing the correct of the two buttons to actually stop the install. If you pick the right button, your default browser gets force-directed to a page on their site to either a) re-start the download and install process or b) send a message to their CS team so that they can assist you with installing it. (I've got to admit, that is crafty, since you can presumably do the entire thing automatically.)
No, and notice the small "Skip all offers" text just below the checkboxes, it's kind of hidden between everything and difficult to see. It took me a while to figure that one out, average users have no chance!
My parents have fallen for this sort of thing within days of getting a new computer. It's so hard to get rid of and it made them feel like they were downloading viruses when they were really downloading legitimate software. It's a shame you've ended up having to do stuff like this when you are performing what should be, totally secure installs.
The original Babylon Translator, with the One Click Translation of words in the screen was a very nice and useful product. It's a pity that they pivoted to the toolbar crapware thing.
Basically we automate multiple installers and decline toolbars just like you would.
Users range from the nontechnical to NASA. We even have a huge blind user base because these installers are frequently hell to navigate with a screenreader.
We make money selling a Pro version with extra features to businesses and school IT departments. It works well and aligns us nicely with our users' interests.
Ninite is great and has saved me time in the past. What exactly does this have to do with the article? Are you implying that since Y Combinator funded non-junk applications that it's okay to now fund junk applications?
You're acting like Ninite can be used to install and remove any crapware from any installation under the sun. In reality Ninite only works with a select handful of applications. In other words, Ninite does not solve the problem that companies like InstallMonetizer create.
Except that, for most users, ninite provides (or, their goal is to provide) the installers necessary for the main pieces of software that cause these problems in the first place.
I think he was saying it was kind of a humorous contrast with YC essentially funding companies that compete in a way. The nerdy conclusion of this discussion would lead to a battle of the two platforms, one trying to install spam-ware and the other trying to prevent it...
In places like Afghanistan, we actually put our own troops there, pay for PMCs and local national forces, and fund the enemy (Taliban, not AQ) via our supply contracts. That's even worse than just selling guns to everyone; we pay them both and then also sell them guns.
It's nice move to fund both junk and solution for the junk... Some people say that antivirus software companies are the ones that make viruses, you know...
I'm one of those blind users who absolutely love Ninite. Have you ever considered managing the postinstall, too? I envisioned something which would monitor the %appdata% path where any user-specific data goes, as well as maybe the registry. Any changes get synced back to my shiny new Ninite account to be incorporated into the next install. Clearly this would take a bit of work, but since you're already imposing a selection process on your apps, and a majority of them are already well-behaved in terms of how they manage their data, it doesn't seem impractical.
Ninite is generally the first thing that I run on a new Windows install. Pulling in my data feels like a natural part of this, and if you could get some kind of reasonable implementation worked out -- a background service syncing %appdata% regularly, a simple merge model which simply picks a winner instead of trying to reconcile the changes, etc, at first blush it seems quite workable.
Glad to hear you like it. We think about configuration stuff like this from time to time, but I'm pretty sure getting all the details right would take years. So we haven't made the leap yet.
Just wanted to add my thanks for a great product. We are a pro license holder where I work, I believe.
Not sure if this was your point, but I assume that you are using a lot of MSI and Windows API hooks, in which case this is a great example of the flexibility and integration options of Windows being leveraged for the good, as opposed to the crapware blight, which must be as frustrating for Microsoft as it is for us.
Does your proggy pull installers off your own site or those of the actual publishers? If it's former, it might've been nice if you put every .exe through a multi-engine virus scanner (like VirusTotal).
But the Babylon installer is from one of IM's advertizers, so it is possibly indicative of the types of pages that IM inserts in other installers. If nothing else, the poor reputation of Babylon is indicative of the types of software that IM wants to co-install.
In the end, we don't have much information about what IM adds to installers--I suppose they don't want it too well known. We'd need to find an app that uses their installer to get a screenshot of it. Their website does give us some clues: one image shows an offer that is made to look like a license agreement, thus duping people into clicking Agree. Another clue is how they repeat that they "manage all optimization and conversion to ensure highest earnings," which I take to mean their wording and choices are designed to trick people into installing items they didn't ask for.
This is an important point, something that wasn't completely apparent from patio's screenshot. Babylon is a client of InstallMonetizer. Of course, if they were involved in creating that installer, then I'd say they are partially responsible.
YC funds enough founders now, with few enough partners, that it's entirely possible for someone to be doing something sneaky and YC wouldn't catch on right away.
Initially, YC just has the business model / product description statement from the founders, a video (do they still do that?), an MVP if one exists, and maybe a meeting with the founders.
The only way this could really negatively reflect on YC's integrity -- if that's up to us to judge anyway -- is if the accusations turn out to be true and YC either chooses not to investigate or chooses not to counsel the founders against doing something like this. (Remember, YC does not have a controlling interest in the teams.)
Since pg has said they're checking in to it, I don't think "YC is turning evil" is a reasonable narrative here.
The crapware situation on Windows is horrible. I'm a Mac/Linux user but from time to time I have to power up my Windows VM.
A few days ago I wanted to install the Partition Magic trial on my Win XP VM. Having left Windows around 2005 I figured that typing "Partition Magic Win XP download" in Google would be helpful.
I got a handful of "reputable" download sources like CNet and the like. I went there and was bombarded by 20 (dramatization) different download buttons. I clicked the one that seemed most promising and somehow ended with a new Zip-Archiver installed ...
So I went back and found the Partition Magic installer. It was an installer with 'added value' that asked me three times to install some toolbar crap. I ended up with one of those toolbars installed because unchecking the box and clicking on 'next' obviously is not enough. You have to click the decline button instead of next.
Now I would consider myself computer literate and yet still I didn't manage to install a simple utility without littering my system with crapware. I can only imagine what hell the internet must be like to inexperienced (read: normal people) Windows users.
Yeah, I share the same experience: I'm mostly a linux user who had to setup a windows machine not long ago.
Even when installing legit software from what appeared to be legit sources I had to be very careful at every step in order to avoid all the spyware/toolbars/dubious extensions bundled with the installers.
The worst offender was some crapware installer that wanted you to check the components you didn't wan't installed. I almost got tricked. Next thing I'm sure they'll ask you "Are you not sure you don't want those components not installed?" [Yes] [Ok].
I may be wrong but I believe even the official Oracle Java updater asks to install some toolbar (Ask or yahoo I think? Or maybe just set the homepage? I forgot). Good thing I don't think very highly of Oracle or I might have been disappointed.
Agreed, a lot of the reasons that non technical users dislike Windows seem to be the result of these. It really takes control out of the users hands.
We can see the origins of this becoming a problem on Ubuntu with Canonical adding stuff like the Amazon search and seemingly having no issue with bundleware as a means of monetisation.
On the other hand I'm surprised this isn't more of an issue on the Mac, since Mac (especially older versions) will allow installation of software from random sources which could include bundleware.
Is there something about OS X that makes bundleware more difficult to develop or is it just easier to monetise an OS X app without bundleware?
$ sudo apt-get install emacs
After this operation, 86.3 MB of additional disk
space will be used and AVG Toolbar Pro! GOLD EDITION
will be installed to Chromium
Do you want to continue [Y/n]?
If that happens, all someone needs to do is repackage Debian's version of aptitude for Ubuntu.
Or an older version from Ubuntu.
Really, this is a non-issue on Linux, because either 1) someone will just "fix" it an release their alternative, or 2) everyone will just stop using the offender.
Depends on what type of software you are talking about.
For copyright protected proprietary software (which Canonical want people to develop for their OS) there may be legal protections which prevent it from being rebundled outside of torrent sites (which have their own risks).
Legal protections against rebundling aptitude? Something released under the GPL? Which means everyone has all of the ability to easily change the sucker.
If you're packaging something as a deb, you can potentially bundle other things, but at the same time, because a deb is a glorified tar.gz, someone can just provide information on how to get rid of the offending thing.
Or, if you're using Arch, the AUR maintainer just adjusts the PKGBUILD to do it for you.
