SourceForge offering "side-loading" installers - bait and switch
SourceForge offering "side-loading" installers - bait and switch
Posted Aug 28, 2013 23:47 UTC (Wed) by sitaram (guest, #5959)In reply to: SourceForge offering "side-loading" installers - bait and switch by giraffedata
Parent article: SourceForge offering "side-loading" installers
Here, the downloaded filename makes it *very* clear you got something other than you asked for.
I'd say it's still bait and switch...
Posted Aug 29, 2013 15:38 UTC (Thu)
by giraffedata (guest, #1954)
[Link] (3 responses)
After you have the thing, the trojan horse concept is complete. Going back to the original trojan horse, the cleverness was in that the Spartans opened the gates and rolled the horse inside. If the soldiers had jumped out just after they were rolled inside, it would still be remembered as the same classic military maneuver.
In the side-loading case, you click on a link and invite the program into your computer because you think it is an ordinary installer for FileZilla. The link says, "FileZilla_3.7.3_win32-setup.exe". After clicking, you discover that you've started up an offensive advertising program instead, so the analogy to the Trojan horse is complete.
Whether it's a trojan horse or not, though, it still doesn't have the elements of the advertising strategy commonly known as "bait and switch" (which I detailed in an earlier post).
Posted Aug 29, 2013 16:13 UTC (Thu)
by sitaram (guest, #5959)
[Link] (2 responses)
Unless the download completes and the malware *gets* at least unpacked, if not installed, it's not much of a trojan, I think.
The bait-and-switch analogy is better, since "cancel" is precisely what you do there also, that too before (the potential for) any real damage.
Oh and of course there is advertising -- whatever got you to want to click the download link in the first place is it.
Posted Aug 29, 2013 17:24 UTC (Thu)
by giraffedata (guest, #1954)
[Link] (1 responses)
If you don't count the actual download — and you expect users to notice the file name — I agree there's no trojan horse and there is in fact a bait and switch: you go to the store to get the advertised plain FileZilla installer and when you get there, the salesman says, "we don't have any plain FileZilla installer, but we have this Filezilla + crapware installer" and you say, "well, I wouldn't have come if I'd known that, but since I'm already here, just give me the crapware."
With pure bait and switch, the salesman would actually have to convince you to choose the crapware over the plain install, with both available, but the modified out-of-stock-of-advertised-item version does have an analogy here.
Posted Aug 29, 2013 17:26 UTC (Thu)
by giraffedata (guest, #1954)
[Link]
By the way, related to understanding bait and switch, I recently learned, from a PBS Frontline documentary, of bait and switch scheme which is a foundation of the Walmart business model: they call it "introductory pricing." The lowest end product in every product line is normally priced lower than any competitor and heavily advertised. That's the introductory price, because it introduces you (baits you) to the department. But while customers are free to buy the bait, they usually get something further up the line. And what they pay is often not the lowest price in town.
Not to be confused with a loss leader, where customers are actually expected to buy the bait, at below the store's cost.
SourceForge offering "side-loading" installers - bait and switch
A trojan horse is where you don't realise, without some loss or effort, that you got something else.
SourceForge offering "side-loading" installers - bait and switch
I can see the difference now between the ways we're looking at this: you're saying the damage doesn't happen until the user runs the crapware installer, whereas my impression is that people believe the damage is done - the offense taken - as soon as the download starts. (The user was tricked into downloading something he didn't want to download).
SourceForge offering "side-loading" installers - bait and switch
SourceForge offering "side-loading" installers - bait and switch