Bitcoin Miners Bundled With PUPs In Legitimate Applications Backed By EULA 194
hypnosec writes "Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. These miners surreptitiously carry out Bitcoin mining operations on the user's system consuming valuable CPU time without explicitly asking for user's consent. Malwarebytes, the company which found evidence of these miners, first came across such an instance of a Bitcoin miner when one of the users of its software requested for assistance on November 22 through a forum post. The user revealed that 'jh1d.exe' was taking up over 50 percent of the CPU resource and even after manual deletion the executable was re-appearing. Malwarebytes dug deeper into this and found traces of a miner 'jhProtominer,' a popular mining software that runs via the command line". However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves."
Free Software (Score:5, Insightful)
This is why you should use free software from a reputable source, such as Debian GNU/Linux.
Re:Free Software (Score:5, Insightful)
Agreed - but you can't convince the unwashed masses. It's great having a "trusted repository" from which to pull almost all your applications. It's even better that you can browse the source code before compiling, to be halfway sure that the software does what it claims, and nothing "extra".
Admittedly, I'm not qualified to really examine all that source code, but I can and do browse through it from time to time.
Re: (Score:2)
Also, the repository package managers are all shit on Windows. (Yes, there are some.)
Re:Free Software (Score:4, Insightful)
The vast majority of the software use would not be able to read the source at all.
What they can do is asked other people that can if the software is ok or not. At that stage it does not matter if the code is open source or not. If the community, like malware listing site or others, has vetted the software, it is as good guarantee as they will ever have. Having the source code just make our job easier when trying to help guys with problem.
Re:Free Software (Score:5, Interesting)
I think there's a big future for a testing company, like Underwriter's Labs is for physical goods, to do just that. Anyone big or small can send them code to review, and pay a fee, and they'll certify the resulting binary as trouble-free, at least to level of confidence you's expect from a good app store or distro (acknowledging that sufficiently clever malware can hide anywhere, but forcing it to be really clever would probably fix 99% of the problem),
Re: (Score:2)
It is hard to certify some program is trouble-free - that's arguably harder than solving the halting-problem- since you aren't provided the full inputs and code (the program might download additional code).
So I proposed something like this:
https://bugs.launchpad.net/ubuntu/+bug/156693 [launchpad.net]
https://bugzilla.novell.com/show_bug.cgi?id=308760 [novell.com]
Trusted parties ( including 3rd parties) could sign the app and its sandbox.
My proposal is a bit like working around the halting problem by forcibly limiting how long the progra
Re: (Score:2)
I think there's a big future for a testing company, like Underwriter's Labs is for physical goods, to do just that. Anyone big or small can send them code to review, and pay a fee, and they'll certify the resulting binary as trouble-free, at least to level of confidence you's expect from a good app store or distro (acknowledging that sufficiently clever malware can hide anywhere, but forcing it to be really clever would probably fix 99% of the problem),
This. So what if some company certifies the code as non-toxic? For every legit code certifying company that goes online, there will be a hundred phishing sites popping up over-night to take advantage of it. The problem is not toxic code --- the problem is the toxic levels of foolishness and naivete of the vast majority of users on the net.
Re: (Score:2)
debian won't work right in a VM. didn't even make it onto one of my machines.
Nor Windows, at least in my machine+VBox setup...
suse doesn't support colemak? really? veto. also never made it onto real hardware.
This can be either the distro's or the HW manufacturer's fault... by the way you mentioned it, I guess it's Suse's.
About your later paragraph: swap "MS" with "Debian Foundation" and "Ubuntu" with "Windows 7" and you'll have pretty much my personal experience with Windows.
(And I didn't even try to change Windows' default desktop environment - it looks like KDE, uhhhh. hahaha)
Re: (Score:2)
This is why you should use free software from a reputable source, such as Debian GNU/Linux.
Like sourceforge? /sarcasm
Re:Free Software (Score:5, Informative)
How soon before websites try using the CPU of visitors to mine bitcoin? Would that be possible?
It's been done [bitcoinplus.com]. Link goes to a Javascript-based bitcoin miner that you can embed in a webpage.
Re: (Score:2)
Re: (Score:2, Informative)
I'd imagine that the fact that even GPU mining is a fairly dubious proposition at this point (I can't remember if the increases in price lately allow it to still be viable if the hardware costs are already sunk but you need to pay the electric bill; but the FPGAs and ASICs aren't getting any slower or less numerous), even donated or stolen CPU time would be close to worthless, even if doing it in Javascript doesn't impose much overhead...
