DivX Now Installs Malware (forums.divx.com)
Their Twitter is being flooded with complaints but DivX does not appear to care. In there latest update on Mac when clicking Ok the last page of the setup briefly shows a message about Bing but them immediately finishes the installation without allowing user interaction. After that your Chrome, Safari and Firefox will be flooded with Bing. From 404s, homepage, default search and conduit plugins. The link above shows the numerous steps to undo all of it. The one step they forget to mention is to uninstall DivX and never use them again. Even Google Chrome is marking DivX as Malware which DivX is saying is a false positive to ignore. Please everyone uninstall DivX and let them know malware is never acceptable.
166 comments
[ 2.5 ms ] story [ 235 ms ] threadhttp://www.cccp-project.net/
http://codecguide.com/download_kl.htm
On windows you can use FFDSHOW or LAV or XVID to decode divx.
The funny thing is that when people complain about codec packs in general it's that they bloat your system with tons of codecs you do not need, not that you get one codec for nearly everything and one for FLV.
That said, there are a million other codecs you can/should install in place of DivX which is fully DivX-compatible and able to decode and encode DivX video properly.
Why should a user care for this? I don't have DivX on any of my systems for years now and I've never come across a context where I needed it.
There's still a few reasons directshow is still relevant:
- Getting video thumbnails for .mkv, .ogg, and .flv files in windows explorer
- Adding postprocessing filters (deblock, aspect ratio correction, pixel shaders, subtitling) to media players that don't otherwise support it (windows media player)
- Adding AV format and container support to your existing media player, for formats that Microsoft don't bundle decoders for (e.g. H.265, VP8, theora, daala, silk...)
1. If video thumbnails don't work in Windows Explorer, Microsoft should fix that, or third parties should fix it by means other than malware installs.
2. Nobody should be using Windows Media Player. It's awful. Again, if it needs fixing, it should be fixed without malware.
3. If your existing media player lacks codecs, this can be fixed in several good ways. Malware is not the way to fix this.
I conclude that DivX is completely worthless, since it adds nothing that can't be better added in other ways, and is now aggressively evil as well.
In vlc, some of the videos that i have get slower the farther along you are in the playback stream. Yet with the Divx Player, the media plays back fine.
It's only for some media, but it's a problem nonetheless. I suspect that it may have something to do with it being a somewhat reverse-engineered codec in ffmpeg?
Getting it right was very, very hard, and some tools even came with options to "tweak" the output-stream to get things synched up, specifically tailored for the behaviour of the Frauenhofer MP3 decoder.
I suspect some videos encoded using these tools may render and synch "incorrectly" on newer players not aware of the workaround done in the past to make improper codecs behave properly, even though they may be 100% within spec.
I'm guessing the DivX-player (which sounds like a very stuck in the past kind of thing) uses old codecs and are able to account for this, by not following spec while rendering these "tweaked" video-files.
I would be very interested to fix all that.
Please mail me to give me samples, and I'll do my best to fix it.
I'm thinking of criteria such as:
No malware, no advertisements, no bloat, no phoning home, no unnecessary/forced updates, in case of mobile: no unnecessary permissions.
Recently I needed to rip a CD quite urgently and the software I used has tainted my PC like a terrible sin of the past.
The apps are portable versions (made with permission of the original developers) that are meant to be installed on flash drives, but you can click through to the official project pages of each one to find the desktop versions.
<insert your favorite linux distro here>
I have a list of useful software, but I haven't published it anywhere. Maybe I should do that.
http://cdexos.sourceforge.net/
:)
[1] http://i.imgur.com/5mAdH.png [2] http://i.imgur.com/3zWPK.jpg
> In short, though: More support for formats to be decoded, best HW acceleration available as open source, much less hacks in there compared to FFDShow-tryouts, uses vanilla-based ffmpeg libraries instead of the mess that is in FFDShow-tryouts, as well as LAV Filters just being still in active development compared to FFDShow-tryouts being dead.
FFDShow still offers more extensive video/audio postprocessing options over LAV Filters, but most people are probably not even aware that they even exist.
Anyway, personally I would highly recommend using CCCP if you're on Windows - it doesn't ship with any useless extras (like most codec packs you might find on the internet) and is pre-configured to maximize compatibility and playback quality - you get better quality than VLC will offer, for example. And if you throw madVR on top of that you can make it even better with top of the line rendering and scaling (though the difference isn't admittedly that big).
[1] http://www.cccp-project.net/forums/index.php?topic=6677.msg4...