It's not particularly hard.
And sure, having people install a different package manager requires a savvy enough userbase, to an extent. If they can copy and paste a couple commands into the terminal, they can change it (wget [somefile] && dpkg -i [somefile]). How hard.
I mean , if you are bundling your own software for Ubuntu you get to distribute it however you like. If somebody else decides to redistribute it minus the crapware then you can potentially sue them.
So you can say "the only legal way to get my software is to download this file which is bundled with InstallMonetizerForUbuntu".
Whether it is bundled as a .tar.gz or a .deb and whether it comes from a random website or the Ubuntu software store is largely irrelevant to this point.
Sure, people will create programs and instructions on how to get the crapware off your system but this is basically the same state as now exists for Windows with various "cleaner" programs, some of which install even more shit.
I've said nothing about distribution. Only packaging. And specifically giving people instructions on how to do it themselves. Which isn't illegal. Nor is it particularly endorsing something illegal.
> So you can say "the only legal way to get my software is to download this file which is bundled with InstallMonetizerForUbuntu".
But, once I have that downloaded, I don't have to go straight to installation. I can remove files and change the install script. Sure, you can give me a binary file, but the only binary files I've ever received are after I've paid for something, and I've never found paid software bundled with crapware, even on Windows.
I can still write a script that would get rid of the bundled things provided you already have the packaged file, and distribute that script to anyone who wants it.
And while yes, people will create decrapifyers, I'm talking about preventative measures (modifying the installer).
Well sure, expert users can certainly reverse engineer installer scripts and some intermediate users might be diligent enough to go doing research before they install each program.
Not a solution that scales very well though, if it did we wouldn't have the problem we do on Windows at the moment.
Oh Zeus, no! One of the reasons I love Linux is the fact that I get to control what gets installed and how. Don't give people such ideas. Given how Ubuntu now is going to be full of ads and the like.
IMO, some of it is due to http://en.wikipedia.org/wiki/Broken_windows_theory. One developer starts with an advert, somebody else has two, a third developer gets paid to sneak in some toolbar, the first notices "hey, I can make money that way, too", and the ball gets rolling.
Now, the question is why this has not happened for Mac Software, at least not on that scale. Gruber (2004) claims it is due to zero tolerance (http://daringfireball.net/2004/06/broken_windows).
I think that is partly true, and it sort-of started with the original PC. Installing a DOS program such as Lotus123 was a nightmare, where people had to answer such question as "number of lines on a page" and "how does your printer do bold" to configure a printer. Installing hardware, similarly, was a nightmare (what IRQ should we use? Do you have extended or expanded memory? etc).
Interesting analogy, it's certainly true that there is some sense of "community" for both Linux and Mac users in that people will generally choose these platforms because they have certain beliefs about how things should work and won't tolerate things that fall outside of this.
Windows on the other hand has no community and is kind of an multi-cultural wasteland where everything goes thus will tolerate more BS.
Not sure I agree with Gruber's conclusion though, if Mac had a large uptake in market share then that community would become diluted.
As it stands the random Grandma that uses a Mac without understanding computers gets a sort of herd immunity because there is a larger percentage of more nerdy and vocal users who won't tolerate BS.
If grandmas become the overwhelming majority of Mac users they lose some of that because the crapware vendors know that grandma is very unlikely to read the blogposts condemning their software.
It's low market penetration which explains the difference between OSX and Linux on the one hand and Windows on the other.
The iOS and Android app stores are full of crapware. Yes, that crapware does not have all the features of it's counterpart in the Windows ecosystem. Yet, much of it provides little value or functionality and even functional applications collect vast amounts of data not necessary for that functionality.
There is now a modest obstacle -- Apple's walled-garden app store approach. The default settings of the very latest OS won't allow a novice user to run a crapware installer, and Apple's app store won't feature them (unless the harried reviewer glances away from his monitor to drink some water or something).
HOWEVER, Mac OS X has never had this problem, and before the app store there was nothing inherently harder about writing crapware that bundles whatever creepy garbage could be monetized.
So actually I really wonder why OS X and Linux never had this problem (to any major extent). Is it merely the awesomeness of single-digit market share? In that case, Ubuntu's safe but Apple better start worrying about it.
Personally I suspect it's more complicated than that, but my ideas are half-baked.
Not familiar with the OSX installation procedure, but I assume that dragging the app into the folder runs some installer script? Are there perhaps restrictions on what can be done via these scripts that would require 2 distinct actions to install say a browser toolbar and application?
Most OS X applications are usually a folder that behaves like an executable (has a custom icon, will run the app when you double click on it). So no, it's not running an installer script, it's just copying a folder, and the app runs with just what's in the folder, no install process needed.
For things that require changing system components, other apps etc. there is a normal install wizard.
The cool thing about Mac applications is they are self contained. Very rarely do you see an actual installer. Uninstallation is usually just deleting the application from the Applications folder.
I wish other operating systems did it that way. It's very convenient.
The problem is it leads apps to include their own copies of libraries - which then get out of date and have bugs. I remember when a vulnerability was found in zlib and just to update all of apple's first-party programs with the fix required something like 2.6gb of updates. I wouldn't be at all surprised if there were still some more obscure third party mac programs shipping the old, vulnerable version.
Well the alternative (dynamic loaded libraries) have their issues as well. After "DLL hell" and various issues on Linux in the past, I'm not convinced one side is fundamentally better than the other. 3 gig is nothing these days.
It isn't. Since every library the application needs is inside the bundle, you load multiple versions of the same lib on memory. Also counting the installer, the bundle and Brew or MacPorts you have a tons of way to install an app.
Not every. The ones that are distributed with the OS X base install usually are dynamically linked against.
My current project I'm working on links against the standard Cocoa frameworks, zlib, Core Audio, Audio Unit framework and the Accelerate framework. Yet the Frameworks directory in the app bundle is empty.
Well, if I'm not mistaken, Windows linking usually involves re-calculating offsets in the library code, so several versions of libraries are kept in Windows too. The only thing that is theoretically saved is disk space.
How often do you really have multiple third-party apps using multiple copies of the same third-party framework? How many third-party frameworks maintain binary compatibility between versions so that apps linked against different versions could still share a single installation of it?
No, no setup scripts are run, you are just copying a folder inside /Applications. All setup an application needs (typically creating configuration folders and associating mimetypes) should be done the first time the application is launched.
Dragging an app into /Applications does just that: it copies a directory (hidden with an .app extension) that contains resources and executable. No script.
Some apps however come with an installer, but that's for apps that do more (e.g. need to install drivers, etc.). However, it's Apple's own installer which I think is provided by Xcode. So, no way to mess with it and install crappy things.
Nope, no installer script. If a program needs installer script (to install drivers etc.), you get a package installer (like on Windows), however, they are rather rare and I've never seen any crapware in those so far.
Installers are (rightfully) rare on OS X, but that doesn't preclude installing any random crapware you want. Your app can do it on first launch (or hey, tenth launch to make it less visible). Lots of apps have a first-launch screen where they confirm some options and maybe even ask for an admin password for housekeeping.
Users are trained to just accept whatever in installers, however, while popups on first launch demanding admin passwords will often be treated with a little more suspicion.
OS X applications are usually distributed as disk images (.dmg) containing the app itself, a symlink to /Applications for easily copying the app there, and maybe supporting files. Installers are unusual, except for huge software packages like Office or odd things like preference panes, which are not as easy to get to the right place.
I presume that people using Macs tend to be 1) wary of downloading any programs from random websites and 2) wary of having to run something like an installer. The Mac App Store means that people will only do these things less going forward.
>I presume that people using Macs tend to be 1) wary of downloading any programs from random websites and 2) wary of having to run something like an installer.
If only. Last time I did a "check up" on my sister's macbook she had managed to install a toolbar and some other evil shitware that would hijack her google searches to collect her info and redirect her to bing.
Yes, I've run afoul of the "download button" adverts before. I'm not surprised to see them on torrent sites etc, but it amazes me that some supposedly reputable download sites would allow such things.
