The Pure Software Act of 2006 261
lurker412 writes "The MIT Technology Review features a proposal by Simson Garfinkel to provide honest labels on software in the same way that the Pure Food and Drug Act of 1906 forced manufacturers of foods and drugs to divulge the contents of their products. The proposal targets adware, spyware and other unsavory practices. It suggests that by requiring software manufacturers to include clear icons for each nasty behavior--rather than hide the disclosures in seldom read or understood click-through SLAs--end users will be better protected. Garfinkel specifically lists eight types of sneaky behavior, but the list is not meant to be exhaustive."
The 'Evil' Bit (Score:5, Interesting)
Anyway, did anyone else read this and think immediately of the Evil Bit? The whole thing has got to be a joke, right?
Re:The 'Evil' Bit (Score:3, Funny)
Hook, Modify, Remote Control, Self-Updates and even Stuck.
Re:The 'Evil' Bit (Score:4, Funny)
Re:The 'Evil' Bit (Score:2)
A program that alters the underlying operating system is not a problem unless it messes something up and then won't fix it. We test our stuff, and if it breaks your machine, we fix it.
Of course, we have a market of several thousand clients, and not several millions...
Re:The 'Evil' Bit (Score:3, Insightful)
Re:The 'Evil' Bit (Score:5, Insightful)
Oh, I don't know. You could have said the same thing about food labels, but the fact is a lot of the food industry actually wanted them. I would think the same about this. Honest software vendors (which is still the majority of the industry), I would think would jump at the chance to be part of something like this, because it would help distinguish why their software is better than the shyster spamware and adware companies' stuff. I mean what if on the one hand you have Real with a whole bunch of scary icons, and on the other you have Apple with only one or two for QuickTime/iTunes? If I were Apple I'd be very happy about this. That's just one example; the easiest that came to mind. In every category you'd have companies on both sides of the issue, depending on who would benefit; it just depends on who's got the most lobbying power in each specific case.
And btw, to respond to another early comment, I too wondered initially what a certain musical duo was doing putting forth software regulation recommendations when I first read the posting.
Labels - but not. (Score:5, Insightful)
Further, there are several games that ship with Microsoft DirectX. That modifies your operating system. The program's package can't be labelled without the (wrench icon), unless it comes with installation instructinos about how and where to download the required ActiveX features.
In otherwords, sometimes the labelling will simply get in the way of the whole truth.
Re:Labels - but not. (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Who says more icons have to be bad, anyway? (Score:4, Insightful)
OTH, if it has a lot of icons and you DON'T trust the company, it's probably NOT safe to buy. If it has one or no icons and you don't trust the company (or you do), it probably can't hurt.
Example:
Auto-Update, Uninstallable, and Modify system for a service pack from MS is no worse than Modify System + Popups from a "Free Web Accelerator" from some random website.
I can see them sticking those icons right next to the "recommended system requirements". It'd start looking like a Nutrition Facts label. They just need one for "Requires Administratrive Privledge", and maybe they should either add one that says "Directly Controls Hardware" too.
And I think the telephone calls one and pop-up ones are too specific. The telephone call one should be more like "can incur incremental cost automatically" (so it'd apply to MMRPGs or Click n' Run as well) and the pop-up one should simply be "Adware".
Re:The 'Evil' Bit (Score:2)
Or not. Or better they just wanted something they can control, and not really regulated in detail.
Here is an example (theoretical):
Coke: 200 Cal
Fat Free Milk: 90 Cal
Clear labeling? Nope.
Coke: 100 ml
Fat Free Milk: 1 Cup
Which has more calories per volume, and how many times does the Coke have? Good luck. Beter carry your calculator.
Other:
Fat is a major source of calories, but human body won't function without it. But Saturated fat converts into cholestero
Re:The 'Evil' Bit (Score:3, Insightful)
However, bad software practises that discourage freedom and innovation? Please when you make these claims back them up. Like the OS X microkernal being open source? Like giving significant help and assistance to the KHTML engine in return for its implementation in Safari (which increases its usage in the wild by many magnitudes)?
