Moore_BT
@ev1servers.net
| reply to eburger68
Re: Adware Installed through WMA Files
Hi , we have been tracking Overpeers network poison at Bluetack for a while , long before they were bought out by Loudeye corp last year.
Their garbage files are quite easy to find once you know what to look for , and most people will find them as fake file sources on the larger p2p networks such as fasttrack and emule.
I posted a current list of Overpeer IPs in this thread at spyware warrior, »www.spywarewarrior.com/viewtopic.php?t=8920 , but I'll post them here too for those that are interested in avoiding them. 
OVERPEER Inc:64.14.37.128-64.14.37.159
OVERPEER Inc:64.14.40.160-64.14.40.191
Overpeer Inc:64.14.50.224-64.14.50.255
OVERPEER Inc:64.14.61.64-64.14.61.95
Overpeer Inc:64.14.63.64-64.14.63.95
Overpeer Inc:64.15.164.128-64.15.164.159
Overpeer Inc:64.15.165.0-64.15.165.255
overpeer:64.15.202.0-64.15.202.255
OVERPEER Inc:64.15.226.96-64.15.226.191
OVERPEER Inc:64.15.227.224-64.15.227.255
OVERPEER:64.15.228.16-64.15.228.191
OVERPEER Inc:64.15.228.224-64.15.228.255
overpeer:64.15.229.32-64.15.229.63
Overpeer Inc:64.15.231.64-64.15.231.95
overpeer:64.15.234.128-64.15.234.159
OVERPEER Inc:64.15.234.224-64.15.234.255
Overpeer Inc:64.15.237.128-64.15.237.159
Overpeer Inc:64.15.238.64-64.15.238.95
Overpeer Inc:64.15.239.96-64.15.239.127
overpeer:64.15.245.0-64.15.245.32
Overpeer Inc:64.15.248.0-64.15.248.255
Overpeer Inc:64.15.250.0-64.15.250.31
Overpeer Inc:64.15.254.192-64.15.254.223
Overpeer Inc:64.37.197.0-64.37.197.255
Overpeer Inc:64.39.36.0-64.39.36.31
Overpeer Inc:64.39.51.0-64.39.51.255
Overpeer Inc:64.41.133.160-64.41.133.191
overpeer:64.58.66.192-64.58.66.223
Overpeer Inc:64.70.90.0-64.70.90.255
overpeer:64.75.4.192-64.75.4.223
overpeer:64.85.76.0-64.85.76.255
overpeer:64.92.128.0-64.92.159.255
overpeer:64.209.193.0-64.209.193.255
Overpeer Inc:64.209.230.200-64.209.230.223
Overpeer Inc:64.209.230.244-64.209.230.247
Overpeer Inc:64.211.224.192-64.211.224.223
Overpeer Inc:66.37.217.0-66.37.217.255
Overpeer Inc:66.119.42.160-66.119.42.191
Overpeer Inc:66.128.66.0-66.128.66.255
Overpeer Inc:66.128.225.128-66.128.225.191
Overpeer Inc:66.128.226.0-66.128.226.255
Overpeer Inc:68.167.223.144-68.167.223.159
protectedmedia.com:69.42.75.213-69.42.75.213
Overpeer Inc:206.132.28.0-206.132.28.255
Overpeer Inc:206.132.30.192-206.132.30.223
Overpeer Inc:208.48.64.0-208.48.64.255
OverpeerInc:208.48.65.64-208.48.65.95
OverpeerInc:208.50.134.0-208.50.134.31
OverpeerInc:208.50.162.0-208.50.162.255
OverpeerInc:208.50.172.0-208.50.172.255
OverpeerInc[Network-Poisoning]:209.67.69.160-209.67.69.191
OverpeerInc-Overpeer Inc.:209.67.79.0-209.67.79.255
OverpeerInc-Overpeer Inc.:209.67.193.160-209.67.193.191
OverpeerInc-Overpeer Inc.:209.67.197.0-209.67.197.255
OverpeerInc:209.143.192.0-209.143.192.255
OverpeerInc:209.143.193.192-209.143.193.223
Overpeer Inc:209.143.226.0-209.143.226.255
Overpeer Inc:209.143.249.0-209.143.249.255
Overpeer Inc:209.185.173.0-209.185.173.255
Overpeer Inc:209.202.129.0-209.202.129.255
Overpeer Inc:209.225.29.128-209.225.29.159
Overpeer Inc:209.225.44.0-209.225.44.255
Overpeer Inc:216.19.128.0-216.19.128.255
