Fair Software Installation

rossjudson writes: "There's a little war going on in your computer; it's a war that you might be aware of if you're an experienced computer user. If you're new to the game, there's very little chance you know about it, but it affects you, and it gets worse, not better. The battleground in this war is your CPU, your disk space, and your system's stability." He's got a particular beef with NEW.NET, but lays out (in the article below) what he thinks is a workable, generalized code of conduct for software installation.

Fair Software Installation

These days, we all download and install software from the Internet. And that software is rarely written entirely by one entity; rather, components are combined to create the programs we want. There is an increasing and disturbing trend to ship components that perform-system level tasks and have system-level effects. These effects are magnified because many of these components are installed without adequate notification to the user (either by omission, or deliberately).

The NEW.NET domain resolution component is a good example. This component is installed by a number of freely downloadable Windows programs on the Internet. Some of those programs notify the user that they are going to install the NEW.NET software; others do not.

Installation of NEW.NET alters the basic functionality of your system: It causes your system to behave in a manner that is inconsistent with international standards. That this is done in a stealthy manner is unacceptable. The fact that NEW.NET is unstable besides is another issue that we will deal with separately.

If I am installing a program that calculates speaker enclosure volumes, I shouldn't have to worry about it redefining my network stack and destabilizing my computer.

What does a reasonable software program or component do? It should perform its defined, published task. It should not consume excessive resources. It should have a defined starting point and defined ending point. If it is defined to be a service, it should publish that fact and indicate the starting mechanism it uses.

Let me draw upon the realm of commercial software for an example of a program that is an offender. Creative's PlayCenter 2 application is used to move music to and from Creative Nomad MP3 players. It can also play media. When you run the PlayCenter application, you get the functionality you expect. When you start examining your system files afterwards, though, the picture changes.

PlayCenter installs a service, a disk detection system, and a news collection daemon. It does not attempt to inform the user that these daemon-level processes are being put in place. It does not offer the option to make them manually-startable. Worse, the news collection daemon would actually chew up all your CPU idle time.

I think creators of software have some basic obligations:

1. Inform users when drivers, services, or daemons are being installed.
2. Allow users to omit any of the above that are not strictly necessary for program operation.
3. Ensure that during uninstallation, system-level components are accurately removed, "leaving no trace."
4. System-level and daemon components must be subject to a higher level of quality control. It is possible that some level of legal liability should be present for the corruption of the system.
5. Transmit no information from a component to any party unless specification notification to the user has taken place, and is renewed on a periodic basis.
6. Collect no information on a user without prior agreement, and a renewal of that agreement on a periodic basis.

There's been a longstanding battle between virus writers and anti-virus software. The equivalent to anti-virus software in the component world is Lavasoft's Ad-Aware. If you haven't run it before and you have a Windows box, get it and run it. The first time can be a real shocker -- tremendous amounts of crap can build up in your system without you knowing about it.

The little war I mentioned earlier is going to get nastier soon. Uninvited components like Cydoor and NEW.NET are sure to take steps to defeat Ad-Aware and programs like it. If I wrote a stealth component today, I would have it seek out an Ad-Aware signature file and modify it to ignore me, or add my directory to the ignore lists. Ad-Aware could respond by digitally signing the files, or with other techniques. This cycle will escalate, with each side taking new steps to ensure its dominance. Users will pay the price in decreasing system stability.

I am hard-pressed to see the difference between NEW.NET and the Sub7 trojan horse. Both subvert a computer for the purposes of others; both do it in stealth. The good folks at NEW.NET will surely disagree; they'll say that those applications that install their software inform the user, and as such, it really isn't their responsibility.

I say it is. NEW.NET makes active use of the component on your computer; I think that they cannot duck their responsibility for its behavior. They are a not passive participants; they are not a library component being used by others.

I've been beating up on NEW.NET quite a bit in this article. I suppose it's because the deinstallation of their component trashed the IP stack on my Windows 2000 system and it took me a half day to put it back together again. What the hell were they thinking when they stuffed a buggy service deep into my IP stack without telling me? I think they should have to compensate me in some way. A $250 Small claims court action here in Virginia might be a way to do it.

The bottom line is, where does it end? Software installation programs should install components that the user expects. Full disclosure should be the order of the day. There will always be violators, though. There are a couple of remedies which could help:

1. A legal framework for "allowable" system modifications during installation can be created. By adhering to the requirements of disclosure and stability, manufacturers can avoid liability. The thread of liability may be required (although capped) to enforce conformance and responsibility.
2. A technical framework in the operating system can establish and protect secure boundaries around the system's core. Certain operating systems already do this (Unix), but the most widespread consumer OS does not.
3. A "signed installation" program, run by known entities, asserting that a given program and its installation don't violate the rules.