Sure, co
Re:The 'Evil' Bit (Score:2)
Think why some people won't buy foods with Histamine in them -- and what prompts them against doing so. It's the food labels. Back to when the food labels were legislated into compulsion for all food products companies, I'm sure someone could have made an equally good arguement that they could hear the food processor
Re:The 'Evil' Bit (Score:3, Insightful)
Re:The 'Evil' Bit (Score:3, Interesting)
More evil bits .... (Score:5, Interesting)
Re:More evil bits .... (Score:3, Informative)
Any license that would prevent you from reviewing the software is highly illegal. Reviews are explicitly covered under the Fair Use clause of copyright law. So much, in fact, that it's entirely legal to inclu
Re:The 'Evil' Bit (Score:5, Insightful)
Plus this is yet another American idea. The Internet is bigger than America. American laws would only protect people from software written in America. What about all the crap-ware that gets written elsewhere?
Bottom line: I give this idea 9.5 out of 10 stupids.
The sound of silence (Score:5, Funny)
I'll go back to work now...
Re:The sound of silence (Score:5, Funny)
Hello Clippy, my old friend,
I've come to talk with you again,
Because a exploit softly creeping,
Left its worms while I was sleeping,
And the vision that was planted in my brain
Still remains
Within the sound of silence.
Re:The sound of silence (Score:3, Funny)
Re:The sound of silence (Score:5, Insightful)
American McGee is, in my opinion, an emblematic case of this phenomenon. Why was his game called "American McGee's A.L.I.C.E."? Do you ever hear about "John Smith's BullshitGame 2003"? I think not (we won't get into whether or not the game here sucked, which I believe everybody can agree with). Why was Mr. McGee a speaker at so many industry conventions and trade shows? Was it because of his amazing intellect and insights? His colorful lively presentation style? The quality of his work in the gaming industry? No, it's because his fucking name is "American McGee".
Simpson Garfinkel is a pretty good tech writer. Certainly a lot more knowledgeable than some of the idjits out there. But first and foremost, his success and the attention he gets is because his name is eminently brandable and memorable due to its remarkable resemblence to "Simon and Garfunkle". This works at a subconscious level, from what I've observed, even when people don't immediately note the resemblence of his name - they note what a strange name it is, and they always seem to remember it later if they encounter it again.
I won't bother getting to all the other examples of this phenomenon at work - some of them are people I know personally who are great people but owe much of their success to this kind of clever branding ("Jennifer 8. Lee" anyone?). The power of this phenomenon is undeniable. We may all sit around and think we are above this kind of low-level marketing manipulation of our brains, but we need to face the facts: we are being manipulated by the Strange Name Mafia into their sick and twisted view of the technology industry.
Boycott weird-named pundits. Err. Or something.
Re:The sound of silence (Score:5, Funny)
Hercules Rockefeller
Rembrandt Q. Einstein
Handsome B. Wonderful
Max Power
Which one would be best? Should I post an AskSlashdot?
A Multi Talented Fellow (Score:2, Funny)
Re:A Multi Talented Fellow (Score:2)
Erm... (Score:5, Insightful)
Re:Erm... (Score:2, Interesting)
Re:Erm... (Score:3, Informative)
Trivial.
Re:Erm... (Score:3, Insightful)
The reason for doing this has as much or more to do with making deceitful software makers accountable as it does with educating the consumer.
The idea is great... (Score:5, Insightful)
Re:The idea is great... (Score:5, Insightful)
Re:The idea is great... (Score:3, Insightful)
A: Yes. Most programs that have a reason to do this already warn you anyway. I didn't see anything specific, but it would be fine if it worked like Ratings that describe WHY they are there. For example, if it listed next to the 'Reports Home' icon a blurb that says 'User controlled system reporting for research' it would be fine. As for who would w
Re:The idea is great... (Score:3, Insightful)
Re:The idea is great... (Score:2)
Differences of interpretation like the example you give are inevitable, also it would be impossible to catalog every example of unexpected and undesirable behavior - changing the clock, tinkering with modem settings... the list is endless.
I think that in future the early 21st century IT scene will be noted for its curious inability to deal with programs as information. Today it seems perfectly normal to have encrypted (binary) forms of
Re:The idea is great... (Score:4, Insightful)
Absolutely. If you don't show me every piece of info you're sending through the registration process, it's spyware.
Are you sending the processor model? How about the MHz? What if I've overclocked? Maybe I don't want you to know that. Does "General system stats" include a list of running processes perhaps?
If you want to have me send in an automatically-filled out survey about my machine, I might be happy to do that for you, provided I can see and change the answers as needed. It is a survey, right? You are trusting my answers, right? If you covertly sneak some auto-detected information about my system into your registration process, that's spyware.
