Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > Video Encoding > (Auto) Gordian Knot

Closed Thread
 
Thread Tools Search this Thread Display Modes
Old 22nd December 2004, 10:30   #1  |  Link
buk
Registered User
 
Join Date: Apr 2004
Posts: 17
potentially dangerous file in AutoGK instalation pack

I found, that library "dae.dll" instaled together with AutoGK is defined as spyware/malware (by saoftware called "a-squared") and also instals Browser Helper Object (BHO). My question is what is the dae.dll like and why is detected as malicious program. I think it is better to make AutoGK without such a potentially dangerous files (e.g. without auto new version of AutoGK checking). I think that AutoGK is fantastic software, but using files as dae.dll should caused problems in the field of computer security. Thanks for your excelent work on Auto GK and for solving this problem. Have a nice day and holidays. buk
buk is offline  
Old 22nd December 2004, 11:30   #2  |  Link
SiXXGuNNZ
Your Buddy
 
SiXXGuNNZ's Avatar
 
Join Date: Jan 2003
Location: WA, USA
Posts: 299
if dae.dll is spy/adware, maybe the auto update box should be unchecked by default during the install. I like the feature myself, so i will continue to check it, but to avoid people crying wolf, maybe the installer should have it unchecked.
__________________
10,000 Bullets
10,000 Bullets Forums

Exploring the world of Cinema from the Arthouse to the Grindhouse™
SiXXGuNNZ is offline  
Old 22nd December 2004, 12:06   #3  |  Link
buk
Registered User
 
Join Date: Apr 2004
Posts: 17
Yes, of course i unchecked the instalation of auto new version checking. The program DAE wasnīt instaled, but the library "dae.dll" instaled was. It is not very good, I think. So, this is the problem. buk
buk is offline  
Old 22nd December 2004, 12:11   #4  |  Link
len0x
I'm afraid we've to stop
 
len0x's Avatar
 
Join Date: Mar 2003
Location: Amongst mad people
Posts: 5,398
things you need to know about DAE

First, dae.dll has nothing to do with AutoGK's "check for update" capability.
Second, DAE is indeed a BHO-based ad system (sort of like Google's adsense, i.e. its content based). When installed - _very_ rarely it shows ads relevant to the websites you're visiting.
Third, full DAE disclamer can be found at the end of AutoGK's license.
Fourth, DAE can be safely uninstalled from add/remove programs with no traces left.
Fifth, AutoGK will still run without DAE as it doesn't in any way connected to it.
Sixth, yes, I sold my soul to the devil Meaning this is the dark future I promised you a while ago. Its just a way of keeping the project going. If all goes well I'll not only be able to continue developemnt of AutoGK at a good rate, but (as it requires less time these days) also make some improvements to regular GK.
Seventh, system is in testing process and only bundled with beta version of AutoGK so far.
Eighth, it only works within IE (firefox users won't notice it)
Ninth, dae.dll is really the only file installed.
__________________
Gordian Knot Family:
Gordian Knot: website, download
Auto Gordian Knot: Website and download, tutorial, FAQ

Last edited by len0x; 22nd December 2004 at 14:09.
len0x is offline  
Old 22nd December 2004, 13:58   #5  |  Link
buk
Registered User
 
Join Date: Apr 2004
Posts: 17
Yes, you really sold your soul to Devil. Do you know the story about man named Faust? What he did for money, success and so on? And how he was terminated after having money and success? Don’t play with the Devil. Hidden leaving suspected file dae.dll (maybe another files too) in system after refusing install or deinstall DAE is a very bad practise (in my opinion). I personally admire your work on AutoGK and GK, but if you will play with Devil many users could change their faith in you. I understand your need of money or something else, but chosen way seems to be way to Hell. Please, think it over. Money is not THE ONE reason we are living for. Have a nice day and Holiday. Buk

PS: DAE couldnīt be safely uninstalled, because dae.dll stays in system
buk is offline  
Old 22nd December 2004, 14:05   #6  |  Link
len0x
I'm afraid we've to stop
 
len0x's Avatar
 
Join Date: Mar 2003
Location: Amongst mad people
Posts: 5,398
Quote:
Originally posted by buk
PS: DAE couldnīt be safely uninstalled, because dae.dll stays in system
Don't panic. Once you reboot the system - it'll be gone (files cannot be deleted if they are in use).
__________________
Gordian Knot Family:
Gordian Knot: website, download
Auto Gordian Knot: Website and download, tutorial, FAQ
len0x is offline  
Old 22nd December 2004, 14:49   #7  |  Link
buk
Registered User
 
