incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Piracy - Fwd: [documentation-dev] look this please
Date Mon, 28 Nov 2011 18:51:37 GMT
On Mon, Nov 28, 2011 at 12:19 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> I agree that "pirate" is the wrong term.
>
> The button on the page linked in the complaint downloads a file of only 248kB
> named OpenOfficeSetup.exe.  It is not exactly an OO.o download.
>
> It has a digital signature in the name of appbundler.com and it checks as a
> Verisign Class 3 Code Signing 2010 CA cert. A quick check with Microsoft
> Security Essentials does not detect the file as malware.  It has the usual
> installer icon.
>
> Using Windows XP SP3 in a VM, I ran the program in the Windows XP Run As ...
> restricted-privilege mode.  I was rewarded with the attached message.
>
> Since the digital signature checks OK on the file, the message itself is
> suspect.
>
> A quick web search on "appbundler.com" reveals an extensive reputation for
> distributing adware.
>
> Using Jotti's malware scan, <http://virusscan.jotti.org/en>, there were 12 out
> of 20 detections of malware.  The indications were for
>
>  Adware.Screensave.e
>  ADWARE/Adware.Gen
>  Gen:Variant.Adware.Hotbar.2
>

Cool.  Thanks for giving that a try.  This does not look like the
proper use of the trademarks, any more than adding sand to a Hershey
bar and then giving it away to unsuspecting children while calling it
a Hershey bar would be acceptable.

I recall seeing the same download site linked to

> and Adware screensavers with various detection names.  Not sure how reliable
> any of that is.
>
>  - Dennis
>
>
>
>  - Dennis
>
> -----Original Message-----
> From: Rob Weir [mailto:robweir@apache.org]
> Sent: Monday, November 28, 2011 04:32
> To: ooo-dev@incubator.apache.org
> Subject: Re: Piracy - Fwd: [documentation-dev] look this please
>
> On Mon, Nov 28, 2011 at 7:23 AM, TJ Frazier <tjfrazier@cfl.rr.com> wrote:
>> Anybody know who pursues pirates like this? --/tj/
>>
>
> In what sense is this "faked"?   OOo is open source, so redistributing
> copies of it is permitted.
>
> What would be bad is if someone created a modified version of OOo and
> then confused users by calling it "OpenOffice.org".  There was an
> organization that was rebuilding OOo installs and bundling in all
> sorts of bloatware.  The LGPL  license allows this, but the use of the
> OOo trademark would be a problem,  Do we know if this site is doing
> that?  Anyone have a Windows machine they can "sacrifice" to see what
> this software really is?
>
> -Rob
>
>> -------- Original Message --------
>> Subject:        [documentation-dev] look this please
>> Date:   Mon, 28 Nov 2011 12:31:43 +0100
>> From:   Rafael Forrer <rafael.forrer@gmail.com>
>> Reply-To:       dev@documentation.openoffice.org
>> To:     dev@documentation.openoffice.org
>>
>>
>>
>> Hello
>>
>>
>> This is a Link from a Faked OpenOffice Download Site, help us to
>> terminate this Site please....
>>
>> http://galleries.secure-softwaremanager.com/82449ac2b9/854191c9b511
>>
>> Thanks
>>
>> Rafael Forrer
>>
>>
>

Mime
View raw message