You can just imagine the conversation at 1 Infinite Loop:
Marketer: The Panic guys are considering pulling
out of the App Store. Maybe we should reconsider
our App Store strategy to make it more inclusive.
Product Manager: Have you seen the top 10 downloads
from Download.com? They literally destroy your
 and sandboxed iOS apps, and made the iOS App Store the only way to install iOS apps without jailbreaking your phone.
Also, it stinks that Apple has nailed iOS that shut that even as a knowledgeable user you are not able to bypass it. They did not yet dare to do the same on Mac OS, but who knows when that comes.
And by the way, I never managed to make it work in Windows...
True, if you installed iTunes or QT and it installed it as extra, yeah, you probably have an older browser installed (but I think there's not that many people that still use it)
chrome has a way of installing itself.
The "nailing shut" is an increasing problem for anyone that believes in a free market in software. Which isn't helped by all these sites shipping value-negative software.
It is user-hostile of Apple to force use of C:\
It's caused me to believe that all these people trashing on iTunes have broken computers, because the software plainly doesn't do half the crap it's accused of doing.
I can almost understand this on the newer versions since they've made it a sort of one-stop-shop for playing media, managing iOS devices, shopping for media and software, and sorting your content databases.
But the older versions I used back when I had a "classic" iPod were just terrible and all I did with that was load music onto the iPod. I seem to remember installing some custom firmware on the iPod specifically so I could just treat it like an external drive and manage the media on it via Winamp or Mediamonkey or some other program that had no business doing a better job at handling an iPod than something straight from Apple.
Even now I just use it maybe once or twice a year to back up and update my old iPad 2. I haven't found a way to disable all of the various iTunes helper processes that want to run in the background (short of turning them off in services.msc) so it only gets updated and run when absolutely necessary.
Maybe I'm just doing something wrong and it will run better if I open it more often and let it do its thing but there's just a point where it doesn't do anything (other than iOS backups) that I can't do more easily with other software.
...but I also admit that like many things, my previous bad experiences may be causing confirmation bias and leading me to take note of iTunes issues more than I would with other software.
It's nice that I don't have to buy into their cloud or OS to use their phone.
Apple chose not to allow that for iOS to ban that class of attacks outright. I've reconsidered my previous cynical conclusion that this was just to boost the app store profits based on the number of people I've heard mention using an iPad because they don't have to worry about installing programs; now I think the real profit comes from the trust in the platform – you need an awful lot of $.30 app profits to balance out a single device purchase.
I'm not enthusiastic about heading into the no-user-serviceable-parts world but it's not like the traditional PC model has worked out well when the majority of non-technical users has some level of dread/acceptance that they'll make a mistake and be compromised.
Microsoft Office for Mac OSX was coded with the same evil spirit.
This behavior is unethical but pervasive, and should be outlawed somehow, it hurts everyone. Specially when it comes from the two biggest players in the market.
Disclosure: I work for Microsoft, though this experience was at a previous employer.
Microsoft Outlook for Mac (the newer "blue" one, v15.3) is actually my favorite mail client on the mac. It's basically exactly what I wanted -- I wish there was a Windows version of the Mac Outlook :)
Sometimes Words starts typing multiple lines and Excel freezes when copy pasting filtered cells. I've learned to work around these bugs, (having been there for over a year). Maybe Office for Mac is not be coded by the devil, but lacks features and is unsatisfactory in ways that make me consider turning on the PC
I'm sure they get no support from corporate IT, their company's marketing constantly makes fun of their chosen field of expertise, and they probably even have their own table in the cafeteria. :(
(number of changeable UIDs that touched our server) - (app store sales) = copies we should have been paid for
..then there's a huge problem with their methodology. It would fail on the basic use case of one user with one app store account installing the app on more than one device (especially with kid friendly games like this), or re installs after a device wipe, or reinstalls after a user with a busted phone gets a new one, and so on.
As usual, bad statistics being used in defense of the piracy bogeyman. The number of people who jailbreak their phones is a tiny minority of iOS users, and the number of people who do so to pirate is an even tinier minority of that.
Even as someone that has no moral issues with downloading apps for free, I can tell you that it's not worth it on iOS. The contrast between the "it just works"-ness of the app store, and the hoops you need to jump through to get free apps is jarring.
Five percent are paid downloads, so the ratio is 9.5 to 1, but a portion of those are people who have both a phone and a tablet, people who have more than one Android device with them. So a small portion of that 95 percent is going to be taken up by those installs.
More! I have burned through four Android phones and three tablets with one google account. Everyone who upgrades their device makes "one pirated copy" by the logic of this study.
And a huge portion of the current (licensed, not the chinese ones without a valid Google license) Android phones are likely to be upgrades for older or broken devices.
They believe they already paid for the phone; they know they still need to pay their carrier for something they use but paying for software?
common that's digital. copyable.
wait! I need to tie my credit card to my phone? no way. I certainly can afford apps, but it's better to use them for free.
why do they need to pay if facebook, gmail, whatapp... are free..
do you read the news? app developers earn billions!
I know you need to pay for window, but I've using for free for the last 10 years you know..
Some people here need to take a reality check break once in a while and look at people who don't make as much as they do.
Lest you think I'm speaking from a position of not understanding poverty: my salary in 2013 was $21k pre-tax, with a wife and a kid. I had a $10 flip phone and spent about $8 a month on minutes.
And honestly, I'd choose a working-order 1st gen iphone over any brickphone.
Looks like you need the reality check I was talking about. I can find you $40 smartphones in countries that aren't the one you're in. And by the way, $40 can still be a huge investment for such people (just like $500 is to a lot of people in the US).
Edit: Those downvotes-without-explanation are really unnecessary, seriously. If you think I'm wrong, you very well may need a reality check yourself.
Please stop being rude.
EDIT: saying things like "If you think I'm wrong, you very well may need a reality check yourself" makes it seem like you're not open to dialogue. It comes off as rude, arrogant, and accusatory. That probably contributes to the downvotes.
> "I can find you $40 smartphones"
I can find plenty of $40 smartphones at Wal-Mart and Kroger. But this thread isn't about $40 smartphones, it's about iPhones -- and, in particular, the parent to your prior comment mentioned knowing people "too cheap" to pay for apps despite owning (implied: relatively new) flagship phones.