Now tell me where you are supposed to click to download the actual application. It confuses me, and I'm an experienced user who knows to look out for these sorts of things. I have no idea how normal people ever find the damn thing.
My question is: whose fault is this? Is it Paint.NET's, for allowing the ads onto their site? Or is it the ad network's (Google, in this case), for accepting the ads into their network?
Google should not allow ANY ads that contain a Download button, when the page has a link containing the text "Download." These ads can have no other purpose but to confuse users who are looking to download software. The problem is that Google makes money from these ads, and these ads have fantastic clickthrough rates. If they banned these types of ads, they'd make less money.
The author of Paint.NET is making good money every time a user mistakenly clicks on such an ad. This money also reduces his incentive to get rid of the confusing ad.
I get around this problem by running an ad-blocker, so I only see the one legitimate download link. But most users do not.
The problem is that Google makes money from these ads, and these ads have fantastic clickthrough rates. If they banned these types of ads, they'd make less money.
This is how industries get regulated -- when they refuse to regulate themselves. I hope Google realizes that and takes action on their own initiative...
CNet/Download.com is not reputable. It's malware distributor.
The best rule of thumb is: if it looks shady, don't go there ever again. Another: every good program has an author, and this author has a valid, non-malware-installing link on his/her website.
On OS X, there is MacUpdate. Not curated, but user-unfettered. There used to be another very similar one, called VersionTracker, which was much more popular... and then it was acquired by CNET. And everybody gradually stopped using it. There's probably some kind of lesson hiding in there somewhere...
Filehippo.com and Oldapps.com give the real, original installers, not the crap-wrapped. Sadly, both sites usually are not in top 5 in Google, so you need to know of their existence. Actually I rarely use them, addiction to Google is too big (though I usually go to the author's page from the results list). But when I can't find a 'normal' installer it's awesome to have them.
I learned this the hard way just the other day - installed an app from them and ended up with half a dozen adware installs as a side effect of their installer. I used to think that cnet was above board, but apparently they're not anymore.
This is why I have no moral qualms about using AdBlock on most of the internet. I made the mistake of disabling it on one such download site once, and it took me a while to find the actual download link in the mess of DOWNLOAD! ads. Then I went back to having plenty of whitespace on that page...
For me blocking advertisements online is no longer about blacklisting bad sites, but whitelisting the few good ones I want to support.
Maybe we could write a chrome/firefox plugin that highlights downloads that are from the same ___domain? Or perhaps hides non-___domain ones? Would that clean up most of these issues?
You'd probably have to have a button to toggle this on and off.
Most of these freeware download sites tend to use mirror sites for the actual downloads.
The download link for the actual product will often really be a redirect to a page with a "your download will start in 5 seconds" and then some JS triggers the actual download.
Even the legit download will usually offer you toolbars and crap anyway.
My experience recently was similar. A simple open source installer landed me a like of toolbars, preformance tools, and other assorted crapware. Incredibly obnoxious, and instantly removed any respect I had for the developer.
I'll take this chance to recommend the following linux distributions to those non-sysadmins who are wondering which one they can try out:
- Fedora 17 with Gnome. Out of the box it offers all kinds of installation options, like the one I always wanted and only found in Fedora (in my words): "Use all this but only this free space, and also encrypt it". The only downside is that out of the box it lacks some things every desktop user will want, like media codecs, but can be installed very easily. There are also tons of addons for Gnome that you will want to improve the UI (eg: get back the minimize button -.-), you can get them at extensions.gnome.org.
- Ubuntu 12.04 server edition. I chose server edition because it has an option for disk encryption, but it will use the entire disk, which sucks unless you have two disks like I do. Then you install 'ubuntu-desktop' and you are done. There is also a problem with both server and desktop edition when installing into some HDD's, they fail to align correctly for different block sizes. Other than that, this is the perfect distro for me. It is LTS so it will be supported for 5 years, and I hope that by that time they have rolled back the crap that they added to 12.10.
- Fedora 18. It should be released today, let's see what they got.
I personally found Fedora 17 with KDE really awesome. It was both easy to install and configure, and is a pleasure to use. I would definitely recommend it as an alternative to Gnome.
I use Ubuntu and I can't stand unity. It's far too easy to do `sudo apt-get install gnome-shell` and do `sudo add-apt-repository ppa:gwendal-lebihan-dev/cinnamon-stable; sudo apt-get update; sudo apt-get install cinammon` and still enjoy the Ubuntu base (community, font patches, etc). I've bounced around between many DEs lately. Elementary is really great, especially when I was just coming from OS X, but I've been shocked at how nice Cinnamon is.
xfce improved my experience of ubuntu considerably as well and the install was trivial too (sudo apt-get install xubuntu-desktop). alt-tab works there!
I use Xubuntu, it's probably the best way to get the good parts of Ubuntu (the good package selection, proprietary software support, and OOTB hardware support) while also having a good UI.
I don't know why people hate it, I love it. It gives me so much more visual space.
For example, with Unity I was able to start using Virtualbox VM's maximized instead of full screen, which is so much more comfortable. The host has the sidebar hidden (shows on hover), and the guest has it always visible (as hover wouldn't work for a guest). It really makes a great use of the visual space.
The alt-tab behaviour is borderline unworkable for anyone who's used Windows or Linux windows managers before 2011 and is trying to work with a case like several terminal windows and a browser window.
My GNOME 2/XFCE/MATE setup has one bar on top of the screen and that's it, I'm finding it is pretty good for screen space even on widescreen laptops.
The alt-tab thing I think they copied directly from Apple (not necessarily a good thing).
The thing that really hurts about the new alt-tab is that it breaks my mental stack. On Windows, in KDE etc I can switch back and forth between two browser windows easily. On Mac and Unity you either have to decide of your last app change was an app change or a instance change.
The results of a google search are somewhat independent of OS. I've found exactly the same problem myself, when searching for Windows downloads in Mac OS X, and get similar spammy results in Windows XP, Windows 7 and Windows 8.
The quality of search results provided by Google are valid as basis for judging Google. A paranoid individual might even see an alignment between Google's web services business model and search results which facilitate the installation crapware upon the most popular desktop operating system particularly when that crapware generally provides tracking information useful for targeted advertising.
Of course, another stripe of deluded individual might blame Microsoft for the abundance of crapware on the internet.
I suspect Partition Magic is intended merely as an example of the crapware-and-misleading-download-buttons trend. You can spot similar scamminess on (for example) http://getpaint.net/ and http://tortoisesvn.net/.
The commenter purports to have a degree of technical expertise - they're running a VM and have some need for Partition Magic. Those features place the scenario many standard deviations from typical Windows user activities.
More importantly, any person looking for Partition Magic in 2013 is likely to be an ideal candidate for crapware. They are performing system administrative tasks. They don't perform such tasks on Windows systems frequently. And they are ignorant of Partition Magic's demise as a product. To boot, they probably have an outdated skill set in regard to Windows.
Download aggregators started installing crapware five years ago. Any person concerned with crapware and who has recent experience avoids them if at all possible. In short, a person looking for Partition Magic in 2013 is likely to suffer from Dunning-Kruger syndrome.
The original claims depend upon a degree of sophistication which its author lacks.
It's an assessment of your Windows expertise based upon the specifics the experience you relayed, not ad hominem. By your own admission your familiarity with the Windows landscape is based largely on experience gained more than seven years ago and with an obsolescent version of the OS.
Dunning-Kruger effects are the result of one believing that they have more expertise than the do. With regards to the Windows ecosystem, this seems to be the case.
One of the salient features of my experience with the Dunning-Kruger effect is that I don't recognize situations in which I am exemplifying it - and logic would dictate that I exemplify it more often than I am aware.
As a crapware vector, partition magic is akin to Nigerian spam. Those who seek it are the ideal targets just as those who respond to the Nigerian banker's uncle are ideal candidates. Both pursue something too good to be true.
I am not claiming that your experience isn't real. I am saying that its conclusion is not that of a Windows expert.
