Musings on the Bundling Problem

Posted on March 7, 2006 - 16:18 by luis

It's too bad that software can't just be run alone. A lot of the software that we are testing could feasibly be run alone, but since the authors distribute their work for free, they need to get revenue from somewhere (typically adware). So they bundle, and then the problems start.

We faced this problem when developing a methodology for software tests: when does the core software muddle a computer, and when does other, unnecessary, bundled software take over? With so many programs, processes, and data files running between programs on a computer, it becomes exponentially difficult to track it all.

For now, we dodged this bullet by only downloading software from its author's website. If the authors bundled their software with really naughty programs, then they should be held accountable for it. Sure their EULA might say that the company is not responsible for what the
(naughty) bundled software programs do, but if they're bundling them, then they're essentially complicit in however the bundles act.

Take a leading piece of peer-to-peer software as an example. While the website, somewhat misleadingly,
advertises itself as "Spyware Free," the software bundles over half a dozen
advertisement spewing programs that muddle with too many toolbars,
popups, webpage highlights, and a bunch of other stuff you never
expected (but if you read several nearly unintelligable EULAs, you might
have). Nor can these beasts be easily disabled -- every reboot, they
come back. Getting rid of them is like wrestling a buttered monkey. And when you run their uninstaller, one of the Explorer toolbars remains on the computer! This (and others) are unquestionably ad-supported with really naughty programs, and the creators of the software could be much more up front and clear about it.

Moral of the story? Misleading advertising, hard-to-kill programs, and
buggy uninstalls shouldn't cut it, and manufacturers shouldn't be able to hide by saying 'well, it isn't our software that is giving you popups' if they are shipping and bundling the software.

[Written originally by brilliant intern Josh Rosenthal, who did all the hard work. Luis just posted it :)]

StopBadware Manifesto

Posted on January 27, 2006 - 10:30 by zittrain

I study the future of the Internet from the perspective of wanting to maintain its “generativityâ€â€”its capacity to produce extraordinary change for the good of the world. A profoundly fortuitous set of historical circumstances has led to an “open†Internet and PC, open in the sense of allowing anyone, anywhere, to produce code— software—and to distribute it costlessly and instantly to the world. Instant messaging, Web browsing, email, Skype—all of these features that are now so embedded in the Net’s fabric started from modest, amateur tinkering. The institutions of .com, .org, and .edu have been engaged in a multi-year free-for-all where cool code is imitated, improved upon, and offered to the far corners of the world. This process even spawns non-PC innovation—like mobile phones that look for Internet connections to lessen the price of a phone call—and non-techie innovation—like the explosion of blogs and wikis that are letting the general citizenry express itself in new and collaborative ways without needing an engineering degree.So while I’m not particularly obsessed with “badware†for its own sake—I manage to keep my computer pretty clean—I am very concerned about a consumer backlash: something that will push the general public into the camp of wanting “locked down†PCs that don’t just run any code from anywhere. is a long-term project designed to (1) explore ways to solve the badware problem, both as a matter of policy (what is and isn’t badware?) and as a matter of tech (how do we avoid it once we know we don’t like it?) and (2) to have the solutions be such that they don’t allow for a new gatekeeper—a single firm that has a “missile battery†that’s so successful at shooting down badware that everyone subscribes, allowing that firm to become a gatekeeper for what will run and what won’t.

Over the long term, I think this means developing tools for the general Internet public to use to give them simple but powerful information they can use about the code they encounter so that they can make an informed decision about it. Imagine a dashboard whose gauges had information such as how many other computers in the world were running the candidate software—and whether their users are on average more or less satisfied with their computers than those who don’t run it. A gauge that showed that a piece of software that was non-existent last week but is now all the rage—that might signal to a cautious computer user that it’s time to wait a bit before running it.

In short, we are a consortium of nonprofit and educational entities supported by a broad base of institutions, including .coms that see the dimension of this problem and realize they can’t take it on alone, chartered to bring to bear legal, policy, and technical analysis, along with common sense, to figure out how to bring this problem under control in a long-term way. We’ll begin by examining some suspect software as a way of trying to produce consensus guidelines, best practices, to clarify just what factors make badware bad. Existing efforts against spyware are nicely complementary to this—and we hope to engage with whomever is eager to work collaboratively on the problem.