I know some people who are legitimately too broke to pay for apps, but they don't have new iPhones. Last year I didn't have a $40 smartphone, and definitely not a $500+ iPhone, precisely because it would have been a bigger investment than I could justify for a phone. I get that there are people for whom a $40 phone and $1 per app is too much money, but they don't have an iPhone6 or even an iPhone5, and they're not pirating the sort of apps that only run on those phones. The people pirating those apps aren't too poor, they're too cheap.
Complaining about downvotes without replies makes it seem like I'm not open to dialogue? I think it makes some people in here seem like they live in a bubble, to each their own huh?
> But this thread isn't about $40 smartphones
Actually, it is; GGP said he "knows people too cheap to pay $1 for apps" and that is completely valid for Android as well. The rest of your post's premise is wrong on that basis. I'm not claiming iphones are popular amongst that sector of the population. But even if I did, as someone else said below, actual pirated/resold iphones do cost around 30-40 USD making them just as accessible.
Edit: And I don't mean to be rude, it just disgusts me how some people here are so full of money it doesn't even register that for some, $1 is a big deal.
No. Treating disagreement as a sign that people need a "reality check" and that they're "in a bubble" makes it seem like you're not open to dialogue. Like you don't even acknowledge the possibility that someone disagreeing with you could have a valid perspective.
> "it is ... completely valid for Android"
Yes, but the broader context of the thread was about iPhone piracy. Also note that he claimed he knew people "too cheap" to pay $1 -- not people "too poor" to pay $1 -- for apps.
I get that $1 is a big deal to some people. I live in one of the poorest zip codes in my state. I've taken in three poor families in the last two years (a divorced mom, teen parents, and a single woman working through community college). My church runs a fairly substantial food bank and clothing bank. I'm connected to a ministry that rescues young women from polygamy (FLDS, AUB, and related groups) and they often have 3-5 children, no money, and a 6th grade education at age 20. I taught in a school where 95% of students qualified for federal free/reduced lunch. Some of my family members do charity work out at Navajo Mountain in southern Utah, which is one of the poorest places in the US.
The people I know in deep poverty are not major app pirates. Most of them don't have smartphones, and the ones that do have $40 or less grocery store phones running Android 2.2 on a pay-as-you-go plan, with either free games or no games.
Conversely, everyone I know who pirates $1 apps is either a college student whose parents pay for everything and they just can't be bothered to ask mom for iTunes credits, or they're a middle-class adult who thinks "I can get it for free if I jailbreak my phone, so it's not stealing." They have adequate dollars to pay for apps to go with their $500+ phone and $100+/month plan, but choose not to. Hence, "too cheap".
Microsoft seemed to do the exact opposite in this time period. Their Office software was very Mac-like and worked very well on OS X.
I've had a Mac Mini for 3 years, and I still haven't found any Apple-made desktop software I would call "decent". I've had only iPhones since the 3G came out, too, so I'm not just an anti-fanboy.
I fail to see the difference between OSX and Windows then. Legacy Win32 APIs probably are still there, somewhere, but they've built a fairly solid system on top of that. PowerShell is one major argument in favour of Windows platform: it really makes resource management and scripting (and remote administration) quite nice. Meanwhile, for practically anything other than core system services (and sometimes for those too...) you need to install 3rd party applications.
It's exactly the same on Mac OS: I had to install Spectacle just to make the system support the most obvious shortcuts for positioning and resizing windows. Homebrew/mac ports are nice and I know of no Windows equivalent, but I think they target very specific kind of users and are rather limited in usefulness.
In any case: I'm a Linux user, have been using FreeBSD on the desktop before that for years, worked on Windows earlier, and now I'm being forced to use a Mac for iOS development. I see no real difference between OSX and Windows7/8 in terms of OS capabilities: out of the box they're both rather weak (for my purposes, anyway). With some tinkering and 3rd party applications both can be made into workable systems - but the tinkering is both harder and more limited than what's possible on Linux.
Other than mentioned homebrew and some degree of POSIX-compliance which makes compiling many *nix programs natively under Mac OS possible, what makes it nowadays better than Windows (I mean core OS functionality)?
First, I'm probably not alone on HN in reading that last sentence of yours that begins "Other than..." as being roughly equivalent to "Other than that, Mrs. Lincoln, how was the show?" OS X doesn't just have "some degree of POSIX-compliance"; it's Unix, full stop. If you are that "specific kind of user," this isn't optional.
Second, as squishy as this sounds, I simply like the OS X user experience more than Windows or any Linux/FreeBSD desktop environment that I've tried. The Mac gets the GUI right in subtle ways that are hard to describe but that I always notice when I'm using other systems. And this isn't due to lack of personal exposure; I'm, well, old by today's computing standards, and I've used the original MacOS for years, FreeBSD for several years (including professionally) and many versions of Linux, from the SLS days up through Ubuntu 12. (Actually, I'm running Ubuntu 14.10 and Arch Linux on two different servers, but they're GUI-free.) And I wouldn't trade OS X for any of them.
I know for some people, being able to tile terminal windows into a 3x3 grid without ever touching a mouse is their UX nirvana, but I am not one of those people, and I don't think I'm less productive for it. The fastest way to get a window the size and place I want it is often with a mouse. The fastest way to copy and move files is often with drag and drop. I know (some) people insist that I must be slowed down by constantly using mouse-driven software and switching between a tabbed terminal, a GUI text editor and a visual diff tool -- all with (gasp) overlapping windows! -- but I'm not. Really. And there are a fair number of Mac-only programs that I prefer to their Linux or Windows counterparts, if I can even find such counterparts. (Keynote, OmniOutliner, Soulver, ReadKit and xScope all come to mind.)
And, last but not least, it's nice -- at least for me -- to have a full Unix system that also has a lot of commercial software support. I don't run much Microsoft or Adobe software, but I'm glad I have the option. The applications I mentioned in parentheses there are all commercial, and as cliché as it may be to claim that commercial software generally has a better UX than free software -- and even more obnoxious, that Mac software tends to have a better UX than Windows -- it often matches my experience.
I have a main machine I run Linux on, and use a KVM to switch between them.
I admit that using a Windows keyboard on it is definitely a barrier, though.
The sort of software you see profiled in this article is the result of those kinds of quick-buck hustlers trying to game the software market. That's the majority of global business culture, which is why outside walled gardens with quality control it's the majority of software.
