Note: This is a post from 18-March-2006 and is part of my blog migration.
While reading an article on some new security features in Vista designed to help stop spyware, I realized that I have a mental checklist I use to decide if I m going to install a piece of software. Vista will, by default, run in a non-administrator mode, which means that you ll have to type in a password when installing some types of software.
This is a good thing, something that Mac OS X does and that server operating systems (Unix/Linux, Windows Server, etc) highly recommend.
The problem with this is that some pieces of software that actually do something are secret carriers of spyware. So when you install the software, you get prompted for the administrator password, and the program merrily installs what you wanted as well as the spyware.
Not a good thing.
An example: when I switched a machine from XP Home to XP Pro, I did not realize that XP Pro does not support burning DVDs without extra software. (Which is fairly annoying; XP Home does, and one would think Pro would as a Pro user would be more likely to want to back up his files.
) So I did a little web-surfing for a free DVD-ROM burning program. The first three I found did burn DVDs. They also installed spyware and other things, in exchange for my free use of the software.
The EULAs did mention this, buried deep in the text.
So, without further ado, here are my checklists. The first one, Happy Signs, lists things that give me a good feeling that the software I m installing is safe.
The second one, Warning Signs, lists things that make me concerned. The third list, Meaningless Signs, lists things that seem useful, but turn out not to be. Neither list is iron-clad: you can still end up with spyware on your box.
These should decrease the likelihood of it, though. As always, follow at your own risk.
These signs are based on helping out the computer user.
They are not based on my being happy or sad about the sites, licenses, etc I mention.
1) The software was released under the or some other well-known standardized End-User Licensing Agreement ( ). While someone could write a spyware routine using the GPL, it s not particularly likely.
2) The software source code is hosted on . While someone could host spyware on there, it s unlikely as the source code is visible to everyone.
3) The software has a vocal group of supporters and/or is well-known.
, the blogging tool I use, falls under this category, as does .
4) It s free software from a company with a history of producing respected commercial software. Microsoft and others release some very handy tools for free.
These firms are very unlikely to release a spyware-infested application, and if they do, chances are it will make the news. (If you re running XP, especially on a laptop or with an LCD monitor, check out the from Microsoft.)
5) You don t have to be the administrator on the machine to run it.
(This is more for OS X, other unix-variants, and Windows Server OS.)
1) The EULA window is microscopic, requiring you to read 1500 lines of EULA in a four-line high, half-a-sentance wide window.
2) You ve never heard of the software or the company before, yet it makes amazing claims.
If the software claims Rips CDs in microseconds! Organizes your photos! Washes your laundry!
And it s FREE! , be very skeptical.
3) The software states that everything it installs must be left on the machine or the application will quit running.
Sadly, some spyware detection and removal software, among other types of software, requires that you keep their own spyware on your machine or their software quits working.
4) The software comes from a website with a top-level domain ( ) that you ve never heard of. (TLD is determined by the last letters after the final dot in the address.
.com , .edu , etc are examples of a TLD.
) While the software may or may not be legitimate, it may have had the installer modified to install spyware on your machine. Sadly, Russia ( .ru ), among others, is not a place I d trust to download software from.
5) You found it on a site with the word free in the web address. A lot of these places are huge clearing houses where anyone can upload software and it s not scanned for spyware.
6) It s on a CD or DVD someone was handing out, for free, at an event, even if it s supposedly just a music CD.
If you put the CD in the computer and it demands to install something, decline. Sadly, some installers install the spyware even after you clicked no . Check online before inserting the disc.
7) A media file you have says, This file can only be played using our special viewer. Shall we install it? If the format was superior to what s out there, other viewers would support it.
Chances are, this is a cover for spyware or other system-altering (in a bad way) software.
8) Anything that installs programs not related to the application s purpose. If the application comes with any software that claims to improve your web-browsing experience, be very suspicious.
1) The EULA doesn t mention spyware. Spyware people are not nice. While some companies will admit (buried in the text) that they are installing spyware, usually in an attempt to shield them from possible legal ramifications, we re dealing with a morally suspect group.
2) The company admits it s tracking what you do, but only to give you a better experience. Given that these firms EULAs always state that the firm can change the EULA at any time, you have only their word they re being nice with your information and that they re only collecting what they say they re collecting.
3) There s a huge media fuss over it.
Apple got a lot of bad press for having iTunes display recommended songs based on what you were playing. Then again, see #2: we only have Apple s word they weren t doing anything bad with it. Then again, again, if you bought the song from the iTunes Music Store, they already know what you like.
Then, again, again, again, if all your music is ripped from your CDs, it s none of Apple s business what music is on your machine. You can see why this is on the Meaningless Signs list.
4) The website says all of its files are spyware free.
It may be true, it may not be true. Do they consider programs that spy on you that admit it in the EULA to be spyware? Are all files scanned before being made available for download?
Or can they be up for a while before they re scanned? Definitions of terms are important.
There are some great pieces of free software out there.
The problem is weeding out the good stuff from the bad. Following these guidelines should help a bit. Happy computing.
on Friday, October 13th, 2006 at 10:22 pm and is filed under , , . You can subscribe via feed to this post's comments. You can , or from your own site.
Your comments will appear immediately, but I reserve the right to delete innapropriate comments.
News RSS