Jump to content

Malware on the installer, yes or not? how would you fight piracy?


Eduard Gasull

Recommended Posts

Actually, they didn't necessary break any laws with that.

 

For once, it depends on where you actually buy the Software, in what country and so on.

German law certainly doesn't apply here, neither does dutch law. You might life there, but you didn't buy the product there.

 

And to break german law with that, the passwords and usernames would have to be stored encrypted. And i'm not sure Chrome actually does that. Id they weren't encrypted.... bad luck.

Let's just say it's complicated. :P

 

Also, is it unethical? Yes, but we don't really have the moral high ground to actually point at others and call their actions unethical. Unless you are living in a third world country, then you actually have the moral high ground. So...

 

 

 

What they did was bad, no question asked.

But it also revealed a few issues we got these days:

 

Browsers that can store passwords and usernames is one of the issues, seriously.... it's the worst idea in the hiostory of browsers.

You are constantly connected to the Internet with them, and download Data and send data to servers. There always have been security holes in browsers, and there always will be. It's just one of the worst places to store passwords and usernames.

 

Another issues is of course people accepting and using such Functionality, because no one ever told them about the security risk.

 

 

Those issues should be addressed, people should be made more aware of security risks. They should also made aware of things like WhatsApp and their parent company Facebook, and what they actually do with privat data they collect. And there is countless other companies that sell privat Data.... that People give them with their free will... just cause they don't know better.

 

Or accepting of about every Programm thats send with an eMail.

 

 

Making people aware of such risks, would decrease the threat a lot already. Sure it won't go away. But this maleware FSLabs used would never have existed if people weren't so careless with their Data.

Link to comment
Share on other sites

  • Aerosoft
4 hours ago, Kizna said:

Actually, they didn't necessary break any laws with that.

 

For once, it depends on where you actually buy the Software, in what country and so on.

German law certainly doesn't apply here, neither does dutch law. You might life there, but you didn't buy the product there.

 

You are incorrect, for sure in the US and the EU.  The customer buys in the country where he is located (that was changed in the law when online sellers were forced to charge LOCAL vat rates, think that was 2013).  So if you are in Denmark and buy a product from us we have to charge Danish VAT and apply to their law. But that does not matter in fact. If we would install malware on your system as part of the install process this is a violation of the Danish law as the 'crime' is committed in Denmark.  

 

To say that this nasty episode would not have happened if people weren't so careless with their data is a very strange leap of the mind. 

Link to comment
Share on other sites

On 08/03/2018 at 3:49 AM, Fragged^2 said:

You can't combat one illegal action (=Piratism) with another (=Distributing malware and obtaining private information illegally). This is not how civilized sociality works. There are legal avenues for combatting piratism.

 

Mathijs is on the point with his post.

 

Agreed.  They could start by scouring google and youtube for all the very openly illegal sites and videos and reporting them.

Link to comment
Share on other sites

21 minutes ago, Mathijs Kok said:

 

You are incorrect, for sure in the US and the EU.  The customer buys in the country where he is located (that was changed in the law when online sellers were forced to charge LOCAL vat rates, think that was 2013).  So if you are in Denmark and buy a product from us we have to charge Danish VAT and apply to their law. But that does not matter in fact. If we would install malware on your system as part of the install process this is a violation of the Danish law as the 'crime' is committed in Denmark.  

 

To say that this nasty episode would not have happened if people weren't so careless with their data is a very strange leap of the mind. 

I think it goes further than that.  It is ilegal to contract a criminal act.  it cannot be got out of b puting it in a civil contract.  Any limitation on which law applies would also not apply to the criminal act.  It may arguably apply to a contract but in this case there is no contract as there cannot be for an ilegal act.  In your exazple the police in Germany could be interested and act as the putting of the illegal software on the net occurred in Germany.

Link to comment
Share on other sites

vor 3 Stunden , Mathijs Kok sagte:

 

You are incorrect, for sure in the US and the EU.  The customer buys in the country where he is located (that was changed in the law when online sellers were forced to charge LOCAL vat rates, think that was 2013).  So if you are in Denmark and buy a product from us we have to charge Danish VAT and apply to their law. But that does not matter in fact. If we would install malware on your system as part of the install process this is a violation of the Danish law as the 'crime' is committed in Denmark.  

 

To say that this nasty episode would not have happened if people weren't so careless with their data is a very strange leap of the mind. 

 

Would that be also applicable if Aerosoft would be sitting in China?

That's what i'm trying to say: depending on where they got their company sitting, we won't be able to do much against them but boycott them.