Ultimately I think this is the case because human beings are wired for scarcity and conflict. Get while the getting's good, because the next famine or raiding army is always coming. No point in building any real value in that world. It'll just get stolen or destroyed. HN is full of people who subscribe to the futurist/enlightenment notion of progress and the idea that we might be almost post-scarcity enough to entertain the decadent luxury of benevolence.
Whose fault exactly is it?
Has anybody in HN worked with a company which does this crapware bundling, let alone creating? Or does anybody know anyone who's "in the business"? Because I, quite honestly, can't understand how or why people would be doing this. Is it really that "Well, I know this shit is going to infect thousands of machines with software which nobody would like to have, but hey, it gives me my salary, fuck yeah!"?
It's just sad that there are people scamming others like this, and people who jump into it because hey, paycheck!
If anyone here has worked for Adobe (Flash included crapware for a long time), Oracle (Java updates used to or still do include crapware), Google (browser toolbar was crapware), or Apple (Quicktime for Windows attempted to install iTunes and Safari), then yes.
Adobe software: download a tiny disk image, launch the hideous Adobe installer program, give it root, have it download and install God-knows-what to God-knows-where. To uninstall, open a terminal and go medieval on everything with a name containing "Adobe", "Macromedia", "Flash", etc.
Adobe creates the most user-hostile software that is not pure malware.
I have always had a problem with adobe, and I used to say it was because 'they specialize in non-standards', but I think you have a much better point. It just feels like you're getting screwed every time you see that A.
I think you have the nub of it here. I first learned to loathe Adobe almost 20 years ago, with Acrobat for X11. Every other X11 program would spawn a new process and a new window when you typed "program ... &" in your xterm, but "acroread ... &" would talk to the One True Acroread Ur-process instead. This, of course, caused all sorts of unpleasant and non-standard behavior when opening and closing PDF files. Not to mention that the interface was a bloated nightmare compared to xdvi and ghostview.
Then they bought Macromedia and Flash, with its ability to create non-standard horrors on the web. It was like watching the formation of a black hole of abusive software, and I still wait for AOL and RealPlayer to be sucked in by Adobe's evil gravitational pull.
you got GoogleUpdate as ..
- startup trigger
- firefox addon (!!)
- scheduled task
Stallman was ALWAYS right.
The truth is, if you look far enough, you can always find something to be guilty about. I'm not going to blame programmers working for any of those companies, but I will squarely place the blame on companies with hypocritical culture.
Apple upper management: Hey, let's bundle all this crap with something that people actually want!
Apple upper management: Wow! People are bundling crap with things that people actually want! We should put a stop to that by fucking over our customers' right to choose in a free market!
To answer your first question, someone from HN should surely about this given: http://www.istartedsomething.com/20130115/y-combinator-is-fu...
Extensive commentary at https://news.ycombinator.com/item?id=5059806
EDIT: pg's response was basically "suck it": https://news.ycombinator.com/item?id=5092711
If 'we' wanted to, we would at least work on getting rid of this kind of behaviour. In an alternative world, the equivalent of GreenPeace would parade the C|NET offices, newspapers would write angry editorials about them, harmed users would write them millions of complaint letters, and class action lawsuits would be filed.
Problem is that 'normal' users have been slowly subdued into "it's my fault" mode.
People who think that software should be free, as in beer.
Developers have to be paid. When people paid for software with dollars, this exchange was much more straightforward. But now people think that software should be free as in beer, which means it comes with ad software or "sponsored software" that in turns sells ads, or spies on everything you do, or something to pay the bills.
Some developers choose to sell their software, and they have their perfect right to do so. Hard work needs to be compensated, and if someone wants that compensation to be money, then so be it. Just label it in clear terms. Ad-software is not a legitimate earning method, it's robbery. What it tells is that you don't give a damn about neither problem you're pretending to try to solve (otherwise you wouldn't let your app to be polluted with worthless crap) nor your users, who will have to live with malware (which, on global scale, is a huge negative utility in terms of lost productivity and health lost to stress/anger).
(I skipped here over the big, expensive software - things like Photoshop, Matlab, etc. That they are result of hard work of people who need to get paid is obvious, and everybody knows that they should buy that software if they needed, and they will receive something valuable in exchange.)
I'd go a bit farther: not all software can be sold. Making some extremely niche software fills that niche, but there may be a very small audience for, say, combinatory logic interpreters, or theorem provers. If we as a society demand that every piece of software be sold, and maybe the bulk of the members of the society have a weird idea that the price of something has to reflect the cost of that good plus profit, then a lot of software will never get written, and a lot of ideas won't get tried out, and a lot of niches will go unfilled.
Of course TemMPOraL is right: There's nothing wrong with someone who truly wants to give away software for free. Saying that's wrong is saying that any act of generosity, kindness or charity is wrong.
But Daniel is not saying that free software is the problem, but that "People who think that software should be free" is the problem. When people expect software and web services to be free, producers who can't afford to give it away free are forced to resort to other means. And when he says that for people paying "for software with dollars, this exchange was much more straightforward", he is echoing Maciej Cegłowski of pinboard in his call: Don't Be a Free User.
The real problem is not free software, but software that dishonestly claims to be free. Ad supported software is not free. Software that is monetized by pushing other software is not free. Software that sells your data is not free. Software that hooks people first and then pushes in-app purchases is not free.
I'm actively working on how to get us out of this mess. If you're interested give me a holler.
 I'm being generous. I think anyone who is ethical and honest with themselves wouldn't allow themselves to be forced into doing anything dishonest. "You can't get permission for the wrong thing and don't need it for the right thing" (https://news.ycombinator.com/item?id=8877192)
 I call this the drug dealer business model. Microsoft perfected this in they way they got everyone hooked on DOS, then Windows and then Office, and then took it to a new level by giving away IE for "free".
If it's going to spy on you, it should tell you right up, not in small prints in the EULA.
Also, the assumption that developpers have to be paid is wrong, some people might do it for charity or for other non-profit reasons.
There are plenty of services I pay for that sell data about me and/or show me advertizements.
So this is an appealing story, but it only works until someone decides "I could get paid, AND sell the user to advertizes/data harvesters." It's always easy to make now-impossible scenarios into appealing hypotheticals, and I'm sure that market forces COULD mean that none of the software or services currently supported through advertizement and data harvesting invasive and advertizement wouldn't do so, but nobody can say for sure.
Hey look: -> "App store... (3 new)"
Pretty sure I bought this laptop. ($2000) But there sits an advertisement, right in my GUI. Yes, this one is pretty harmless, but it is still there.