Parsley sage rosemary and thyme... (Score:2, Funny)
Can there be a label... (Score:3, Funny)
Re:Can there be a label... (Score:2)
Now, if I could just ASCII-ART up a cockroach ...
Re:Can there be a label... (Score:5, Funny)
Yeah, it has red, blue, green, and yellow wavy squares in a 2x2 pattern with a black border.
Re:Can there be a label... (Score:2)
to denote buggy code?
How about "Designed for Windows XP"? Better yet, let's require buggy code to come with a certificate of authenticity and a hologram!
Re:Can there be a label... (Score:2)
We have that for avionics systems... (Score:2, Insightful)
In commercial avionics there is a standard that describes the testing (and other) obligations for a software manufacturer. If you see a product certified to DO-178B level A, you know it can be used for a life-critical purpose. If you see DO-178B level E, you know they only slapped the label on something they developed without any formal development (and testing) process.
If software manufacturer are to be obliged to disclose the amount of spyware they d
Finally (Score:5, Informative)
Re:Finally (Score:2)
A lot of the problem are things like "Comet Cursor" and "Bonzi Buddy" that promise some cutesey interface tweak or effect, and then co-opt your computer in the process without being terribly forthcoming about it. If they were forced to have a big icon of, say, that guy in Indiana Jones taking people's beating hearts out, I t
Re:Finally (Score:3, Insightful)
Re:Finally (Score:5, Insightful)
Sorry, but that's complete and utter bullshit. My tech team spends too much time cleaning up after malware. I made the mistake of switching our organization over to IE several years ago, mainly due to complaints about compatibility. The majority of these nasty malware programs take advantage of design flaws in IE to enter the system and remain there.
I'm now testing Netscape 7 as a standard browser. It cannot be modified, or accessed through the operating system as can IE. Therefore, most of the loading schemes used by malware do not work. So IE is definitely part of the problem. IE is part of Windows, so it is Windows' fault. Malware programs modify Windows so that they can run as extensions to the operating system, and no actually up as a process in the process list.
Re:Finally (Score:2)
Correction:
"...not actually show up as a process..."
No... (Score:2)
In case you haven't noticed, much as Windows is the overwhelmingly dominant OS, IE is the overwhelmingly dominant browser. That's not to say that IE is without its flaws, and it's not to say that other browsers do have flaws (although they do). But you're kidding yourself if you don't think the main reason there's more malware for Windows/IE than anything else is because of their popularity. Ease of
Re:No... (Score:4, Insightful)
To agree with you, I'd have to accept that popularity, and not design, is what creates security flaws. No, sorry, I'm not buying it. Netscape, with it's 6 major vulnerabilities that have long since been patched, I can sit here and surf all day without picking up any malware. Windows is the problem, and IE is the enabler, if you will. I'm going to be switching our network workstations over to Netscape, and EULA-be-damned, I'm going to find a way to cripple IE.
Re:No... (Score:4, Interesting)
Your argument is based on the premise that IE and Netscape are the same in terms of design. Netscape/Mozilla can't be "hijacked" in the same manner because it doesn't use Windows' registry classes to determine what to do with a downloaded file, and it isn't integrated with the Explorer shell. A Netscape browser window instance can't be silently started (without a "head"), and a new filetype can't be opened without the user knowing, or taking action. Likewise, Sun Java and Javascript is limited to things done inside the browser, it doesn't have access to the rest of the operating system.
But disabling IE is not the answer. I predict within a few weeks of you doing this you are undoing it for some higher ranking manager. Then his buddy will find out, and so on. Soon you are supporting not 1 browser but 2. HAVE FUN with your crippling!
Obviously, I can't completely remove it, that would break Windows. I want to use it as a tool for running Windows Update, but I will have to make exceptions for certain trusted sites. It won't be my undoing because my superiors are well aware of the problems that malware causes, and would be happier without pop-ups and system instability. I'm not doing this in secret. I've explained to them the reasons, the effects, and the exceptions where some may have to use IE.
Make the people who are making your job misserable RESPONSABLE for their actions.
I can't go Stalin on my network users. Where there are standard configurations, we use DeepFreeze to restore the computers to the original configuration. Unfortunately, we can't use this everywhere, because it is to inflexible for the users with non-standard configurations.