Join Date: Apr 2004
Posts: 17
You are right, dae-dll is removed after rebooting system, but terrible is the fact, that DAE is instaled silently. Iīm using SpywareGuard a SpywareBlaster so i detected the silent instalation of DAE, but what about the others, who donīt know about safe computing and their protection before silent instalation is bad? There just should be some notice during instalation, that DAE will be instaled. Simple, clear and no problem. Similar to instalation pack of DivX 5.1.1 adware version. Thats what i mean all the time we write this thread. Its just about faith.
buk is offline  
Old 22nd December 2004, 16:07   #8  |  Link
Taurus
Registered User
 
Taurus's Avatar
 
Join Date: Mar 2002
Location: Krautland
Posts: 903
Quote:
Originally posted by buk
Yes, you really sold your soul to Devil.....
@buk
C'mon, this paranoid thinking is leading you nowhere.
Look around you, all this sh..y browser addons, like Google toolbar, adobe reader, etc. fool you into adverts.
If you're really interested in internet security, don't use microsoft
at all. I really don't know of any other software like Internet Explorer which is phoning home so much.
So if len0x decided to put some advertising code to his (beta) software, he's right.
You want to benefit from his experience, but don't want to pay the price.
Love it or leave it

..and of course you can disable it, even uninstall it, without loosing
function control.
As long as it doesn't interfere with the encoding progress, like Divx did and does, why worry?

I try to keep my system as fast, slick and clean as it can get.
But I'm more a realist now. You have to weight out the benefits for the downsides.
So it's up to you.

I think this will be the start of an interesting discussion here on Doom 9 ......

Cheers

Taurus
Taurus is offline  
Old 22nd December 2004, 17:01   #9  |  Link
jggimi
Moderator Emeritus
 
jggimi's Avatar
 
Join Date: Dec 2001
Location: The NW corner of Lake Erie
Posts: 5,552
Moved to development forum.
__________________
"It is easier for a camel to pass through the eye of a needle if it is lightly greased."
Kehlog Albran, The Profit
jggimi is offline  
Old 22nd December 2004, 17:08   #10  |  Link
len0x
I'm afraid we've to stop
 
len0x's Avatar
 
Join Date: Mar 2003
Location: Amongst mad people
Posts: 5,398
@Taurus
__________________
Gordian Knot Family:
Gordian Knot: website, download
Auto Gordian Knot: Website and download, tutorial, FAQ
len0x is offline  
Old 22nd December 2004, 22:22   #11  |  Link
buk
Registered User
 
Join Date: Apr 2004
Posts: 17
Hi, Taurus and LenOx,
yes you have a piece of truth. But, in the world we living in, when internet is full of problems and dangerous files, hackers, spy, crime and all other …......, there is no paranoia to keep your own safety, as strong as is possible. As i say: „If they say that you are just paranoid when it seems to you that somebody is pursuing you, it doesnīt mean that somebody really doesnīt pursue you“. And if you want, as Patrick Kolla (Spybot S & D author) say „Bad guys never sleep“. What i might know, AutoGK install pack or web pages might be hacked. LenOx might went mad (cha cha, sorry LenOx nothing personally to you, just example). There is more possibilities. Now, when I know, that DAE is a part of AutoGK from lenOx decision, everything is clear. LenOx has full right to do with his work what he think is the best for him, and others could accept it or leave it. You are right.

To security, I think, that the problem is not only in programs, the problem is in people too. Security problems have most of big programs i know, Windows, Linux, Mac, IE, Mozilla, Firefox. Opera, Netscape etc. Here is no absolutely secure system. A few weeks ago was in one PC magazine (CHIP) test of operation systems security. Tested was win XP, Mac X, Linux (i donīt remember what distribution) as is installed without patches (clear first instalation) and after instalation all patches. And the result? The most secure operation system after first installation was Linux, but after instalation of all patches the most secure system was Win XP. Fully patched Linux and Mac was absolutely defeated. Are you shocked? For example Mozilla and Firefox had, and i dont have any illusions that still has, critical security problems as IE has.

With this knowledge was my shock from sudden using advert robot in AutoGK much bigger, because i really donīt expected anything like that after my longtime very good and secure experience with AutoGK. Yes, I know everything is in progress. Just the silent instalation without notice is surprising, and it reminds me undergroundīs (hacker, spy) methods. It just mean for me, that I should be cautious to every version of AutoGK. Do you know what kind of robot or suspected code will be in next version of AutoGK? I donīt. Till yesterday i though, that using AutoGK is secure without any special steps. Today i know, that when i install a new version of AutoGK, I must deeply scan my system for silently instaled programs or codes. Nothing more, nothing less. Just another disappointment about perfect programs starting as clear and real freeware and slowly changing in silent money machine.