 

 

And i don't think it's a strange leap of mind when I say that such things would not happen if we weren't as careless.

 

The point is: Someone had a terrible idea about offering a service in something that is very well known to have security issues.

People accept that terrible idea and store their data in something that is (Not necessarily to them, because who would have told them?) known to have security issues.

 

 

I see it as hanging a nice piece of meat around your neck, and standing in front of some Lions, and expect not to be attacked.

 

Link to comment
Share on other sites

  • Deputy Sheriffs
31 minutes ago, Kizna said:

I see it as hanging a nice piece of meat around your neck, and standing in front of some Lions, and expect not to be attacked

 

So by this logic your are ok by gotten eaten by lions? 

 

This is not about storing or not your passwords in Google chrome. This is about somebody intentionally installing malware on your system to obtain private data from you which you had no intention at all to share with them. 

 

I am with you that many people are too careless nowadays with their data.

 

But that doesn't rectifies or excuses a crime. It is not like the lion wouldn't had another chance or in other words, another manufacturer wouldn't had another possibility to go after pirates. 

 

Link to comment
Share on other sites

46 minutes ago, Kizna said:

 

Would that be also applicable if Aerosoft would be sitting in China?

 

It would still remain a crime to install malware on your system regardless of where the criminal is in the world.
The moment he installs a malware and reads out data from your computer it is a crime commited in your place of residence.
You can sue him in your homecounrty for it.

 

What happens after the lawsuit is a different thing.

Somebody sitting in the Sahara, Russia or in China will surely not have many difficoulties getting away with it since the local police will hardly try to enforce the penality from the foreign country...

If this guy ever travels to your homecountry he'll be in trouble though.

Since the whole EU effectively acts as one country thanks to the Schengen agreement this means if somebody from China would enter any of the european states he would likely be arrested the moment he tries to enter that country.

Link to comment
Share on other sites

2 hours ago, Emanuel Hagen said:

 

It would still remain a crime to install malware on your system regardless of where the criminal is in the world.
The moment he installs a malware and reads out data from your computer it is a crime commited in your place of residence.
You can sue him in your homecounrty for it.

 

What happens after the lawsuit is a different thing.

Somebody sitting in the Sahara, Russia or in China will surely not have many difficoulties getting away with it since the local police will hardly try to enforce the penality from the foreign country...

If this guy ever travels to your homecountry he'll be in trouble though.

Since the whole EU effectively acts as one country thanks to the Schengen agreement this means if somebody from China would enter any of the european states he would likely be arrested the moment he tries to enter that country.

Hey Emi,

With that said I don't suppose we'll ever see him attending any FlightSim conferences throughout the globe huh?:lol:

 

This incident has really shown our whole community how naive and blindly fanatical some very sad simmers are who in any way try to rationalize or (gasp) condone his behavior JUST because they like his software and fear they won't get their precious other Airbus models if FSL goes under. (that they'll have to pay for separately too..and I see them trying to skin $40 for each because they are "so" different and they put sooo much dev time into modeling those differences, :rolleyes:).

 

They don't see that there is no difference in what he did than if he physically came into your house, grabbed all your credit cards, and that piece of paper that you store your passwords on, and commenced to buying stuff with your cards. 

The comments about whether a customer stores anything regarding passwords and logins on their system or uses chrome tools to expedite the many internet transactions we ALL do have absolutely NOTHING to do with the topic at hand.  That's like someone coming up to you and shooting you in the chest...and some folks try to reflect the blame for damages on you because you were not wearing your Kevlar vest (which you didn't know you were supposed to be wearing just to walk to the corner market to get some millk?  Come on...really?). 

 

What he did purposely and worst, covertly to EVERY customer and not just trying to target a specific group (that being pirates) was immoral, illegal and purposely deceitful.  I mean, if they really thought it was the right way to catch pirates, they would have (or should have) made a general statement saying :

"Hey, we're putting malware in our installer, it will lift all your chrome passwords/log-ins and send them to us...over an UN-ENCRYPTED HTTP port for any hacker to lift from us without our knowledge, BUT...BUT...ONLY if you are trying to register our software with a serial we have on some list of "suspected" serials that pirates have been known to use in the past."  TRUST us that you won't be at risk..IF you're not a pirate, OR mistype the serial, OR something unforeseen goes wrong during the install process and our MALWARE payload releases on YOUR (our paying customer) PC." 

How many simmers would be willing to install software if it had that kind of statement associated with it?  Optimistically I'd like to say zero...but sadly we know different.  And...what nobody has mentioned yet....how about this scenario:

 

12 year old flightsim fanatic and Airbus lover is on Dad's PC, who has all sort of confidential info on HIS machine (remember the issue whether he should or not is irreverent)...