Re:Finally (Score:2)
And here's the C(++) code to do it.
here: goto here;
LK
New label on Windows XP retail box (Score:5, Funny)
By opening or removing the seal to this package you agree to abide by the terms explained in the enclosed EULA. By the way, this product contains software code, which, by installing on your computer, could render you utterly defenseless from intrusion, viruses, worms, trojans, popup advertising, loss of data, loss of privacy, NOT TO MENTION putting you on an endless treadmill of planned obsolescence, making you a pawn in the global theater of consumer rape by corporations. Enjoy!! Oh, yeah, we don't guarantee that the software works, and, no refunds.
The right way to fight "spyware" (Score:5, Insightful)
I would much rather see regulation that required all software to clearly declare its intentions, and to get explicit and verified permission to install.
Re:The right way to fight "spyware" (Score:3, Insightful)
I would much rather see regulation that required all software to clearly declare its intentions, and to get explicit and verified permission to install.
Forget intentions, and forget trying to define "spyware". Just use a little ET icon to show that the software phones home, let the marketers say why, and let the user decide. I mean, come one, the user needs to carry some of this burden. Let's not fill software up with idiot labels, shall we?
So, I say if they stick labels, they should define them by fu
Never happen (Score:2, Informative)
Read up on how she's bought-and-paid for by a loan from Real Networks - a loan that Ms. Cantwell got to pay for her campaign by using her insider shares she got from Real - and a loan that was supposed to have been called in when Real's stock price tanked.
And that's just Real - anyone wonder how many Senators, Congressmen, and President's Bill Gates has on his payroll?
Like requiring thieves to pay taxes on thier loot. (Score:4, Insightful)
That is contrary to the nature of the software, which is to hide, report on your actions, enable remote operations, reproduce and the like.
Spammers are going to ignore this, just like an unsubscribe link.
Re:Like requiring thieves to pay taxes on thier lo (Score:2, Interesting)
Of course not, but the makers of legitimately well behaved products will. You look at two food cans... one has a label with ingredients and such and the other one doesn't. Which one will you eat?
This to work would require one or more bodies like the ESRB to test products, assign the correct labeling, and go after abusers.
Re:Like requiring thieves to pay taxes on thier lo (Score:2)
Re:Like requiring thieves to pay taxes on thier lo (Score:2)
I don't think this legislation is going after criminals, per se, but software like Gator and the like that are "legitimate" businesses with sleasy tactics. By making such underhanded tactics illegal, it will severely limit how much money etc can be collected by such a scheme. That is contrary to the nature of the software, which is to hide, report on your actions, enable remote operation
Re:Like requiring thieves to pay taxes on thier lo (Score:5, Insightful)
Most spyware/adware makers feel the same way, they don't have to hide because they are not breaking any laws. And if you download the software directly from their web sites you will be presented with various screens and buttons you have to click to agree. However, the details of what you are agreeing to is anything but clear. The Claria license is 20 pages for example, and to paraphrase: "Once you click YES we can automatically download and install new software, even new versions of other vendor's software like Media Player or Flash if we need it to display ads. We can even send back an list of all the software installed on your system."
Should it be legal to bury that in a 20-page document and then say that clicking YES on a dialog box is legally binding?
Sounds good for most people. (Score:2)
Anyone see anything wrong with this? (Score:2)
Basic economic principles, such as supply/demand curves, are based on the principle of a marketplace with "open information": all buyers and sellers know the same things.
Yet, even when it comes to the FDA ingredients label, we hear companies bitching and moaning and finding ne
Re:Anyone see anything wrong with this? (Score:2)
In most cases, "open information" (or a close approximation) will happen automatically, unless steps are taken to prevent it. Some consumers will examine the products they buy and exchange that information with other potential customers, so the truth quickly gets out. Or secondary businesses will spring up providing reviews of availabile products.
But in reality, there are often legal obstacles to this free exchange of info: Intellectual Property laws me
Re:Anyone see anything wrong with this? (Score:2)
"open information" (or a close approximation) will happen automatically, unless steps are taken to prevent it.
Something about this sentence bothers me still; otherwise I agree with most everything you say.
What about the time component here? Information may spread automatically, but does it appear and spread instantaneously? I would argue that it very often does not, especially in the abstract field of information technology.
