APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Frogs, Greed or What?

© February 2009 Anthony Lawrence

I spend a good amount of time this morning reading Interview with an Adware Author at Philosecurity. The Adware author is Matt Knox, who worked at Direct Security before they were sued by the New York Attorney General's Office. The article itself is interesting though probably nothing that most readers here will find surprising. The comments are more fascinating as most of them are back and forths between co-workers at Direct Revenue and Christopher Boyd (paperghost) of Vitalsecurity.org.

In everything that follows, italicized quotes are taken from the article referenced above or its comments.


Matt Knox and his co-workers paint themselves as being lulled into dirty deeds much like the proverbial frog in hot water who does not notice the slowly rising temperature. There are excuses (Matt: "I was utterly and grindingly broke") and rationalizations ("I actually believe that if you sum up everything I did it comes out positive"). Yet there is also recognition:

Matt: "It really showed me the power of gradualism. It's hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything."

Eric (co-worker, in comments): "Even so, it was a dance with the Devil. As with much ordinary advertising, we were exploiting people's naivete and/or stupidity; I'm glad to have it behind me."

Jordan Stevens (co-worker, in comments): "as Matt said, we probably in the end did more good than harm because I am sure we did knock off some horrendous adware clients far more unethical than ours from countries which had no regard for our laws"

Eric again: "Yes, we caused suffering. We knew we were going to hell. We have done our best since then to apologize and atone."

Some people didn't buy the excuses.

Satan (comments): "most people do view you as a criminal"

Sherri (Interviewer, comments) "Guys, please be respectful in your comments. I received a couple that were not appropriate to post. Matt is a wonderful teacher, a great coder and a good friend."

Others also defended Matt:

Anonymous (comments): "A former roommate who I very much respect (and happens to be the grand-daughter of people that you'd recognize from your history of computing lectures) for a brief period worked on helping spams get through filters. I was shocked and unimpressed, but she made a really excellent point: if she didn't, someone else would"

Of course that bit of rationalization brought well deserved references to Nazi concentration camp guards. Most of the defensive parrying seemed to be a claim of ignorance:

Jordan Stevens (co-worker, comments): "The truth is that the whole programming group was full of good people with good intentions, including Matt and Eric. At one point there were around a hundred people working there and we were sheltered by management from knowing how we were negatively affecting our users."

Some defended that:

xandalar (comments): "Sometimes when you code, because of the way the work is segmented, you might have a vague idea of the overall project, but your individual snippet is just a tiny part and when you finish, you're on to something else and then on the train home. Hardly anyone at the cubicle level understands the big picture."

That might be true with some software, but the actual words of the coders show that they did know what they were doing.

Some comments applauded that the coders had fought back against things like (Eric, comments) "hiding the code file in a phony bad sector"

Danv (comments): "It sounds like Matt and Eric worked hard not to cross certain lines. "

There were also arguments of moral ambiguity:

Eric (co-worker, comments): "My point is that almost all of the things Matt describes have 'normal' uses. I was recently asked by maker of a parental-control (censorware) product, to make it hard for a kid to disable the software. Suddenly all these 'exploits' (in Matt's sense) were now potentially legitimate. Where is the clear bright line?"

Those attitudes seemed to frustrate Christopher Boyd:

Paperghost (comments): "To this day, I've never seen such anger generated as a result of a piece of code. Ever."

Paperghost (comments): "You don't get dragged in front of the NYAG for minor screwups. It seems anyone who works for an adware company that gets brought to book can wring their hands and talk about how they knew they were 'going to hell' and 'making people suffer', yet anyone who rightly criticizes them for doing that instead of, you know, doing something about it (as opposed continuing to be dragged along for the ride) 'just doesn't get it'".

I tend to side with Paperghost. I certainly understand that desperate people will do things they wouldn't do otherwise, but I don't think these people were in that situation. All the nonsense about "more good than harm" is silly - there's no excuse for this. Tell me that you are living in Russia and your family is near starvation and I can find some sympathy; it's hard to do that for these guys.


Also interesting were the various comments on protecting oneself from this stuff:

Sherri: "In your professional opinion, how can people avoid adware?"

Matt: "Um, run UNIX."

But that's nonsense. This was Adware - something users willingly installed. When I download an application on my Mac, the installers often ask for a sudo password. How many of us even stop and wonder "Why does this need that?". If we do wonder, how many of us continue anyway? This is why I really wish we had full virtualization available!

