Sonicdownloads.net FFDshow spyware pack

felinis · 22nd April 2009, 21:36

The FFDshow package distributed by sonicdownloads is packed with spyware - just read their EULA.

Leak · 22nd April 2009, 22:18

......

Just poking around in the installer executable with 7-Zip makes me want to go ballistic...

Gotta try it out in a VM at work tomorrow.

That leaves the question of what to do against such scam artists.

np: Pole - Alles Gute (Round Black Ghosts 2)

LoRd_MuldeR · 22nd April 2009, 22:48

I fear you can't do anything. The GPL permits everybody to redistribute the software. And I don't think there is anything that prohibits them to package the software with other (proprietary) software. They can even take money for the shipping - if people agree to pay money for a software they could obtain for free, it's their own stupidity. Only if that company did modify the source code of ffdshow itself, they would be obliged to ship their modified sources along with the binary (or make them available on request). And if they link their own software against GPL'd code, they must put that own software under the GPL too...

Sharktooth · 23rd April 2009, 03:28

if they pack it with any sort of malware, you can submit that info (including the binaries and their website) to the major antivirus/antispyware software labs, including microsoft.
yeah... that's called RETALATION.

Reimar · 23rd April 2009, 09:37

Quote:

Originally Posted by LoRd_MuldeR

IOnly if that company did modify the source code of ffdshow itself, they would be obliged to ship their modified sources along with the binary (or make them available on request).

Just to clarify a common error: it does not matter if it was modified or not, the code must be shipped along with it, or it must be offered to ship it on request (for at least three years), the exception to that is only for _non-commercial_ distribution.
I seriously doubt that bundled with malware it would still qualify as "non-commercial", so unless they correctly make the source available it probably would be possible to do something against it, the only question is if there is a point.
Apart from that file a complaint with Google, getting sonicdownloads.net listed as malware site will be most effective (assuming the indeed distribute malware).

squid_80 · 23rd April 2009, 11:41

Also the GPL does not allow any additional license restrictions to be added. I haven't seen their EULA but if it does contain additional restrictions (something along the lines of "This software package must not be separated into individual components") it's a violation.

LoRd_MuldeR · 23rd April 2009, 15:07

Quote:

Originally Posted by Reimar

Just to clarify a common error: it does not matter if it was modified or not, the code must be shipped along with it, or it must be offered to ship it on request (for at least three years), the exception to that is only for _non-commercial_ distribution.
I seriously doubt that bundled with malware it would still qualify as "non-commercial", so unless they correctly make the source available it probably would be possible to do something against it, the only question is if there is a point

Well, if they did not modify the sources, they can make them "available" by providing a link to ffdshow's SVN repository on SourceForge...

22nd April 2009, 21:36	#1 \| Link
felinis Registered User Join Date: Jan 2009 Posts: 2	Sonicdownloads.net FFDshow spyware pack The FFDshow package distributed by sonicdownloads is packed with spyware - just read their EULA.

22nd April 2009, 22:18	#2 \| Link
Leak ffdshow/AviSynth wrangler Join Date: Feb 2003 Location: Austria Posts: 2,441	...... Just poking around in the installer executable with 7-Zip makes me want to go ballistic... Gotta try it out in a VM at work tomorrow. That leaves the question of what to do against such scam artists. np: Pole - Alles Gute (Round Black Ghosts 2) __________________ now playing: [artist] - [track] ([album]) Last edited by Guest; 23rd April 2009 at 01:49.

22nd April 2009, 22:48	#3 \| Link
LoRd_MuldeR Software Developer Join Date: Jun 2005 Location: Last House on Slunk Street Posts: 13,248	I fear you can't do anything. The GPL permits everybody to redistribute the software. And I don't think there is anything that prohibits them to package the software with other (proprietary) software. They can even take money for the shipping - if people agree to pay money for a software they could obtain for free, it's their own stupidity. Only if that company did modify the source code of ffdshow itself, they would be obliged to ship their modified sources along with the binary (or make them available on request). And if they link their own software against GPL'd code, they must put that own software under the GPL too... __________________ Go to https://standforukraine.com/ to find legitimate Ukrainian Charities 🇺🇦✊ Last edited by LoRd_MuldeR; 22nd April 2009 at 23:03.

23rd April 2009, 03:28	#4 \| Link
Sharktooth Mr. Sandman Join Date: Sep 2003 Location: Haddonfield, IL Posts: 11,768	if they pack it with any sort of malware, you can submit that info (including the binaries and their website) to the major antivirus/antispyware software labs, including microsoft. yeah... that's called RETALATION. __________________ MPEG-4 ASP Custom Matrices: EQM V1(old), EQM AutoGK Sharpmatrix (aka EQM V2), EQM V3HR (updated 01/10/2004), EQM V3LR, EQM V3ULR (updated 04/02/2005), EQM V3UHR (updated 17/12/2004) and EQM V3EHR (updated 05/10/2004) Info about my ASP matrices. MPEG-4 AVC Custom Matrices: EQM AVC-HR Info about my AVC matrices My x264 builds. Mooo!!!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

23rd April 2009, 11:41	#6 \| Link
squid_80 Registered User Join Date: Dec 2004 Location: Melbourne, AU Posts: 1,963	Also the GPL does not allow any additional license restrictions to be added. I haven't seen their EULA but if it does contain additional restrictions (something along the lines of "This software package must not be separated into individual components") it's a violation.