In capitalism, the difference between w
Reward good, instead of punishing evil (Score:5, Interesting)
Re:Reward good, instead of punishing evil (Score:2)
Hmmmm... If the government mandated that all software purchased by them or used to conduct busines
Re:Reward good, instead of punishing evil (Score:2)
We could apply the same argument to suggest the removal of FDA food labels. Foods labels could include just "good" information. But then, I'd argue, the health of people would suffer more than with our current system: capitalism rewards those who sell the cheapest products for the greatest profit. I don't see many "health food" items falling into this category
Re:That misses the point somewhat (Score:3, Insightful)
The labels in the article are indeed negative. There is a strongly perceived difference between "This product does something you might not like" and "This product behaves well."
Open Source Is A Trust Mark (Score:2)
Open Source acts as a trust mark. I've never even heard of a spyware program released under the GPL.
Yes, I may need to use a DOS prompt and run cdrao and vcdimager with a bunch of confusing flags to burn a VCD from my TV tuner card, but it still works, it doesn't notify a database that I like CSI, it doesn't intentionally degrade the output, and I don't
Nutrition Facts (Score:4, Funny)
article text (Score:5, Informative)
100 years ago, Congress passed a law requiring honest labeling of food and drugs. Now the time has come to do the same for software.
By Simson Garfinkel
The Net Effect
April 7, 2004
Spyware is the scourge of desktop computing. Yes, computer worms and viruses cause billions of dollars in damage every year. But spyware--programs that either record your actions for later retrieval or that automatically report on your actions over the Internet--combines commerce and deception in ways that most of us find morally repugnant.
Worms and viruses are obviously up to no good: these programs are written by miscreants and released into the wild for no purpose other than wreaking havoc. But most spyware is authored by law-abiding companies, which trick people into installing the programs onto their own computers. Some spyware is also sold for the explicit purpose of helping spouses to spy on their partners, parents to spy on their children, and employers to spy on their workers. Such programs cause computers to betray the trust of their users.
Until now, the computer industry has focused on technical means to control the plague of spyware. Search-and-destroy programs such as Ad-Aware will scan your computer for known spyware, tracking cookies, and other items that might compromise your privacy. Once identified, the offending items can be quarantined or destroyed. Firewall programs like ZoneAlarm takes a different approach: they don't stop the spyware from collecting data, but they prevent the programs from transmitting your personal information out over the Internet.
But there is another way to fight spyware--an approach that would work because the authors are legitimate organizations. Congress could pass legislation requiring that software distributed in the United States come with product labels that would reveal to consumers specific functions built into the programs. Such legislation would likely have the same kind of pro-consumer results as the Pure Food and Drug Act of 1906--the legislation that is responsible for today's labels on food and drugs.
The Art of Deception
Mandatory software labeling is a good idea because the fundamental problem with spyware is not the data collection itself, but the act of deception. Indeed, many of the things that spyware does are done also by non-spyware programs. Google's Toolbar for Internet Explorer, for example, reports back to Google which website you are looking at so that the toolbar can display the site's "page rank." But Google goes out of its way to disclose this feature--when you install the program, Google makes you decide whether you want to have your data sent back or not. "Please read this carefully," says the Toolbar's license agreement, "it's not the usual yada yada."
Spyware, on the other hand, goes out of its way to hide its true purpose. One spyware program claims to automatically set your computer's clock from the atomic clock operated by the U.S. Naval Observatory. Another program displays weather reports customized for your area. Alas, both of these programs also display pop-up advertisements when you go to particular websites. (Some software vendors insist that programs that only display advertisements are not spyware, per se, but rather something called adware, because they display advertisements. Most users don't care about this distinction.)
Some of these programs hide themselves by not displaying icons when they run and even removing themselves from the list of programs that are running on your computer. I've heard of programs that list themselves in the Microsoft Windows Add/Remove control panel--but when you go to remove them, they don't actually remove themselves, they just make themselves invisible. Sneaky.
Yet despite this duplicity, most spyware and adware programs aren't breaking any U.S. law. That's because many of these programs disclose what they do and then get the user's explicit consent. They do this with something that's called a click-wr
Bring back Mr. Yuck! (Score:2, Insightful)
No need to make it complicated...if it's got any characteristics like spyware it's crap and gets a Mr. Yuck. Simple.
Warning (Score:2, Insightful)
NO! (Score:5, Interesting)
I *don't* want that to happen with software! I'd much rather retain the right, as fair use, to legally modify crap-ware, and also have the right to discuss the details of that modification with other people.