"Hey Dad...there is this cool new software for my flightsim passion, can I buy it?". 

"Sure Son...you got straight As on your report card this semester....go ahead..just make sure you run it through our anti-virus software 1st"...

"OK Dad...no problem" (like he listened or even cared)...After buying he goes to the official forums....Reviewing the official install recommendations on the site "Turn off your anit-virus software when installing"..."OK, I'll do that because its an official vendor recommendation"...Well I don't have to finish the scenario...

 

Suppose that same kid, who's Dad says "$140...for ONE plane...no way son, sorry" .... but he REALLY wants it, and his "friend" told him about a site he could visit that would let you register the plane for FREE!!!

Imagine Dad a few weeks (days, hours, whatever) later is getting all sorts of credit card alerts about purchases from a place half way around the world from him....yeah...that is a real scenario this horrendous episode by the poor decisions of FSL brings to our community.

 

Just sad that our community has had to deal with this....some remain ignorantly bliss, or decide to rationalize this behavior for the sake of defeating those terrible pirates or worse, wanting their Airbus soooo badly they are willing to absolve them and think all is good now, while a few simmers who know better, understand just how bad this was and will forever stay clear of FSL and hope they get the justice they have coming to them.

Link to comment
Share on other sites

  • Aerosoft
5 hours ago, Kizna said:

Would that be also applicable if Aerosoft would be sitting in China?

That's what i'm trying to say: depending on where they got their company sitting, we won't be able to do much against them but boycott them.

 

Absolutely. It's been a long fixed fact that where the crime is committed it can be followed up on. But indeed, the location matters a lot.

 

Let me explain. One of the task my department in Aerosoft has to fight piracy. My people find the YouTube videos with download links and we write YouTube to remove it. Several times a day. We spend a lot of money sending out these notices. The good thing is that companies like YouTube, Facebook, Google etc are very fast these days to remove that content and make life hard for the rats who put it there. But other sites are located in Russia, Turkey and other countries are simply ignoring anything you send them. Other sites do reply but ask you to jump through hoops dozens of times before they take any action. A Turkish site asked us this week to send them notarized proof, translated in Turkish that we are the copyright owners of the CRJ add-on.  I am 100% sure that if we did them they would not accept that as 'proof'.  China is different. It's pretty easy to get something removed there. Fast and efficient replies these days. 

So indeed, there is not a lot you can do often. But in this case FSL is located in the EU and thus bound by EU laws. Just as we are. If we install illegal malware on your system it does not matter where you are. You can use the EU law to go after us. 

 

Want a very simple trick to avoid getting ripped off on the internet? See if you can find a street address and a telephone number. If you are about to spend a lot of money call the number and see if the company picks up the phone. Or check the website if they use real names, see if you can find info on the CEO. A real solid company has nothing to hide. Of course some companies do not have office anymore and in that case just send them a mail. 'Sorry for sending this mail, just wanted to make sure somebody is reading email before I buy'. A good company will respond fast and nice. A good company will LIKE it when you send an email like that. They will be eager to let you know they are legit.

 

Of course a simple Google search will dig up a lot. FSL always wanted to go into the professional market but any pro customer does research and guess what will pop up first... That's why a reputation is so incredibly important. When I was talking to a big professional customer lately they had a whole load of printouts from upset customers they asked me to comment on. Not as problematic as having to explain malware of course, lol. Every company makes mistakes. for the smaller ones it is how you deal with it, for the real big legal ones it is often if you survive. 

 

 

Link to comment
Share on other sites

  • Aerosoft
44 minutes ago, steve dra said:

12 year old flightsim fanatic and Airbus lover is on Dad's PC, who has all sort of confidential info on HIS machine (remember the issue whether he should or not is irreverent)...

"Hey Dad...there is this cool new software for my flightsim passion, can I buy it?". 

"Sure Son...you got straight As on your report card this semester....go ahead..just make sure you run it through our anti-virus software 1st"...

"OK Dad...no problem" (like he listened or even cared)...After buying he goes to the official forums....Reviewing the official install recommendations on the site "Turn off your anit-virus software when installing"..."OK, I'll do that because its an official vendor recommendation"...Well I don't have to finish the scenario...

 

We deal with that a lot. Our 50 year old customer will not pirate but the 16 year old kid will be far more likely to fall for the temptation. What could go wrong right?

