Are you worried about the security of your shi ... This is a sort of a response to an article on the dangers of using free software by Howtogeek, including status report and reasons for the prevalence of bundled spyware and adware on download portals, as well as useful tips and tricks for safe software installations - careful testing, isolation, virtualization, backup, imaging, Noscript, user agent faking, Linux, and more. Worry not, read on. http://www.dedoimedo.com/computers/free-apps-response.html Cheers, Mrk
While I don't subscribe to the notion that all freeware is evil, users of freeware should be aware there is no such thing as a free lunch in the business world. There is a always cost involved. The price will either be transparent and up front, or obscure on the back-end, which the average user is oblivious. When using freeware due diligence is a must.
It's the same issue with artist/creators of all types (movies, music, writing, drawing/painting, animation, software dev, etc), while having the freedoms of the internet, still have a hard time making a living. So if you want to make something with quality, some real soul put into it, you're still going to be struggling for the resources of whatever the creation requires. For every one that lives comfortably, thousands never, and even abandon their work, or at best, put it as a back burner hobby. The general consumer mindset of free anything, is that there shouldn't be any expectations of quality one way or another. "What do you expect? It's free." So if a thing is junk, the critic can't comment because it's free. But yet too, if it's quality, people then also can have a hypervigilant defense against it too, with a "Well, what's the catch?". But now that we have computers and the internet, the tools to easily copy and distribute to anyone on the planet- free is king in my book. But the idea that anyone but a very few will make money off of their ideas or creations, well, that's just life.
Just my thoughts but it makes good business seance to me to offer the product free to the home user and charge for business use. If the product is good perhaps word of mouth and postings on sites such as this one could help the bottom line. Lets face it advertisement is not cheap either perhaps this is a good alternative. Always, Wildman
I tend to avoid "Free" stuff. The notable exception is Sophos UTM 9, mostly because it's a $15,000.00 device OS that happens to be free for the home in order to help promote, and improve their enterprise product. But as a general rule, I feel I should 'pay' for everything in life, and more importantly, anything on my computers/network. I think a lot of free stuff is free for fairly nefarious reasons, and a lot of free stuff is free for good reasons. It's not always easy for people to differentiate between those products that are free to exploit, and free because of a hippy that wants to save the world. Maybe it's because I feel like an entitled elitest when I pay for stuff, vs trying to exploit the generous? Or maybe it's because I feel I've been blessed, and can spread the blessings around, which in turn will bring in more for me to spread around - a sort of karmic mechanic? Not sure, but either way the very second I hear 'free' I start to reel back a bit, and question whether or not I want to partake in the free.
Strong wisdom. A lot of enterprise firms do this, and it works well. Partly because it improves the product, but mostly because it increases exposure. These are exceptions to my rule of not generally using 'free', strong enterprise grade products. I think the problem is with these cheap operations that release free stuff, bundle it with junk, put backdoors in it, use it to datamine, etc. Degrades the entire free landscape... Forticlient, Sophos UTM, Untangle, all good examples of enteprise grade products free for home use, without payloads. I think the devil is in companies that release PAID products, and keep the free mindset, and still bundle the product, use it for datamining, etc. Those are the devils... Examples are PasswordBox, which billed itself as function and free, but sends your telemetry to Mixpanel. When you pay - it still sends your telemetry to Mixpanel. I'm sure we have plenty examples of the 'devil', don't we?
I have a few free softwares I use almost every day and cant do without, like Everything, Filemenu Tools, MPC-BE and Media Preview Configuration. I am yet to see any "paid" alternatives which offer the same functionality.
I avoid paid software as much as possible. If there's an excellent free alternative to paid software, I will use the free option. I'm not going to let unwanted extras put me off using free software. I usually pay enough attention when installing to software to avoid ending up with any extras. In the rare case any extras get installed, it doesn't bother too much - I uninstall them. I'm not the type that assumes that the extras installed may be malicious. If a paid product offers significant advantages over free software and is not excessively priced I will happily pay for it.
Well, some of the best things in life are free, but so are some of the worst. I just spent a couple of days setting up VMs from old Xp installations of mine and all the software I used to do it was free. Virtualbox, VirtualPC and Paragon Virtualization Manager. All came straight from the websites of the companies that produce them. I avoid the cesspools of PUPs like download.com. There is a lot of good free software out there. Sourceforge and Github are much better places to look. Free is good, GPL open source is better. There are also free licenses of commercial software widely available. I check for them daily. The best place I've found for that is http://giveawayradar.weebly.com. A lot of the software offered is crap but there are some real gems now and then.