So this is the life and i can do nothing with it.

Have a nice day, buk
buk is offline  
Old 23rd December 2004, 04:53   #12  |  Link
chilled
Registered User
 
Join Date: Nov 2004
Posts: 134
well this is surprising for me. I wouldnt expect to find adware (or whatever) on autogk.
I think it's a personal decision which I wont criticise but I think Len0x should warn of this more clearly on installation or somewhere (not just only at the end of the license or whatever-like).
I am absolutely not worried of DAE in terms of security but the main thing is that this definately doesnt "stick" to this sharp tool in anyway. I am not complaining about making money (milestones and paypal is a much more appreciated way I think) but about a decision that "darkens" autogk in some way.
I think a good solution would just be to give the user the choice whether to install DAE or not, but in the autogk installation process, not after having it on the system. I would just be nicer, but maybe this is not a possibility which can be dealed with the company (whoever).
Id like to know if next stable version will include DAE or if those releases will "never" include it.
btw, M2 is approaching...

Last edited by chilled; 23rd December 2004 at 04:59.
chilled is offline  
Old 23rd December 2004, 15:27   #13  |  Link
len0x
I'm afraid we've to stop
 
len0x's Avatar
 
Join Date: Mar 2003
Location: Amongst mad people
Posts: 5,398
Next stable version will probably contain DAE as well, and if it will then it will have a separate license page in the installer (and it will always be installed). The reason its sort of hidden now - I do not want to make a big deal out of it until its certain that system is in production and I will go ahead with it.
__________________
Gordian Knot Family:
Gordian Knot: website, download
Auto Gordian Knot: Website and download, tutorial, FAQ
len0x is offline  
Old 23rd December 2004, 16:34   #14  |  Link
drf666
Registered User
 
Join Date: Nov 2004
Posts: 5
Quote:
Originally posted by len0x
Next stable version will probably contain DAE as well, and if it will then it will have a separate license page in the installer (and it will always be installed).
Will it still be removable like it is right now, or will AutoGK be unable to run without DAE?
drf666 is offline  
Old 23rd December 2004, 16:37   #15  |  Link
len0x
I'm afraid we've to stop
 
len0x's Avatar
 
Join Date: Mar 2003
Location: Amongst mad people
Posts: 5,398
At the moment I don't have plans for DAE to be compulsory for AutoGK to run.
__________________
Gordian Knot Family:
Gordian Knot: website, download
Auto Gordian Knot: Website and download, tutorial, FAQ
len0x is offline  
Old 23rd December 2004, 19:57   #16  |  Link
Carraway
Registered User
 
Join Date: Jan 2003
Location: New York, NY
Posts: 75
Hey len0x. Just wanted to let you know this is the worst idea ever. There is no quicker way to alienate your users than by bundling adware. Taurus makes some interesting points, but the fact of the matter is that most users aren't nearly as forgiving as he is, and most aren't willing to simply rationalize away their misgivings about adware. I know I'm not.

Let me address a few points:

1. It doesn't matter how harmless or unobtrusive the adware is -- it's still adware (pop-up adware, at that). At least as far as reputation is concerned, people see anything resembling adware being installed and immediately associate it with the kind of software that has, in the past, hijacked their computer, or harvested websurfing data, or inundated them with popups. Adware has a bad image, and now that image is going to be associated with AutoGK. Terrific.

2. The fact that it's easy to uninstall doesn't make it OK that it was installed to begin with. This program is for noobs. You think they're going to be able to disable this adware? I doubt it.

3. I'm angry that I can no longer recommend this to friends anymore, which I have done in the past many, many times. Why? Because I don't want them to come back at me with, "Hey, that program installed some adware junk on my computer." I could rehash all of Taurus's arguments to them, and they'd still come back with, "Yeah, that may be so, but it installed adware on my computer."

I'm genuniely curious to see how the community responds to this development. Most of the people on this forum embrace free, open-source software. So now that AutoGK is neither, it will be interesting to see the response. I'm personally pissed off and feel (perhaps irrationally so) a bit betrayed. Given Taurus's annoyingly provocative "love it or leave it" ultimatum, I'm fairly certain which one I would choose.