Overpeer Inc:216.19.160.0-216.19.175.255
Overpeer Inc:216.33.34.0-216.33.34.255
Overpeer Inc:216.33.203.0-216.33.203.255
Overpeer Inc:216.34.36.32-216.34.36.63
Overpeer Inc:216.34.37.0-216.34.37.255
Overpeer Inc:216.34.42.0-216.34.42.255
Overpeer Inc:216.34.78.0-216.34.78.255
Overpeer Inc:216.34.95.0-216.34.95.255
Overpeer-scum-Network-Poisoning:216.34.106.0-216.34.106.255
Overpeer:216.34.160.0-216.34.162.255
Overpeer:216.34.164.0-216.34.175.255
Overpeer Inc:216.34.222.0-216.34.222.255
Overpeer Inc:216.35.64.160-216.35.64.191
Overpeer Inc:216.35.67.32-216.35.67.63
Overpeer Inc:216.35.70.192-216.35.70.223
Overpeer, Overpeer Inc:216.35.71.0-216.35.71.255
Overpeer:216.35.73.128-216.35.73.159
Overpeer:216.35.74.224-216.35.74.255
Overpeer Inc:216.35.77.64-216.35.77.95
Overpeer Inc:216.35.79.64-216.35.79.96
Overpeer Inc:216.35.83.0-216.35.83.255
Overpeer Inc:216.35.172.0-216.35.172.255
Overpeer Inc:216.35.212.96-216.35.212.127
Overpeer Inc:216.35.217.0-216.35.217.255
Overpeer Inc:216.39.34.0-216.39.34.255
Overpeer Inc:216.39.89.0-216.39.89.255
Overpeer Inc:216.48.66.0-216.48.67.31
Overpeer Inc:216.64.212.0-216.64.212.255
overpeer:216.74.130.0-216.74.131.31
overpeer:216.74.134.128-216.74.134.159
overpeer:216.74.135.160-216.74.135.191
overpeer:216.74.143.64-216.74.143.95
Overpeer Inc:216.74.146.160-216.74.146.191
Overpeer Inc:216.74.150.0-216.74.150.15
Overpeer Inc:216.74.159.64-216.74.159.95
Overpeer Inc:216.74.164.192-216.74.164.223
Overpeer Inc:216.74.169.96-216.74.169.127
Overpeer Inc:216.74.172.0-216.74.172.255
overpeer:216.144.70.0-216.144.70.255
Overpeer Inc:216.144.71.0-216.144.71.255
Overpeer Inc:216.177.72.96-216.177.72.127
Overpeer Inc:216.182.162.64-216.182.162.95
Overpeer Inc:216.182.196.160-216.182.196.191
Attempting to load a Overpeer protected file on your system will also leave one of these in your temp folders:
C:\Documents and Settings\*\Local Settings\Temp\drmtemp1.htm
hxxp://licenses.overpeer.com/simple_license.aspx
Also see www.ondemanddistribution.com :
»www.whois.sc/ondemanddistribution.com
Moore
»www.bluetack.co.uk |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  reply to eburger68
RIAA/MPAA Contractor Deploys Malicious Trojans!!
»it.slashdot.org/article.pl?sid=0···2&tid=17
"Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute P2P networks."
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
bedelman
Premium
join:2004-06-20
Cambridge, MA
| reply to bobince
which programs get installed
Andrew:
That's another great find, as usual.
I took a look at one of these WindowsMedia files, let it install on a test PC, and made a list of what programs I got. 31 programs, 11000+ registry entries. Not a pretty sight.
Write-up and selected screen-shots »www.benedelman.org/news/010205-1.html .
Ben |
|
GercekSeytan
Rockin' with Raki
Premium
join:2001-10-19
Turkey |  Great link. Thanks much. |
|
Schouw
Premium
join:2003-05-29
Netherlands
| reply to eburger68
Re: Adware Installed through WMA Files
said by eburger68  :The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the Windows Media file for playing. I've seen similar cases in 2003, so this isn't exactly a new approach. 
