That’s all it took to lose control over my own computer, and my own operating system.
45 seconds.
It’s actually been sitting unused on my computer for some time, but I scrubbed my old copy, then installed the latest and greatest version of Windows on my machine.
Lest you think I’ve gone squirrel-turd-nutty, I should qualify this by stating that I installed it in a virtual box, the only way I would deign install Windows on anything short of my worst enemy’s life support machine. In addition to Windows, I also have OS X 10.8.1, Ubuntu 12.04, and Cent OS 5.8 installed on my laptop for good measure.
Today, I needed to test something in IE 9, so after installing Windows 7 Pro and configuring my environment, I proceeded to launched IE.
When the browser opened, I was presented with the MSN news page, and while there, a headline caught my eye.
At this point, I don’t even remember what the headline was, but I clicked over to it, read a paragraph, and quickly noticed a YouTube video embedded in the story.
I clicked the video, which took me to the YouTube page, where I was summarily told “Sorry, you must have Adobe Flash installed to see this content … click here to install it.”
Fair enough, right? You want to watch a Flash video, you have to install Flash. Hardly something to stress over.
I clicked ‘install’, the browser took me to a landing page where I clicked “install” once more, and within a few seconds, three downloads started on my machine:
Adobe Flash … check
Google Chrome … uh …
and Google Toolbar … wait, what?
I didn’t order a Google Toolbar … or anything Google for that matter.
Oh no. It had started already. The “Windows experience” I was told had greatly improved with Windows 7.
I tried to stop the downloads, but to no avail. The download box closed, but the downloads and installation continued in the background.
Keep in mind, that only 45 seconds had passed.
45 seconds since booting into my virginally clean Windows 7 install.
In the span of about 45 seconds, on a freshly-installed, pristine Windows 7 … Google Chrome had been installed on my computer, Google Chrome had been set as my default browser, and the Google Toolbar had been added to my Internet Explorer.
45 seconds.
45 maternal parent fornicating seconds!!!
Now look, I’m not a neophyte. I was on the Internet before anyone had even heard of the Internet. Not only that, but I’m a fairly paranoid guy.
How paranoid?
So paranoid that my home directory is mounted on a triple-encrypted drive. Yes, triple-encrypted. You know, in case someone dedicates 4,000 years of super-computer CPU time to break the first two layers.
So, how did this happen? How did I get spyware on my computer in 45 seconds?
Well, apparently, I missed a checkbox somewhere. Going back, I bet this is where it all went wrong:
I’ll bet you whatever amount you can afford, that some marketing firm conducted a study which found that embedding a grey checkbox on a grey background caused most humans not to notice the box. Sort of like the old “and and” trick.
Why would Adobe do such a thing?
They would do it so that when the customer’s machine is hijacked by the malicious installer, Adobe could say “But the user asked for those products! See, they checked the box! We’re ethical, it’s the awful customers who always fail to take responsibility for their own actions. Their problems are their own fault! They could have unchecked the box, but instead, they blamed poor, innocent us!”
And so it is. My 45-second-old Windows 7 installation forever ruined unless I spend another hour re-installing the system.
Oh sure, I can just uninstall the Google stuff, but we all know that they wouldn’t be truly uninstalled. I now have spyware buried somewhere deep in my machine, waiting to be exploited by someone, sometime … and it only took 45 seconds.
“Run a third-party anti-virus program!”, some of you will say, ignoring the fact that all the big software companies make deals with major anti-virus vendors specifically not to flag their shit as shit.
Which brings me to my first point:
Folks, if you’re running Windows, you’re nuts.
I used to question how so many computers became infected so frequently with all of the malware, spyware, and shitware out there … but today really drove home why this is.
Windows makes it incredibly easy. Out of the box, without a single password being entered, any website can not only download, but install as root any application, toolbar, or whatever code the website sees fit. Not only that, but the website can change the default behavior of the operating system.
And this, remember, is the “best Windows yet.” An operating system used by a 90% super-majority of Americans.
Which brings me to my final point:
Remember when Americans made stuff? Stuff we were proud of? Stuff people wanted? I mean, really and truly wanted? Wanted so bad, that we didn’t have to trick them into obtaining it?