(1) Convincing anyone in management that developing such a thing would be worthwhile when people are still buying the old thing in droves and when such an endeavor would have a long bootstrap/incubation period before it'd be commercially viable.
(2) Making all the legacy software work via compatibility layers.
Not sure which of these would be harder.
Present OSes have security models rooted in the multi-user needs of workstations and servers in the 1970s and 80s, back when the Internet was kind of a walled garden and security risks consisted mostly of students and kids playing around.
Okay, what security model do you propose then? I'm curious because I don't see a security problem here. No OS security was bypassed, there was no OS bug that was exploited. This is what happened - The user downloaded a file and installed an application.
In your previous post you mentioned terrible permission separation and application isolation - I don't see how its connected to the problem.
It seems like you want it to be so that malware applications can be installed by any user without the system suffering any consequences. You can't achieve that goal without also crippling regular applications that legitimately might want to do everything that a malware application does.
First and foremost, security should be a primary OS design objective and it should go into the design deep. It should be something you think about before secondary concerns like a process model, binary format, driver framework, or memory management.
Every single executing piece of code should be signed (with self-signing by the user an option of course). In that respect the app store model has it right, but I'd like to see something that ultimately puts the keys in the hands of the user. That means that a keyring is something you put down with the task manager, memory manager, etc. It's a core OS function. The ability to administrate the keyring and control permissions is also a core OS function.
Every function call outside a context should do a permission check against the certificate of the executing code. The right way to design this would be to make it work first, then figure out how to make it fast without compromising security. I think fundamental innovation would be needed here. I'm not sure exactly how this should work.
We should get away from distributing compiled code that runs straight on bare metal for most things. It might still be available as a permission, but one that would come with a warning to the effect that this could allow something to pwn your machine. Honestly I'm not sure if it's necessary. I'd look into the idea of shipping binaries as LLVM byte code and AOT compiling everything, and possibly including a secure implementation of OpenCL for really high performance computing needs.
A concept of users should be baked in from the get-go too, and should be part of the permission set of an executing context. Each user should have a key and be able to authorize other keys by signing them, etc.
So yeah, I think that's sort of a starting point. Crypto and permissions should be baked in from the get-go.
It'd also be important to think about usability from the get-go, since if it doesn't "just work" nobody will use it. UI/UX would be a challenging part of the project.
Storage is another challenge -- how to allow execution contexts to hand-off and/or share data without compromising security and without being too inefficient. The fact that storage is getting so cheap means things like copy-on-write with versioning might be baked in from the get-go to permit almost any operation to be rewound for a good period of time. So if a piece of bad code borks your work, just undo. I wonder if the whole OS could be built around a command model where things just fall off the end when they're too old? Log-structured everything? Again, not fully baked but I think it's the right general direction.
I highly doubt I am unique in thinking these things. I'm not the sharpest tack in the world and these kinds of ideas strike me as obvious results of reasoning from first principles about current OS challenges and failures.
The app store and mobile sandboxing models are steps in the right general direction but they are very, very ham-fisted compared to what I'm imagining here. They're the right ideas applied as a band-aid to fundamentally obsolete systems. They also cut the user out of the picture. I think that's because their models are ultimately too shallow and coarse-grained (and also because the vendors want control). Develop something good enough and the user can be put in the driver's seat without the machine turning into a malware cesspit. If the user authorizes a piece of bad code, just de-authorize it and it dies.
I don't understand how only allowing signed execution would help avoid this problem. Like you said, anyone could pay to get their company listed as a 'trusted' entity. The problem is you cant push this task to the user, because the non-technical layman user is not in a position to determine this.
If we only allow signed binaries to be loaded in memory, then we won't need IPC to pay the security tax for every function call. - given that there are probably going to be tens of thousands of them per second.
>We should get away from distributing compiled code that runs straight on bare metal for most things. [..] Honestly I'm not sure if it's necessary.
Poof, no more program debuggers, profilers, no more device drivers, no more third party file systems, no more .. you get the idea. Maybe that's not "most" things, but ask yourself how functional is an OS without the ability to load kernel mode stuff.
> Each user should have a key and be able to authorize other keys by signing them, etc.
How does that help my mom? She's just going to call me when the computer asks her "weird questions about keys and permissions". The entire point is that the average user is not the best judge of what is and isn't malware. Technically savvy users already have no issue with malware for the most part.
>Develop something good enough and the user can be put in the driver's seat without it turning into a malware safari.
Again, why would the user WANT to be in the drivers seat? They have no clue how to drive the car!
> If the user authorizes a piece of bad code, just de-authorize it and it dies.
That only tackles the problem of cleanup, which is a separate problem. By that time, the malware is already on the system and it's sent your credit card and documents to the bad guys.
The purpose of signing isn't to guarantee that an entity is anything, but to allow the user to absolutely and decisively rule what code is allowed to execute. If the Russian Mob sneaks some code from "G0ogle, Ink." onto my machine by tricking me into authorizing that cert, I can just de-authorize it and then it all DIAF.
When I say signing, I don't necessarily mean the app store feudal model. I mean an inverted version of that -- where the user decides what runs by approving certs by signing them with some kind of master key.
"Poof, no more program debuggers, profilers, no more device drivers, no more third party file systems, no more"
You can debug Java pretty effectively. There are great toolchains for that. I agree that direct ASM may be required for a few things like drivers, but those are going to be the exceptions not the rule.
"How does that help my mom? She's just going to call me when the computer asks her "weird questions about keys and permissions"."
"Again, why would the user WANT to be in the drivers seat? They have no clue how to drive the car!"
Freedom and control are things you should have, but should not be forced to exercise. It should be possible to leave them alone and just trust one or more vendors. This is a UI/UX issue.
With things like iOS I don't have the option.
"That only tackles the problem of cleanup, which is a separate problem. By that time, the malware is already on the system and it's sent your credit card and documents to the bad guys."
Absolute security perfection isn't possible, but I think huge improvements can be made. Don't let the perfect be the enemy of the good.
Data leakage and social engineering are particularly thorny because they're really only half technical problems. The meat sack using the machine is always going to be a weak point in any security model. But if the machine were secure, it would help.
The entire problem is that the users have no idea prior to installing the software, whether its legit or malware. I don't see anything in what you've proposed that solves the root problem. Yes, we can look at peripheral problems like cleanup and revoking certificates but those only affect users AFTER they've already made the choice of installing a particular piece of software.
