Fog Creek Software
Discussion Board




Did spyware kill shareware?

A question to shareware authors.

Are people still ready to download and try out shareware?

How do you create enough trust so that people would
not suspect you of planting another key logger?

Is security paranoia much of an issue with regular users, or is that more of a corporate thing (Corporate policy like never ever install anything not approaved by the company) ?

Michael Moser
Sunday, June 20, 2004


... and are there shareware authors around, who choose to write applications in a sandbox (either java or .net) just because of the trust issue?

Michael Moser
Sunday, June 20, 2004


I'd say that adware, spyware and Open Source together are all killing shareware.


Why take a risk on a project/product you don't know and can't know (ie. look at the source) if you can get a comparable Open Source app?

KC
Sunday, June 20, 2004

Only programmers care about looking at the source.

I still download & try out software on a regular basis, but there's so much out there, that if I can find a freeware program that gets the job done, and I'm sure I can, I'll go for that one.

Antivirus, Antispyware, Firewall, I've got it all. Maybe something slips through from time to time, but I'm pretty secure.

www.MarkTAW.com
Sunday, June 20, 2004

That's a good question.  It is interesting that, from my perspective, the majority of shareware download sites are marginalized purveyors of - gakk, something, flashing banners, casinos, warez crack links, porn, pop-ups and who knows what.  Scum and villany.  Yet somewhere in there is a nugget of software which might be useful. Do I dare touch it?  Fahgetaboutit.

Another question:  Has free software licensing marginalized shareware?  For purposes of VxWorks development, I had to install a windows FTP server.  Well, no repectable Linux user is going to pay for a protocol as simple as FTP.  But, this is a windows environment.  What's out there?  WS_FTP at $495 per license?  Laughable.  WarFTP comes with source and an free license.  Got it.

Quite an interesting world out there these days.

hoser
Sunday, June 20, 2004

While spyware may have something to do with it, I'd say what's really killing shareware is the expectation people have of software:  They expect it to be free.

Nobody wants to pay for software anymore.  You can play free flash games on the web more sophisticated that the games people were paying $50 for ten years ago.  The overwhelming glut of free software has spoiled people.

I don't think Open Source has much to do with it, because 99% of consumers wouldn't even know what it was.

non
Sunday, June 20, 2004

Everybody expects free software, and everybody expects to post their questions to the web and have experts answer them for free.

This will all change, soon!

Seer
Sunday, June 20, 2004

IIS has an FTP server included (for free) with Windows :)

I stopped downloading shareware that hasn't made a name for itself due to the spyware issue - I'll stick with things like Paint Shop Pro or WinZip, but I won't download newer entries unless a trusted source reviews the software first.

Ankur
Monday, June 21, 2004

> Why take a risk on a project/product you don't know
> and can't know (ie. look at the source) if you can get a
> comparable Open Source app?

Some combination of the following:

1) You're not a programmer and don't understand the source.
2) You *are* a programmer but can't afford to spend the time looking at the source, so you go for whichever type of software does what you want it to.

And, most interestingly:

3) When you buy software, you're paying for the expectation that the product will be supported by someone.  If there's a company selling software, it's reasonable to assume that they have a commitment to supporting their users, and continuing to develop the product in future.  There's one simple place you can go to get help, and you know about it from the word "go".  Of course, this commitment may or may not actually exist, but it's all about perception.

This perception may well be there for the high profile OS/FS offerings (Mozilla, Linux, anything from GNU, etc.) and indeed there is a wealth of information available for these things, and many people/organizations you can ask for help.  However, there will still be people who want to see a company behind a product, or a company offering support for same.

Somehow this puts me in mind of the discussion between a Linux spokesman and a potential OS customer outlined in "In the Beginning was the Command Line" by Neal Stephenson (http://www.cryptonomicon.com/beginning.html)

> Hacker with bullhorn: "Save your money! Accept one of
> our free tanks [Linux]! It is invulnerable, and can drive
> across rocks and swamps at ninety miles an hour while
> getting a hundred miles to the gallon!"
>
> Prospective station wagon [Windows] buyer: "I know
> what you say is true...but...er...I don't know how to
> maintain a tank!"
>
> Bullhorn: "You don't know how to maintain a station
> wagon either!"
>
> Buyer: "But this dealership has mechanics on staff. If
> something goes wrong with my station wagon, I can
> take a day off work, bring it here, and pay them to work
> on it while I sit in the waiting room for hours, listening to
> elevator music."
>
> Bullhorn: "But if you accept one of our free tanks we will
> send volunteers to your house to fix it for free while you
> sleep!"
>
> Buyer: "Stay away from my house, you freak!"
>
> Bullhorn: "But..."
>
> Buyer: "Can't you see that everyone is buying station
> wagons?"