I know that some of you can’t remember, I only remember the tail end of it, but oh, what a great time it was to be an American.
We made things that were the envy of the world … the automobile, the Internet, and the operating system.
Back then, you could put your hand over your heart, recite The Pledge of Allegiance, and really mean it. You could sing the Star Spangled Banner and not cringe.
How things have changed.
At this point in US history, 2012, the American economy is completely, absolutely, and inextricably dependent on fraud, deceit, and trickery.
Phantom charges on our credit cards that require five phone calls to get removed, worthless extended warranties, inferior services riddled with asterisks and exclusions, lost-in-the-mail rebates, pre-checked boxes we hope you won’t notice, etc, etc. “If you want us to keep billing you, do absolutely nothing”. “By taking another breath, you agree to be bound by our terms and conditions which completely waive your rights as a consumer”.
This is it, now. This is what America produces. We spend billions upon billions of dollars each and every year, not for research and development, not for quality and assurance, but for tricking you into using our products and services.
In 2012, scam artistry is the USA’s chief export and domestic product, and having off-shored so many of our manufacturing jobs, we are absolutely dependent upon it. It is what props up the American economy. Trickery and fraud is now the economic engine of our once-great nation.
It’s a hard thing to accept, it truly is, but deep down, we all know that I’m right.
Not convinced?
Ask yourselves the following questions:
What would happen if American companies had to be honest?
What if the terms and conditions of the products and services that the USA produced had to be less than 200 words, and had to be completely and unequivocally honest?
What if the small print could not taketh away what the big print gaveth?
What if small print were outlawed?
What if we could only bill people for things that they fully, completely, willfully, and unequivocally affirmed that they wanted?
While answering these questions, see if you can be honest with yourself. It will not be easy, but if you are honest with yourself, you’ll know exactly what would happen if the aforementioned conditions existed.
The U.S. economy would collapse.
We would be plunged into a depression the likes of which this country has never before seen. Companies would go out of business left and right, and unemployment would shoot so far into the double digits that we would have riots in the streets.
Right here, right now, our economy absolutely depends on tricking people into getting goods and services that they neither need nor want. It absolutely depends on tricking people into paying for goods and services that have little or no value, while charging interests, fees, and other costs on top of it.
It is for this very reason that Credit Bureaus exist in the manner that they do today. They do not exist to rate the honesty and ethics of the customer. They exist solely to prop up an economic system that, without their legal extortion, would fail under the weight of disgruntled customers.
“Pay the phantom charges on you credit card, or the interest rate on your home goes up”, they tell us, “oh, and forget about Little Johnny’s student loan too … he’s going to turn tricks in a bus station bathroom for as long as his sphincter can handle.”
And so, we pay. Not because we want to, not because we should, not because it’s the right thing to do … but because we’re Americans. We’re scared shitless by what would happen if the house of cards on which our economy is so precariously perched should ever be blown upon by the naked emperors of ethical consumerism.
We have reached a time in the USA where the largest, wealthiest, most successful companies … companies like Google … get people to install their software … not because the people want it … but because the people got tricked into it.
Google knows, and Adobe knows, and Apple knows, and every other business out there knows that if you don’t cheat, if you don’t lie, if you don’t trick people every chance you get … your business doesn’t stand a chance of succeeding in the United States of America.
This is who we are now, this is what we do, and at this point, as an American, I think it’s safe to say that we’ve all accepted our fate.
Forbes has a list of the top twenty industries that women get into after getting their MBA’s and guess what’s #1? Marketing! Then management consulting, then financial services, then consumer spending … It goes on and on like that. Funny how the rise in scamming and tricking the public matches up with the timeframe of women entering the fields that control this stuff. http://www.forbes.com/2010/06/21/graduate-education-business-school-high-paying-jobs-forbes-woman-leadership-mba_slide.html
Hold on a second. Adobe makes a hard to see check box for an addition to their download. And that’s what makes Windows bad?