Just you, my friend. If you recall, here is the point you were challenging:
> this is a band-aid over the fact that OSes have terrible permission separation and application isolation. If OSes were better architected from a security point of view, it would be substantially less of a problem.
Would you now concede this point?
Yes, and I didn't receive any information that would lead me to believe that applying his/her suggestions would substantially tackle the root problem. All process isolation does is push the problem out further into the application side of things. Now the user has to micromanage the data flow in between applications. The root problem has very little to do with OS architecture, and I'm happy to be convinced otherwise.
>Would you now concede this point?
Okay. If you insist. I have no desire to "win" the argument. It's merely idle chit chat for me. My code's compiling ;)
I should be able to give a Russian mob hacker on crack access to my machine without worrying too much about them doing anything I don't give them permission to do.
a) I'd like all applications to be run in sandboxes. That way you don't have to care if you application has malware or its processes got hacked. You have that in iOS I believe (but iOS has other problems), but to various degrees it's been done in solaris and freebsd, probably can be hacked in linux but no major distro has it as a precooked solution.
b) Have OS written in memory safe language. Microsoft got Singularity, I have no idea why that never saw the light of day. That thing could kill Linux on a large portion of the server market. Hopefully we will get something written in Rust now.
As of 1 Jan this is now economically infeasible in the EU (see "VATMOSS").
*edit: Wish it were a surprise.
Apple has a gatekeeper model because many years ago it shifted to the view that money users spent on third party software was coming out of their bottom line.
Its mostly a windows problem. I haven't seen malware from .debian.org or more recently .freebsd.org.
So on freebsd, pkg install nvidia-driver, or on legacy linux apt-get install nvidia-driver and you're all done.
Someone looking for trouble could do it the hard and dangerous way, but why?
Also commercial software other than possibly games, is dead man walking and is dead on FOSS platforms. Sure, go ahead, pretend its the 80s and try to charge me money for an editor, or a compiler, or pretend its the 90s and try to charge me for a web browser or a database, its just not happening.
OK, make an editor that great as Sublime Text, put a msgbox that I really should pay $60 for multi-PC license, and be done with it.
Ubuntu uses the information about searches
to show the user ads to buy various things
from Amazon. Amazon commits many wrongs
(see http://stallman.org/amazon.html); by
promoting Amazon, Canonical contributes to
them. However, the ads are not the core of
the problem. The main issue is the spying.
Canonical says it does not tell Amazon who
searched for what. However, it is just as
bad for Canonical to collect your personal
information as it would have been for Amazon
to collect it.
I mean maybe—it's not like you have the option to analyze or debug what you're running. You can't predict everything that can go wrong, even if you know the rest of your system top to bottom.
Have you seen the Debian repositories or the Ubuntu Software center. They have a great selection of software, are easy to use, while at the same time not taking away your freedom or resorting to Orwellian tyranny.
The Debian repositories are great, but don't kid yourself: unless you're a developer, it's very likely that there are at least a handful of mission-critical apps missing from the Linux ecosystem.
IMOE the main issue are software-suites
Cad and 3D: my dad is really used to windows, and learning the linux environment was an easy step for him. He could never do the switch to open source cad alternatives. We tried using wine, but for performance we ended up keeping windows as a 2nd bootable for him to draw.
Photoshop, and Corel: I installed ubuntu to a friend who works as graphical designer. She is currently using gimp, and inkscape but she had a hard time making the switch.
Games: my son really was the most resilient to the change. He played every blizzard game, and since there aren't (wasn't ?) linux support it was a big non-stop for him. Then he moved to minecraft, and that made him reconsider the switch. He's been using linux for about 2 years already -- no windows partition at all
Atleast Macs allow you to not use the AppStore (for now).
If you type terms like 'firefox' into google search much of the time the top result (which is actually an ad) takes you to a site offering a version of firefox bundled with toolbars and god knows what other malware. The story is similar for other popular windows downloads. I've even seen these ads crop up for things like Chrome in the past.
For example, here is a search I did just now for the term 'download firefox'. The top result is an ad leading to malware: http://i.imgur.com/Ote9c2k.png
Imagine having to explain to an inexperienced computer user how find to firefox or other common software, without clicking on any of these landmines google carefully disguises right at the top of the results.
I've been bringing this up on HN for a while now and nothing has changed. Many of the sites are the same as they were a year ago. Google does manual review of adwords sites. The domains of these sites have been the same for at least a year. Google knows exactly what is going on, making them just as bad as donwload.com in my view.
Google search ads are probably one of the biggest vectors for malware these days, along side the kinds of big download button ads you see on software sites (many of which are also google ads).
As an aside, I wonder how prevalent the adware would be when searching for "download chrome"?
µBlock is especially good for this as some of the lists have additional rules specifically targeting malware sources, and it can block things like actual script tags and such instead of just hosts.
Well it's not there to sell cars so much as it is to say to the public "BMW are valid cars"
So just having the advertisement get seen is what's important to them. At least that's my understanding. Evaluate the argument for yourself: http://www.reddit.com/r/explainlikeimfive/comments/14y695/el...
It's also another reason I filter ad's. I'm afraid they will manipulate the way I think.
 See http://blog.opendns.com/2007/05/22/google-turns-the-page/
Also agreeing to set MSN as your homepage with the install bloats the download size from a svelte 286kb for the DX web installer to 2.4mb (just to set a homepage!?). Way to completely defeat the purpose of providing a small installer by bundling in crap.
This has my support :)
If you had it at the end you'll get very low participation rates. If you're installing DirectX it's because you are trying to play a game, so an additional screen to the effect of 'would you like to play your game now or in 5 minutes' will result in everyone picking the 'play game now' option and nothing being installed.
From Microsoft it is a malicious software removal tool.
From just about anyone else it is a malicious software removal tool.
I never saw any articles about it at the time. I just remember it always being in my Windows Update list and I was sick of it. Windows Update in my mind should generally be for OS and software updates, and not for software that Microsoft is looking to push.
Which is funny, because I'm a Windows guy who works in the Microsoft stack.
I really wish MS would give up on pushing MSN and Bing. They're just terrible products. Shame their good products get mixed in with them.
I handle high single-figures of these adware and/or potentially unwanted programs (PUPs) infestations every week.