Tim Serong
Monday, June 21, 2004

To answer the original posters question, yes people are willing to download and try software. We have seen consistent growth in our download rates over the last year. Spyware probably has a small impact but if you present a professional web site with a stated policy and open forums’s you can generate enough trust for people to download and buy.

If an Author had a problem with trust I can’t see how developing in a sandbox would help, if you can’t present yourself as trustworthy then no amount of technology is going to get the customer to install your software.

I don’t agree with the point on Open Source killing shareware, it costs money to develop and promote software, if you have no money coming in then you can’t promote it. The only significant open source projects used are supported by organisations like IBM or Redhat which have an interest in there being an alternative to the commercial market leader. As soon as you look outside the mainstream there are gaping holes which open source doesn’t and can’t fulfill. Ask Joel, he has two products with huge amounts of OS competition yet his business appears to be thriving.

Hoser makes a good point about download sites, as the majority of them don’t validate the software they promote anything can get through. Download sites have probably had their day in terms of promoting software, we now get far more sales from other sources.

Tony Edgecombe
Monday, June 21, 2004

Well reputable sites like download.com, snapfiles, majorgeek are the place that I trust to download freeware/shareware. I never download directly from site that I don't know anything about.

Zaenal Haq
Monday, June 21, 2004

The only thing you need to get a listing on download.com is $79, as far as I'm aware the only download site who do check out your software before listing is Tucows.

Tony Edgecombe
Monday, June 21, 2004

"Why take a risk on a project/product you don't know and can't know (ie. look at the source) if you can get a comparable Open Source app?"

In all honesty, it's because quality matters above all else.  Open vs. closed source is irrelevant; what matters is that the software is reliable and easy to use.  There's some incredible open source software for behind the scenes stuff, like Perl and Python, but in my experience, under Windows, there's very little in terms of open source that can compete with commercial and shareware applications.  There's some, yes, but not much.

Now on spyware killing shareware, yes, that's very true.  People are getting afraid to download and run anything.  This applies equally to commercial demos and precompiled open source applications.

Junkster
Monday, June 21, 2004

It's an interesting question.  I hadn't thought it about it that before, but I know that I'm very wary of downloading and installing stuff now.

If anything, it's doing more damage to freeware, if that makes any sense.  You have to figure that shareware is supported by the money people pay, not by fees from spyware referals.  I'm much more suspicious of professional-looking free software these days.

David (www.davesez.com)
Monday, June 21, 2004

I don't understand how you can believe "looking at the sourcde" is going to give you any info wrt. spyware etc. All it takes is planting one frigging byte to create a vulnerability. Software that has had decades of manhours sifting through the code still turns up to have vulnerabilities, but somehow, some people still believe that a quick codesniff by their godly eyes will prove some software is "clear".
I mean wtf are you looking for?

/* Here we plant the bufferoverflow that we will exploit to plant our keylogger */

strcpy(buf, code);

Just me (Sir to you)
Tuesday, June 22, 2004

Just me: I think it's largely about accountability.  If somebody *does* find a security hole (by observing it in action -- not by examining source code), you look at the diffs in CVS and see, oh, Larry Wall put that there.  Well, he's a good guy, and it looks like an accident, so it's not too bad.  Or: here's a script that Larry wrote, so we can trust it.

Or, here's a program that's been hacked on by 50 different people over the past 5 years.  By now, all of the original code has been changed, so unless they're all in cahoots, it's probably pretty safe.

OTOH, companies feel like big black boxes.  If you do find a security hole, how soon until they fix it?  How did the bad code get in there?  Who wrote it?  Who fixed it?

Also, proprietary programs have had backdoors in them for years before they were discovered.  I can't think of any open-source program that did that.

Open-source programs usually have a benevolent-dictator.  There's one guy betting his reputation on the quality of this program, and showing you the code, to boot.  This turns out to be a pretty good motivator to keep things on the up-and-up.

osg
Sunday, June 27, 2004

*  Recent Topics

*  Fog Creek Home