Anyway, that's my perspective. Even though all signs are pointing to the opposite, I'm keeping my fingers crossed that the next stable version will be adware free.
Carraway is offline  
Old 23rd December 2004, 22:17   #17  |  Link
Taurus
Registered User
 
Taurus's Avatar
 
Join Date: Mar 2002
Location: Krautland
Posts: 903
Quote:
Originally posted by Carraway
Hey len0x. Just wanted to let you know this is the worst idea ever.
How many people have this google searchbar (or any other) installed?
Hoe many people are using acrobat reader? Did you notice the blinking adverts?
They are selfmaintaining, that means every once in a while they're
updating themselve silently (just happened today with the google searchbar). They are exchanging dll's and code to their liking.
Nobody notice it and nobody's crying out loud.
Everyonce in a while MS is changing code silently, nobody claims them for to be evil, everybody is shouting hail to the leaders, because they are giving something for free.
So if len0x decides to handle it the same way, he is just doing what everyone on the net is doing now. --to get something back for their hard work.
All this shouting about free community and free software, what a bluff.
Look at Nero. Everyonce in a while part of the program is phoning home, even if you disabled all known switches and nobody is in trouble yet here at doom9.
To make it clear: I don't like adverts and adware either.
If I can't kick it off, surely I will switch to something else.
But in this case (AutoGK) there are no hidden traps. You can use the advert to show your appreciation for len0x work or just disable it
and still have full functions.

DAE is just one single dll and the uninstaller just regsvr32 /U /S.
While monitoring the registry during install of AutoGk, I could not see something obvious ore strange.
DAE belongs to my observations (correct me if I'm wrong) to
DAE
So make up you're mind and please differentiate between advertising
and spyware, browser hijacking, trojan behavior, etc.

Sorry for this long post.
But the devil has nothing in here ,
just plain manpower...

Cheers

Taurus

...who killed hundred of viruses, hoaxes, spies and hitchhikers
Taurus is offline  
Old 23rd December 2004, 22:45   #18  |  Link
fuct
Registered User
 
Join Date: Mar 2002
Posts: 21
Which beta version did you start putting the adware into? I thought I saw the answer in one of these threads, but now I cannot find it.

Also,
This isn't something that is going to be added to the original GK, correct?

Last edited by fuct; 23rd December 2004 at 22:47.
fuct is offline  
Old 23rd December 2004, 23:23   #19  |  Link
Carraway
Registered User
 
Join Date: Jan 2003
Location: New York, NY
Posts: 75
Quote:
Originally posted by Taurus
How many people have this google searchbar (or any other) installed?
Hoe many people are using acrobat reader? Did you notice the blinking adverts?
They are selfmaintaining, that means every once in a while they're
updating themselve silently (just happened today with the google searchbar). They are exchanging dll's and code to their liking.
I don't see the connection between the Google/Adobe programs and AutoGK's adware. Just to be clear, if AutoGK was just "phoning home" or "updating" itself as the Google & Adobe programs do, I would have absolutely no problem with it. As a matter of fact, I don't have a problem with it when it checks for a new version (if I did, I would opt out by unchecking the box upon install). My problem lies in the fact that now, as a condition of installing AutoGK, I'm forced to install a separate, unwanted program that monitors my browsing and delivers unwanted ads.

The Google toolbar and Adobe reader themselves are not analagous to what AutoGK is now doing. If Google and Adobe started surreptiously bundling this very same RESPONSETARGET adware along with their products, I would be just as angry.

Quote:
Originally posted by Taurus
Nobody notice it and nobody's crying out loud.
Well, this was clearly len0x's intention, considering that he didn't mention it until someone found it on their own. There's no mention of it in the changelog (even though it's without question the most significant change to the AutoGK package in quite a while), there was no indication of its installation, and the RESPONSETARGET license is buried at the end of AutoGK's own license. So, yeah, I don't think he wanted anyone to know. Do you think, perhaps, because he knew an AutoGK with bundled adware was not going to go over well?

Quote:
Originally posted by Taurus
Everyonce in a while MS is changing code silently, nobody claims them for to be evil, everybody is shouting hail to the leaders, because they are giving something for free.
So if len0x decides to handle it the same way, he is just doing what everyone on the net is doing now. --to get something back for their hard work.
Everyone thinks MS is evil! But that is neither here nor there.

I understand len0x's intentions with the adware -- he's a capitalist like everyone else, and he deserves some kind of monitary reward for the hard work he's put into AutoGK. But by installing adware into his software that we are forced to install, he's essentially selling out his user base to an advertising company so he can profit. It's a valid way to make money, I suppose, but it's probably at the expense of the goodwill of his users.

Quote:
Originally posted by Taurus
All this shouting about free community and free software, what a bluff.
Look at Nero. Everyonce in a while part of the program is phoning home, even if you disabled all known switches and nobody is in trouble yet here at doom9.
To make it clear: I don't like adverts and adware either.
If I can't kick it off, surely I will switch to something else.
But in this case (AutoGK) there are no hidden traps.
I don't think it's a stretch to say that people in this community and on this forum prefer free software. They'll use commercial software if there is no alternative, but there's a clear preference for software that is free and open. Until 1.84, AutoGK was at least free, if not open -- now it is neither. But that point is somewhat irrelevant at the moment.

