SourceForge offering "side-loading" installers - bait and switch

Posted Aug 29, 2013 16:13 UTC (Thu) by sitaram (guest, #5959)
In reply to: SourceForge offering "side-loading" installers - bait and switch by giraffedata
Parent article: SourceForge offering "side-loading" installers

As soon as you see the name of the file *actually* being downloaded, you can cancel the download. Probably even before the download has completed, in most cases. If that's a trojan horse, it's like using glass instead of wood to build it because it is almost *immediately* obvious.

Unless the download completes and the malware *gets* at least unpacked, if not installed, it's not much of a trojan, I think.

The bait-and-switch analogy is better, since "cancel" is precisely what you do there also, that too before (the potential for) any real damage.

Oh and of course there is advertising -- whatever got you to want to click the download link in the first place is it.

SourceForge offering "side-loading" installers - bait and switch

Posted Aug 29, 2013 17:24 UTC (Thu) by giraffedata (guest, #1954) [Link] (1 responses)

I can see the difference now between the ways we're looking at this: you're saying the damage doesn't happen until the user runs the crapware installer, whereas my impression is that people believe the damage is done - the offense taken - as soon as the download starts. (The user was tricked into downloading something he didn't want to download).

If you don't count the actual download — and you expect users to notice the file name — I agree there's no trojan horse and there is in fact a bait and switch: you go to the store to get the advertised plain FileZilla installer and when you get there, the salesman says, "we don't have any plain FileZilla installer, but we have this Filezilla + crapware installer" and you say, "well, I wouldn't have come if I'd known that, but since I'm already here, just give me the crapware."

With pure bait and switch, the salesman would actually have to convince you to choose the crapware over the plain install, with both available, but the modified out-of-stock-of-advertised-item version does have an analogy here.

SourceForge offering "side-loading" installers - bait and switch

Posted Aug 29, 2013 17:26 UTC (Thu) by giraffedata (guest, #1954) [Link]

By the way, related to understanding bait and switch, I recently learned, from a PBS Frontline documentary, of bait and switch scheme which is a foundation of the Walmart business model: they call it "introductory pricing." The lowest end product in every product line is normally priced lower than any competitor and heavily advertised. That's the introductory price, because it introduces you (baits you) to the department. But while customers are free to buy the bait, they usually get something further up the line. And what they pay is often not the lowest price in town.

Not to be confused with a loss leader, where customers are actually expected to buy the bait, at below the store's cost.