Mostly it's Windows 7 and 90% adware/PUPs-centric, occasionally ransomware. In the huge majority of cases, the following will get a computer back up and sorted in a sensible amount of (billable) time:
First, bring known-good copies of AdwCleaner, Junkware Removal Tool, RKill and ComboFix on a thumb drive. Same-day downloads are preferred as some detect out-of-date versions and don't play nice. Shut down computer. Restart in safe mode with command prompt. Run explorer.exe from command prompt. USB typically works as usual, even in safe mode. Run each of the applications above as administrator in the order they are listed. Some will require a reboot to complete their work. The reboot should be in normal mode, subsequent restart(s) to run other cleaner(s) should be in safe mode with command prompt. Diminishing returns will take place after the third of fourth cleaner, and allow 15 minutes for a typical infection.
The longest it's taken me to completely clean a computer of was 7 hours, comprising around 18GB of tat. If it's a severe infection, I will recommend a rebuild from known-good factory media after a Windows Easy Transfer export, assuming there's not too much in the way of user content.
As an up-sell, I also offer a better-than-factory reset where there's a clean Windows 7 installed and no vendor-specific junk on there. Computer vendors aren't as bad as free-to-use software vendors, but there's a reason why a adequate Lenovo laptop can be bought in the UK for 230GBP (including sales tax at 20%). Install, updates, and Windows Easy Transfer will typically be around 2 to 3 hours. It's a hard sell with a cheap laptop, especially since some clients are already preparing to buy a new laptop rather than fix the old one.
I second the `what do you want to keep` sentiment, too. The downside to this is having them effectively sign off on what they want, and then they forget something until 6 months down the line. I have provision for keeping a drive image of their drives for 28 days, with prior permission, and I check in with them after 7, 14 and 21 days to make sure all is well. The comfort of a familiar desktop is a powerful thing, and the Windows Easy Transfer process makes it easy and straightforward.
Burn everything and build afresh.
Hopefully lesson learned.
Edit: typo and formatting.
I'd love to make a Mac version someday, but the problems are so much worse on Windows so we're focusing there.
I can't thank you enough! That program is _always_ the absolute first i download on every windows machine, period.
I think i've told all my friend about ninite by now, and everyone is super impressed.
Would you care to elaborate on how it works? do you download from each software homepage, or do you constantly have to download latests versions and then serve from your own server?
Any way you could make a free or cheap one-time pay, for a version that can use a private server to host, and then deliver programs to it this way.
Doing this you would be 100% adware free and the client might even notice/appreciate the speed boost of a fresh install.
Mostly down to client feedback. Personally, I'd much prefer to have the nuke and rebuild approach. I offer this as a preference (safer, faster, etc), but the familiarity of these pokey vendor-supplied apps for photos and the like is a very strong draw for folks.
The burden of technical knowledge doesn't run deep. They want a low-price laptop, and all their stuff safe and sound. The value they place in their data is, in my experience/anecdotally, proportional to their purchasing habits.
Most don't have hard drive backups, despite my continued insistence. Years of photos just get stockpiled without any recourse to a backup. There's some interesting psychology at stake, too; knowing that photos are there and actually referring to them are too entirely different things.
1) Rebooting the computer can spread the infection. You should try to clean it with 0 reboots. Ignore safemode. Kill adwcleaner with taskmanager.
2)ComboxFix is unnecessary. Malwarebytes/ESET work most of the time, and if not there are about 3 other scans to use.
Anyone who wants to buy a new laptop for speed purposes should be talked into trying an SSD first. A cheap laptop comes with a mechanical hard drive and doesnt alleviate disk io bottlenecks.
AdwCleaner requires a restart to finish up, as I understand it. If you know differently, I'm genuinely interested.
>ComboxFix is unnecessary.
Respectfully, I disagree. It's caught things that the others have missed. Anecdotal evidence, sure, but in my experience it's proven useful.
Most of the time new laptops are not for speed purposes - there is a misconception that a new laptop is a fresh start, not necessarily a much faster computer.
The thought process invariably is: this laptop is slow and full of ads, I need a new laptop to start over without the ads and _new is best_. My clients are mostly non-technical, that's why they call me; technical clients (say, 1 in 10) are more willing to explore SSD and appropriate RAM.
TV-advertised laptops for 200-250GBP are very appealing for my client demographic. It irks me, sure, but then sometimes people have to learn by doing. The tide is very slowly turning.
What other things? Did you run FSecure, Panda, ESET, Emsisoft, Avira, Avast, Herdprotect? It might be useful, but it is dangerous. It should be an absolute last ditch effort, not standard procedure.
>AdwCleaner requires a restart to finish up, as I understand it.
Try running it twice in a row without a restart. Try running it before and after a malwarebytes scan, without a restart. Does it find things?
>technical clients (say, 1 in 10) are more willing to explore SSD and appropriate RAM.
Thats why you word it "would you like me to make your computer much faster for $100 dollars. I can replace the moving parts with electrical ones."
I should clarify. I am predominantly dealing with annoyances, adware and unwanted applications – not viruses or malware, in the main. It's junk, not malicious or infecting - at least in the vast majority of cases.
Removing the non-viral noise makes the process of cleaning up anything else far easier. Number of rootkits encountered in 3+ years of domestic and small business technical support: zero. Number of file infecting viruses encountered in the same period: 2. Number of ransomware (Trojan horse, worm at a push) infestations: dozens. Number of adware and miscellaneous browser infestations dealt with: hundreds.
>Try running it twice in a row without a restart. Try running it before and after a malwarebytes scan, without a restart. Does it find things?
That's a really interesting question, and not one I can answer right now. I do intend to try this in a VM a la the OP link. I will endeavour to find out and report back.
List of malicious programs: Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.
At least 'formerly-known-as netbooks' aren't selling for twice that, anymore. Although, they are still excruciatingly painful to work on if you're used to anything faster...like an x86 Celeron.
See here for PG's take on this:
From building spam filters to funding a spam company. Building things people want? Ha!
I guess it's worth noting other YC partners in that thread also defending malware, for example Garry Tan: https://news.ycombinator.com/item?id=5093746
It seems like the culture of spam and malware is deeply embedded in YC these days.
Edit: Oh, and Quora, even if that wasn't much more than YC lending its name.
The vast majority (but not all) of startups do dubious things. That's to be expected in an environment that glorifies "breaking things" and worrying later if what they're doing is legal or not. Being YC affiliated does not change that in the slightest bit.
I disagree with this conclusion. Also, I have a related issue with some of the opinions I hear e.g. on HN that confuse me.