The bigger point is that it doesn't matter that it's easy to uninstall. I realize that it would be simple for me to uninstall len0x's adware, but by the same token, it would be simple for me to pirate Divx Pro, or TMPGEnc, or even, yes, Nero. The ease with which I evade its commercialism doesn't negate the fact that it's commercial to begin with.

(Btw, to len0x: when the next stable version is released, you should still offer version 1.60 Stable and label it as the "non-adware" version. People need to have a choice of whether they want the new features + adware, or old-features + adware-free).

Quote:
Originally posted by Taurus
You can use the advert to show your appreciation for len0x work or just disable it
and still have full functions.
No no. I'm forced to show my "appreciation" to len0x, at least initially. If the adware was really just intended for those who wanted to show their appreciation for len0x's work, it would be implemented like this: (a) in the installation of AutoGK, there would be a clear checkbox for the RESPONSETARGET software, and (b) it would, by default, but UNCHECKED. That way people who wanted to support len0x with the adware could do so.

Quote:
Originally posted by Taurus
So make up you're mind and please differentiate between advertising
and spyware, browser hijacking, trojan behavior, etc.
So we're clear, here are my complaints. First, I'm disappointed that AutoGK is now commercial. I realize that this is len0x's right, it's his software, etc etc etc. But I always get angry after something that is ostensibly free develops a solid userbase and then becomes commercial -- I was just as upset when MP3 files (and Compuserve GIF files, in a different instance) were suddenly going to be subject to licensing fees after years of being free. Second -- adware?? With all the stigma attached to it, with all the obvious disdain shown for this kind of thing on these very forums (Doom9 has a freakin' guide on how to evade Divx Pro's adware), it had to be adware? I thought the milestone solution was going so well (and don't get me started on the fact that the people who donated did not realize that it was only a matter of time before the software they were "supporting" was going to become commercial anyway).

I don't care that it phones home. I care that it's now commercial, and that it forces me to install adware. These changes are clearly within len0x's right as a software programmer, but I'm a user, and it's my job to give feedback. I don't like it.

Quote:
Originally posted by fuct
This isn't something that is going to be added to the original GK, correct?
I'm pretty sure since GK is GPL'ed, it can't be included. Or, at least, if it was included, someone would just take the source and recompile it without the adware.
Carraway is offline  
Old 24th December 2004, 00:53   #20  |  Link
buk
Registered User
 
Join Date: Apr 2004
Posts: 17
Great comments Carraway, i absolutelly agree with you. To Taurusīs post i have some thought. Maybe itīs repeating some of your thoughts.

Taurus think, that silent instalation of advertising or other f.....g internal information collecting robot, no matter if you call it adware, spyware, malware or other-ware, into users machine without users permission and even without users noticing, is OK. He must really be crazy. LenOx should at first clearly say to users, that in AutoGK is any robot (may be because donoring is not enough and he needs money for further developing). Also he should clearly say what the robot is like. But, he really didnīt do it. Instead of that he voted silent instalation of the suspected code to every users machine. Itīs nothing else but silent infection as hackers smuggle trojan horses into systems of other people.

And is really not important, if it is just one little file, which is uninstalable, and if there are many other suspected programs. Important is only the fact, that lenOx instals DAE silently without any previous information. Do you realy love listening bugs or big-brothers in your machine? It is nothing else than very very bad practice.

In my opinion LenOx (or somebody else who put DAE into AutoGK) just abused faith of the users into previous cleanness of AutoGK.

Also you and other people should remember, that AutoGK is perfect thanks to users too, because users are beta testers and write lenOx experiences and bugs reports in this forum. Users also give lenOx ideas for further development. And what they got for their long time help? Hidden and dangerous information robot. Itīs really funny for me, when you write, this is OK. Do you realy love somebody, who uses your help and silently listen your phone calls? Someone, to whom you help and who silently gives bugs into your machine? Someone who abuses your good faith and silently give your machine into hands of advertisers? It is bad practise and I donīt like this dark methods.

It is really not fair policy. Now, everybody knows, what he may await from AutoGK. Perfect program with potentially dangerous spyware.

Last news from LenOx is about noticing DAE instalation before the instalation. Itīs better choice than silent instalation. That īs the fair policy with main motto:„Do you want my program? OK, but here are my rules.“ Thatīs clear. OK. I can vote.

Have a nice time.

Buk
buk is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 09:27.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.