

DivX Now Installs Malware - heavymark
http://forums.divx.com/divx/topics/bing_search_page_appears_when_opening_a_new_tab_window_on_firefox_macos
Their Twitter is being flooded with complaints but DivX does not appear to care. In there latest update on Mac when clicking Ok the last page of the setup briefly shows a message about Bing but them immediately finishes the installation without allowing user interaction. After that your Chrome, Safari and Firefox will be flooded with Bing. From 404s, homepage, default search and conduit plugins. The link above shows the numerous steps to undo all of it. The one step they forget to mention is to uninstall DivX and never use them again. Even Google Chrome is marking DivX as Malware which DivX is saying is a false positive to ignore. Please everyone uninstall DivX and let them know malware is never acceptable.
======
anon1385
It's worth noting that PG has defended this practice when YC Companies do it.

[https://news.ycombinator.com/item?id=5092711](https://news.ycombinator.com/item?id=5092711)

 _The apps that get installed are "crapware." This one seems a matter of
opinion. A lot of the world's most popular apps and sites seem like junk to
us. But the users are choosing to install these things._

If you want to stop this kind of thing you need to get angry at the people who
fund it and make money from it. That includes Paul Graham and Y Combinator.

More about the YC funded InstallMonetizer:

[http://news.ycombinator.com/item?id=5059806](http://news.ycombinator.com/item?id=5059806)
Y Combinator is funding the future of spam in Windows (467 comments)
[https://news.ycombinator.com/item?id=5086043](https://news.ycombinator.com/item?id=5086043)
InstallMonetizer quietly starts editing website, privacy policy
[http://news.ycombinator.com/item?id=5059454](http://news.ycombinator.com/item?id=5059454)
Y Combinator-Backed InstallMonetizer Is A Selective Ad Network For Desktop

~~~
mercuryrising
That quote is taken a little bit out of context. The first part is referencing
the opinions of others about InstallMonetizer - people said they think IM was
installing crapware. PG said that crapware is a relative term, and if people
have the option of declining to install something, then they deemed it to be
not crapware. We can't handcuff everyone into making the same decisions we do
- regardless of what we think the quality of the software and motives are.
Educating users is the goal we should be shooting for, so when they see a
screen with check boxes, they don't just hit agree and go on, they realize
what clicking "I Agree" could entail. I think that message could be something
along the lines of "Don't just agree, think before you click".

~~~
anon1385
Bullshit. These kinds of installers trick people into installing things they
would never install by choice. For example there are windows where ticking one
checkbox disables installation of a toolbar, but ticking the next one enables
a different one. So people read the text on the first one and then tick
everything, which results in spyware being installed on their machine. The
entire installation process for these kinds of things is like that because
NOBODY who knows what they are actually wants to install spyware toolbars on
their computer.

Would you consider tricking a person with poor literacy skills into signing a
contract that gives them your house a moral thing to do? Why is tricking
somebody into giving you full access to their computer any different? Also,
much like legal contracts can still trick the literate, these installers can
trick even technically proficient users who weren't expecting to suddenly have
to engage in a battle of wits with their computer.

~~~
makomk
I believe that InstallMonetizer in particular designed the screen where you
agree to install their crapware to look like other installers' EULA-acceptance
page - see e.g. the second screenshot here [http://www.little-
apps.co.uk/blog/2012/11/why-was-this-other...](http://www.little-
apps.co.uk/blog/2012/11/why-was-this-other-software-installed/) In order not
to get unwanted crapware, you have to click the Decline button, which would
normally stop your desired software from being installed.

~~~
cdonnellytx
They even put the Decline button on the left, which goes against how virtually
every other Windows installer (and wizards in general) are supposed to work.

------
Groxx
Conduit is _extremely_ intrusive and difficult to completely remove. There is
no excuse for its behavior. They very clearly know it's malware and they try
_everything_ to keep it installed.