> Dunning-Kruger effects are the result of one believing that they have more expertise than the do.
I never said I'm a Windows expert.
Maybe I just hit the worst case scenario or maybe you need street smarts when surfing the web from a Windows system. Maybe being an OS X user made me soft and easy prey. But still - alone that a reputable download source (one of those that pop up on the first google page) tricks me into downloading a custom archiver utility and wraps installers with crapware doesn't really speak for the Windows eco system.
Now it could be an isolated case but then again if crapware spreading wouldn't be successful people wouldn't be doing it. And I doubt that all crapware infections come from Partition Magic downloads on Windows XP.
> I am saying that its conclusion is not that of a Windows expert.
But the thing is that Windows experts are the minority of all Windows users.
I'm not convinced the conclusion is incorrect. The crapware situation on Windows IS horrible, whether you download any of it or not. Even if you manage to reliably avoid it, that still takes a non-zero amount of effort.
Than I present my own research (sometimes referred to as usage): it's the same thing in Windows 7.
Sure, that wikipedia article doesn't include installers that aren't the official one. But finding the official one can sometimes be a ridiculously daunting task.
And sure, Windows 8 has an app store now. So what? I can still install applications outside of it.
Why not? PG is about to make killing on AirBnB and co-founder is a well-known spammer from top-100 FBI list [1] that used our tax money to send his spam, and AirBnB been known for spam practices contacting people from Craigslist [2] to crank-start their startup with empty database.
Further, AFAIK his SocialCam is worth tons of money as well, mostly thanks to Facebook overspamming practices [3]
Truly surprised PG is not full time in spam business; he would make triple killing! :)
HN moderators: its OK to downvote if the truth feels uncomfortable to you.
EDIT: Since this is getting strongly upvoted; here are the links:
Money in itself is a fairly neutral motivation.
You can perhaps justify doing something immoral for money if you plan to use that money for purposes that are more moral.
There emphatically is not a worse motivation that being willing to do anything for money.
Do something to ensure there is a little less tragedy in the commons. Please.
Sorry, this is off-topic but surely hatred is much worse a motivation than anything.
Honestly, I'm not advocating money as a good motivator. I go to work and I buy things and I'm happy with capitalism but really, I just spent the last few months working on something I like with absolutely no money in it (and it's GPLed). Money is just there so I can get by and enjoy the really fun things. Just realised how much of a hippy I must sound, but it's true.
My friend just found this gem in their privacy policy
“We gather personally identifiable and may include information regarding your geo-___location, ip address, operating system, language setting and information regarding whether recommended advertiser software has been accepted, downloaded, installed and any reason for failure installing. None of his information is personally identifiable.”
That's the lowest possible way to make money: Sneaking by and behind the back of your users.
If you feel you're entitled to more money, make me pay more for your product. Ask me to donate. Strip away features unless I go 'pro'.
But never ever install crap that isn't even related to your product.
Rule of thumb: If you wouldn't install that software on your families (like, the wider network - parents, siblings, grandparents) machines while supporting them, don't install it on MY machine either.
As a malware researcher, and the person who writes anti-virus definitions, I can proudly say that I wrote some rules to deal with Adware.InstallMonetizer just yesterday. Most other vendors seem to be detecting it as well.
This is the reason why I don't understand that people say that Linux is for "technical" users while Windows is for regular consumers.
In Linux it's easier to install something that in Windows.
E.g. to install a CD to MP3 rip program, in Archlinux all you do is:
# Search for some mp3 ripper program
pacman -Ss mp3 | grep rip
# Install one of them from the list that looked ok from the description
pacman -S ripperx
In Windows, the steps are:
Search the internet for rip mp3
Go through hundreds of spammy results
Try to identify one that isn't crapware
Download its installer
Run its installer
Be careful at every page of the installer that it isn't installing crap
How can they say Linux is harder than Windows? I don't get it.
Because the assumed knowledge required to understand the procedure under Archlinux is vast compared to that under Windows. Here are the concepts you need to know in order to do the work under Archlinux:
0. How to load your terminal program
1. The command line
2. Permissions/root
3. Package managers in general
4. pacman in particular (what, it's not the game?)
5. Command line switches
6. Piping
7. grep
8. What "looks OK" means in a Linux package description
And that's all assuming you know about MP3s, ripping and what features you need in such a program.
Under Windows, you need to know:
1. A browser
2. A search engine
3. A feel for trustworthiness
In both cases, experience teaches you what you need to know. The necessary experience is much more easily obtained under Windows than Linux, and it's more generally useful in life. So that's why.
Your overall point is correct, but your "under Windows" example is oversimplified. The Windows user still needs to know:
1) What an "installer" is
2) Where on the filesystem it goes when it's downloaded
3) How to navigate to that ___location in Explorer
4) That double-clicking the installer runs it
etc.
Some of these are things that you can learn from general Windows usage, but then the same could be said of several of the points you listed under Linux. And there are alternate approaches to installing software in Linux (like Ubuntu's Software Center) that remove the command-line, piping, grep, etc.
You don't need to know anything except how to confirm a dialog. On IE, you press the download link and about 5 warning dialogs later the software is running. No navigation or double-clicks involved.
The millions of PCs that belong to novice computer users that are loaded with crapware that are proof that your view needs some adjustment.
One of my grandparents usually just clicks "ok / next" "until the thing works". They don't understand any of the things you claim they do. And despite my best efforts to dissuade them from doing that sort of thing, they still do :-(
I can't tell if you're being sarcastic (but I'll assume you're not).
From my point of view, your comment describes exactly why Windows is easier. In the Linux example you're using the command line with commands folks don't know about ('pacman', 'grep') with flags they'd have to read about ('-S' and "How do you make that vertical line thing?"). Of course they'd also have to understand the output of those commands.
The Windows example is largely point and click (using tools people are already familiar with, e.g google, web-browsers etc)
To be fair, almost every modern Linux distro does provide some GUI for package management. In ubuntu you can either search the software store and click "Install" or download a .deb, double click it and click "Install".
It's just that experienced users tend to find the command line versions quicker and easier.
I know many people who are, e.g. with some in-house application in some company, able to do this kind of thing, by just having a paper with instructions and following it step by step.
I also know someone who is not good with computers at all, but has used DOS before using Windows. She could do just as much in DOS as in Windows, even thought DOS did involve the command line (and lots of word perfect).
So if you simply have a printout saying what the command to install something in Linux is, and another printout saying what to click on in Windows to install something, I think that conceptually the Linux one will be slightly simpler.
Same also with tech support!
In Linux, tech support goes like this:
"Please run this command and give me the output". "Now run that command" ok, problem fixed.
In Windows it's "click here. do you see that now? Now click that. No, I mean THAT. Do you see a button at the bottom? Yes, that one! Click it. etc....".
And finally, if we're gonna be talking to computers in the future, talking is more like a command line interface than a GUI, and despite that is more natural.
In Linux it's easier to install something that in Windows.
Sure, as long as it's in your distro, and it's the version you want, and you haven't installed anything else that might interact with it from another source. But if any of those three statements is not true, best to start praying to whatever deities you believe in for one of them to help you, because chances are no-one else is going to.
The thing that really amazes me is that it's 2013, there are billions of computer-using people in the world running on only a tiny handful of major operating system flavours, the collective loss due to junkware or outright malware is staggering in both economic and quality of life terms, and still none of those operating systems has yet adopted a basic security model that jails applications so by default they can only ever install code, update settings and manipulate documents of their own type.
I appreciate that, as Microsoft learned with Windows Vista, overly aggressive access control/user prompting can be counter-productive. Still, many of the behaviours that make user-hostile undesirable shouldn't even be possible at the OS level, and certainly not by default.
Because often applications need to be able to read and write files that have been created by other programs.
Some programs also have features which add functionality to other applications.
Sometimes this can be useful , in cases such as lastpass and dropbox but other times they can be bad in cases such as spyware.
Because often applications need to be able to read and write files that have been created by other programs.