--
Not speaking for Kaspersky Lab |
|
edbott
join:2005-01-02
Scottsdale, AZ
| I've been following this story for a couple of days. At Eric's request, I'm posting a summary of what I found here. You can get all the details of my tests, including some screen shots, at my blog, where comments are welcome:
»www.edbott.com/weblog/archives/000340.html
The PC World story contained several errors and some misleading statements.
I have not identified any circumstance in which this exploit can install software on a computer that has a properly patched version of Internet Explorer. The victim must specifically click a button to install the spyware.
The programs in question are digitally signed and are from known companies. The terms of service make it clear what you're getting. It takes one click and 10 seconds of reading to realize that the correct answer is no.
The installation mechanism uses social engineering tricks that could fool a naive user. These are the same tricks that are used on Web pages (especially porn sites) to install spyware.
You are most likely to acquire one of these "poisoned" WMA files from a peer-to-peer file-sharing network. The risk that you will get a file like this from a reputable music seller that uses digital rights management is as close to zero as it is possible to get.
If you use Windows XP with Service Pack 2 and Windows Media Player 10, you are completely protected.
If you have restricted ActiveX programs from being installed on your computer, you are completely protected. If you have assigned a program other than Windows Media Player to play back Windows Media content, you should be protected as well, although I didn't test this scenario.
Clearing the option to acquire software licenses automatically seems to have no effect on this exploit.
I don't see this as a new and horrifying security risk, the way some observers do. This is yet another variation of the tried-and-true tactics that spyware providers have been using for years to push their crap: social engineering combined with ActiveX "push" installations. I urge Microsoft to patch this behavior for Windows Media Player 9, but anyone who is aware of current security practices shouldn't fall for this stuff. |
|
eburger68
Premium,MVM
join:2001-04-28
4 edits | Ed:
Thanks for posting this summary and for your detailed write-up at your blog site. As will become apparent, I happen to disagree with some of your specific assessments and conclusions, esp. regarding the seriousness of this problem.
You wrote:
said by edbott :I have not identified any circumstance in which this exploit can install software on a computer that has a properly patched version of Internet Explorer. The victim must specifically click a button to install the spyware. Yes, but there are plenty of users out there who will not be running the "latest and greatest." We still need more information about the effect of these files on earlier versions of Internet Explorer and other versions of Windows besides XP SP2. Moreover, even if a properly patched version of Internet Explorer currently prevents complete stealth installations, I have to wonder long will it be before we see IE security exploits that can be combined with the WMA DRM features to bypass the XP SP2 warnings. Past experience with IE suggests not very long, and indeed there is already an unpatched exploit that works on XP SP2 -- see:
»news.com.com/Trojan+horse+threat···709.html
»securityresponse.symantec.com/av···l.a.html
said by edbott :The programs in question are digitally signed and are from known companies. The terms of service make it clear what you're getting. It takes one click and 10 seconds of reading to realize that the correct answer is no. Here I think you draw the wrong conclusions. The fact that the programs in question are digitally signed is absolutely no guarantee of their safety. In fact, the proper conclusion is just the opposite. 95 percent (if not more) of the spyware and adware that we see on the Net is digitally signed, and that fact is damning. As has become blindingly apparent, Versign will issue digital certs to just about anyone, including the worst of the worst who force-install porn dialers on unsuspecting users' computers.
All that digital cert really guarantees is that program was signed by the holder of the cert (whoever that is) and that the program was not altered in transit. It cannot provide users assurances as to the trustworthiness of the holder of the cert, the vendor's privacy practices, or the safety of the program itself.