Interesting (Score:2)
Open Source software should be perfectly capable of complying with this requirement, since the source code is the guarantee document (you can truthfully state that it will do whatever the source cod
will go unused (Score:3, Insightful)
The food and drug industry is heavily regulated, and is substantially easier to control than software because producers need to be licensed with various governmental bodies, depending upon the country. Rightfully so, as lives are at stake.
If this sort of labeling scheme is to achieve widespread adoption, it will need the same sort of tight regulations. I don't believe that the majority of developers would enjoy this at all... imagine having to have upgrade releases and patches approved by the Federal Software Administration, before being allowed to legally distribute it to the public. Throw in the fact that it would take several decades just to get a minority of the world's countries on the same wagon, and consider that most "scumware" (to generalize) comes from outside the U.S.
It's a great idea, but the execution is all wrong. More appropriate would be to grant developers the ability to have their software approved as "Popup free" or "Doesn't Phone Home" or the inverse of the many other icons that Simson Garfinkel (sounds like a joke) proposes. This legislation would prove a lot harder to fight from an industry perspective.
Copy protection and DRM (Score:5, Insightful)
If anyone cries that this would be like a scarlet letter and harm his sales, remind him that proponents of DRM (while wielding effective monopolies in their product areas) were saying to "let the market sort it out." Free markets require good information, which such a law will provide.
Comicbook guy weighs in: (Score:2)
A noble idea, with an ignoble name. Reminds me of a Pure Earth movement of some kind.
Next Gen. of Drug Wars? (Score:2, Insightful)
Perhaps deeply immersive and psychologically convincing virtual reality of the future will be deemed to be software with the potential to cause harm and no
Why aren't we blaming Microsoft? (Score:3, Interesting)
I would get 0 adware/spyware if Microsoft wrote a little bit of security into their operating system in a few ways:
- Record log of installed files (prompt for any files being installed in non-specified directlories.. ie: If realplayer trys to install realisawesome.dll in C:\windows\system32, WINDOWS itself prompts me.)
- Prompt for any programs trying to start up with the computer
- Have only one method for a program starting up with a pretty little 'startup' icon in the control panel
- Disable IE's install on demand by default (probby most common method for spyware)
- Allow users to disable popups without a fucking extra program (fuck developers and their incessant popups - MS gives way too much control to them and none to the end user)
- Have Windows control the uninstall and not some crappy script written by the same company that wrote the crappy software that user wants to uninstall cause' it was crappy
- Allow the user to enable plugins only when desired (disable flash advertisements and stuff)
- Quit allowing programs to install a shortcut in startup, the quicklaunch bar, the desktop, every goddamn folder on the computer, favorites, and quit launching a secondary program just to launch a button that launches the main program!!!
This is how you could fix things in Windows.. Linux is pre-fixed.
So, you Linux nerds, why the hell aren't we trashing Microsoft in this thread? They're fixing 'security', but not the type of shit Mr. Stupid Enduser cares about.
Great concept, also needed in other areas (Score:2)
The same concept should apply to many areas:
- DVD, and other future format, movies. The
The real need: A Underwriter Labs for software (Score:2)
I.E. think about how many icons Mozilla could be required to have on it... it can be set to start at boot with that quickstart icon thing. It can can be set to send data back home if you've set up the Talkback crash reporting, which will likely send back monitoring information on
to get this started ... (Score:2)
It's difficult to define and enforce this across the swathe of software products, but one way to start is to require it for government purchasing contracts: forcing major vendors (e.g. microsoft _and_ open source vendors!) to start the ball rolling. Once it gets ironed out after a couple of years, then roll it out further.
Good idea though.
The right solution would be technical, not legal (Score:5, Interesting)
(Legislative solutions are suboptimal/dangerous for many reasons. They are over-broad, in that they apply even to consenting adults who wish to engage in the behavior without meddlesome government oversight; cf prostitution. And they're too-narrow, in that they can by necessity only apply within the country's legal jurisdiction, whereas software distribution is an international operation)
Turn now to the second page the Pure Software [technologyreview.com] proposal. The list of potential warning-labels it suggests is: Hook, Dial, Modify, Monitor, Popup, Remote Control, Self-Updates, and Stuck.
All of those things are basically technical features which a well-designed operating system could prohibit programs from using, without permission. The root of the problem is that even after 30+ years of software publication, most programs are still just completely arbitrary lists of instructions: once they're executing, they do whatever they do, and nothing can stop them.
