United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Buyer beware: pointless text file wins 16 software awards

An amusing story over on Successful Software.Net highlights the risky side of relying on freeware and shareware for any mission-critical purpose.

Andy Brice, a UK-based software developer, had grown suspicious about "awards" ascribed to freeware and shareware programs that he knew lacked functions and features of rival offerings. So he invented a program named AwardMeStars. It didn't run; in fact, it wasn't actually a program. It was a text file comprised solely of the words, "This program does nothing at all," and renamed as an executable (.EXE). He had a third party submit his file to just about every software aggregation site; then he sat back to watch the results.

His non-operating, do-nothing program won 16 awards. Various cites labeled it "Certified 5-Star," "Editor's Pick," and "Cool Discovery." All of them, obviously, from sites that didn't even bother to note the blatant name of the program, nor try to run it even once.

What's going on? Brice surmises that the software sites award their top rating to everything submitted, in hopes that the software authors will boast of the awards on their own sites and link back to the aggregator sites -- thus, raising the aggregator site's rankings in search engines.

Small businesses in particular love to rely upon low-cost solutions, and since shareware typically comes from an author with no marketing budget, network administrators who use free tools often find themselves downloading a piece of code they've never heard of. Well, if you're relying on "reviews" and "awards" to help you judge the reputation of that freeware, move carefully. Here is one more reason you should dedicate a computer to being your test machine, keep it off your primary network -- and try before you buy. Or, in the case of freeware, enjoy before you deploy.

Kudos to Brice for sharing his story, and further kudos to Slashdot affiliate freshmeat.com for being one of the few sites to reject Brice's "program." To see the list of sub-standard sites that issue the awards, check out Brice's full story. --D. Scott Pinzon, CISSP

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.