Finally, as Ben noted in his comment on your blog (see »www.edbott.com/weblog/archives/000340.html ), the installation practices used here hardly "make it clear what you're getting."
said by edbott :The installation mechanism uses social engineering tricks that could fool a naive user. These are the same tricks that are used on Web pages (especially porn sites) to install spyware. This part needs to be emphasized. What we have here is yet another channel for spyware and adware vendors to spring unwanted software on unsuspecting users in completely confusing circumstances. Even though the software is not installed automatically on a properly patched version of Internet Explorer at present, many users will be justifiably confused and think that they must install the program. We already know this happens at web sites that initiate the installation of third-party ActiveX controls. When users encounter this sort of installation prompt in the context of playing what looks to be a DRM-protected media file, it is even more likely that users will come to the erroneous conclusion that the installation is required.
said by edbott :You are most likely to acquire one of these "poisoned" WMA files from a peer-to-peer file-sharing network. The risk that you will get a file like this from a reputable music seller that uses digital rights management is as close to zero as it is possible to get. Given that we only just recently discovered this technique for installing adware and spyware, I think it is far too early to declare this problem to be limited primarily to P2P networks. Certainly the first examples of rogue WMA files have been encountered on a P2P network, but as I emphasized in my first post in this thread, I regard the P2P angle to be a red herring.
I don't think it will be too long before we start seeing these WMA files outside of P2P networks -- on porn sites offering free "sneak previews," for example, but also on apparently legitimate music sites offering free and legal samples of music available for legitimate download and purchase. Indeed, one can easily spin out a whole raft of potential uses for this particular "feature" of WMA files.
What this does is open a whole new adware channel for web sites and companies looking for new sources of advertising revenue. If you're running a music site, for example, no longer do you have to mar your main web site with sleazy drive-by-downloads -- now you can bundle adware more discretely through the media files offered by the web site. And think how remarkable it is that Overpeer has decided to turn to adware to improve its financial base! Will others start to follow that example? Let's hope not.
said by edbott :If you use Windows XP with Service Pack 2 and Windows Media Player 10, you are completely protected. Yes, and that's good to hear. But the majority of the world is not running XP SP2. And as your own testing revealed, even XP SP2 users may encounter the ActiveX Security Warning box if they're running WMP 9 because, as you noted, "it appears that the instance of IE that is being hosted in the WMP9 License Acquisition dialog box is not interacting properly with the security restrictions in SP2" (see »www.edbott.com/weblog/archives/000340.html ). And the minute users encounter that warning box -- which we already know most users find inherently confusing and disorienting even in the context of web pages -- they are at risk for mistakenly installing software they don't want or need, as Ben properly emphasized.
said by edbott :If you have restricted ActiveX programs from being installed on your computer, you are completely protected. If you have assigned a program other than Windows Media Player to play back Windows Media content, you should be protected as well, although I didn't test this scenario. All of this is good advice, but again many users will not have restricted ActiveX controls in the Internet zone -- they will have accepted the defaults assigned by Microsoft. Moreover, many users will find it too inconvenient to disable ActiveX controls, as doing so can lead to a raft of broken web sites -- a confusing and frustrating experience for non-techies.
said by edbott :Clearing the option to acquire software licenses automatically seems to have no effect on this exploit. Here you raise something else I'm not clear on: PC World recommended unchecking the "Acquire licenses automatically for protected content" box. That's great. But then what? Presumably users then get a prompt to acquire license information when they attempt to play the WMA files. And, of course, most users are simply going to click through the prompt box to get the license information, at which point we're right back where we were with an adware installation being launched. How would users know to do any differently?
Edit: I now understand that on your blog you've essentially confirmed that unchecking "Acquire licenses" doesn't substantially address the problem.
said by edbott :I don't see this as a new and horrifying security risk, the way some observers do. This is yet another variation of the tried-and-true tactics that spyware providers have been using for years to push their crap: social engineering combined with ActiveX "push" installations. I urge Microsoft to patch this behavior for Windows Media Player 9, but anyone who is aware of current security practices shouldn't fall for this stuff. I'm sorry, but I'm going to have to disagree with you here. I think the potential for abuses with this new method for pushing adware and spyware on users is very serious and shouldn't be pooh-poohed. And we shouldn't in any way be suggesting or hinting that the users are themselves the problem here -- they are not. As Ben emphasized, the problem is the media files.
It is absolutely inexcusable that media files should have ever become a vehicle for pushing spyware and adware on unsuspecting users. Media files should simply not be a vehicle for adware installations. Period. That there are preventative measures for this unwelcome behavior and functionality is no excuse for the problem itself. It should have never existed in the first place.
The real story here is Microsoft's poor implementation of DRM. Indeed, the truly cynical could now point out that the standard, illegal MP3 files that populate P2P networks are in some ways more secure than Microsoft's DRM-enabled WMA files. And that's a sad commentary on the industry's efforts to persuade consumers to accept DRM-enabled content.
