Tuesday, August 21, 2007

Beware of Five-Star Vaporware

U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from various software directories and download sites.

Curious about just how thorough the sites are at reviewing software, Brice submitted a fake program that did absolutely nothing. The place he sent the program to was a clearinghouse that distributes shareware and trialware to hundreds of other sites.
Brice even included a descriptor file stating that he was submitting a useless program, which he tauntingly named "awardmestars." To his amazement, the do-nothing program came away with top honors -- complete with official-looking seals of approval -- from at least 16 download sites.

"I should be delighted at this recognition of the quality of my software, except that the 'software' doesn't even run," Brice wrote of the experiment on his blog. "This is hardly surprising when you consider that it is just a text file with the words 'this program does nothing at all" repeated a few times and then renamed as an .exe."

Of the nearly 1,000 download sites that received a copy of "awardmestars," 218 now offer the file for download. Brice said the junk file is awaiting review at nearly 400 other sites. The good news is that some 421 download sites did see the program for what it was worth and rejected it outright.

"The truth is that many download sites are just electronic dung heaps, using fake awards, dubious [search engine optimization] and content misappropriated ... in a pathetic attempt to make a few dollars from Google Adwords," Brice said. "Hopefully these bottom-feeders will be put out of business by the continually improving search engines, leaving only the better sites."
This story got picked up late last week by news-for-nerds megasite Slashdot.org, and the discussion has some interesting perspectives from other programmers and their experiences with software awards.

While there may indeed be hundreds of legitimate download sites that don't try to pull one over on visitors, I've never strayed far beyond a handful of sites that I have come to know fairly well, such as CNet's Download.com, SourceForge.net, and Tucows.com.

Security Fix
Brian Krebs on Computer Security
The Washington Post Company

No comments: