I wrote here: http://www.withinwindows.com/2013/01/16/installmonetizer-qui...
Long zheng wrote here:
I'll respond to each of your items individually.
2. Maybe. Or more likely users are mistakenly installing these applications because the offer screen is made to look exactly like the EULA acceptance dialog seen in every other installer.
But we don't expect this to be fixed. Anti-malware vendors have stepped in and are improving their definitions to catch this garbage but it's very much a cat/mouse game. (IM has been detected a few times, btw.) IM is very aware of this "threat" and designed their system around random domain names to mitigate detection issues as they arise. (Think about it -- Does IM, a legitimate company, really need to use fcgoatcalear.us and fcvalcsoi.us domain names? Come on.)
3. No idea where you got this information, given InstallMonetizer bundled software shows no actual EULA. The only EULAs shown during install are ones provided by the package author and the offer advertisers. Can you clarify this point, please?
5. Yeah, I saw the company slip in the "Open-source software is a community product and you may not use our co-bundles with it" line. What a slap in the face of those who use commercially-permissive OSS libraries in their software...
Note that Paul's response said that they "are going to start" uploading hashes.
2. It's not. And it will never be, because it's hard-coded into the software bundled out on the Internet today. They may provide new bundles with hash code in place, but it's too late...
4. I don't think there is any claim that this can be fixed instantly.
5. This is not for OSS-using libraries -- that's totally cool. Everyone uses open source. What they've banned is people wrapping VLC to make money off software they haven't written. That's not cool.
5. That may be the intent, but did you read the policy? It's a one liner banning all OSS.