RealPlayer branded badware
p2pnet news | Music:- It’s been a long time coming but RealNetworks’ RealPlayer has finally being officially acknowledged as a very dodgy application.
"We find that RealPlayer 10.5 is badware because it fails to accurately and completely disclose the fact that it installs advertising software on the user’s computer," says Stopbadware.org, going on:
We additionally find that RealPlayer 11 is badware because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.
We currently recommend that users do not install the versions of RealPlayer software that we tested, unless the user is comfortable with the software behaviors we identify or until the application is updated to be consistent with the recommendations contained in this report.
At the beginning of last month, another in a long line of RealPlayer flaws came to light.
"Evgeny Legerov has reported a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user’s system," said Secunia, going on:
"The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow."
Of the current bad or undisclosed behavior, "Software does not fully, accurately, clearly, and conspicuously disclose the principal and significant features and functionality of the application prior to installation (guideline II.A.a.iii.)," says Stopbadware.org.
The advertising software bundled with RealPlayer is misleadingly called a ‘message center’, and is described incompletely and inconspicuously in the EULA as software designed to provide useful software updates. When RealPlayer 10.5 is installed, the advertising features of this ‘message center’ are enabled by default for users who choose not to register their personal information with RealNetworks after the software is installed.
Software which installs deceptively (guideline III.A.)
RealPlayer 11 does not disclose that it installs Rhapsody Player Engine, and does not remove this software when RealPlayer is uninstalled. Users are not informed by the installer or uninstaller of the connection between RealNetworks and Rhapsody Player Engine.
"This alert represents StopBadware’s findings during our initial testing period," it warns in bold type, adding:
"Additional badware behaviors that were not initially detected may exist in the application."
In case you’re thinking the disclosure site is just another security firm trying to cash in on user fears, it’s in fact a "Neighborhood Watch" campaign aimed at fighting badware.
Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute are leading it, backed by companies such as Google, Lenovo, and Sun Microsystems with Consumer Reports WebWatch ian unpaid special advisor.
John Palfrey, Executive Director of the Berkman Center and Harvard Clinical Professor of Law, and Jonathan Zittrain, Harvard Law Visiting Professor and Professor of Internet Governance and Regulation at Oxford University, are StopBadware.org co-directors, supported by an advisory board and working group comprising some of the top experts in the field, including Internet pioneers Esther Dyson and Vint Cerf.
Also See:
RealPlayer flaws – Hollywood Christmas goldmine, December 27, 2007
Secunia – RealPlayer Unspecified Buffer Overflow Vulnerability, Januarey 3, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
February 1st, 2008 at 11:41 am
Why Google is not listing real.com as domain distributing badware?
Google is usually using stopbadware site for explanation.
February 1st, 2008 at 11:54 am
I have no problem with this finding. It has long been known by the internet community that RealPlayer has spyware and is not to be trusted as a program if you are concerned with security.
I won’t allow this program on my computer. I value my security and it is most obvious that my desires and the desires of this company are at odds with each other. It comes down to “it’s my computer” and what is on it is my business not someone trying to make a dime on my resources.
February 1st, 2008 at 12:44 pm
I did not installed realplayer or Window media player and I will not. All the players I am using now are open source and they work better. A lot of companies are making crapy and intrusive software making your system slow and unsafe.
The worst of all is window Vista. A real piece of Shit!
February 1st, 2008 at 2:34 pm
I much agree that Media Player is right in there with RealPlayer. This is another app I uninstall but at the slightest excuse, it is right back in there trying to reinstall. All versions of Media Player after version 9 can not be totally uninstalled if it comes installed on your computer or if you chose to install it. Like the poster above, I care for neither of these programs, preferring third party software with more choices, ablilites, and control on the application.
Vista is a temporary vistor to my computer. When the warrenty goes, so does the OS.
February 1st, 2008 at 5:18 pm
Who uses Windows Media Player anyways? I use VLC for standard codecs and Media Player Classic / mplayer for non-standard codecs.
February 1st, 2008 at 8:25 pm
I use Media Player Classic to read nearly anything (I have to use vlc to watch stream tv from my ISP).
I use Real Alternative to play real media (and QuickTime Alternative also, I don’t like QuickTime player).
You can get all this here : http://www.codecguide.com/
February 1st, 2008 at 9:29 pm
This page is priceless!
http://jogin.com/weblog/archives/2004/02/29/real_obnoxious
Real Obnoxious
“This is the rant about Real’s fantastically crappy product that caused the reactions from former Real Networks employees.”
At the bottom, there are two followups:
Real Reply
“I got several e-mail from people who used to work for Real Networks, they offer some reasons for Real Player’s invasiveness and hostility, and their own perspectives.”
Real Proof
“I got an e-mail from a consultant who used to work for Real, he/she offers some interesting information about the attitudes at Real, and why the product sucks so bad.”
February 3rd, 2008 at 3:11 am
from my experience, the Combined Community Codec Pack in combination with Media Player Classic (which comes with CCCP) is the best for basically all video playing (VLC is good, however it has problems with some codecs, especially if subtitles that are not hard encoded are involved)
February 3rd, 2008 at 9:22 am
Unrelated Weekend Report
LimeWire led to data breach: N.L. justice minister
http://www.cbc.ca/canada/newfoundland-labrador/story/2008/02/01/limewire-breach.html
âA popular file-sharing program exposed the private details of more than 150 people over the internet earlier this month, the Newfoundland and Labrador government said Thursday.
Justice Minister Jerome Kennedy said 694 files were affected by a breach detected last week by a New York-based security company.
Kennedy told reporters that an outside consultant had installed LimeWire, a popular program used to swap music for free, on a laptop computer that was being used to work with data for the Workplace Health, Safety and Compensation Commission.â
February 3rd, 2008 at 6:00 pm
I use an xbox with xbmc.
It plays everything and anything at all.
Except HD vids.
But who watches/buys them?
Class Realplayer _and_ Quicktime as malware.