Yes, malware. Not just crap. Crap implies merely _bad_ , this _hides_ from you
and tries to influence you and prevent you from removing it. Nothing merely
crappy does that.

The last-remaining spot that kept coming back for me was that it wrote itself
into Firefox's XUL - no plugin to remove, no toolbar, no _hint_ that it had
done something like that. I only found it because I decided to grep every file
in every FF directory on my system.

If it gets installed on your system, or on someone else's, and you have
Firefox installed, remove all the plugins and crap and _reinstall Firefox_.

~~~
lawnchair_larry
Yeah, Conduit is very nasty. I had it remaining on a laptop for years because
of the firefox infection method.

------
Mikeb85
Let's call this what it is. Not malware, just crapware.

Every service you sign up for, everything you install for free (minus some
open-source stuff), offers you something, and defaults to yes. You have to un-
check boxes to send you emails, to install crap, to agree to performance
tracking, etc... If I don't like the terms of something, I simply don't use
it. That's why I'm on Linux, Ubuntu to be precise (and I opted out of the
Amazon lens - not because I hate it, but because I simply don't buy that much
stuff from Amazon).

~~~
parennoob
No. Crapware is some stupid program you should be able to uninstall via
Control Panel (Windows) or drag from the App folder into Trash (Mac)

Anything for which the uninstall instructions (I define uninstall as
'completely remove everything related to this from my computer') go:

[To change the 404 error page]:

\- Go to the Firefox folder: open Finder and navigate to Applications and
right click on firefox.app

\- Select MacOS, and delete the MACSearchTakeOver.js file (wtf?)

\- Go to the folder Users/USERNAME/Library/Application
Support/Firefox/Profiles/CHOOSEActiveProfile. Note, USERNAME = your username.
CHOOSEActiveProfile will be a unique name, for example "6y5m281v.default"

\- Delete the file called abstraction.js

is malware.

There is no way in hell a regular user should be expected to do that.

You notice I didn't say anything about Ubuntu -- by and large (apart from the
Amazon Lens debacle), these crap/malware peddlers have left Linux alone. How
would you feel if you had to edit xorg.conf or something manually because some
package you installed from someone's PPA made your screen display ads every 15
minutes? :P

------
riffraff
I updated the divx software a few days ago and noticed this.

It has a rather obvious "install conduit search powered by bing" checkbox.
While this is defaulted to "yes", is very easily set to "no".

~~~
nyrina
The problem isn't that it's easy to set to no. The problem is that it's
defaulted to yes

That means I can't just click next, next, next, install, finish without
getting "infected", and the guys making these installers knows this - and
takes advantage of it to make extra money.

Legally, it's sketchy at best - the EU has a law (I believe it's a law, at
least, someone back me up?) against it defaulting to yes.

Morally, it's plain wrong and taking advantage of the innocent.

~~~
rschmitty
Taking advantage of the ignorant. I think everyone here has been burned by
crapware installs and I carefully read everything I install.

If I click next next next next finish, it's my fault these days.

Sad world, but it is what it is.

~~~
ordinary
_it is what it is._

Let's work to make it better.

------
easy_rider
Best part: "Select MacOS, and delete the MACSearchTakeOver.js file"

DivX as a brand is dying. Desperate times etc... I've always hated their
player and bloatware. In fact I was surprised that they survived without doing
something like this earlier.

------
jagermo
Missleading title? I think it could be classfied as crapware but malware?

~~~
Semaphor
For many people changing the searchengine is not a change they can revert
themselves. Neither is having less space because of an additional toolbar.
Both changes hurt them. Malware.

~~~
jagermo
yes, but you can uninstall crapware via the normal ways - malware needs to be
removed with special tools.

~~~
astrodust
If it's _malicious_ , that is, changes things without express consent, then
it's malware. No debate. End of story. Malware is a parasite.