Many a person says in defense of ads - "but surely authors have to support themselves, otherwise there'd be no site/software", "TANSTAAFL", etc. But this seems to me to be in disagreement with observable reality.
What I see is a strong and direct correlation between amount of ads and crappiness/dishonesty. For websites, it is usually "the more ads there are, the more likely content is wrong/crap/nonexisting and the author is there to take your money". For applications, similarly - more ads means crappier downloads, and - if it's the author's site that's full of banners - the program is most likely shit.
What I observe is that there are two reliable types of sources/downloads: 1) linked on author's site, free and free of ads - they signal that the author actually cares about the content they're providing (see "the toilet-paper companies") and 2) linked on author's site, that ask you to pay up front - here it signals that the author is honest.
So do the authors really have to "support themselves"? Or is it that the honest ones either do it for free (because they care, and they get money needed to support it elsewhere) or sell in clear terms? And the ad-dependent money makers have no business being on the Internet in the first place?
That's why I also feel no guilt for browsing with AdBlock on - neither the ads nor the ad-serving pages are a good deal for anyone in any way.
As for the Downloads.com, CNET, et al. - I hope that the introduction of Windows Store/package manager will shut them down for good. They're evil, they deserve to be down.
 - https://news.ycombinator.com/item?id=8319102
Expectations of ads fully supporting websites are relatively new even to the world wide web, let alone the internet. 10 years ago, you might at best hope that your ads would offset a bit of the websites hosting costs.
The really good content is put up by people who are in it because they care about the content, not the money. The same is true of software.
My experience is that if you are offering quality, you either give it away for free, or insist on up front payment.
Pay by ad, pay by data and in app purchase are all business models of people who want money and don't care about the content, but know their product isn't good enough to sell.
Consider the work on the Snowden files. Snowden handed his huge collection to professional reporters, who then spent weeks and months carefully reading it, confirming what they could independently, working with experts to understand what was most important, working with lawyers to understand what they could and not publish, and finally, writing and editing the articles.
Or consider investigative journalism pieces like the work that revealed the problems at the U.S. Veteran's Administration, or the Washington Post's series on civil asset forfeiture:
The Post and other news operations need to make money somehow, so that their reporters can afford to spend the time to keep doing this work. So far, ads are the only revenue source that seems reliable, although a lot of news ops are experimenting with online subscriptions as well.
I applaud the work of professional journalists who care about stories they do and providing value to the public. So I want to support them, but not the other 95% published under the same banner. Because seriously, I get much better value from HN and Reddit comments, which not surprisingly, are both free and written by people who care.
I understand the reasoning, but you seem to be taking it to a logical extreme. There are some reputable and useful sites that use ad income, I don't routinely use AdBlock or similar for that reason. If a site annoys me with its ads it gets DNS blacklisted (pointed towards my "you don't want to go there" page via local DNS config.
> neither the ads nor the ad-serving pages are a good deal for anyone in any way.
Hence the DNS blacklist, though this isn't overly helpful (mainly because new sites spring up constantly) and not useful to non-techies (most people don't run a local DNS cache that they can drop a new block into with a simple script call).
I am considering a browser extension that takes it from this point of view rather than the AdBlock point of view though, i.e. "I don't want to go to such sites" rather than "I'll go to such sites, but they aren't serving me ads and other crap". One of the many personal projects that will probably never see the light of day because I'm too busy with other things... (so if someone else wants to copy the idea, go ahead and I'll be an alpha/beta tester!). Something that either intercepts page transitions and warns "you've previously marked this site as having irritating pop-ups, are you sure you want to proceed?" and/or scans pages for links and visually marks those pointing towards marked domains. The next step would then be some sort of distributed store for collating what people mark so it can warn about sites I've not previously visited, though of course if such a thing became popular enough to be useful there would be the constant game of trying to stop people abusing this to block competitors sites or de-list their own.
> As for the Downloads.com, CNET, et al. ... they deserve to be down.
I can't say I disagree there!
This is something that sometimes actually crosses my mind. I acknowledge the existence of good people who rely on ad income (assuming they get something from ad views; I pretty much don't click on ads at all) and I'm willing to modify my behaviour to accomodate them. I sometimes unblock pages when they ask nicely (e.g. episodecalendar asks you if you could unblock ads when you have a free account, and since I actually get a real value out of this site (having my favourite shows pop up in Google Calendar, so I don't need to manually track new episodes), it was only fair that I unblock them).
From the division of Interesting Ideas That I Have No Time To Make, here's mine: an ad-block that instead of blocking ads, replaces them with crowd-sourced images of your choice - like "best of DeviantArt", Banksy pictures, ads for effective charities, etc. It was inspired by this picture I found once: http://editorial.designtaxi.com/news-banksycoke2405/big.jpg.
Another good option for replacing the ads would be to put appeals in place, things like the recent push for funding for the ebola hit areas in Africa, the appeals that followed tsunamis, famines, and other natural/humanitarian disasters, and so on.
Yes, that's also an excellent idea. The point is to allow people, per the quote I linked, to adapt the ad space to their own taste. Humanitarian appeals could be a good default. This could also solve the problem that some people complain about, that some pages have layouts built with ads in mind and become "uglier" when ads are blocked (not that I ever saw this actually happening).
Ninite: nice, simple, installer: just select apps and let the installer do it all for you.
AllMyApps: all the apps, no crapware (at least for now).
chocolatey: a command-line package manager for Windows
Ninite is clean and great for managing deployment on multiple machines, although it offers a limited number of curated apps (but they tend to be very common).
AllMyApps has tons of apps and the most user-friendly. I could give that to my mum. Only had some minor issues sometimes when it fails to recognise versions to update. It will even recognise and update apps that were not installed through its manager.
Chocolatey has lots of packages and you can create your setup to make it easy to deploy across machines. It's getting more secure and the authors are putting a review process in place to guarantee quality.
I've used all three and they all offer something useful. All allow you to manage your own deployment across machines.
As a bonus, all the apps run from a single directory each, making it easy as pie to uninstall and remove all the apps settings at the same time (as opposed to bits left behind in AppData, Local AppData, the Registry, your Profile directory, etc). And they're portable, so you can run them from a cloud drive (DropBox, Google Drive, etc) that's backed up and synced between machines or from a USB drive.
It's really way too visually cluttered. Somehow my brain has been trained to think "be careful" when I see clutter like this on a web page.
