Fair Software InstallationThese days, we all download and install software from the Internet. And that software is rarely written entirely by one entity; rather, components are combined to create the programs we want. There is an increasing and disturbing trend to ship components that perform-system level tasks and have system-level effects. These effects are magnified because many of these components are installed without adequate notification to the user (either by omission, or deliberately).
The NEW.NET domain resolution component is a good example. This component is installed by a number of freely downloadable Windows programs on the Internet. Some of those programs notify the user that they are going to install the NEW.NET software; others do not.
Installation of NEW.NET alters the basic functionality of your system: It causes your system to behave in a manner that is inconsistent with international standards. That this is done in a stealthy manner is unacceptable. The fact that NEW.NET is unstable besides is another issue that we will deal with separately.
If I am installing a program that calculates speaker enclosure volumes, I shouldn't have to worry about it redefining my network stack and destabilizing my computer.
What does a reasonable software program or component do? It should perform its defined, published task. It should not consume excessive resources. It should have a defined starting point and defined ending point. If it is defined to be a service, it should publish that fact and indicate the starting mechanism it uses.
Let me draw upon the realm of commercial software for an example of a program that is an offender. Creative's PlayCenter 2 application is used to move music to and from Creative Nomad MP3 players. It can also play media. When you run the PlayCenter application, you get the functionality you expect. When you start examining your system files afterwards, though, the picture changes.
PlayCenter installs a service, a disk detection system, and a news collection daemon. It does not attempt to inform the user that these daemon-level processes are being put in place. It does not offer the option to make them manually-startable. Worse, the news collection daemon would actually chew up all your CPU idle time.
I think creators of software have some basic obligations:
- Inform users when drivers, services, or daemons are being installed.
- Allow users to omit any of the above that are not strictly necessary for program operation.
- Ensure that during uninstallation, system-level components are accurately removed, "leaving no trace."
- System-level and daemon components must be subject to a higher level of quality control. It is possible that some level of legal liability should be present for the corruption of the system.
- Transmit no information from a component to any party unless specification notification to the user has taken place, and is renewed on a periodic basis.
- Collect no information on a user without prior agreement, and a renewal of that agreement on a periodic basis.
The little war I mentioned earlier is going to get nastier soon. Uninvited components like Cydoor and NEW.NET are sure to take steps to defeat Ad-Aware and programs like it. If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques. This cycle will escalate, with each side taking new steps to ensure its dominance. Users will pay the price in decreasing system stability.
I am hard-pressed to see the difference between NEW.NET and the Sub7 trojan horse. Both subvert a computer for the purposes of others; both do it in stealth. The good folks at NEW.NET will surely disagree; they'll say that those applications that install their software inform the user, and as such, it really isn't their responsibility.
I say it is. NEW.NET makes active use of the component on your computer; I think that they cannot duck their responsibility for its behavior. They are a not passive participants; they are not a library component being used by others.
I've been beating up on NEW.NET quite a bit in this article. I suppose it's because the deinstallation of their component trashed the IP stack on my Windows 2000 system and it took me a half day to put it back together again. What the hell were they thinking when they stuffed a buggy service deep into my IP stack without telling me? I think they should have to compensate me in some way. A $250 Small claims court action here in Virginia might be a way to do it.
The bottom line is, where does it end? Software installation programs should install components that the user expects. Full disclosure should be the order of the day. There will always be violators, though. There are a couple of remedies which could help:
- A legal framework for "allowable" system modifications during installation can be created. By adhering to the requirements of disclosure and stability, manufacturers can avoid liability. The thread of liability may be required (although capped) to enforce conformance and responsibility.
- A technical framework in the operating system can establish and protect secure boundaries around the system's core. Certain operating systems already do this (Unix), but the most widespread consumer OS does not.
- A "signed installation" program, run by known entities, asserting that a given program and its installation don't violate the rules.
Just think -- what if NEW.NET decided to start redirecting www.bestbuy.com to www.circuitcity.com? Is there a law somewhere or a technical remedy for this situation? I think there should be.
Slashdot welcomes reader-submitted features; use the story submission page if you'd like to submit yours.