Because, couldn’t that same thing happen on a Mac? Or even in any Unix/Linus/BSD? Sure, it may ask you to su to root or similar privilege elevating process, but Windows should do a similar “Hey, you really sure you want to do this” question box. I have to assume that since you thought you trusted Adobe to install nicely, it would appear that you would have clicked Yes to it, just like you would have done on a Mac or other some other OSes. I don’t think there’s anything that would stop Adobe from piggybacking software in to the download for other OSes.
Just figuring out who you should really be blaming, here.
Hold on a second. Adobe makes a hard to see check box for an addition to their download. And that’s what makes Windows bad?
Well, yeah. At least it’s one of the things that make Windows bad.
Because, couldn’t that same thing happen on a Mac?
With a single mouse click?
No.
I would have a second chance to review the proposed changes, before any changes were made, and I would have to enter a password to proceed.
It would sure make it harder to trick me into it.
Or even in any Unix/Linus/BSD? Sure, it may ask you to su to root or similar privilege elevating process
Sure it may ask me to su to root or similar privilege? As if that’s nothing?
Don’t you think that’s a pretty substantial roadblock?
You realize that legions of hackers are out there right now with the same goal, right? Getting root?
I mean, you say it like it’s a trivial matter, when it’s a key component of the *nix security model.
I’m sorry, but being able to install two large apps, plus browser spyware, plus a reset of your search engine, with a single click of a web link is ludicrous. Absolutely ludicrous. It’s Mickey Mouse horseshit.
*nix is not foolproof, and a careless user can still be tricked into doing stupid things, but it’s significantly more difficult. Getting a root password thrown at you with the identity of the application making the request before the install is actually is a pretty good safety net.
That’s not all, though.
95% of the time, when I download an app on *nix, I have to manually move the executable to the Applications directory, or another directory with system-wide permissions in everyone’s PATH.
Last, but not least, on OS X at least, after I’ve done all of that, when I launch the program for the first time, the OS tells me that it was downloaded from the Internet, tells me when it was downloaded, and confirms once more that I wish to run it.
Compare all of that with a single button click from a Windows web browser … and low and behold it’s installed.
And you think they’re the same?
Really???
I can’t accidentally install a program on Unix. On Windows, if I lean on the mouse wrong, I can install a whole bunch of programs, several toolbars, and change my homepage to two girls and a cup.
But you’re trying to sell to me that they are one and the same?
17+ years of *nix, and I’ve never had an application installed from the Internet that I wasn’t aware of.
45 seconds on Windows, and I have two that I didn’t want.
Say what you will, but that alone kind of speaks for itself, and it says a great deal about Windows in the process.
I just did a test. I installed Win7 Pro in a VM. Ran through the standard Windows Updates. Went to get Flash via Adobe’s site. Left the check box checked, as it is by default and clicked on Download now. IE asked me if I wanted to run or save the file from the web site. Clicking Run brought up User Account Control asking if I wanted to let the Adobe app make changes to my computer. At this point, Windows has done its job, this is the same as having to allow it to elevate privileges in some other OSes, just in an easier to click button. Once you’ve authorized Adobe to make changes, it’s in Adobe’s hand to keep your trust, or you can choose to not authorize them in the future.
As a side note, once it started downloading Flash, the Google toolbar and Chrome I was able to click the X to close the app and it stopped before downloading them.
Installed it on OS X yesterday. No checkbox. No toolbar. No browser. No default browser change. No search engine change.
I wonder why Adobe all of a sudden doesn’t want Google’s money on OS X?
If it’s just as easy to pull these shenanigans on non-Windows machines, both Adobe and Google are far less greedy than we all had feared.
The same can be said for most other purveyors of this hi-jack shit. I wonder why they are so benevolent toward *nix users?
It’s interesting that I can’t turn some folks loose online with Windows laptops because within 3 days, it’s completely infested with shit. Yet, I can give them Linux laptops, let them go from one edge of the Internet to the other, and after two years, there is nothing on those machine that I didn’t install myself.
Unix user/group/sticky/chroot permissions are fairly robust, and even an installer run at higher-than-standard-user permissions doesn’t necessarily have write permissions over other applications, or even over any particular file. Fewer still applications even run as root at all.