The cost of production is irrelevant if you can dump it off onto a hacked/infected/duped user as a negative externality. It's like when a meth head smashes your car window, to steal your $400 phone, which he sells for $20:
Cost to you, $400 phone, $250 window, time & stress from the window repair and loss of communications: $650+
Income to meth head: $20.
That's a net -$630 loss to the pair of you, but you bear all the cost and he all the "profit".
This is also why methadone clinics should be funded by clea
Re: (Score:2)
Lots of things certainly pay better if you can steal some of the in
Re: (Score:2)
There's not much effort to running the C&C. There's a lot of over-powered servers out there. If you use the bots to spam, the owners will get a lot of (angry) notification from all over the net but if you quietly burn CPU cycles, they may never notice.
Re: (Score:2)
If you quietly burn CPU cycles then you may never get a bitcoin.
To get a bitcoin these days you need supercomuting power.
Re: (Score:2)
Right wing coward advocates police state to control what is intrinsically a victimless crime (intoxication). Good to know.
CPU: Choose the right coin (not Bitcoin) (Score:5, Informative)
I'd imagine that the fact that even GPU mining is a fairly dubious proposition at this point (I can't remember if the increases in price lately allow it to still be viable if the hardware costs are already sunk but you need to pay the electric bill; but the FPGAs and ASICs aren't getting any slower or less numerous)
Indeed, for *Bitcoin*, anything under a high-end ASIC (dozens or more GH/s) is worthless and a huge waste of electricty and heat.
even donated or stolen CPU time would be close to worthless, even if doing it in Javascript doesn't impose much overhead...
The trick is choosing the correct crypto coin: there's a whole zoo [bitcointalk.org] of them.
Some rely on SHA256^2 hashing like bitcoin, other rely on hashing algorithme for which only CPU implementations do exist (Primecoin is a nice example, and also doubles by doing actually useful computations instead of just plain brute-forcing hashes).
In fact TFA article is wrong, this isn't a Bitcoin miner. This is a miner for Protoshare, which is currently mostly mined on CPUs.
Re: (Score:2)
GPU Mining+Stolen Electricity is still profitable (Score:2)
Stealing CPUs for mining probably isn't worthwhile. Using your own GPU isn't particularly worthwhile (unless it's winter and you have electric heat, and aren't buying new hardware.) ASIC miners are available surprisingly cheaply on eBay and IIRC DealExtreme, and if you're going to buy mining equipment, the best choice is probably them or maybe FPGA boards. But from what I hear, GPU mining with stolen electricity is probably still profitable, at least if you're infecting machines yourself; not sure if it'
Re: (Score:2)
Near the beginning of the month, some group or another was exploiting a PHP vulnerability to get web servers to mine bitcoins for them. I saw multiple attempts every day in the logs.
If you're stealing all the CPU cycles it's apparently still worth it to someone.
Re: (Score:2)
Awesome. Now I can mine bitcoins while reading about people mining bitcoins.
Incorrect (Score:5, Insightful)
Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. ... However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves
Incorrect.
Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.
Re:Incorrect (Score:5, Insightful)
Software that includes "PUPs" from the original software producer is not "legitimate". Any company with a EULA such as the one described is not a "legitimate" software company.
I agree with you about it not being "legitimate"; HOWEVER, certain major vendors have a conflicting opinion; including the operators of sites such as Download.com and Sourcforge.net.
The trouble is; they're able to hide behind the EULA, and if they are aggressive --- they can sue and win against anyone calling their software malware, since the behavior is "disclosed" as expected operation of the software.
Unfortunately; we ultimately need some prescriptive guidelines for consumer software.
And probably a regulatory regime... including certification marks; example a "SafeSoftware" seal for publishers, similar to the idea behind TRUSTe ---- if the software isn't digitally signed by a vendor holding a SafeSoftware seal; then perhaps, your browser should warn you before releasing the file to the Downloads folder
Then we could use something like an FDA, as it were, to regulate the labelling and safety of software sold to consumers, or provided as a free download.
Re:Incorrect (Score:5, Insightful)
Then we could use something like an FDA, as it were, to regulate the labelling and safety of software sold to consumers, or provided as a free download.
Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.
Re: (Score:2)
No one would ever require that from small producers. After all, if you have just a couple of cows and want to sell a little raw milk and some craft cheese from your small farm, no one would ever interfere with that. That would be silly.
Oh. ... Wait. ...
Re: (Score:2)
Re: (Score:2)
Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.