 

Well often things do go wrong and I end up talking to a parent who is about to skin his/her kid alive for doing something that stupid. But kids (teenagers) will be kids (teenagers) and I did some crazy stuff when I was 17. If we get a good report with he parents, you know what we often do? Send them a boxed copy of the product. For free. Not only because that pirate kid is hopefully a great customer for fs add-on companies later, but also because having the box in your hand seems to make it easier to understand it did cost a heap of money to make the files. For our Airbus project we now have 4,5 people working full time. For over 2 years.  And believe me, I'm not cheap, lol.

 

But in the end, you said the magic word, trust. if customer do not trust the add-on builders we all lose. And THAT is why I am so pissed off. I need to work harder to explain to professional customers that we don't pull stunts like what happened. I know a customers who deleted pre-orders because of this. I need to spend time writing an post like to to repair damage I did not cause. Basically it cost us money. 

 

Trust comes on foot but leaves on horseback. 

Link to comment
Share on other sites

46 minutes ago, Mathijs Kok said:

 

We deal with that a lot. Our 50 year old customer will not pirate but the 16 year old kid will be far more likely to fall for the temptation. What could go wrong right?

 

Well often things do go wrong and I end up talking to a parent who is about to skin his/her kid alive for doing something that stupid. But kids (teenagers) will be kids (teenagers) and I did some crazy stuff when I was 17. If we get a good report with he parents, you know what we often do? Send them a boxed copy of the product. For free. Not only because that pirate kid is hopefully a great customer for fs add-on companies later, but also because having the box in your hand seems to make it easier to understand it did cost a heap of money to make the files. For our Airbus project we now have 4,5 people working full time. For over 2 years.  And believe me, I'm not cheap, lol.

 

But in the end, you said the magic word, trust. if customer do not trust the add-on builders we all lose. And THAT is why I am so pissed off. I need to work harder to explain to professional customers that we don't pull stunts like what happened. I know a customers who deleted pre-orders because of this. I need to spend time writing an post like to to repair damage I did not cause. Basically it cost us money. 

 

Trust comes on foot but leaves on horseback. 

Well said Mathijs!

And your customer service efforts to deal with piracy in a Professional manner, not some back room, shady method that will impact the entire freaking community! (That fact is so lost on some...thinking ONLY FSL has to deal with this).

Trust is the key as you say...and to put your great comment into a computerisque' tone "Trust comes in years of effort building good customer relationships, but leaves in a microsecond NANOSECOND of complete and utter stupidity!" ;)

 

FSL not only obliterated trust for them, but for EVERY flightsim software vendor is impacted...having the eyes of the computing world examining us as recent, global computer enthusiast sites have picked up...our community is now viewed as a bunch of prepubescent kids trying the best way to get a copy of an airplane for free.  Not how we want to be portrayed to the rest of the world for sure.

Link to comment
Share on other sites

  • Aerosoft

Steve, you are so right. This is bigger than one malware invested installer.  If you would read the private skype groups where fs add-on devs are gathered you would read a lot of comments I could not post here. 

But in the end.... these kind of things are quickly forgotten. Not always good.

Link to comment
Share on other sites

1 minute ago, Mathijs Kok said:

these kind of things are quickly forgotten.

This is ONE issue that should never be forgotten as we all know....I hope if nothing else if it fades into obscurity, the justified actions were taken and the issue was dealt with accordingly (I feel we'd know that by seeing a certain website suddenly vanish with no explanation, all eCommerce activity suspended and eventually terminated) ;)

 

9 minutes ago, Mathijs Kok said:

If you would read the private skype groups where fs add-on devs are gathered you would read a lot of comments I could not post here. 

LOL I can only imagine the firestorm it created in the Dev back rooms.  I was a sailor for 11 years and I bet some of the expletives  heard on those private Skype sessions are ones even I never heard from my fellow sailors...ROFL!  (and we even made some up)

Link to comment
Share on other sites

On 18/03/2018 at 9:27 AM, Frank Docter said:

I would advise you to buy the product that may or may not have malware supplied with it. 

Was there any need for that Frank? 

Let's just get the facts right. As long as you did not enter a known pirate code the "malware" self deleted and was never on your system. Read that again as its very simple. But I think you already know that anyway.

There have been enough ill informed drama queens shouting out for attention on the topic.

Here we are weeks later and you come out with a loaded comment like that.

Lets just say from you that's very disappointing and totally uncalled for under a topic that should be for info on your A320 not having snipes at another for no reason at all. He was asking about your product. 