The big exception there is that most OSes, at least, restrict programs on a per-user basis. A program cannot read or edit files to which the executing user has no permission. That's an important step, but one that Unix has had firmly in place since the 80s. As time passes, we need to go further: program priviledges should be restricted not just at the per-user level, but also at finer granularity.
When I download and install a program, I don't want just the option of "run it or don't". I should be able to run it, but without it being able to read any files except those it came with. Or being allowed to read files, but only if I pick them from a system-supplied dialog box. Or read any files, but not write to them, except in a directory I've chosen (and that it can't override). Or write files, but only in specific approved formats (such as those which can't possibly contain executable code). Similar kinds of restrictions suggest themselves for GUI and network areas (including the important points of "phone home" and "data tainting")
To a small extent, Java frameworks (like "Web Start") have attempted to do this, with a list of features the user can individually permit a program to execute. Microsoft
The best way to prevent software from doing something is to use software that prevents it from doing it. (As Lawrence Lessig said, the best and most effective laws for code are more code [amazon.com])
Re:The right solution would be technical, not lega (Score:3, Insightful)
Secret Software Formulas (Score:3, Interesting)
What's to stop someone from saying "This product may contain one or more of the following; ad-ware, spy-ware, automatic updates, and a chance to win $1,000,000"
That last item would be enough to entice most people to buy it anyway.
LK
Packaging Problems (Score:2, Funny)
Why? (Score:3, Insightful)
If you don't know what you're buying...don't buy it.
Re:Why? (Score:4, Insightful)
So, you believe you shouldn't buy something if you don't know what it does, but are against a requirement that forces the maker to explain what it does?
Comanies spying on employees? (Score:3, Insightful)
So this guy really feels that employers who monitor company computers are spying on their employees? Should closed circuit cameras be taken down to prevent spying on employees? It's a company computer... they can load whetever software they like on it!
.:diatonic:.
It's too tied into the GUI model (Score:3, Interesting)
As described, the proposed law would hard-code the concept of using icons to disclose this information. What about fundamentally non-graphical programs (drivers, daemons)? What about overall non-graphical environments (servers, embedded)?
I fear this scheme would further what is already an increasing problem: that everybody wants to attach a GUI to every program, even if it's totally inappropriate (e.g. printer drivers). The proliferation of spurious GUI interfaces leads to the proliferation of inappropriate design choices in exception reporting (pop-ups instead of log files), configuration methods, etc.
I'm not anti-GUI, by the way. I'm anti-inappropriate-GUI, and I fear hard-coding icon requirements into every piece of software makes this trend even worse. Immagine if every
On the other hand, I would definitely like to see these icons displayed on the labels of software packages and disks, or on the web pages that software is downloaded from.
Oh, and something the article didn't mention, but I'd propose this ammendment to the act: Make it hard to add any additional icons (i.e. to make the program behavior worse) in upgrades. If any icons are added, the vendor must either (1) continue to support the old version for future bug fixes, security patches, etc., or (2) refund the purchase price to buyers who choose not to continue using the product. (Obviously, there'd have to be a time limit, but long enough to prevent the use of "incrimental-spyware" as a bait-and-switch technique.)
Ingredients: (Score:3, Funny)
Use and enjoy!
Tax to encourage over eating ? (Score:3, Funny)
I now understand why USA citizens are so fat.
Re:Adware/Spyware makes me mad (Score:2, Informative)
Oh, if only that were true.
There's this relatively new thing out there that's called Morze. I think it comes with the package that installs VirtualBouncer and Ad Destroyer.
It's awful. It creates 10+ randomly-named executable files in the Windows directory, and puts shortcuts to them in the start menu (in 98, it also puts duplicates in windows\all users\start menu\programs\startup, so it still tries to load them even if you deleted the visible stuff). Morze r
Re:Adware/Spyware makes me mad (Score:4, Insightful)
I believe you just made the case for Mac OS X.
Re:Adware/Spyware makes me mad (Score:2)
Or the Sales people in pretty much every office I know of. They take their laptops to hell and back, then get on the corporate network and drop all their viruses in their group shares. Then they decide to update their virus definition files.
Re:Great idea, but... (Score:2)
Sure you can, it's built into Windows XP.
Re:Never work (Score:2)
Re:Windows XP affected? /windows/applog ? (Score:2)
which at this point in time is wasting approximately 8 Megabytes of my disk space.
Re:Perhaps you can get that new Earth government (Score:2)