I would say you should be exempt, providing -- (1) You don't generate any significant revenue from the software, from your users, for you, or any third party --- OR substantially all revenue generated was obtained from selling upfront licenses, less than $10,000, AND (2) You don't partner with a distributor who generates significant r
Re: (Score:2)
Or
Re:Incorrect (Score:5, Interesting)
Yes, because I would just love having to go through regulatory channels and potentially paying fees in order to publish software that I don't even make any money from.
Depends on the regulations: "Commercial software can pick from one of the 5 following standard commercial licenses: ... Any commercial software license that deviates from a Standard License reverts to Standard License Type 1 wherever its EULA conflicts with this regulation. Software that complies with the Open Source Definition or otherwise allows the user to inspect the source code and remove unwanted features independently is exempt from this section."
You are then perfectly free to make money from your software. Pick whichever one of the standard licenses suits your purpose and carry on. But what you cannot do is employ a lawyer to invent a creative way to screw your users in the fine print. If you do, your license is automatically torn up and replaced with something sane.
Re:Incorrect (Score:4, Informative)
The trouble is; they're able to hide behind the EULA, and if they are aggressive --- they can sue and win against anyone calling their software malware, since the behavior is "disclosed" as expected operation of the software.
They might be able to claim that, but it doesn't mean that courts would necessarily agree. Consumers typically have greater legal protections than companies precisely because they are usually so much less skilled in contract law. This applies in many areas of commerce; for someone to say that computer software should be exempt from this principle is entirely unrealistic.
Re:Incorrect (Score:5, Insightful)
Or we could finally fix the law and declare EULAs to be unenforceable. Unilateral contracts like EULAs are out of control.
Re: (Score:2)
So yo
Re: (Score:2)
So long as you can 'consent' to mandatory binding arbitration in the kangaroo court of the company's choice, without further recourse, by clicking through some clickwrap, fi
Re: (Score:2)
Re: (Score:3)
By restricting what Joe Idiot can and cannot install means that Joe Idiot is less likely to get crap installed on his computer.
Just because Joe does not know computers, does not mean that Joe is an idiot. Or that you are smarter than he is.
Re:Incorrect (Score:5, Insightful)
If you have to piggy-back on another app in order to get downloaded, you're malware. If the download screen only talks about the main app with no mention of your piggy-back app, you're malware. If you have to hide your software description in the EULA (needlessly but commonly embedded inside a tiny scroll window) to avoid scrutiny, you're malware. If you weasel-word the software description (math calculations?) instead of being forthright, you're malware. If you will not cleanly uninstall when the user uninstalls you, you're malware.
Re: (Score:2)
Well said. Please mod this AC up.
Re:Incorrect (Score:4, Insightful)
I think you underestimate the time needed to generate a bitcoin.
Re: (Score:2)
It is all far to late to make any real money out of bitcoin mining unless of course you create a new better more secure bitcoin and start mining early. All you have to do is target, undermine and cripple the existing bitcoin by what ever means possible and your new bitcoin mining becomes very very profitable indeed ;D.
Re: (Score:2)
http://www.thefreedictionary.com/legitimate [thefreedictionary.com]
dunno what's so hard about the word.
Re: (Score:2)
Doesn't matter what the law says. If anything from any source is using my computer for any purpose which was hidden, disguised, or obfuscated from me, then it is an illegitimate use. Full disclosure, with explicit permission, or it's illegitimate.
Re: (Score:3)
there was full disclosure via text of eula and explicit permission given when pressing yes to it. problem of course being that people don't read the things(nobody does). but even if it had a blinking fullscreen dialog that spelled out that they will use your computers cpu and your electricity to make money people would still press yes, if it was a necessary step for installing software that they for some reason or another wanted to install. most addware addons nowadays are quite clear in the installers what
Re: (Score:2, Interesting)
That would make the Chrome browser illegitimate. Most people are not aware that it is spyware and it is not advertised as spyware, it just mentions it deep in an EULA (much like the application in this stories does about being bitcoin miners).
The problem is that a
Re: (Score:2)
Incorrect, also the coin (Score:2)
That not the only incorrect thing.
The mined coin isn't bitcoin, it's protoshare.
Re: (Score:2)
Depends - ad-supported programs are a big industry as seen by Android apps. Though, even Android and iOS is not immune - a new plugin for Unity installs a passive Bitcoin miner [pocketgamer.biz].
If you're a app developer using the free-to-play model (or freemium), it's another option to consider. And given PC gaming is also going towards the freemium m
"potentially unwanted programs" (Score:5, Insightful)
Is "potentially unwanted programs" the new politicaly correct term for malware? It's OK to call it malware, even if the user technically-allegedly-probablynot signed an EULA allowing it.