These remedies are necessary as the entities creating these components can't be counted on to do the right thing. Their business models are often predicated on the stealthy gathering of knowledge, and the altering of what goes into your computer.

Just think -- what if NEW.NET decided to start redirecting www.bestbuy.com to www.circuitcity.com? Is there a law somewhere or a technical remedy for this situation? I think there should be.

---

Slashdot welcomes reader-submitted features; use the story submission page if you'd like to submit yours.

Property Questions

[Loundry]

I've long maintained that I do not think that information is property, and I therefore can't agree with things like Intellectual Property laws.

This post raises some interesting thoughts: are my computer's CPU cycles and my system's stability my "property"? Do companies have a right to infringe on those things? Do I have a right to sue if other companies infringe on those things without my explicit permission?

Don't mod me up; I just want to see the discussion that ensues. :)

interesting article

[Str8Dog]

RIAA and MPAA have made huge strides to protect thier copyrights. But the same companies would see no problem with this type of deception. We really want the government to say away from regulating the computer industry, but untill they do this BS will continue to get worse. The average AOL user has no idea and are building a army of zombie DOS machines and now an army of zombie marketing harvesters....

If Spyware would only follow these rules...

[jjhall]

I installed Kazaa the other day at home, knowing it would attempt to install the BDE3 (I think) viewer. Since my hard drive is NTFS, I created the BDE directory under my second account, and used NTFS permissions to be only readable/writable by the "Administrator" account. I thought that would stop it from installing. I was wrong, however. The program simply installed inside of a different directory.

It doesn't run because I did the same thing to that directory, but it still installed when I took fairly advanced measures to prevent it. The fact that programmers are writing applications that users have no control over is a step in the wrong direction. I don't want the "3D Advertising Projector" on my system, yet it installed anyway. That to me sounds like something Norton should be protecting from...

I do write simple programs for personal use for myself. I have given a few to friends, but I never install a "Jeremy in 3D" viewer or anything like that. Note to programmers: If it is ABSOLUTELY ESSENTIAL to the operation of the program, go ahead and force installation, but tell the user what it is and why you need it. If it is not essential, simply put a check box to not install it. Or at least instructions on how to safely remove it.

I understand that Kazaa is trying to make some money by forcing ads, but when people won't even install their software because of the ads, they are shooting themselves in the foot. If they used simple HTML banners, I probably wouldn't go to the trouble to block them.

Another thing that annoys me greatly is the Real Player (whatever they are calling this version) notification program. It pops up ads and new version notifications near the systray. There is not an option ANYWHERE I can find to disable that function. They used to have the real icon in the tray that you could close. And they had an option to keep it from loading. How much of my system resources is it taking to check in the background for new updates/ads? There are a few things I need real for (unfortunately) or I would uninstall it and be done with it. If I try to play a stream that won't play with the version I have, I will upgrade on my own. I don't need a resource hog app telling me when to upgrade.

Earthlink and my neighbor's PC

[dpilot]

A while back, my neighbors switched from Earthlink to Adelphia cable. Trying to be a good netizen, I spoke with them about getting a firewall, and set up a time to install Zone Alarm on their machine.

When I went over, they made a side mention about all the stupid popup ads they were getting on Adelphia, how they hadn't gotten them on Earthlink, and Earthlink had promoted, 'No ads with us.' I responded that we didn't get any more than normal popups, on either Linux or Windows.

So we installed Zone Alarm, and started up the cable link, again. First thing we see is a program out of an Earthlink directory attempting to contact the nameserver. Press the 'No', and the popups were gone. Apparently some piece of Earthlink software got in a tiff because the nameserver belonged to another ISP, and decided we needed to be punished.

sandboxing is the solution

[Anonymous Coward]

Ive been running a Norton personal firewall that came packaged with my machine. Its amazing to see how much software tries to access the internet. Even better is the option to block it.

I run w2k, and whilst I havent tried this yet, Ive often wanted to run installers under seperate user account with limited privileges. The only problem is that a failed install can be worse than the install itself. Further, by default, w2k gives pretty much all priveleges to 'everyone'. Locking down w2k is a hit and miss afair, unless you know exactly what software needs what permissions. If you make a mistake, things just stop working, and its a bitch to figure out why.

It would be nice to have something like a personal firewall that alerts me anytime some software tries to permorm an action which it doesnt have permission to do. With a system like that, I could give permissions out on a single use basis, or on a permanent basis, or not at all.

In this way, I can adapt the security priveleges to each piece of software on a case by case basis, essentially running each proggie as a different user.

If I trust some software, I can move it to a more priveleged group, and kill any warnings that way.