Eric L. Howes |
|
suzi
Premium
join:2004-05-01
2 edits | reply to edbott
quote:
anyone who is aware of current security practices shouldn't fall for this stuff.
I can agree with that statement, but I think everyone who is concerned about adware and spyware's implications knows that's not the real point. The truth is that there are thousands of uneducated web surfers who *will* fall for this stuff, either because they don't know any better or they just want to click through in a hurry to get to the "goodies". The adware/spyware pushers will use any method to exploit these uneducated web surfers. And the companies, including Dell, profit from this crap.
I installed the same WMA file on an old Win ME box with no protection except AVG free and the free version of Zone Alarm. I ended up with 11 desktop shortcuts for everything from "Get This Weeks Deals from Dell" to "Get Sex Toys Direct", "Hot Facial xxx Shots", and so on. Not to mention all the other crapware. None of them had EULA's except for the GAIN dash bar. That machine was infected faster than you could take a couple of deep breaths.
It took me nearly 2 hours to clean it up and I know what I'm doing. Image the "normal" user who doesn't have a clue. The computer becomes essentially useless until it's cleaned up.
These practices are just plain wrong, no matter how you look at it, huge security risk or not.
Edited to add: The entire process happened very quickly and I wasn't taking notes. I think I got a warning asking if I wanted to download and install the GAIN dask toolbar and one for the iSeek toolbar. Those are the only 2 I recall out of all the malware I ended up with.
Suzi
aka Spyware Warrior |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
| reply to eburger68
said by eburger68 :I don't think it will be too long before we start seeing these WMA files outside of P2P networks -- on porn sites offering free "sneak previews," for example, but also on apparently legitimate music sites offering free and legal samples of music available for legitimate download and purchase. Indeed, one can easily spin out a whole raft of potential uses for this particular "feature" of WMA files. What this does is open a whole new adware channel for web sites and companies looking for new sources of advertising revenue. If you're running a music site, for example, no longer do you have to mar your main web site with sleazy drive-by-downloads -- now you can bundle adware more discretely through the media files offered by the web site. And think how remarkable it is that Overpeer has decided to turn to adware to improve its financial base! Will others start to follow that example? Let's hope not. That sure as hell sounds like a vector for a Cool Web
Search infection if I ever heard it. I wonder how long
it will be before they start exploiting this particular
loophole?
said by eburger68 :The real story here is Microsoft's poor implementation of DRM. Indeed, the truly cynical could now point out that the standard, illegal MP3 files that populate P2P networks are in some ways more secure than Microsoft's DRM-enabled WMA files. And that's a sad commentary on the industry's efforts to persuade consumers to accept DRM-enabled content. What Microsoft needs to do is release a critical update
that closes that loophole. Another adware possibility
for this would be WMA files from a copy protected CD -
when you play them, ads are launched by IE for related
content.
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors. |
|
suzi
Premium
join:2004-05-01
2 edits | reply to eburger68
I see that Ben has updated his write up to include a screenshot of the icon shortcuts placed on his desktop by the malware from the infected file:
»www.benedelman.org/news/010205-1.html
If I'm not mistaken, that icon, which looks like the same one that was left on my desktop, contains an affiliate ID that passes through LinkShare.
www1. us. dell.com/content/topics/segtopic.aspx/odg_special49?c=us&cs=19&l=en&s=dhs&redirect=1
I've disabled the link to prevent giving any accidental clicks or business to that affiliate.
As Ben said:
quote:
Of course, these merchants may not have intended to support spyware developers. For example, merchants may have approved the affiliates without taking time to investigate the affiliates' practices, or the affiliates' actions may be unauthorized by the merchants.
Nevertheless, the affiliate networks like LinkShare and Commission Junction, as well at the companies like Dell, are making profits from these installations.
It's totally outrageous, IMO, and I have a difficult time believing that the affiliate networks and companies could not stop these practices if they chose to.