If it runs an unauthorized bitcoin miner, stealing your cycles and electricity, it's malware. No exceptions.
Re: (Score:3)
As i understand it, there was some concern about something like this [slashdot.org] happening to anti-malware organizations. So, call it "pups" instead. Everyone knows, or will soon know, what you really mean, but it's technically hard to argue that it's slander.
Re:"potentially unwanted programs" (Score:4, Insightful)
Potentially Unwanted Programs are not quite malware, though in many cases I'd argue are worse. PUPs are generally stuff like 'WOMG Awesome Toolbar', 'Internet Coupon Printer 3000', "Free smilies wacky mouse pointers' and Java.
They're legitimate in the sense that they won't exploit vulnerabilities in your system to install themselves, or (generally) ignore (or interfere with) attempts to remove them from your computer. They might even propose to have some sort of functionality that a user could want. The reality is that the functionality they generally offer is limited at best, and may even be inferior to the native functionality of the computer. They often slow your machine down, eating up your CPU cycles, opening up your computer to additional vulnerabilities, stealing your personal information to sell to advertisers, and generally speaking are not really useful to or needed by the people who have them installed on their computers.
Re: (Score:2)
Potentially Unwanted Programs are not quite malware, though in many cases I'd argue are worse. PUPs are generally stuff like 'WOMG Awesome Toolbar', 'Internet Coupon Printer 3000', "Free smilies wacky mouse pointers' and Java.
What, like Windows 8 which came with all those Metro apps (which I've never seen a user actually want)?
Re: (Score:2)
Adding Java to the list *was* a bit over the top. It does have actual advantages in many situations. So far. Oracle, however, seems bent on fixing that problem.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Run Minecraft!
Re: (Score:2)
Is "potentially unwanted programs" the new politicaly correct term for malware? It's OK to call it malware, even if the user technically-allegedly-probablynot signed an EULA allowing it.
If it runs an unauthorized bitcoin miner, stealing your cycles and electricity, it's malware. No exceptions.
I love Bitcoin, it's so honest, so fair, so real, so future-proof.
Re: (Score:3)
I'm sure the people offering programs with a bitcoin miner would be perfectly happy to provide a version without a miner that costs $1 or something equally nominal (it's not like a typical home pc is getting much from mining these
Re: (Score:2)
The only problem with that argument is that the EULA misrepresents the purpose of the "calculations" which might invalidate the ELUA:
Re: (Score:2)
There is a huge gap between stealing personal information, and using electricity. Most people do not have anything other than the basic, integrated GPU that comes with commodity boxes. The amount of electricity stolen is nowhere near the typical mining expenditure.
We need lines to be able to classify and differentiate, and your personal emotional response really doesn't help.
Winzip finally found a business model (Score:2)
After all these years they figured out a way to make people pay for their software
Along with winrar
Straight up theft (Score:2)
And that's a big bump in electrical use these days. Especially if they're getting GPUs involved. My gaming rig's power consumption roughly triples under load. Then it cranks out the heat so my AC kick in...
No GPU. (Score:2)
And that's a big bump in electrical use these days. Especially if they're getting GPUs involved.
Not in this case. This miner isn't for Bitcoin but for another alt-coin (with a different algoritm) which is mostly mined on CPUs.
The really strange thing about this: (Score:5, Interesting)
Bitcoin mining on anything but ASICs is no longer profitable. Even on an R9 290X with an 80+ Platinum PSU, you're making maybe $1 - $2 a day. And the vast majority of people don't have anything like that equipment. CPU mining is so slow, you'll never complete any work before the block is finished. GPU mining is still fast enough to get some work done, provided you own an AMD GPU.
But Nvidia GPUs don't mine BTC for beans and most mining kernels will crash an NV card or lead to rampant slowdowns and random lockups. Even an AMD card needs a low priority miner to escape the kind of UI chokeup that immediately alerts someone to a problem in the system. This might have made sense in 2010, when CPUs could still mine, but these days the return on investment is going to be terrible -- and the performance hit is big enough that people *will* notice.
Re:The really strange thing about this: (Score:5, Informative)
Re: (Score:3)
Yeah, there is that. A EULA that crypto-tries to say "in exchange, you agree for us to take over your computer and use it to crank out money" is no good.
Use other alt-coin (they did ProtoShare) (Score:2)
Who cares? If your freebie gets 100k installs, and only 1000 of them still work.