I challenge your position that this "often" happens. Stop and look at the different kinds of data you work with and the applications you use to work with it. I bet you'll find a lot of your applications only work with their own formats and/or a fairly small number of other common ones such as standard text/graphic file formats. Even if your applications could theoretically work with many different common formats, say a graphics editor that speaks 30 different file formats or a generic text editor that can edit many different kinds of source file, I bet in practice you only use a handful of those graphic formats or use a few different kinds of text file on any given system. Almost nothing, except for system/comms software that deals with files as black boxes without caring what kind of data they hold, needs arbitrary access to any file type.
Would it really be so hard to established a systematic model for these requirements and then actively enforce it, so applications had to disclose exactly which types of data they wanted to access? This could be shown as part of a standardised installation process built into the OS, or at least summarised there and the full details made available to the user (and permissions configurable by that user) from a separate UI later.
Keep in mind that to some extent this is already done. On Windows, for example, there is already a database of recognised file types and a database of associations between applications and those types. It's used when you double click on something to open it, or to decide which options to offer when you select "Open with..." on the menu. It's just only used for convenience at present, not enforced as a part of the security model. And there are already standardised install/uninstall UIs on most platforms, but again they aren't enforced so that applications have to play nicely and the OS can forcibly uninstall them in their entirety on user request.
Some programs also have features which add functionality to other applications.
Sure, so let them announce explicitly when they are installed that they want permission to interoperate with x, y and z other packages, and let the user say no.
And make it a pull model rather than a push one: software being installed can grant permission for other software to depend on it, but not change the other software itself. That way, the main software is always in control, not the plug-ins. This is just a smaller-scale version of the principle that the OS should always be in charge of the overall system and should be able to install/uninstall/restrict/authorise any other software according to the user's wishes, and the other software doesn't get a vote.
This sounds like a complex solution that would require every program to know which other programs might want to interact with it's particular files.
I don't see why. Any application can register its own file types, and gets full access to files of those types by default. Allow for common file types to be registered as well (the OS provider could start with a list) and some basic grouping ("all text files", "all files") and you've got a reasonably sensible underlying model that wouldn't need a lot of exceptions to be manually permitted once set up and wouldn't need to present users with vast lists of types at installation time.
As I said, we're part way there already. Most OSes these days have some concept of "known types" and the applications associated with them. There are already conventions for things like where applications should store their configuration data on each platform. There are obviously app stores, distro mirrors and such that can cope with installing/uninstalling entire applications including all sorts of horrendous dependency management, so incorporating a simple file type system in there as well doesn't seem so hard.
Given the vast potential benefits to system robustness and security of locking these things down properly, I think you're awfully quick to assume the solution would be too complex to be workable. Compared to the horrors of file ownership and user/group systems on various modern platforms, it's practically a walk in the park. ;-)
What you are doing is adding an extra dimension to your permissions vector, instead of just worrying about which users can access what you have to think about individual programs. There are already implementations of this, for example SELinux.
It difficulties in that how do I know which files a particular program might need and how is this implemented at a UI level?
For example, what if a program asks for permissions on PNG files? Is this because it wants to manipulate them or is it simply that some of it's internal assets are stored as PNGs?
What happens if I add a plugin or update to a program that allows it to work with different file types? How do you prevent "dick moves" like a new program locking other programs out of a file type it decides to claim?
How do you implement the UI? Is it some central permissions manager or do you have endless popups (which people are likely to just unthinkingly click accept on)?
How exactly is a regular customer going to know what to type and where? Many have trouble with a GUI, let alone a CLI. And Archlinux is just one of many distros and has its own idiosyncracies (e.g. "Pacman" isn't going to work on Ubuntu out the box).
Installation of crapware has nothing to do with ease of installation, you've just purposefully made it seem drawn out.
You could've just said Google "CD to MP3" and a few results down is a "how to" guide that uses the open-source CDex program - with a step by step guide.
I am a linux user (linux mint cinnamon). When I need a new software, I launch the software manager, I type in the search criteria. This gives me a list of software. When I click a software, I have a list of users feedbacks and an install button. When I click install, it asks for my password and that is all.
When I am on the command line and I type a command that is not installed, I get:
jef@sweethome ~ $ 7z
The program '7z' is currently not installed. You can install it by typing:
sudo apt-get install p7zip-full
I just need to do copy paste and type in my password.
Sometimes, the software is not in the repository (for example xbmc), but the commands to type, or the installer to launch are clearly indicated on the site.
I was a windows user, software installation (and removal) is a lot easier now.
I have Ubuntu and the software manager works fine. I was just responding to the the comment that somehow the command line is easier than Windows's GUI for a regular user. Windows 8 and, presumably, future versions of Windows will have the same store format.
Regardless, I think your XBMC example highlights the difference. Ask a user to click on "Windows" from the XMBC download page and immediately the familiar installer starts downloading. Do the same for Linux and you're taken to a Wiki page. I doubt many regular users would know what Linux distro/version they're running let alone feel comfortable typing in those lines. For example Ubuntu, which is likely the most popular distro, includes these instructions:
"Make sure to have the multiverse repository enabled, see /etc/apt/sources.list, it is needed for libfaad0, otherwise you get
xbmc: Depends: xbmc-data (= 2:10.00~svn35648-lucid1) but it is not going to be installed
E: Broken packages
For more details, see the HOW-TO install XBMC for Linux on Ubuntu, a Step-by-Step Guide page"
The guides are more wikis the user has to read. This is where I think the familiarity and standard installer process of Windows outshines the ease of Linux. As for the crapware and such, that's a different issue which, as seen from this post, is a problem with Windows software more than Linux.
The solution some sites seem to use is just to look at the user agent. I often his software sites now and if there is a Linux version with an Ubuntu package it just gives me a big button that says "Download for Ubuntu", this either adds a repo or gives me a .deb which is as easy to install as a .msi.
> I am a linux user (linux mint cinnamon). When I need a new software, I launch the software manager, I type in the search criteria. This gives me a list of software. When I click a software, I have a list of users feedbacks and an install button. When I click install, it asks for my password and that is all.
Which isn't all that different to the app stores on other platforms. It's quite a long way from Aardwolf's command line pacman stuff above though.
If I wanted to rip an Audio CD into an MP3 on Windows I would insert the CD, which causes a popup dialog that offers to run the built-in media player that includes MP3 ripping.
These guys must be living in fear of Wire Fraud and Computer Fraud charges.
I'm less than half kidding. This is real destructive harm, so it's closer to the intent of the laws. The incredible churn rate is a pretty clear indication that end users dont want the software being installed. And here we have hundreds of thousands of systems compromised.
Selective enforcement of draconian laws is scary, really.
Ok, I think one thing I don't think people fully understand is how these companies actually make their money back.
Now in the past they will either try to sell you something or get you to fill in a CPA offer. Now 2012 has hit the IM/Internet Marketing industry hard mainly because people aren't spending money as much as they used to. Like I mentioned in another comment, basically the whole CPA industry is going belly up and will continue to do so in 2013.
So how do these guys make money? Well I know the biggest craze is to make toolbars that actually control your Facebook/Twitter/Email accounts. I've already seen one made for chrome and the guy had put a whosamungus tracking code in there that had over 10k people online at the time I checked it.
The toolbar was capable of sending mass private messages, posting on your wall and inviting all your friends to events on Facebook. And the problem is, it's pretty tough for Facebook to block this since it looks legitimate as the actions are directly coming from the browser and not a shady 3rd party site.
Another tactic which is more common is to replace websites advertising code with their own. This means replacing Adsense ID's or completely changing the banner code all together. This is what Kim Dotcom will be doing when he launches his new Mega site this week.
They also alter Google results so they can either promote their own sites or sell traffic to advertisers for profit.
So to think they are 'only' tracking your IP/Mac address, think again...
CPA = "Cost Per Action". Think of Cost Per Click advertising, except that instead of the publisher being paid when someone clicks on the ad, they're paid when the user takes a specific action (eg installing software, signing up for a newsletter, subscribing to a magazine etc).