If you're on OS X or some *nix and want a simple video playback solution you're better off using VLC, though. For advanced users, there's mpv.
In addition, using those codecs without the original install kit is against the license in almost all cases (just because "you can download it freely" doesn't mean you can redistribute it). Finally, many codec packs are infected by malware (although CCCP might not be, I have no experience with it).
In summary: - Use VLC - If not, use http://ffdshow-tryout.sourceforge.net/ which is not dead - Alternatively you could try out LAV filters which I learned about from the parent - https://code.google.com/p/lavfilters/ - haven't used it, don't know how good (or not) it is
Never, ever use codec packs.
I agree with your comment on licensing. I haven't ever looked into CCCP's reuse of codecs.
But that person surely needs VLC instead, which too may come with 3rd-party crapware installer if you're not careful.
Bullshit. If installing software changes random settings on my computer, it's malicious. If it was a default in the app itself, that's a different matter.
Remember the thing about being the product.
Bullshit. VLC has no crapware in the installer and installers doing that are illegal.
I'd never heard the name before the original link either. It just makes me wonder even more how such an icon became as widespread as that one is.
[1] http://news.softpedia.com/news/The-Chrome-Wrench-Icon-Is-Get...
Crapware is something that's installed and shows up on your desktop, may even start automatically and produce pop-ups all the time, but doesn't alter the behavior of other applications. It's just junk, but it's not inherently detrimental or damaging. Crapware applications are barnacles.
It has a rather obvious "install conduit search powered by bing" checkbox. While this is defaulted to "yes", is very easily set to "no".
That means I can't just click next, next, next, install, finish without getting "infected", and the guys making these installers knows this - and takes advantage of it to make extra money.
Legally, it's sketchy at best - the EU has a law (I believe it's a law, at least, someone back me up?) against it defaulting to yes.
Morally, it's plain wrong and taking advantage of the innocent.
This was posted to HN recently, and it sums it up nicely: http://coding2learn.org/blog/2013/07/29/kids-cant-use-comput...
We all know of relatives that just use their computer for Facebook and Farmville, and get "infected" by a needless virus scanner and/or alternative browser every time they have to update Flashplayer.
It is so vicious that even people that are aware of this kind of practice may get caught. The fact that users "can't read" (but equally often programmers also "can't write") is no excuse.
If I download a program and install it then that's my intention. I don't intend to install other software along side of it.
Just saying, this isn't an issue about people not knowing how to use a computer. It's a dark pattern that hurts everyone.
"X installs Y" reads to me as something happening without any chance to avoid it.
If I click next next next next finish, it's my fault these days.
Sad world, but it is what it is.
Let's work to make it better.
I've been dealing with a set of users at work who could easily help themselves and continue on with their work if they would actually, you know, read the dialog boxes I spent tons of time writing to explain to them why the operation they tried was not correct and how to do it correctly. They don't want "wizard" interfaces that take them step-by-step through things, but they clearly can't use form-based interfaces that provide every option at once.
I watch them, it is their job to use this computer to do their work. In every training session I've ran, if I can get them to slow down long enough to even notice that a dialog box displayed, then they easily figure out their next step and continue on. But if I let them go at their own pace, they get confused and don't even recall that a dialog box appeared in the first place.
And it's not just non-techies. Most of the programmers I've worked with don't read the compiler's error messages. All they do is double-click the line to jump to the section of code and then try to figure it out from there, often by random-walking changes to the code until they get something that compiles. "If it compiles, it's correct", apparently. Never mind that they could save themselves a ton of time and confusion to read the error message and realize that you can't call Substring on a float!
If there weren't pertinent information on those screens, in those messages, then the installation could be done automatically. "open, next, next, next" is inferior to "open" as a user experience, but those "next" steps are there because there is important information there.
The OSX ecosystem would generally care to differ with you there, where the standard installation process is to drag a .app slightly to the right in the dmg that auto-mounts and auto-opens and shows you exactly what to do. Then you run it if you feel like it. Or even run it right from that window, it usually works, and quite a few applications will even detect it and offer to move themselves to your applications folder.
Contrast this with a very common Windows install, which is run -> tell where to extract -> skip welcome screen -> uncheck shortcuts and start menu -> install -> uncheck 'run now' and 'show readme' -> click 'finish'.
Sometimes there is important information in those steps. Very frequently there is not, and it's just a waste of time, and an annoyance. Just like the 'welcome' screen in those installers. Nearly all of that could have been done in one page, instead it's split into several, literally training people to just keep hitting next.