I understand that Windows often takes an all-or-nothing approach, but that’s why it’s Windows, and that’s why Adobe can bundle whatever they wish in their installer, secure in the knowledge that it can go anywhere and do anything in the system without so much as a mild protest from the OS.
Bend over and kiss your new pristine install goodbye, because little Billy just downloaded a toolbar, and on a Windows machine, IE is God, and that toolbar has just been appointed father, son, the holy spirit, and it’s spyware threads are the twelve fucking disciples.
The multi-billion dollar anti-virus industry is also kind of interesting.
I don’t personally know anyone on a *nix desktop/laptop that runs anti-virus programs. I don’t personally know anyone on a Windows desktop/laptop that doesn’t. Kind of silly of them. I mean, they’ve got UAC, right?
Come on, man.
Hey Rex,
thanks for the post. I was just installing this on my computer today and was just about to click download now, when something clicked in the back of my brain. “wait a minute, isn’t this what that paranoid, crazy blogger Rex was warning me about?” So i double checked and sure enough, that grey box is practically invisible at first glance. I unchecked the box and saved myself another garbage program installed, thanks to Seattle Rex. Thanks. You really can’t be too paranoid when dealing with these companies now. Oh and you were right about the Melvins too.
OK, Rex, a couple of points not disagreeing with your assessment of Windows, but I feel like I should point something out: Adobe partnered with Google for the extra software. Adobe gets money for every one that is installed through them, so it is in Adobe’s best interest to try to sneak them onto your system in any way they can. The case was the same when I was working on software and we partnered with Yahoo. We got money whenever we got an install, so we made it as easy as possible for someone to just click “next” all the way through. That’s not a Windows thing, or a Google thing. That’s all Adobe.
Secondly, I thought it was on by default when you install, but Windows has that User Account Control thing that darkens the screen and pops up an install verification window. If UAC is turned off, you don’t get the verification. Not to say it wouldn’t have happened anyway because I’m sure Windows would see the bundle install as one instance, but it is a little something.
The more you know…
OK, Rex, a couple of points not disagreeing with your assessment of Windows, but I feel like I should point something out: Adobe partnered with Google for the extra software. Adobe gets money for every one that is installed through them, so it is in Adobe’s best interest to try to sneak them onto your system in any way they can. The case was the same when I was working on software and we partnered with Yahoo. We got money whenever we got an install, so we made it as easy as possible for someone to just click “next” all the way through. That’s not a Windows thing, or a Google thing. That’s all Adobe.
I’m well aware of this. As a matter of fact, I originally typed up a post blaming Adobe, until I realized that they were simply exploiting the “security” of Windows for their own benefit, and then I realized that it was actually a Windows issue. Yes, Adobe shoved their dick in my ass, but instead of defending me like a good OS would, Windows held me down and spread my cheeks.
Let me give you an example.
I design an operating system, I tell you how great it is, the bestest ever I say … and somehow, someway, I get you to install it.
Three days later, some script kiddie installs a donkey porn app on your computer and changes your wallpaper to a picture of Chuck’s mother taking a load in the eye from Ron Jeremy.
Who are you going to blame?
The script kiddie (in this case Adobe)? Perhaps. At least a little.
Chuck’s mother? Of course. After all, she’s a whore.
But, chances are, you’re also going to be really pissed that my dogshit operating system allowed it to happen so easily. You know, the one I said was the greatest version of my operating system ever.
Now, say I get 90% of government entities and Fortune 500 companies across the USA to use this very same operating system.
You’re going to piss blood at the very thought of it, and rightfully so.
As am I.
FWIW, I needed to install Flash on a Mac yesterday.
Of course, being fresh in my mind, I scrutinized the entire process.
Can you believe that, even though it was the very same company that fucked my Windows install in the ear … this time .. there was no toolbar, no Chrome, or even a hidden checkbox.
Kind of strange, no?
After all, Chrome is available for OS X too.
Apparently, even the folks who get paid bucks are well aware of what I’ve just told you in this post. Apparently, even the highly-paid scam artists agree.
It’s easy to fuck Windows.
*nix … it’s usually not even worth the effort.
Last, but certainly not least, Adobe is a group of dickbags. I know this. I’ve been telling this to everyone who will listen. That post is coming, I promise.