Well basically it's almost a pyramid scheme. These companies will go and promote another crapware company and get commission off that. So basically it's like a giant loop.
Or they will sell the data they have harvested such as your personal details (email/full name/date of birth/___location) to a 3rd party.
Ok, so if I understand this: with the fb/twitter stuff, they are intercepting your private data and selling it. With Google adverts they are removing them and inserting their own (and their own ppc sales, I presume). And with the Google results companies pay them to alter the organic search results and place their link higher. Wow.
One thing to keep in mind is that YC funds groups. If a team is funded to do one thing, then pivots to doing something else later, it's not like YC is going to de-fund you. (I don't know anything about this specific company)
I actually think there's a lot of legitimate room in the "help developers make money" space. There are also a lot of ways to do it as a scam. I don't know the specifics of this company at all. If they pitched to YC as "we're building something to help developers make money, which is a problem due to ...", that's potentially legitimate. Desktop ads are clearly ok; PPI generally not ok.
I think you could even do PPI in a decent way. e.g. if I were installing a developer tool and got a "get 3 months of free developer VPN/backup/design/whatever service" offer as well via "click here to install", I wouldn't feel cheated or scammed.
Toolbars and AV clearly are generally scams, but there are businesses which involve signup or client software installation which have high enough LTV to justify this channel.
I think a YC and silicon valley funded company who was doing this kind of thing would be a lot more likely to go the legit route than someone who came from the spam world.
I'm definitely more inclined to give them the benefit of the doubt as another YC person, but mostly because I have no idea if they're good or bad based on what I've seen from them.
Not today, but this could be terrible for PR for YC over the medium term given the vitriolic hatred it inspires in techies, and I'll bet the reason PG is not responding here is because they're figuring out behind closed doors what they can and should do about this sort of thing. Obviously they don't tell their companies what to do, but they may end up needing to institute some additional general guidelines and contingencies if too many bottom-feeders get past their filters.
This is also why the "unbundling" of Windows turned out so badly for consumers. Not having a decent mail app or video/photos app by default (like the Mac) means people have to navigate this crap to get the most basic things done.
We (f.lux) have a similar experience to VLC: tons of cloned installers and inbound emails for a free product.
The past public disparagement of Microsoft's business model and praise of FOSS and Apple, makes fodder for easy conspiracy theories.
Rather than a conspiracy, however, I suspect it is more likely just a case where YC doesn't give a fuck about further degrading the Windows ecosystem.
Next time someone complains here on HN about Microsoft's malfeasance in locking down Windows RT, remind them that they have enterprise customers who don't want to deal with shit like this.
Wow....I thought these kind of companies stay and operate from the darkest corners of the internet, just like those CPA networks where you get paid to SPAM the hell out of the internet. Frustrating that these are coming mainstream and Y Combinator has backed one of them.
Actually you would be surprised. The biggest advertiser in the CPA industry over the last few years closed their doors a couple of months ago. And now the EPC (earning's per click) are about 20% of what they used to be, so the majority of CPA networks are either going broke or shutting down for good. I imagine that the majority of them will be closing their doors this year as well which is kind of sad.
As of now, not 1 of my friends promoting CPA offers is making money, they've either got themselves a 9-5 or just chewing through their savings.
Very interesting. Can you expand on that? I actually got out of the CPA industry around April 2012, when it stilled seemed to go well (though not as well as in the days of ringtone offers / acai and so forth)
Well I can say that the biggest CPA advertiser had a call centre which was there biggest way to earn back the commission they paid us to get us leads. Also these guys had big budgets, unlike all the other advertisers, so when there were days when a certain offer would earn more then 100k they would be happy to pay. I'm guessing the other networks didn't have enough liquid assets to pay back publishers on time (we would get paid every Tuesday usually). Also the main network wasn't fussy where the traffic came from, as where every other network wants organic traffic (which is basically impossible anyway), so they would usually cut you off as soon as you started sending social media traffic, email traffic, sms traffic etc.
But I primarily did email submit offers, they would convert as soon as someone put in their email so we would usually get conversion rates of 30-60% which was pretty dang good.
But yea acai/ringtone got wiped out when the FTC stepped in over all the 'legitimate' reviews and credit card companies got strict on rebilling (which was the only reason they made money).
The whole industry is struggling though, most people are now trying to make money from selling SEO services or reselling Facebook Fans and Youtube Views (which Google nuked the other day).
According to his Linkedin profile, he works for Microsoft Singapore, doing some "Master Black Belt" six-sigma synergy "Global Process Solutions" MBA-buzzword bullshit. And only since December 2011.
At 30c to $1.50 per install, these software companies are under a lot of pressure to make their money back and convert users. This would inevitably lead to some questionable practises which Install Monetizer can claim to be at arms length from.
Software I accidentally install, or am offered to install always leaves a bit of a sour taste in my mouth and reflects badly on the software I am originally trying to install.
There's a public company in Israel called Babylon whose business model is giving away a popular translator software in exchange for installing spyware. They're huge and are planning an American IPO this year. Some people here are saying that it's all a big stack of cards and investors are going to lose all their money, but the analysts are actually saying that it's a valid business model and the company is underpriced. I'm wondering who is right...
How is this business model of spying on your users different from Google's or Facebook's?
Active vs. passive, perhaps (although admittedly that distinction has shrunken substantially).
That is, "in the good old days", facebook or google really only tracked what you did, on facebook or google, while crapware could track everything you did on the computer.
Now, of course, as more and more of our lives are based around our browsers, and google and facebook track more of what you do anywhere on the web, not just on their sites, so I suppose it's not that different.
Would that be the same Babylon translation software that patio11 found advertising on the InstallMonetizer network? See his comment (and screenshot of the installer's default options) here:
http://news.ycombinator.com/item?id=5060399
Business-to-business services that are disliked by the public and involve any type of tracking or analytics aren't just class-action-lawsuit bait, they're ambitious-prosecutor bait. All they need is enough bad PR, which it looks like they're in the process of getting, to make the predators aware of the prey.
Judging from reactions here, they're not going to get much community support when the legal backlash inevitably happens, either.
Likely they got funded because they have a real way to make money! Unlike whoever offers the next airbnb for dogs.
From an ethical standpoint, better the devil you know? Windows freeware developers deserve some compensation for their work, and this seems less scuzzy than other drive-by downloaders. If it became widespread it might break out of the user-exploitation ghetto and pick up real, actually synergistic software to intelligently recommend.
No, Windows freeware developers offer their software for free. Their choice. If they agree that they 'deserve some compensation' for their work, they should sell it.
Why does Gittip exist then? It's funny that some developers should be compensated for the positive externalities of their work, but only the ones you deem appropriate. Working with this company would be choosing to 'sell' your work in a more accessible way. If you don't like it, don't install the bundled software and mail the dev a dollar
No, actually I think every developer deserves compensation. But they should ask for it, set a price. The business model with ad-/crap-/bloatware is equivalent to these annoying people (I see more and more of them on the streets) that hand you a rose/card/small ~thing~ right away, shove it in your face and ask for 2/5/10 bucks after you accepted what was quite obviously a gift. You see people fall for it all the time.
If the developer wants money for his program, he should ask for money for his program. Why would you even release 'freeware' if you don't want to give it away, no strings attached? It's your time, your project. Don't do that, if you want to earn money.
Erm - and 'working with this company would be choosing to sell your work in a more accessible way'? Really? More accessible?
If I don't like it (I don't, if that wasn't obvious enough) I remove the software, tell everyone to ignore that tool (both the software and the guy behind) and move on.
I think it's cognitive dissonance ( maybe I'm thinking of the wrong phenomenom ) that you 'see more and more of [these people]' every day. It makes this seem like a big bad trend, when really it's been happening forever and it just happens to support your point.
Lots of people release ad-supported free software, not because they want to turn a profit, but because they don't want a net loss. They aren't comfortable with asking for outright donations, but a small cash flow offsets the costs of serving the download and docs, and a little forum for users.
