New in bundleware: cryptoware

Any other tech-related topics
Post Reply
Message
Author
User avatar
webfork
Posts: 10188
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

New in bundleware: cryptoware

#1 Post by webfork » Tue Jan 11, 2022 5:04 pm

So it's come to my attention that there's a new way that software developers are trying to recover their costs: proof of work systems or "cryptoware"


What's wrong with some companies making money?

While I can imagine for most this is unimportant / non-news, I want to suggest a few cases where the process could be as bad or worse than malware:
  • Reduced life - Devices that don't get adequate cooling can be damaged by running at 100% all the time. As Ghacks the article notes "whether mining is profitable depends on a number of factors, including the cost of electricity but also wear and tear of the hardware (source)."
  • Battery issues - Although I'd assume these programs run in a reduced state on battery, if for whatever reason the software isn't aware the system is running on battery, the program will zap your battery life (along with your battery).
  • Waste heat - Running these programs during the summer means you pay twice: once for the electricity to power your hardware and again for the air conditioning necessary to cool it down. It's easily possible that it ends up cheaper to just buy the commercial software program versus all the extra electricity charges.
  • Pointless - Hardware not suited for "Proof of Work" tasks like these are wildly inefficient, meaning you spend many hours worth of electricity for very little gain. Notably the Norton option on this front seems to be aware of this and includes minimum system requirements, but it's unlikely other programs will be so cautious.
  • Performance issues - Norton (one of the antivirius tools has seen criticism for "heavy slowdown during full scans. (pcworld)" I'd be very surprised if it didn't slow down even more with this process. After all, searching your computer for problems isn't actively making them money.
Ghacks lists several other reasons this should be avoided: 1 2


How does that affect portablefreeware.com?

This is not policy, this is just my perspective. For my part, I'll be trying to integrate a more thorough testing processes to make sure free software doesn't include these processes.

And because of the issues mentioned above, I plan to treat programs like this as malware.


How do I prevent these types of programs?

Ideally download from reputable sources or run programs like CryptoPrevent. While it was intended to prevent cryptojacking, this program could represent one security group block crypto programs enabled by other security software. Which is bizarre.

Related

User avatar
Andrew Lee
Posts: 2755
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: New in bundleware: cryptoware

#2 Post by Andrew Lee » Tue Jan 11, 2022 6:59 pm

Can't believe it has come down to this.

I think going forward, it will evolve to 4 levels of nastiness:

1. Software that runs a crypto miner but try to hide it and not let you know.

2. Software that lets you know upfront, runs the crypto miner by default, and does not provide for an easy way for you to turn it off

3. Software that lets you know upfront, runs the cypto miner by default, and provide an easy way for you to turn it off

4. Software that lets you know upfront, includes the miner but does not run it by default, let you opt-in to the process

I would prefer my software without the nastiness, thank you.

Post Reply