Crapware is something that's installed and shows up on your desktop, may even
start automatically and produce pop-ups all the time, but doesn't alter the
behavior of other applications. It's just junk, but it's not inherently
detrimental or damaging. Crapware applications are barnacles.

------
rangibaby
Why would you ever install DivX when VLC exists?

~~~
UweSchmidt
Slightly offtopic, everybody knows of VLC, but do you know of any well-curated
list of non-crappy software in general?

I'm thinking of criteria such as:

No malware, no advertisements, no bloat, no phoning home, no
unnecessary/forced updates, in case of mobile: no unnecessary permissions.

Recently I needed to rip a CD quite urgently and the software I used has
tainted my PC like a terrible sin of the past.

~~~
WickyNilliams
On windows I now use Media Player to rip CDs, but in the past I've used CDex.
Simple UI, gets the job done without fuss:

[http://cdexos.sourceforge.net/](http://cdexos.sourceforge.net/)

~~~
makomk
CDex is good but sadly Sourceforge are no longer trustworthy. As far as I know
they're currently only bundling crapware with installers with the project
maintainer's permission, but I'm not sure it's a good idea to rely on this
remaining the case.

------
thenomad
IMO, the big problem here isn't so much the install as the uninstall.

Think that installing Conduit will add value to my computer? Then go ahead,
default it to "install" \- but let me uninstall it in the usual way.

It's the fact that most of these programs are designed to be as hard to
uninstall as possible that's the big problem. And as soon as you're trying to
stop me uninstalling your software, IMO, you're basically making malware.

------
OriginalAT
It seems like someone who makes decisions for DivX got a bit greedy. I am
curious why Bing though? It seems to me like all the shady "Install this too?"
dialogs are for Bing toolbars and such.

~~~
nivla
Google [1] and Ask [2] isn't better either, they are offered with most updates
of Adobe Flash and Java. Guess everyone will sneak something in if given the
opportunity.

[1] [http://i.imgur.com/5mAdH.png](http://i.imgur.com/5mAdH.png) [2]
[http://i.imgur.com/3zWPK.jpg](http://i.imgur.com/3zWPK.jpg)

~~~
yuhong
Google Chrome is the browser I am using right now, and I used to use the
Google Toolbar (only stopped when browsers introduced built-in search boxes).

~~~
nivla
Sorry I am not following you. Are you trying to say its okay to bundle/install
3rd party products that are considered good/acceptable? If so keep in mind
humans have different tastes, what maybe considered good by you or me may not
be by others. It is considered unethical to bundle programs since the days of
Bonzi Buddy.

------
earlz
In other news, the new version of the Ask Toolbar is out.. and it comes
bundled with some kind of spyware called Java

~~~
danielweber
I installed Java a few times last week and never got, er, asked about the Ask
Toolbar once. Was I just amazingly lucky?

~~~
alayne
There are two versions. Try installing the version from java.com
[http://www.java.com/en/download/faq/ask_toolbar.xml](http://www.java.com/en/download/faq/ask_toolbar.xml)

~~~
sigkill
I find it sad, no, completely pathetic that _java_ needs to use such
monetization strategies. It's a god-damn shame.

------
Shivetya
I have had to use the about:config features of Firefox to remove these search
engine redirects. The regular dialogs never seem to fix it all. One example,
while I was able to use the default dialog to fix the search engine from the
top bar, the right click look ups all went to the unwanted engine.

------
moot
I'm amused by the user being more offended by the choice of search engine than
the crapware itself.

~~~
parennoob
True. While reading it the second time, "How dare you wedge such a nullity
when everyone uses google?" and "voit-la' a disgusting bing search page." made
me laugh out loud and almost C|N>K.

------
guard-of-terra
Search distribution is a common way of monetizing freeware and it doesn't
count as malware unless it resists switching search providers back.