If you don't like software with ads, or software that bundles other software, that's fine. Don't use it. But I think it hurts free (as in beer) software development as a whole when you demonize any attempt to cover costs like this.
I like software with ads (well, sorta. CAN you like software with ads?). I don't run AdBlock on all my machines. I have "free" ad-supported Android apps. Bundling ads in an application is not the same thing as installing utter, total bullshit.
Your point is still very weak in my books, because you haven't explained in half a sentence why someone would like to release software as 'free' and still make money off it. The notion that this certain someone is too shy to ask for donations is .. weird. Believing that it's a viable alternative to bundle software that the end user with almost 100% certainty DOES. NOT. WANT. - seems crazy to me.
So many solutions. Shareware. Donationware. Free/Premium models. Just .. not releasing a software for free and putting a price tag on it, even if just the 'app' style 99 cents.
Installing crapware, toolbars, switching browser search engines and homepages etc. is an attempt to cover cost that is absolutely demonic.
I attempted it pretty well in the last post, maybe you missed it.
Free software costs money to host and maintain. If you want to break even, you need some long-tail income source to cover hosting, etc.
That was a full sentence, happy?
People who release free software are often not hustlers. Hell, if they had business sense, maybe they'd make it a paid product. If you don't feel comfortable asking for money in exchange for your software, ads and bundled installs offer a much lower friction way to cover your costs. Charging 99 cents for a desktop app is ridiculous right now, although maybe the windows and mac app stores will change that. Either way, collecting a few dollars per user directly is a huge pain in the ass.
If these companies did what they're supposed to do, it'd be more about discovery, and less about shoving downloads down your throat. I had this argument about IVRs yesterday; how do you make a good product in a field people hate? If everyone shouts down the notion of an IVR, who's going to bother making a good one? If everyone is automatically against bundled downloads, the best, least sleazy company in the world wouldn't stand a chance.
I got hit by that "take this rose, I will pretend to be mute until you do" ~18 years ago in Boston and Detroit, and hadn't seen it since. I thought it faded away, but maybe it sweeps through in waves as new people move into the city.
I saw the rose trick quite a lot through Germany in 2011, but I had no need/desire for a rose so I never fell for it. I did fall for the "free US flag sticker" in Philadelphia on Independence Day 2011. Supposedly it was some charity's method of fundraising.
I'll just hack your bank account and take your money to compensate for the positive externalities of my work. If you don't like it, use a stronger password and mail me a dollar.
What ethical standpoint is that? That's the devil which installs spyware on your machine.
So, they have a business plan, good for them. But it doesn't make them any less scammy, nor does it make it any less disappointing to see YC funding people with the same ethics as your average patent troll.
Hmm. I've actually heard of dumber ideas than that. Dog owners would prefer not to board their pets with commercial kennels, because you always get your dog back with some bug or another. A service that hooks up vacationing dog owners with local families who agree to take care of small numbers of other peoples' dogs might make some sense.
It would be interesting, I think the problem is that people are very attached to their pets. I have no idea how you can vet potential dog sitters, to give a good level of certainty that they won't lose/have sex with/eat your pet. It's like finding a babysitter on Craigslist.
If you don't understand that the thing that is more important than money is trust, then you shouldn't be in business at all. The minute you screw someone, you've lost them as a customer forever and you've ruined your own reputation.
Winzip and Nero use the Ask Partner Network (I used to work there on the Ask Toolbar) to monetize their free software, so that is probably where that first email came from.
Sadly, on Windows even Oracle's Java has the ASK toolbar.
Almost nobody has any pride left on the Windows-platform, user-abuse is rampant, almost expected. It's killing the platform and there's nothing Microsoft can do about it.
That really made me boggle when I saw it. "Wait, a massive business owned by the one of the richest guys in the world is whoring itself out for ... pennies from a washed-up search engine? WTF?"
I then sat for a minute, couldn't think of anything I'd done in the last several months that needed Java, and uninstalled it. I haven't missed it.
I personally think that Microsoft is far too willing to roll over and play dead when it comes to anti-trust issues.
They should simply ban any adware on Windows that is opt-out rather than opt-in. If anyone breaks that rule, they should put it in the anti-virus signature database for Microsoft Security Essentials, so it cannot be installed without the user going through hoops.
They should then go to the DOJ or the EU, say, "We want to clean up the user experience," back it up with articles from Mac-lovers like Walt Mossberg talking about how bad the crapware experience is on Windows, printouts of forums like this one showing nearly-universal hatred of these practices, etc.
And if the DOJ or EU say "No, we'll slap antitrust fines on you if you do that," then they should publish all of the correspondence publicly, and harness the waves of Internet fury to compel the regulators to back down. Even if the regulators don't back down, they'll get good publicity from actually taking responsibility for their platform and trying to clean it up.
P.S. The Bing toolbar doesn't help Microsoft's case. They should "take one for the user" and voluntarily eliminate the Bing toolbar. If they succeed in getting rid of all toolbars, then maybe they'll actually get more traffic to Bing, because users won't have their search engines hijacked.
I was considering mentioning Windows RT/Windows 8 and it's "Metro" (Modern) app-store. but decided that I wouldn't. Not because I didn't think about it, not because I wasn't aware of it, but because I decided that so far it seems not to be a very effective means to the end of salvaging Windows' reputation.
Especially given how the "Metro" platform so far seemingly have caused more negative user-feedback than positive-feedback, I'm not sure this counts as Microsoft "being able to do something about it".
I admit that I no longer use Windows daily and I've never tried Win 8 so I'm not super plugged in to what they're doing these days. But I don't see any inherit reason why Apple can more-or-less successfully bolt an App Store onto their OS while Microsoft cannot.
Doesn't help that whenever I read/hear "Metro" I flashback to the police in my living room collecting a statement about being assaulted on the train or an early morning ride through paris after spending the night filling out police statements for the same.
Maybe they were going for the "I love inner city public transport and its positive, upbeat experience" demographic. I must be one of those outliers who finds the act of being crammed like sardines into the sweaty, infectious mess of sheep to be just like Microsoft's attitude towards its customers, especially with Metro.
justcheck says "Sorry about that vulnerability that was all over the news, here is an update for you... but first maybe you would like to install the Ask Toolbar??? Yeah?"
There are links to desktop applications in store, so probably reason is not legal. Most likely it's because they want to move desktop applications to new APIs which are not ready yet.
Interestingly, the InstallMonetizer overview image [1] shows a dialog containing the text "customizable and will help you search the Internet" - which apparently is from the Ask Toolbar EULA...
I'm not sure if that's changed in the meantime, but I recall it being a refreshing change from every other system which defaulted to automatically installing additional software rather than the user specifically having to choose to opt-in.
When beginning working on our current startup, we decided to switch from Windows to Linux to make development easier. I was planning to keep a partition with Windows but I soon found out how being on Linux I didn't have to worry about shit like this anymore. Needless to say I don't use Windows anymore.
I've been trying to think what is the root cause of this sad state of affairs on Windows. Attacking the scammers is not going to work since obviously their scams are profitable (and legal enough to get away with...)
Is it (the lack of) education among users? I find it curious that when compared to financial products, where improving financial education is often brought up as a solution, there's a lot less mention of education when it comes to cases like these. Sadly this kind of "don't fall for these scams" computing education is not very transferrable to more productive uses of computing.
In a free market, if users stop falling for this crap (admittedly a tall order on Windows) then the scammers will naturally go out of business.
These products exploit/capitalize on computer illiteracy. That's not something I would personally be proud of, but computer illiteracy is the real problem here. Products like this can ultimately accelerate the correction of computer illiteracy.
That correction can come in the form of greater mainstream cultural impetus for computer literacy training, for operating system developerrs to prevent these types of actions (app stores of all platforms are decent at this), or by creating/expanding a market for products that intercept and neutralize this type of exploitation.
The more efficient the means of exploiting computer illiteracy, the sooner the exploit is, in some way, neutralized.