I still can't shake the feeling that it's only a matter of time before Moloch gets to them and they'll start serving crapware like any others. I'd love to be wrong on that.
Our pro-version SAAS business model works great.
Plus we started Ninite because junkware enraged us so much. It's just punching down at non-technical users. I'd kill the company before doing that.
Anyway, we'll be around and junkware free until the world moves to platforms where everything's signed and sandboxed.
I really hope their business model (selling an update tool to private users and a side-wide deploy tool to businesses) works out until there is a usable windows store / package manager around.
Each time I have to help someone setup a new windows laptop I get reminded why I'm using Linux as my main OS ;)
Chocolatey used to mostly be OSS stuff, but it looks like they've expanded with some nerd-favorite proprietary stuff now too. The list is also moderated, so that's a good sign.
At the minute I just have to put up with spending a few hours removing the worst offenders and then running several different adware removers. It generally keeps them running well for a few months.
I would love to set up a VM so whenever things start going wrong they could just delete the VM and start fresh. Currently VMs are a bit too heavy weight, a lot of people struggle with the concept of working in multiple Windows let alone knowing which machine they are actually working in. I am looking forward to Microsoft implementing containers ala Docker. It will be interesting to see what possibilities will be available for making it seamless and quick enough for a computerphobe to browse within a container.
The common advice to stop it before was "don't use IE". Everyone uses Chrome now, and so that's now where everything installs itself (check the extensions and there is usually something dubious). Google even have a tool to remove this stuff: https://www.google.co.uk/chrome/srt/
"You will loose precious functionality, your computer will get slower, the locusts will invade your country: Are you SURE to deinstall CrapToolbarAdMakeComputerFaster2000? [NO!] [NOT AT ALL!] (yes) [CONTINUE USING ADWARE]"
I guess it's done that way so that Microsoft would look like to impair a earnest software business' operation, would they choose to include it in their "evil monopolistic" antivirus software.
Once I installed Linux for my folks, all these problems magically disappeared.
There may be loads of OS alternatives, but unfortunately for people who can only just use a mouse and have invested years into learning that one package they just aren't going to be willing to invest a lot of time into exploring the alternatives.
I helped my parents switch to linux mint, and it's been fairly successful.
Even that's not much of a challenge. Many years ago when my wife started working at home on her mac (1st gen mac mini so this must be about a decade ago?) corporate IT had a few puzzles to solve, but even a decade ago everything was moving to either web or rdesktop or vnc. If you can get the corporate windows guys to implement a workaround or whatever to allow macs to be used, then its usually a very small jump indeed to linux or freebsd or whatever.
I'm struggling to think of a stereotypical desk job that can't be done with a browser and perhaps rdesktop on the side. The exceptions I can think of like 3-D cad would be a problem, but that's not stereotypical desk job work.
Also in my experience, school kids, volunteer workers, and grandma are google docs users not office 2010 users. Google is taking over that space quite effectively. The school system has a contract with google such that if you want to edit your essay in office on your computer at home, well, fine, but you'll be exporting into google drive to actually submit the homework, so save yourself some time and annoyance and do the whole thing online.
Totally agree. The situation has improved so much in that regard - even if you don't have native apps for your platform, there is good chance there's a bunch of online services that can help you do the very same thing.
I believe they just feel helpless, they don't know to do - but they are annoyed, because from my experience they'll ask for help the first computer-savvy person they see, even if they don't know them well.
Funnily, situation is actually a perfect dating opportunity for introvert geeks like me. I get a ton of requests for help from pretty much every student of non-CS field I talk to for longer thant 5 minutes. Removing their crapware can be a good start of a closer relationship ;).
Now imagine a site or software that tries to look just remotely serious. Normal people often just don't see the difference. Plus, it's pretty normal in Windows world to have all kinds of crap installed - Dell, nVidia & Co. install and autostart their little, unnecessary helpers left and right. I think for many people it's hard to tell if that checkbox from the XYZ App is worse than Dell's.
I consider myself reasonably savvy and even I get tricked to install crap on windows if I'm not 100% attentive when installing software.
The other day I was setting up a brand new windows machine. I wanted to download chrome so I boot up internet explorer, end up at the bing home page and search for "chrome".
I've just tried again just now, here's what I end up with: https://i.imgur.com/1fTyQXI.png
You'll notice the first ad has a green URL pointing to google.com, seems legit enough right? Wrong, if you click it you end up on some other URL.
I didn't pay attention to that and actually ended up downloading the installer on that webpage, thankfully I realized something was wrong when the actual setup wizard looked weird. I still ran it though, and with administrator privileges, so I'm basically already dead.
This is me, all tech savvy and yet I fucked up with the first thing I attempted to install on a fresh windows.
After that I wanted a PDF reader. Adobe being completely crap I googled for alternatives and found many recommendations for "foxit". I download and install it: it tries to install a bunch of third party "cloud" services and prompts you to subscribe to third party services basically everywhere on the UI. I just wanted a bloody PDF reader... That's the state of "free" software on windows in 2015.
At that point you just can't blame the user, Microsoft should have done something about that issue at least a decade ago.
Unless you have some specific need then the only good alternatives are Chrome and Firefox. They both can open PDFs without any extensions and after you tell windows to always open pdf files with one of them you basically get the same experience minus ad ware and shoddy coding.
> You'll notice the first ad has a green URL pointing to google.com, seems legit enough right?
Is Microsoft really as stupid as to put some other domain/url than the one advertised inside href of that link or am I missing something?
In about:config, create a boolean value xpinstall.enabled and set false.
This does protect against those browser toolbars that people somehow manage to install.
However there is apparently a UI feature that prompts to re-enable installation ( though I've never seen this ):
Just don't give people administrator accounts in Windows, that way they can't / shouldn't be able to install anything, and definitely not something that can permanently change stuff in a computer.
Yes, exactly. It's as though your yellow pages phone book had its pages replaced with green paper, the entries were all written in comic sans and all of the entries just gave the same phone number for Dominos Pizza. And yet, you continue to use it to try and look things up, stopping occasionally to phone a friend of yours who works in the dictionary industry to complain, and he tells you to sell your house and move to a different street, so that you will get a new copy of the yellow pages delivered.
Of course that would never happen, so why do we put up with it here?
Since you need a real backup solution either way I've always disabled restore points since they're at best redundant.
You can use "Refresh your PC" option in Windows 8+.