The other thing I hate about software installers is that they always want to install thier software in a folder named for the company rather than the product. Who really remebers that 'WidgetFandagler32' is made by 'OneProductSoftware', and to look it up by that name in their folder list.

Re:There is a "signed installation" system out the

[IIOIOOIOO]

You have the right idea, but WHQL is for hardware drivers, which is nice in and of itself. Rather, microsoft will sign software for you if you consent to pass a bevy of tests that determine whether or not you play nice with the OS, including not thrashing system files. Unfortunately, this kind of certification is VERY expensive, and not really an option for shareware authors. What would be nice is creation of an independent, cheaper organization that would supply similar certifications.

That's actually an interesting idea

[drew_kime]

Yeah, I guess I could create a new user in Linux with just the permissions I want to give it for every program on my computer, then run the program with the appropriate user.

Or, you could write an installer application that you run to manage all other installations. Have this app create a new user for each program as it's installed, with these users members of the "installer" group. That way nothing you install later could overwrite anything else you installed.

If there's an insoluble technical reason why this wouldn't work, I'm sure someone will tell me. Problems I see:

• Several apps dynamically link to the same library. You try to update one of the apps, and it includes an update to that library. Only the one that initially installed it can do this. (This could actually be a good thing.)
• Massive proliferation of users. Would this require rethinking what a "user" is? Or is it really even a problem?
• Would the installer have to run as root for this to work?

I'm sure there are other problems, but at first glance I like the idea.

Alarm program for installers?

[esnible]

What's needed is a program that monitors installation programs and reports if they are attempting to do something shoddy.

Sort of a 'ZoneAlarm' for setup.exe files, which monitors nasty registry changes, DLL overwrites, etc.

It's not impossible for a Win32 'debugger' to control and watch an install program. I know there are trace programs, and Bounds Checker, but none seem designed for the person who just wants a button to kill and undo an installation that touches, for example, the winsock DLL.

Re:Slightly offtopic

[Technician]

I just removed Macromedia software from my system. Most of the content it runs is ads. Unfortunately they defaulted it to autoplay. Play could not be shut off while it was loading content. Many ads would end in some kind of animated GIF that still ran even with play and loop unchecked. It would only stop after unchecking loop, play and rewinding the annimation. Too bad they tried to satsify the content providers (advertisers) instead of the end users. All it would have needed was a configuration that a user could set up to not run flash automaticaly. A simple play button on a annimation would have been nice. It was the lack of configuration options that convinced me to remove Macromedia completely.

I installed RealPlayer recently...

[Remus Shepherd]

Yes, despite every warning I've heard, there was a .ram format video that I really wanted to watch, and so I thought it would be okay to install RealPlayer just briefly. And now, I am living a nightmare.

My Windows 98 box, which was none too stable to begin with, is having serious problems with blue screen crashes and registry errors. RealPlayer auto-loads things on startup, most notably a scheduler that goes out and checks for updates once a week with no way to turn it off. It's taken over dozens of file types, even ones that it apparently doesn't handle. And -- most annoying of all -- it has no Uninstall option, which I would expect of any professional software. I think I've pulled all the auto-loading parts of this demonic software out of my startup scripts, but to really be rid of this evil thing I'm looking at a full reformatting of my hard drive.

No software package should ever put a system in that kind of state.

Why so many "off-topics" in this thread?

[mangu]

The post that started is actually mildly "funny". The others are mostly on-topic, since they point to the weakness in the basic assumptions in the article: if you have a M$ box, how can you expect to control the software installation process? Haven't all the legal proceedings against them been enough to convince everybody that the Windows API is undocumented enough to be dangerous to your system stability? After reading so many "experts" state that "Windows 2000 is the stablest Windows ever", why is it that I'm not surprised at all to read that a simple software installation can trash the IP stack?

Re:What New.Net is:

[rbeattie]

I've often wondered what would've happened if Microsoft had thought of this several years ago - or decided to do something similar tomorrow.

Imagine if every WindowsXP that was sold had browsers that resolved Microsoft Name Service ( MSNS or simply ".NET") addresses? Imagine if Microsoft had thought about this in 1997 and every Microsoft browser (forget any other internet app - since that's obviously what New.net is doing) since then checked Microsoft.com's MSNS service for it's own custom domain names BEFORE your local DNS?

If they marketed it enough, my Mom wouldn't know the difference between .com and .shopping (a Microsoft-only domain).

It's an interesting thought... they could've controlled A LOT more of the internet than they do already. Maybe Microsoft isn't as smart and vicious as we all think...

But you know, all the ICANN haters always point out that the DNS system we use today is strictly voluntary and they have a point.

-Russ