This has to be one of the oldest tricks in the books, and you should never click next, next, next, install, finish. Even if it is legitimate software, I won't blindly keep clicking unless I know the installer from previous experience.
This is the equivalent of "I accept the T&Cs" and then complaining later that Facebook/Twitter/Instagram/whoever are doing something you didn't agree to when you never read the terms to start with (ok, bad example to some degree, I know those T&Cs can be legal and tricky to read but you get the point I'm trying to make)
I think it is a great example! The effort required to comprehend the terms for those is so onerous that a small fraction of users take the time to even try.
We might be in a better place if, when faced with such a situation, we declined to use the service because of the lengthy and opaque T&Cs.
Worth noting that uTorrent is doing exactly the same thing now. And for those who will immediately assume the worst, I installed it to grab the humble bundle that I'd just bought, surprised to see that what once was the micro and trustworthy uTorrent was now yet another piece of scumware.
I laughed that it also indicated that it would be auto-updated from thence forth. It is an unfortunate situation that updates in PC software now means "addition of crapware".
https://news.ycombinator.com/item?id=5092711
The apps that get installed are "crapware." This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.
If you want to stop this kind of thing you need to get angry at the people who fund it and make money from it. That includes Paul Graham and Y Combinator.
More about the YC funded InstallMonetizer:
http://news.ycombinator.com/item?id=5059806 Y Combinator is funding the future of spam in Windows (467 comments) https://news.ycombinator.com/item?id=5086043 InstallMonetizer quietly starts editing website, privacy policy http://news.ycombinator.com/item?id=5059454 Y Combinator-Backed InstallMonetizer Is A Selective Ad Network For Desktop
There is a clear reason "I Agree" is pre-checked. Educating users is a band-aid, treating the symptom and not the cause. The cause is scummy companies like InstallMonetizer, and hopefully people like PG/YC will come to see how it hurts their brand, no matter how they think reality differs from peoples impressions of such companies.
Would you consider tricking a person with poor literacy skills into signing a contract that gives them your house a moral thing to do? Why is tricking somebody into giving you full access to their computer any different? Also, much like legal contracts can still trick the literate, these installers can trick even technically proficient users who weren't expecting to suddenly have to engage in a battle of wits with their computer.
Smashing 'next' in an installer should do the right thing: it should install the things you most likely need in the app you downloaded, in the place that makes the most sense on your system, etc. In almost no cases is the right thing installing some random ass toolbar.
I have seen installers with right bottom for OK, and left to Cancel install, as is is standard. However, a few steps into the installation, a toolbar question came up where OK meant install toolbar and Cancle meaning not installing toolbar but continue install. Bascially, left button Cancel went from aborting the install to continue the install through a sleight of hand trick (deception). Since its done for economical gain, its fraud - As clear case as it can get.
Fraud: intentional deception made for personal gain or to damage another individual.²
¹: 3 year binding agreement with first month free.
²: https://en.wikipedia.org/wiki/Fraud
If you want, I can list several similar crimes like salting the mine², the Romance scam², or the classic Nigerian scam. Each too allows the victim to opt out, each are equally fraudulent behavior, and equally illegal. The law do not require that the criminal has lied, only that deception has happened.
Giving the victim a chance to opt out does not give scammers a "get out of jail card". If it did, that would be the first thing any caught scam artist would say.
¹ http://www.actionfraud.police.uk/fraud-az-invoice-scams
² https://en.wikipedia.org/wiki/Salting_%28confidence_trick%29
² https://en.wikipedia.org/wiki/Romance_scam
"The users choose to install these things."
GMAB, you know better.
But he's not objective if topics touch Y-combinator startups¹, the same happened during the AirBnb PR disaster.
¹ and when he talks about programming languages ;)
What's that? It's too convenient to vociferously denounce someone for having an imperfect track record while doing something so grand that you could scarcely imagine the decisions he's had to make? (If you tried, that is.)
There's a reason why the word "anonymous" is often followed by "coward" -- it's abusing anonymity when you run to it as a shield from which to make pointed criticisms against actual people who will actually read what you write. Anonymity, used bravely, can provide a defense against the mob. Used cowardly, it's a defense against scrutability.
Which is to say that there are reasons to use a different name online that don't involve secretly wanting pg to give you money/help...
It's also true that people doing grand things make more decisions, and hence more bad ones. I don't think that makes discussion of those decisions somehow off limits for discussion.