The problem is, unless you are controlling egress from your network via a UTM/NGFW, then you cannot be certain you are really 'avoiding' the extras. As I pointed out, I routinely find so-called free products sending 'massive' (in some cases) telemetry, and that's with just the core product installed. IObit uninstaller - recent example, sends telemetry to a CDN that is known to host 'questionable' websites - and it sends it every 60 seconds. That's even with the election of not installing any extras. Passwordbox? Same thing. MisterB points out excellent examples of commercial products supporting free versions to help test/promote their enterprise editions. IMO these are often the best source for anything free, and often the free versions are the only ones us mortals can afford when compared to expensive enterprise licensing schemes. Untangle and Sophos have free versions by virtue of their enterprise editions, and funded by. To help test, market, and raise awareness of their commercial endeavors. IF I use something free I take great precautions, and run many sniffers. But ultimately - in probably 75-85% of the cases I find the software doing 'questionable' things, or sending suspect data to questionable locations. That is regardless of the great care during installation.
As you may have gathered I use FREE software and have done so for some time now. I look at sites such as this one and see what others are using, I also use sites that review products and have comments from users. I download from the vendor's site where possible or from a site I know and trust. I always do a custom install of any software I have downloaded. Always, Wildman
Interesting thoughts... My perspective is that the HTG articles on bundled slime-ware (Windows and Mac) are targeted mostly toward low knowledge/experience computer users. Based on that assumption, I think the articles (while being over the top), are arguably passing the right message to those type of users. Low knowledge/experience users almost never read EULAs, the installation path, the UAC warning or anything. They just click until something says they don't need to click anymore or there's nothing left to click. IMO, something like the HTG articles needed to be done to make low knowledge/experience users aware that there are deceptive business models all over the place and that they need to be very careful when downloading and running any software, free or otherwise. For a long time, I've tried to educate everyone I know about these shady deals, but I still see a ton of stuff installed users swear they didn't install. I'm more and more convinced that just telling them to be careful is never going to work. I would rather have my friends and family ask me what is or is not safe and deal with the minor time interruptions rather than have to help them clean up the issues when they make the "wrong" decisions on their own. While I absolutely agree that the suggested approaches to handling this situation can and should/would work, I submit none of them would ever be an option for any of the low knowledge/experience users I know. They have zero understanding on how to perform any of those suggestions. And, to make it even more challenging, many are vocal they don't (or even won't) try because of (fill in the blank excuse/reason.) Thus the reason I just have them contact me before installing anything... Sad huh??
I'll take me chances. As long as no extra software gets installed I'm happy. If there is extra network actvity going on the background, while I accept that may not be a good thing, I don't know if it happening or not since I don't test for it. As they say, ignorance is bliss. I don't know why IObit is doing that, but I'm sure there's nothing concerned about considering it is the CDN they use for product updates.
I just found out 'Authy' sends substantial telemetry for their TFA application. Also, my UTM has Authy flagged as a data-tabulation product under 'Marketing IP's' and blocks it if marketing and tabulation is selected. I switched to Sophos Two Factor, it has only ONE permission - to use the camera to take QR's for apps you want TFA on.. One must be very careful.
"Mind the PUP: Top download portals to avoid" http://blog.emsisoft.com/2015/03/11/mind-the-pup-top-download-portals-to-avoid/ OMG! What a surprise! Download.com is the worst hawki urges all to use free download "unchecky" http://unchecky.com/ Highly Rated : http://www.softpedia.com/get/System/OS-Enhancements/Unchecky.shtml Note: Download from official site, Softpedia is Beta Version.
I just reload it a couple of times of day. It just lists offers from other sites. It works fine without javascript but not all the giveaway sites it refers to do. I use disposable emails when an email address is required. Anything I download is put in a VM sandbox for initial testing and most of it doesn't ever get out of the VM. If I find it interesting, I will put it in a laptop I reserve for testing software for further vetting. If I find it useful and it doesn't do anything annoying, I will continue using it and install it on other machines. I like playing with new software in VMs but the software I actually use on a regular basis is fairly limited, just a handful of apps and utilities.
Yes I agree, I pay only for software if it's better than the freeware alternatives, which is no surprise because everyone likes a free lunch. Almost all the software I use is freeware, I've payed only for about 5 apps so far, all of them were lifetime licenses.
Nearly all the software I use is free. Obviously we all have to decide for ourselves which software passes our vetting processes. On occasion I'll donate to the authors of some of the programs I use. I love the idea that there are people who create tools for everyone to use, and free software generally is better than paid alternatives. I find most paid software too bloated to want to use, with too many hooks into the system. While I have access to licences for a number of paid software and antiviruses, my preference is to find the most lightweight program for each purpose.
It's a fair point that free software can be monetised to spy on users, and the jump in spyware from the late 90s/early 2000s should have made a lot of us more discerning about which software to trust. I think that using IObit isn't the best example though, as the reputation alone of this company should be enough of a red flag for most knowledgeable users. I would take it as a given that they wouldn't respect the privacy of users of their software. If there were cases where popular, free software like MPC-HC or VLC were doing the same, then that would be more interesting. Also I'm not sure what the relevance of which CDN they use. Even amazonaws has hosted malware before, but that doesn't mean I mistrust Malwarebytes for using the service legitimately to deliver updates. Yes, sure. I'll write up some later. Just keep in mind that 'better' is deliberately subjective; I consider what is the best software for the task at hand, and generally don't feel I'm missing out by not using a paid alternative.