I know that they get money for assraping me, but just because you can assrape a customer, it doesn’t always mean that you should. It’s short term money, yes, but how many companies are dropping like flies or laying people off these days while blaming the economy?
Newflash, it’s rarely the economy. It’s because the customers got tired of being assraped.
I know why Adobe and Google are doing what they are doing. Seriously, have you ever read the blog before (I wouldn’t blame you if the answer was “no”)? You think I don’t know why the rat bastards do the things they do?
I’m not sure how it in any way rebuts the issue, however.
I wasn’t trying to say Windows doesn’t have its problems with security and all that, just that it’s Adobe’s choice to get you to click through all their partner crap so they get paid.
MS could be more diligent in their data execution prevention, but it’s not really their responsibility to make other companies behave.
That whole give a man a fish Vs. teach a man to fish thing…. MS is making fishing poles. It’s up to the person to decide if they want to buy a fish or catch a fish. Just as MS could be more diligent, you also could be more diligent.
Oh, and Chuck’s mother is a whore.
MS could be more diligent in their data execution prevention, but it’s not really their responsibility to make other companies behave.
I think your wording stretches your point a bit.
They don’t have a responsibility to make other companies behave, but they do have a responsibility to mitigate that company’s misbehavior on their own platform if they are selling it as a secure solution suitable for hundreds of millions of people, corporations, and government entities.
An apartment complex is not responsible for making you behave, but they do have a responsibility to throw you out if you disturb other tenants by blasting your music at 3am every morning.
It doesn’t mean that you won’t misbehave elsewhere .. they just have to take steps to make sure you don’t do it on their property.
That whole give a man a fish Vs.each a man to fish thing…. MS is making fishing poles.
Ok, but if the fishing pole snaps under the weight of a 1lb goldfish, you’d be rightly pissed.
It’s no longer 1987 … and in 2012, decent security should be a basic expectation of any OS.
Anything less is defective, in my opinion.
It’s up to the person to decide if they want to buy a fish or catch a fish. Just as MS could be more diligent, you also could be more diligent.
Theoretically, everybody could be more diligent in all ways.
You could nearly eliminate your chance of an auto fatality by wearing full NASCAR gear when driving your car to the store for a loaf of bread. That doesn’t mean you deserve to die in an accident if you don’t.
Is it the customer’s fault for falling victim to a visual trick pulled on them by a moneyed corporation which no doubt spent a great deal of time designing the trick, on an OS that touts its security?
Okay, maybe. Inasmuch as it’s your fault for not looking both ways before crossing on ‘walk’, and getting hit by a red-light runner.
If I’m on the jury, however, I’m still going to find the red-light runner 100% guilty.
Also, I’ve been using Linux/Unix primarily since he mid-1990′s (which is probably why I have greater expectations of my OS — I am not used to dealing with Windows’ laughable insecurity on a daily basis, and thus my paranoia on that front is ironically lacking). One of the main reasons for my *nix usage is Windows’ insecurity.
Nobody’s perfect, but I’d say, and if you look at the stats you’d probably have to agree, that by using *nix, I’m far more diligent than most. The overwhelming majority of most at that.
And all it took for me to get malware installed was 45 seconds with Windows.
Oh, and Chuck’s mother is a whore.
We finally agree on something.
You ever downloaded Chrome? Then you also downloaded Adobe Flash, it’s bundled into the browser.
I dislike bundling, but mainly when it is a toolbar and pure spyware useless crap.
When someone at my old office somehow got Google Toolbar and Chrome on their machine I was happy. It usually meant a reduction in crapware.
Is the practice dishonest? Probably. But they are doing it less dishonest than others. I believe the default is tracking off on their toolbar and browser.
I have seen the crapware not show up at all in the install and I have seen it buried in the “Custom Install” choice.
Apple is the worst. Go try and install iTunes for Windows. Tell me how many things install and run on boot. You want to talk about a machine killing install, it’s horrible.
I use Ubuntu and just don’t have any problems. I use free software (mostly) and donate to the folks that keep things running. It’s actually a great pure form of capitalism that I like.