But that person surely needs VLC instead, which too may come with 3rd-party
crapware installer if you're not careful.

~~~
kalleboo
> it doesn't count as malware unless it resists switching search providers
> back

Bullshit. If installing software changes random settings on my computer, it's
malicious. If it was a default in the app itself, that's a different matter.

~~~
guard-of-terra
It tends to ask you in the installer, but if you forgot to uncheck the
checkbox, that's what you get.

Remember the thing about being the product.

------
shocks
[http://www.cccp-project.net/](http://www.cccp-project.net/)

~~~
comex
FWIW, CCCP is for Windows, and the complaint in the link is about OS X.

------
oneeyedpigeon
Any piece of software for which "Click the 'hot dog' button" is a non-ironic
command is probably best avoided...

~~~
paddyoloughlin
I'm pretty sure that the button they are referring to is part of Chrome, not
divx.

~~~
oneeyedpigeon
Oops - I just realised that myself. Still a) that's /really/not common enough
parlance to be using in a support forum and b) that usage just trivialises the
(very important) issue, at least in my ear. I don't get the impression that
Conduit are taking this seriously. Still, I guess I'll never forget the name
for that icon now :)

~~~
paddyoloughlin
Apparently it's what the Chrome developers themselves call it [1].

I'd never heard the name before the original link either. It just makes me
wonder even more how such an icon became as widespread as that one is.

[1] [http://news.softpedia.com/news/The-Chrome-Wrench-Icon-Is-
Get...](http://news.softpedia.com/news/The-Chrome-Wrench-Icon-Is-Getting-
Replaced-with-a-Hotdog-284623.shtml)

------
davexunit
Who the hell still installs divx?

~~~
Dirlewanger
Seriously. Xvid became immensely popular for a reason. Using Divx for
recreational purposes is living in the past.

------
tlrobinson
As much as I sometime dislike Apple's walled garden App Store it does prevent
things like this from happening (on iOS, at least).

Sandboxing of Mac App Store apps is also another good step, but we still need
ways to install system components like codecs without giving away the keys to
the castle.

As an aside, I've been trying to figure out how to use dtrace to get a log of
all files touched by an application or installer (including sub-processes). If
anyone has a good solution I'd love to hear it.

------
mratzloff
"Rarrgh!! They are not giving me a thing for free!!"

People don't click on ads. People don't even _see_ ads anymore. And people
don't want to pay for software. So to continue offering a free product, they
need to monetize it somehow. They do this by bundling other software (not
malware).

This is the reason the industry is moving in this direction.

Maybe you don't care because you use Xvid or VLC or something. Great! You are
not affected.

Don't like it? Invent an alternate monetization scheme. You'll clean up.

------
lifeisstillgood
I think we should look to our routers for a solution.

I would happily pay extra for a LinkSys-FooBar that acts as a NetFlow
aggregator, as a fail2ban proxy as a decent cache, and gave me reporting and
storage out of the box.

Then a simple QA site can let people know the answer to "Why has my laptop
dialed to crapware.com 5000 times this month?"

Just add in a feature that stores all your photos and videos and lets you
upload the better ones for granny to see and you have a home hub that actually
is not a games machine in disguise.

~~~
eksith
That's applying technology to a, fundamentally, people problem and it may not
yield predictable results. Such solutions aren't going to appeal to the vast
majority of non-tech savvy people (and hosted solutions are arbitrary at best,
censorship-inclined at worst) therefore will not make a dent in the actual
proliferation of "crapware".

In short, anything that requires more effort than is necessary to install
crapware, will not see adoption rates higher than the crapware itself.