But instead of actually mining *Bitcoin* (have no idea where that idea came from) which will probably bring you 10$ a day,
do like TFA and install something which mines a different alt-coin powered by an algorithme which only runs on CPUs.
TFA's example is actually a Protoshare miner.
PrimeCoin is another example which is still mined mostly on CPUs (and in addition to mining also produce scientific data)
Then there are stuff like Quark Coin which use all the candidate for SHA-3 as hashing algo (and don't have g
Re: (Score:2)
That is still hardly worth it.
Re: (Score:3)
Well, consider an alternative: Putting ads in your application. That might get you a few cents per day. Getting $50 a day from an application sounds like a pretty good deal to me.
Re: (Score:2)
Even in a westernized country 40euros a day will keep you drinking for free. That's more than enough incentive to add a bitcoin bot to your software. The real fun will start when you have more than one of these bitcoin bots fighting for your CPU time. Current malware will pale in comparison to bots who's only goal is to run your computer balls out.
Re: (Score:2)
From what I see on the various online calculators for these sorts of things, the kind of ASICs you could afford are no longer profitable even now. You make a net loss on electricity even on the cheap, low-power USB device. You have to spend about $2000-3000 on a dedicated machine with dozens of ASICs in order to actually make any profit.
And when you project into the future for the difficulty changes, etc., you'll find they are barely profitable for a year or two.
CPU mining is worthless. Even with a whole
Re: (Score:2)
We're reaching the top of the curve for bitcoin mining, long before all the possible coins are "found".
This means that at some point the remaining coins wouldn't be searched for. For that to be economical, each coin would have to cost a $1M or something. If that's not the case, there is no reason to bother. It's exactly as I don't walk the streets looking for lost coins, wallets, or jewelry. I guess I could get some revenue this way, but it makes no sense - there are better ways to make money.
ASIC mini
Re: (Score:2)
You can pay a transaction fee to speed your transaction. It's assumed that when all the coins are mined, people will make money from this transaction fee instead.
But all coins aren't mined yet, so there's still a once-in-a-year/decade/whatever chance that you'll generate a whole coin, so people won't stop mining for a while yet. And a whole coin is worth several thousand at the moment. It won't be "profitable" but people will still be mining on the off-chance of a windfall, I suspect.
Re: (Score:2)
You won't get to a situation where noone is mining at all, as those for who mining is no longer profitable stop mining the share of profits for those who remains will go up and the difficulty goes down. Eventually you will hit a plateau where the people with cheap electricity and the latest asics will make money and noone else will bother.
Re: (Score:2)
If nobody mines anymore, how will the network operate? There is nothing on the horizon, and the difficulty would make it prohibitive anyway.
The difficulty is set to keep the rate at which miners successfully create blocks roughly constant. If miners stop mining and the total network hashrate drops then the difficulty will also drop.
Re: (Score:2)
From what I know, miners only get a fee from the blocks that THEY mined. Not from other miners' blocks. If true, this gives even more advantage to "early adopters" - not only they sit on mountains of nearly free BTC, they also collect rent on it. Those would be the only "miners" left (they won't be doing actual mining, probably.)
Re: (Score:2)
When a transaction is included in a block any transaction fees in that transaction* go to the miner who included the transaction in the block. Where the bitcoins originally came from is irrelevent.
* Including transaction fees in your transaction is not mandatory but doing so increases the chance of it getting included in a block in a timely manner.
Re:The really strange thing about this: (Score:4, Interesting)
http://mining.thegenesisblock.com/ [thegenesisblock.com]
Select the hardware, look at the cost (just underneath it), see how many actually make a profit (in blue on the right) after a few months, how many after an entire year, and how many never make one (profit in red and bracketed).
Quite a lot of the companies have NOTHING on there that generates profit at all (including the new USB ASIC miners, for instance, as I said).
The ones that do make a profit, you need a few thousand of dollars investment, hope the difficulty doesn't go up, and you might make a few hundred dollars for 6 months until they start to make a loss. The ones that make thousands of dollars cost over $10,000 in the first place.
And next year, you will be worse off again.
Not saying you can't make profit. Saying that when you take into account the hassle, the cost, the difficulty changes, and the risk, you'll be lucky to make more than your bank would have given you for the same amount of cash in a savings account. And at least that doesn't "devalue" over time.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
it's profitable.
it's just unprofitable if you have to pay for electricity or the machine investment. there is no investment in this method though. ..besides many of these machines do have gpu's.
Re: (Score:2)
Mining Bitcoins is unprofitable, yes. Mining some other coins (e.g. Litecoin) can still be profitable, even on a GPU. About $400/month with a high-end AMD at current difficulty.
Re: (Score:2)
Re: (Score:3)
Current generation ASICS are capable of hashing bitcoin faster than supercomputers, which consist of thousands of high end CPUs running 24/7...
Your network of compromised computers won't all be running 24/7, won't all be the latest processors and won't have exclusive use of the CPU...
Incidentally this article isn't talking about bitcoin, but about an alternative coin which works similarly to bitcoin but using a different proof of work algorithm, one that is designed to be less suited to GPU and ASIC impleme
Re: (Score:2)
The cure for this is 1.2 million copies of Malwarebytes, cleaning this shit off.
Sadly, I am dreaming if 1.2 million people would visit malwarebytes.com, download their stuff, and run it regularly. :(
Names please (Score:2)
Whenever I read something like this it makes me wonder what "plausible" software is the means of infection.
I may be naive but I can not imagine that any of the companies and individuals I install stuff of on my machines would be shady enough.
What stupid stuff from what shady source do I have to install to get a Bitcoin-Miner I didn't ask for?
Re: (Score:3)
I should have understood the article, first.
From the article it seems to be
www.yourfreeproxy.net
Well, who would not want to install an application that redirects all of their network traffic though their servers FOR FREE?
Re:Names please (Score:5, Insightful)
I should have understood the article, first.
From the article it seems to be
www.yourfreeproxy.net
Well, who would not want to install an application that redirects all of their network traffic though their servers FOR FREE?
Someone not very technical wanting to bypass their government's mandated filtering?
Fair is Fair (Score:2)
Re: (Score:2)
My attorney bills $250/hour to read and analyse a EULA. Expensive, but worth it.
Re: (Score:2)
If only we could come up with some kind of bot-net to read them for us.
Doesn't Digsby do something like this? (Score:2)
Pretty sure that "free" chat client aggregater Digsby has been using CPU time on machines it's been installed on for ages - one of the reasons I don't recommend people use it.
It's in section 15 of their TOS [digsby.com].
Don't know if they've ever used this specifically for Bitcoin mining, but there's no reason they couldn't.
theft of electricity... (Score:3)
Remember when all the crackers could be charged with was, "Theft of Electricity"? Now this is actual real theft of electricity.
Re: (Score:2)
One Word: CNet (Score:5, Interesting)
End users need to learn to be responsible for their own systems.
True to a certain extent. But think about downloads from CNet.
Isn't CNet a trustworthy source? No? It certainly LOOKS like a trustworthy source. It's not a warez site, right?
But of course most /. folks know otherwise, we know that CNet is one the major sources of malware.
Also, please remember that not everyone who uses a computer is an "IT pro". This should not be necessary to avoid shit like this crap.
Re: (Score:2)
Re: (Score:2)
And there is the problem. People pay hundreds or thousands for a computer and still want to treat it as an appliance like their toaster. Why should I give a shit about their safety if they don't give a shit about it? The real question is when are people going to take responsibility for their own actions? Install crapware and get infested with shit like this. It is that simple
Re: (Score:2)
I don't really understand the thought mechanism that allows my 60 year old father to somehow install all these browser toolbars and related debaucherous software, but I know for damn sure it's got nothing to do with "being greedy".
Maybe if you took a look in the mirror every time a lay-user asked you a question you simply rolled your eyes to and gave a smart-ass response, you might see that the problem isn't always with the user. Sometimes the heart of the problem lies in the "experts" being unwilling or i
Re: (Score:2)
Re:One Word: CNet (Score:5, Insightful)
Yes, I'm sure auto mechanics, carpenters, doctors, soldiers, and farmers all think the same thing when they get up to do their daily work.
The fact is, all people need medicine, not just those who are experts. All people need homes, not just those that can build them. All people need their vehicles repaired, not just those who can do it themselves. All people need their nation defended, not just those who can devote their life to it. All people need food, not just those with the means to produce their own. And, yes, all people need computers, not just those who are experts.
We experts have jobs because we're supposed to help these other people. Having a skill doesn't make you special. It just makes you useful. Being useful doesn't give you the right to be an asshole.
Re: (Score:2)
This is exactly why walled gardens are taking off, traditional computers are simply not suitable for average users as they require users to know how to avoid malicious sites while working out which ones are not malicious, and all manner of other crap.
Re: (Score:2)
That's pretty brave of you to say at /. but I agree.