--
aka Suzi, Spyware Warrior |
|
Laurav
@aol.com
| Ok, I am an average internet user who got sucked in and I now have all of the files attached to my computer. How can I get rid of them? They are write-protected. Is there one program (ex. Media player) that I can uninstall that will get rid of them all? My computer is not working properly and AOL is useless now. Thanks. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
1 edit | reply to eburger68
This is a bit offtopic - but on the general subject of explorer being tied into media streams:
I unsubscribed from Real the day I was tricked into subscribing. I wanted to get BBC streams over the web. Real farms out their subscription service so it can entirely be branded by a 3rd party, in this case, BBC. I was tired and didn't realize the only giveaway - real.com - at the end of the subscription sign up form).
I unsubscribed because I realized it was real, and confirmed that in order to use any of the content you have this nightmare integration of real.com web pages, cookies, windows explorer and windows media player. It was a total garbage dump of redirected clicks, cookies, and pop-up windows full of crap trying to get you to extend your subscription. I felt like I'd wandered into a medieval dungeon and got caught in an iron lady. Spent the in total about 2 hours extricating myself.
Even the unsubscribe page makes you THINK you're going to have to speak to someone on the phone, but in the end, gives you a button and a reason field.
And all I wanted was a decent quality BBC news feed 
Real made their bed with microsoft and explorer and now they are going down with the same ship. Bad luck to them. |
|
Message icon
@telus.net | reply to eburger68
I'm using the oringinal wmp 6.4.07.1121 that came with internet explorer 6sp1 for 98se.
Am I affected ? And the options dont show the licence thing. |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
·AT&T U-Verse
| reply to eburger68
I noticed quite a few new entries in the latest MVPS hosts
file when I went to update it before imaging my HDD
last night. I think some of them may be related to the
adware in qauestion as the URLs in the new groups included
xxxtoolbar.com and kanoodle.com, both of which have been
reported to be associated with this threat. (Though
Kanoodle seems to have pulled its ads.)
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors. |
|
PatientGuy
I'M Way Deep Into Nothing Special
Premium
join:2000-12-11
Arlington, VA
clubs:
| reply to WFO
said by WFO :LOL..Windows Media Player doesn't even get internet access on my laptop.:D Same here plus I have Zone Alarm set so IE has to "Always ask for permission" I use Mozilla. |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
 ·Qwest.net
| I like db Poweramp »www.dbpoweramp.com/ it plays everything, you can load what codex's you want MP1 to Ogg Vorbis to MP4 and everything in between. What I really like about is is it comes in sections so you only load what you want. If you just want the player cool, just the converter great, the burner only if you want it. It has the best music file converter I have ever used.
I wonder the above addresses should I enter these into my DSL router in the section the blocks them? or just add them to the blocked list on Spyware Blaster?
--
Real Men use Vacuum tubes, 25 pound filament transformers, and plate voltages no less then 2400 volts...BPL I'm coming to get you |
|
edbott
join:2005-01-02
Scottsdale, AZ | On the file I tested, the initial connections were to:
hotsearchbar.com
www.protectedmedia.com
wbpdp.balance.gator.com (gee, what a surprise!) |
|
FoMoCo
466 C.I.D.
join:2001-01-10
Grand Rapids, MI
| reply to eburger68
I'm not suggesting people do this but I deleted the DRM folder a month back for another reason and have had no issues and I use it all the time.
--
When life becomes a drag - floor it - Galaxie 500 |
|
eburger68
Premium,MVM
join:2001-04-28
| reply to edbott
Ed:
You wrote:
said by edbott :wbpdp.balance.gator.com (gee, what a surprise!) Yup. So much for Claria's "privacy friendly" installation practices. For more info see Ben's latest:
»www.benedelman.org/news/010405-1.html
But Claria has a long history of this consumer-unfriendly nonsense:
»www.benedelman.org/news/112904-1.html
On a related note: the iSearch.com/iDownload.com EULA contained the following clause:
said by iDownload.com:
In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.
This is the same license language that Ben wrote about here:
»www.benedelman.org/news/120704-1.html
I'd normally be pleased as punch to allow these jerks to feast on each other. The problem is that hapless consumers happen to be caught in the middle.
Best,
Eric L. Howes |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | isn't that EULA amazing? proof right there that they don't expect anyone to read it. Proof that the whole show-accept EULA thing is due to be dragged into the 21st century by a smart class-action lawyer. |
|