A comment about Vista matches my expectations:

Jordan Stevens (co-worker, in comments): "I was proud to be part of that team, because it was after all, such an amazing group of brilliant minds. I left the company as soon as I found out what the true effect we were having on our customers, when I read some hate mail directed at the company.

I went on to work at Microsoft as a security engineer and after enough time felt I had redeemed myself. Vista is more secure, however, many of the same exploits that we used are still possible to do, which is a scary thought. I do believe the Windows model is fundamentally flawed, unfortunately and even the most advanced anti-virus software is insufficient. I do recommend users run a version of UNIX and Windows in a VM (Virtual Machine) only when absolutely necessary."

I bet those remaining exploits are all in the name of being "user friendly" and supporting legacy apps. Microsoft never learns anything.

Note the recommendation to run in a VM. Other commenters suggested running the browser in a VM.. how much longer is it going to take for people to understand how much we need the VM model for our desktops?i I've been beating that drum for years, pointing out that Apple and Linux are in a far better position here than Microsoft. Apple particularly could leverage its nascent popularity and really strike a blow against Microsoft if they'd move on this.. but so far I've seen no indication that they will.

Anyway, interesting post with a lot to think about.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Spammers greed vs. moral vestiges - greed wins.


Inexpensive and informative Apple related e-books:

Take Control of Preview

Take Control of Pages

Take Control of High Sierra

Take Control of Automating Your Mac

Take Control of iCloud

More Articles by © Anthony Lawrence

Mon Feb 2 21:12:15 2009: 5283   BrettLegree

We need the VM model for the desktop yesterday... especially where I work - in spite of the "big shiny firewall" (just ask Jack), the Company Gold Standard is XP SP2 with IE6.

They'd better hope that the firewall and McAfee do the job.

Thank goodness there's no such thing as a 0-day exploit.

Oh, wait a minute... :)

Mon Feb 2 21:17:18 2009: 5284   TonyLawrence

Sometimes you don't even have to wait a minute..

So (in your opinion, of course) why DON'T we have this? Both Apple and Microsoft put all sorts of restrictions on virtualization - even when it's on the same darn machine! Why? Why don't can't they see the wisdom of this?

Mon Feb 2 22:00:32 2009: 5285   BrettLegree

I think in Apple's case, maybe their focus has been on content/entertainment delivery - and OS X is good enough to keep them safe so far.

Microsoft - maybe the folks at the top are stuck doing the same thing repeatedly.

In both cases, they can't change the model fast enough, perhaps. Making money selling the OS and/or the hardware.

Linux will (or FOSS in general). Every day I find something new that just makes me go "wow".

Example - I have a Wubi-installed Ubuntu on my work laptop <grin> and then the other day I found LVPM - so were I so inclined I could turn the loop-back install into a bare-metal install.

And the list goes on and on. It will come. I hope it arrives sooner than later :)

Thu Feb 5 00:07:49 2009: 5306   yungchin

Virtualization is a lot of fun, but I don't think it provides any real security. Well, it might to some degree, but then it will get in your way as much as it would get in the way of the malware. I reckon the same users who ran into trouble with the adware stuff will do so if they use VMs, too, simply because *they are the security hole*. They'll just open a file share or something, click a few yes-buttons without reading, and there you go....

Or if you think the users won't screw up, then De Raadt thinks the OS engineers will: (link) and it appears he's not wrong about that so far: (link)

Still, my bet is you won't need fancy attacks like those - I'm sure the users won't disappoint...

Thu Feb 5 00:33:49 2009: 5307   TonyLawrence

You are missing a couple of things. First, if the machine inside the VM is attacked, the problems can be isolated there. Second, the hypervisor can see everything the VM is doing if it needs to.

Thu Feb 5 00:40:42 2009: 5308   yungchin

What that google paper shows, is that you can in fact attack the host from within the "confines" of the virtualized guest.

Also, with the fancy options in VMware Desktop and Parallels and actually also on Linux' KVM, you can make e.g. parts of your file system available to the guest OS. For that you do of course need a user to entrust the guest OS with access, but that's exactly what users are for: breaking any security measure :)

Thu Feb 5 01:53:24 2009: 5309   TonyLawrence

Well, of course you CAN. And you are probably right that most people will.

Still, I think this is our future and it will be safer.

Thu Feb 5 18:18:25 2009: 5311   TonyLawrence

Related to all this: (link)


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Talent does what it can; genius does what it must. (Edward G. Bulwer-Lytton)

Linux posts

Troubleshooting posts

This post tagged:




Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode