Today's topic is badware. What is badware?
According to Stop Badware and Wikipedia, badware is a piece of software that has at least one of the following minuses:
- The application acts deceptively or irreversibly.
- If the application engages in potentially objectionable behavior without first, prominently disclosing to the user that it will engage in such behavior, in clear and non-technical language, and then, obtaining the user's affirmative consent to that aspect of the application.
Programs are not perfect, they all have security holes. The most important part about this part is that a current developer checks out periodically for security reports. Thus, one can fix the problems as they show up and release new versions or patches that solve the problem. In the badware case, either the developer does not want to update the product, or he can't. Abandonware is also a part of badware, it's an obsolete piece of software. People should always be informed about how the product they use is being developed, how old their current version is and if there is a new version available.
The general advice is UPDATE ! In open source community this does not imply anything hard on the user part. It only takes a few minutes of your life, and you don't do it every day. The developers always try to get better and better software for you, so in general a newer version is better. It is possible for a new version to have more bugs but be sure that they will solve it eventually and release a new one very soon.
Badware and abandonware can result in serious problems on your computer, it might have known holes that have not been patched and can result in people intruding in your personal stuff, steal accounts or more. Make sure that the programs you use are still being updated.
In the DC network, there are pieces of software that are very good but no longer under active development. Aquila is a good example. The only solution for this kind of products is taking over by somebody else ( open source community of course ). My project is also no longer developed (DSHub), mostly because of the lack of personal motivation, time and satisfaction. I still hope that somebody might take over, until then I suggest everybody wanting to use to try some newer software that is being updated more often. Another example of non-intentional badware is AML, because at the current moment innocent users are being kicked out, as a result of the list being not updated. This way, new clients are practically banned by the operators using the old AML. Although the idea behind AML is very good, it's practically a stop sign for the spreading of the new clients.
Usage of old software made possible the CTM attacks in the network. Using this, attackers could exploit hubs that were not updated to the latest version released by the developer. According to the definition, badware is a program that does something without user knowing it or it's consent. An example can be the option to not protect against CTM impersonation. Some general idea that is going around software issues, is that the user should not be put in the position to decide too much, but rather take the best decision for them. This is somehow in contrast with the definition but I think everything should be balanced: leave the user to decide but do not give the user the power to affect others or use the software for malevolent purposes.
I hope this article got you a general idea about what badware means and how you interact with it, and of course how to cope with it.