FSL A320 is and will be nothing like yours as you acknowledge many times yourself. Two different ways to do the same aircraft for a different type of simmer, there is room for both and each to their own. Your team have made huge strides to make your A320 a great product for the market your targeting. Is it to much to ask for that both you and each others fan base to just respect each other for what you have both done. 

I make no bones that am I huge FSL A320 user and fan. But at the same time I personally really respect what Aerosoft are doing with your new A320 and it looks like a great product if you have no wish to have a version like FSL. Why not just leave it at that?

Link to comment
Share on other sites

1 hour ago, Nyxx said:

Was there any need for that Frank? 

Let's just get the facts right. As long as you did not enter a known pirate code the "malware" self deleted and was never on your system. Read that again as its very simple. But I think you already know that anyway.

There have been enough ill informed drama queens shouting out for attention on the topic.

Here we are weeks later and you come out with a loaded comment like that.

Lets just say from you that's very disappointing and totally uncalled for under a topic that should be for info on your A320 not having snipes at another for no reason at all. He was asking about your product. 

FSL A320 is and will be nothing like yours as you acknowledge many times yourself. Two different ways to do the same aircraft for a different type of simmer, there is room for both and each to their own. Your team have made huge strides to make your A320 a great product for the market your targeting. Is it to much to ask for that both you and each others fan base to just respect each other for what you have both done. 

I make no bones that am I huge FSL A320 user and fan. But at the same time I personally really respect what Aerosoft are doing with your new A320 and it looks like a great product if you have no wish to have a version like FSL. Why not just leave it at that?

 

 

So in other words, as long as there was nothing in your house that may be of their interest, the burglar left huh...? Sure....

Link to comment
Share on other sites

36 minutes ago, walterg74 said:

 

 

So in other words, as long as there was nothing in your house that may be of their interest, the burglar left huh...? Sure....

To use your analogy, No your “burglar” alarm never went off and no “burglar” never came to your home. Because you nor your home was of zero interest to anyone. 

Link to comment
Share on other sites

1 minute ago, Nyxx said:

To use your analogy, No your “burglar” alarm never went off and no “burglar” never came to your home. Because you nor your home was of zero interest to anyone. 

 

Except that’s not true. Alarms DID go off (or did you think people “magically”detected it..?), the bruglar certainly did enter my home,  The module is there, and you have absolutely no knowledge about the code whatsoever to know where it snooped or not. 

 

And besides all that, bottom line is what you (or I) think is irrelevant. It is illegal, period. 

Link to comment
Share on other sites

1 minute ago, walterg74 said:

 

Except that’s not true. Alarms DID go off (or did you think people “magically”detected it..?), the bruglar certainly did enter my home,  The module is there, and you have absolutely no knowledge about the code whatsoever to know where it snooped or not. 

 

And besides all that, bottom line is what you (or I) think is irrelevant. It is illegal, period. 

Expect it is true.

You really need to know the facts. I installed it 8x due to other things, nothing was installed on my pc apart from my legal copy. Also it was the very pirates themselves that bought it to light and the main guy they was after did a huge runner closing his web site down and wiping himself of the web.

 

The only thing I will agree with you on is they should not have done it. The reason behind it I don’t blame them for. 

 

As long as you did not enter a pirate code into the installer you had nothing else installed, it really was as simple as that. Wrong yes but unless your stealing it, if your not then watching grass growing is more interesting. 

Link to comment
Share on other sites

  • Deputy Sheriffs
8 hours ago, Nyxx said:

 

Let's just get the facts right. As long as you did not enter a known pirate code the "malware" self deleted and was never on your system. Read that again as its very simple. 

 

 

Sorry David but I can not let this stand as it is. 

 

- It is a fact that Lefteris packaged a known malware into an installer. 

- It is a fact that this software is known by the internet security world as malware and not DRM.

- It is a fact that many people had/have this installer on their computer.

 

What is not a fact is that this "malware", as you call it, only worked when you enter a known pirate code. This is purely something Lefteris said about the matter. You either trust him or you don't. I do not trust him anymore.

 

ps, with regard to my preview post. I gave the FSLabs product the highest praise an RW Airbus pilot can give it in that post. It just didn't come free as the malware situation will always be a concern with this company now.

 

 

Link to comment
Share on other sites

  • Aerosoft

Gents this topic stays closed. 

 

As always I believe we should stick to the facts and I what Frank wrote ARE the facts.  If you feel FSLs illegal behavior is acceptable or that you trust their comments is personal decision. 


How this all ends remains to be seen. Clearly there are investigations ongoing in several countries and it is not for us to predict the outcome. 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy & Terms of Use