Like, I'm reading anon1358's comment, and yours. Yours reads like an ad-hominem. His reads like a "As a community we seem to disagree with pg on X, maybe if we band together he will listen". I agree he doesn't seem open to hearing the other side, but I think his tone is much more constructive than yours.
He could have very well-placed criticisms actually, I don't make any assessment one way or the other as to that question.
Bottom line -- the guy wants to hold PG accountable to some imaginary (but popular) standard, while evading accountability himself.
That doesn't make it ad hominem. That's a phrase used in the context of a debate. jessedhillon isn't after the argument at all. He's attacking a certain behaviour.
ad hominem: "Your point about global warming is invalid because you slap your children and I don't like that."
not ad hominem: "You slap your children and I don't like that."
Heh. Reread your initial statement.
I am easy to connect to my account name.
Happy now? How about you now discuss the issue, rather than ranting about how we shouldn't disagree with people who have more money than us.
In that context, PG didn't defend the practice, so much as report the facts on the ground in the software industry - i.e. it goes without saying that some industry people will rationalize crapware as no more intrusive than other software which collects data on users.
More relevant is that YC's association with the crapware provider was unrelated to crapware. See this post from the same thread:
They're working on something new, and all the office hours I had with them were about that. They're not even in our database of companies as InstallMonetizer but as the new thing.
https://news.ycombinator.com/item?id=5093047
I actually believe that the people making money from it are: (1) the big search engines (2) companies promoting toolbars (3) toolbar publishers.
I believe the main issue is not DIVX's Conduit Toolbar (which from what I can see is fairly transparent - see below for my notes on their installation flow), but the parasitic nature of this industry funded mainly by the big search engines themselves: Google, Bing and Yahoo.
Conduit and Babylon toolbars generate revenue via their partnerships with the big three. They get paid to help search engines gain market share and generated revenue. This revenue model is similar to a parasitic model because the product, often very inconspicuously, "attaches" itself to the browser. This "attached" entity provides no real added value to the "host" or user. It "feeds" off of the user's searches and sponsored result clicks. On top of that, toolbars are often harmful to the user by causing browser slowdowns, freezes, crashes, HTML/JS injections, ad insertions, page rendering errors, etc.
However, the worst that I have seen in this space are advertisers pushing toolbars on Google, Bing and Yahoo by hijacking the products of popular freeware publishers (VLC, Adobe PDF Reader are examples). Here's an example with VLC: http://i.imgur.com/wesQBcF.png
Users trying to get VLC are duped into running these hijacked products. Though VLC is ultimately delivered at the end of the installation, most users won't see that they are also installing several add-on components like a Conduit toolbar.
If you download from VLC.Download-Insider.com and install their toolbar you'll get the following:
- Bing as default browser search - Conduit homepage (Bing-powered) with banner ads: http://i.imgur.com/8MIG9Lb.png - Ad injection on Google search results page: http://i.imgur.com/A2XrQxF.png - Coupons on some shopping sites: http://i.imgur.com/2tR88DG.png
I'm actually quite surprised that this is still going on and that the big search engines are still allowing them to advertise a product they clearly do not have the rights to.
* NOTES - DIVX INSTALLATION FLOW *
Chrome already seems to be detecting the downloadable file on divx.com as malicious: http://i.imgur.com/9qs4tex.png
I ran through the installation process on a VM. Here are the screenshots.
1 - Startup with language selection: http://i.imgur.com/9qs4tex.png
2 - EULA (agreement unchecked, no mention of Bing or Conduit): http://i.imgur.com/DB37y8I.png
3 - Installation components (all DIVX-related): http://i.imgur.com/q7wsLeL.png
4 - Conduit offer screen: http://i.imgur.com/fOgUnrO.png - Conduit Toolbar (opt-out) - Conduit Search + Search Protect(opt-out) - EULA and Privacy Policy as text links
5 - Post-install email collection: http://i.imgur.com/9Ym3mkh.png
6 - The toolbar itself: http://i.imgur.com/dQdsaic.png
Based on the installation flow, the offer was stated, albeit very discretely. I hate homepage and search takeovers as much as everyone, but DIVX appears to be doing it in a transparent way (and I...
(I meant "free with an asterisk," because software developers will find a way to be compensated, one way or another.)
(I also am talking entirely about free-as-in-beer, not free-as-in-speech.)
I think the problem is that these applications get to decide what gets installed with them. There's no reason to allow them to make that decision anymore.