We need something else.

~~~
lifeisstillgood
Maybe I was not clear (its pretty hard).

I think that there will be a home hub, a technology helper, supplemented from
the cloud, but anchored to the family home network point, that is the natural
place to deliver a wide variety of services, digital backup, net nanny,
finacnes fridges etc.

Make something the gateway to the house and that something will be defended by
house owners as much as the physical house itself - it becomes the virtual
avatar for the house.

It will probably be called Jarvis.

------
sadkingbilly
Every time one of these issues pops up with users crying foul, I can't help
but grin, and be reminded of the popup-days of yesteryear.

Ah, the good old days - where a video player hijacking your homepage was
nothing. People didn't get annoyed until it started spewing popups with "Your
PC is not optimized! Click HERE", "You WIN! Click HERE". I bet if divx did
that, they'd really make some money.

------
jpswade
I don't remember the last time I installed DivX.

------
swat535
DivX has always had these sorts of things installed. (also... Who still uses
DivX today??) this more of a Bing hate really.

------
tikumo
This is why I use VLC :)

------
mikevm
If you still need a catch-all codec (and splitter), use the ffmpeg-based LAV
filters
([http://forum.doom9.org/showthread.php?t=156191](http://forum.doom9.org/showthread.php?t=156191)).

~~~
nitrogen
How does that compare to ffdshow?

~~~
Daiz
Quoting a CCCP developer on the subject[1]:

 _> In short, though: More support for formats to be decoded, best HW
acceleration available as open source, much less hacks in there compared to
FFDShow-tryouts, uses vanilla-based ffmpeg libraries instead of the mess that
is in FFDShow-tryouts, as well as LAV Filters just being still in active
development compared to FFDShow-tryouts being dead._

FFDShow still offers more extensive video/audio postprocessing options over
LAV Filters, but most people are probably not even aware that they even exist.

Anyway, personally I would highly recommend using CCCP if you're on Windows -
it doesn't ship with any useless extras (like most codec packs you might find
on the internet) and is pre-configured to maximize compatibility and playback
quality - you get better quality than VLC will offer, for example. And if you
throw madVR on top of that you can make it even better with top of the line
rendering and scaling (though the difference isn't admittedly that big).

[1] [http://www.cccp-
project.net/forums/index.php?topic=6677.msg4...](http://www.cccp-
project.net/forums/index.php?topic=6677.msg42756#msg42756)

If you're on OS X or some *nix and want a simple video playback solution
you're better off using VLC, though. For advanced users, there's mpv.

~~~
cdman
I would recommend __against__ CCCP and any other codec packs. Codec packs in
general are pieces of software ripped from the original installs and put
together in ways the orignal author didn't expect. Thus it will crap out with
a high probability (or even if not, it will create all kinds of issues like
consuming CPU / memory for no good reason, Explorer crashing when trying to
generate previews, etc).

In addition, using those codecs without the original install kit is against
the license in almost all cases (just because "you can download it freely"
doesn't mean you can redistribute it). Finally, many codec packs are infected
by malware (although CCCP might not be, I have no experience with it).

In summary: \- Use VLC \- If not, use [http://ffdshow-
tryout.sourceforge.net/](http://ffdshow-tryout.sourceforge.net/) which is not
dead \- Alternatively you could try out LAV filters which I learned about from
the parent -
[https://code.google.com/p/lavfilters/](https://code.google.com/p/lavfilters/)
\- haven't used it, don't know how good (or not) it is

Never, ever use codec packs.

~~~
caw
I've been running CCCP for years (I think at least 5 or so), on multiple
computers, and have never had issues with CCCP. The only reason I have to
update is for codec features, like hi10p.

I agree with your comment on licensing. I haven't ever looked into CCCP's
reuse of codecs.

------
ffrryuu
Well, so does the NSA.

------
msh
WEll, the apple app store comes with a lot of negatives, but disallowing stuff
like this is one of the best things they have done.

------
sleepyhead
Any way to just install the codec on OSX? I don't want this 300mb app with
crapware. I just want to watch the movie.

~~~
arb99
Just play it through VLC if you just wanna watch a movie that uses divx

~~~
sleepyhead
That means I still need to install 300mb of divx crapware, right?

~~~
slig
Nope. VLC will play anything out-of-the-box.

~~~
sleepyhead
Cool. Thanks.