Man people really are looking for an excuse to hate on PG. One of the 200 companies they've funded does something spammy and all of a sudden it's "YC this", "PG that".
It's great to bring it to his attention, but these dudes are the ones building the spam engine, PG was just one of many investors in the company. We can't know how much of this he knew beforehand, but he says he's investigating, which isn't even the point. I'm sure PG was keen on investigating this without everyone pointing fingers at him like he made the decision to create this spamware.
InstallMonetizer were in the Winter 2012 YC batch (according to their site & TechCrunch), but they've been around since mid 2010. The YC folks had to know that installing toolbars was InstallMonetizer's business model... surely?
I don't want to hate on YC, I was just very surprised to hear they'd invested in this company, and I'm interested to hear what their reasons were.
I absolutely despise crapware, google or ask toolbars, etc. that are bundled with installers, however if there is a market for it and there is no law against it, it will happen.
And once Google/etc. one day has everyone's credit card info and charges us more often, I could totally see items starting to be added ala Vistaprint (if you've used Vistaprint you almost certainly know what I'm talking about) like magazine trial subscriptions, etc.
The more the economy sinks and people are less willing to spend, the more crap will get dumped on us. Fact of life.
I cling to the hope that there's something I'm not seeing here, but I fear that might not be the case.
All I see is a business model that on top of being reprehensible, is completely out of whack with the times, and even if successful promises to cannibalize itself out of existence by destroying any remnant of faith that Windows user still have in the Wild West of freely downloadable native Windows apps.
Please, let not today be remembered as the day that YC jumped the shark.
part of the problem is that, despite wishful thinking to the contrary windows is /the only/ large platform for desktops and the Windows 8 App Store might as well not exist, so the 'app store' argument is fundamentally flawed.
worse though is that this kind of stuff has ever been tolerated. its obviously shady... tricky adverts and sneaky buttons should be just as illegal as any other con or fraud. then they would not exist.
As a windows 8 user, I sort of expected that Windows would protect me from crapware bundles, especially since that was what destroyed my windows 7, vista, and all my previous windows experience. I guess not.
The post we're discussing mentions payouts of $0.30 to $1.50 per install. Factor in InstallMonetizer's unspecified cut, and you're looking at some pretty significant rates. What sort of software do you think can afford to pay that much to get bundled? If it's a trial up-sell at typical shareware pricing, it would need on the order of 10% conversion just to break even. I can't imagine a sensible monetization path for the bundled software that doesn't involve intrusive advertising. Any ethical review process would eliminate every applicant.
I'm still not sold that this can't be a legitimate business that cares about not bundling crap. Maybe payouts could decrease in size to attract more reasonable software and to grow their offering. It could be used for product launches for good apps. The opportunity here just doesn't seem as narrow to me as it does to others.
Just because some behaviour is acceptable to "InstallMonetizer" does not mean it will necessarily be acceptable to me.
Besides if they are seeking to maximise revenues for investors there will always be that incentive to find ways to justify bundling more intrusive stuff.
Like most people they probably know what sucks to have sprung on them. If they don't want their brand to suck as well then they can strive to align with peoples' expectations of how such software should behave. You don't like popups? I'll bet they know that.
I think the investors can see the value in not tarnishing the brand and so that might fuel their efforts to make sure none of their advertisers can be classified as malware/adware.
Problem is that the end user is probably going to think "My computer is full of pop-ups wtf is going on?" not "oh, I have popups because I installed FreePornApp 2.0 which came with InstallMonitizer 3, I'll make sure not to get anything with that bundleware again".
Offtopic: I'm sorry to tell but due to HN clumsiness your post in another topic has been declared nonpost, in the Orwellian manner:
http://news.ycombinator.com/item?id=5061390
This one, [dead]
My response would have been, that's exactly what we were discussing: having children to "choose" between pleasure now and maybe pleasure in distant future. Doesn't have anything to do with me.
Their users (scumware peddlers) aren't susceptible to market pressure from the poor bastards who end up with their vectored garbage ruining their computing experience. Where's the incentive to make less money, once it's nut-cutting time?
Like I said, review the software and get rid of the bad eggs. Not all of it will be bad, I'm sure, since not all of it is bad now. The incentive to leave some of the money on the table (the money from the bad people) is in not tanking your brand just to scrape in a few extra dollars.
The problem is that the end user is not the customer here, so the perception of their brand in the users eyes is nowhere near as important as the ROI they can deliver for the bundleware vendors.
Think of it like the IRS, they don't increase the tax take by being nice to people.
So who cares about their image then? The original software vendor, probably. If they bundle crap with your install then take it up with them. If enough people did then they would probably stop using this company. So it all comes back to them eventually. Even if it's not in a negative PR way.
That doesn't seem to have happened so far. It's difficult to find free Windows programs that don't come bundled with some crapware these days.
As mentioned elsewhere a lot of these things are actually open source software products that have been rebundled, thus the reputation they are hurting is not their own.
I expect it is partly also a result of Windows devs who start out trying to make money by selling a "pro" version of their software but then find that either enough people are happy with the free version and a good chunk of the remaining users just pirate the pro version anyway.
>Whether your moral compass disagrees with this or not, it's a legitimate business
My mother's proliferation of "helpful" toolbars in FF says otherwise. Whichever way you slice it, this is simply a way to prey on uninformed users and shittify their experience. Sure, there's a demand for it. That doesn't make it right.
>I'm sure they do everything to ensure the bloatware is just that, and not malware.
Well that's a giant relief. So InstallMonetizer is only selling your IP and MAC (!) to advertisers, instead of selling your CC number to the Russian mob. Cheers to small victories.
Can we cut this shit out? I know it's the inevitable Godwin's Lawification of a recent tragedy, but I thought HN was better than exploiting Aarons death to support every random negative view of the legal system. His death has nothing to do with spam applications
> Although the company claims it is all “non-personally identifiable data”, according to its website this surprisingly includes not only IP but the globally unique MAC addresses.
Enough with the scare tactics. A Mac adress is not, in any way, globally unique.
Excuse me. As a rule, a MAC address is a decent approximation of globally unique, certainly good enough to identify a single computer for advertising purposes. If you have a MAC address and it's not globally unique, it's defective and out of spec. Which isn't to say duplicates never happen (ultra-cheap rip-off network cards, virtual machines, reprogramming your hardware manually, etc), but... there's a reason they go through the rigamarole of partitioning out different OUI blocks to different network equipment vendors.
Just because it's not unique doesn't mean it's not personally identifiable.
For instance, you can quite often uniquely identify a person given their date of birth, gender, and zip code, none of which are nearly as unique as a MAC address[1]. Even the combination of these factors results in < 2 billion unique permutations, whereas the MAC address space numbers in the hundreds of trillions. That means, given a MAC address, I can narrow narrow down the "who" to a fairly small set of people. Add in even one other piece of scraped info, and you've got a pretty high level of uniqueness.
They are supposed to, but talk with any sysadmin or a guy hosting a big lan-party and you will know that, that isn't the case.
I have hosted several 300-400 person lan-parties and there is always two or three machines with the same MAC-address.
A MAC-address is somewhat unique, but it happens that manufactures re-use the address twice or more. I have a feeling that cheaper brands do it more, but I have nothing to back that up.
They are liars, shady business, IP violators and are downright dangerous.
They have all those great offers for you, but they refuse to give any details as soon as you ask any question. More than half of them are "the biggest in the world" (sic). They lie about download numbers, about download size, about number of software actually installed and about their connexions. They even lie on the actual payback price.
If you refuse, they build special websites, copying yours, with your IP and trademark and register adwords with your name, in every way possible.
They also resell their solutions/websites to other people, using "Affiliate networks", so that once you take one down, 20 appear. And the guy who you took down had no idea who you were or what the software was...
They also have deals with download.com/softopedia/softonic to change/rewrap your installer, without your agreement, often violating your license; or they give back money to those websites, so they are ranked higher than normal other downloads.
And of course, open source software are never respected.
I believe OP is very polite: There are no good reasons to not shame them publicly.