Ubuntu "exists" but it is not "stable" because Canonical, the company that creates the Ubuntu distribution and is losing money [1]. Their efforts at capturing sustainable funding have been largely unsuccessful. So eventually they too will be gone.
[1] http://www.linuxinsider.com/story/74511.html
I don't think this is as bad as the other cases.
In both cases, there are some defenses for it: it's not a terribly big problem, the developer can rationalize it in terms of obscure use cases where someone might actually want to use it, and you can always disable it once you realize it's there.
But in both cases, it's making your computer perform worse, showing you things you never asked for, and possibly breaking your expectations of privacy, just so that the developer can make a trickle of money from you.
EDIT: Never mind. I'll do it: http://batterybarpro.com
DivX as a brand is dying. Desperate times etc... I've always hated their player and bloatware. In fact I was surprised that they survived without doing something like this earlier.
I would happily pay extra for a LinkSys-FooBar that acts as a NetFlow aggregator, as a fail2ban proxy as a decent cache, and gave me reporting and storage out of the box.
Then a simple QA site can let people know the answer to "Why has my laptop dialed to crapware.com 5000 times this month?"
Just add in a feature that stores all your photos and videos and lets you upload the better ones for granny to see and you have a home hub that actually is not a games machine in disguise.
In short, anything that requires more effort than is necessary to install crapware, will not see adoption rates higher than the crapware itself.
We need something else.
I think that there will be a home hub, a technology helper, supplemented from the cloud, but anchored to the family home network point, that is the natural place to deliver a wide variety of services, digital backup, net nanny, finacnes fridges etc.
Make something the gateway to the house and that something will be defended by house owners as much as the physical house itself - it becomes the virtual avatar for the house.
It will probably be called Jarvis.
Such a thing would be much better implemented as a windows application firewall. It would be able to detect which app did it, which dll initiated it (so you can catch IE extensions in the act), and it would have a hard drive available for storing the results. This sort of tool does in fact exists as part of pretty much every antivirus product.
They are amazing.
Think that installing Conduit will add value to my computer? Then go ahead, default it to "install" - but let me uninstall it in the usual way.
It's the fact that most of these programs are designed to be as hard to uninstall as possible that's the big problem. And as soon as you're trying to stop me uninstalling your software, IMO, you're basically making malware.
Every service you sign up for, everything you install for free (minus some open-source stuff), offers you something, and defaults to yes. You have to un-check boxes to send you emails, to install crap, to agree to performance tracking, etc... If I don't like the terms of something, I simply don't use it. That's why I'm on Linux, Ubuntu to be precise (and I opted out of the Amazon lens - not because I hate it, but because I simply don't buy that much stuff from Amazon).
Anything for which the uninstall instructions (I define uninstall as 'completely remove everything related to this from my computer') go:
[To change the 404 error page]:
- Go to the Firefox folder: open Finder and navigate to Applications and right click on firefox.app
- Select MacOS, and delete the MACSearchTakeOver.js file (wtf?)
- Go to the folder Users/USERNAME/Library/Application Support/Firefox/Profiles/CHOOSEActiveProfile. Note, USERNAME = your username. CHOOSEActiveProfile will be a unique name, for example "6y5m281v.default"
- Delete the file called abstraction.js
is malware.
There is no way in hell a regular user should be expected to do that.
You notice I didn't say anything about Ubuntu -- by and large (apart from the Amazon Lens debacle), these crap/malware peddlers have left Linux alone. How would you feel if you had to edit xorg.conf or something manually because some package you installed from someone's PPA made your screen display ads every 15 minutes? :P
People don't click on ads. People don't even see ads anymore. And people don't want to pay for software. So to continue offering a free product, they need to monetize it somehow. They do this by bundling other software (not malware).
This is the reason the industry is moving in this direction.
Maybe you don't care because you use Xvid or VLC or something. Great! You are not affected.
Don't like it? Invent an alternate monetization scheme. You'll clean up.
Ah, the good old days - where a video player hijacking your homepage was nothing. People didn't get annoyed until it started spewing popups with "Your PC is not optimized! Click HERE", "You WIN! Click HERE". I bet if divx did that, they'd really make some money.
Sandboxing of Mac App Store apps is also another good step, but we still need ways to install system components like codecs without giving away the keys to the castle.
As an aside, I've been trying to figure out how to use dtrace to get a log of all files touched by an application or installer (including sub-processes). If anyone has a good solution I'd love to hear it.