Today I’ve stumbled upon a very interesting article called “Sony, Rootkits and Digital Rights Management Gone Too Far” . The story is simple: a DRM software coming on a musical CD produced by Sony behaves exactly as a malware program: it silently installs on a PC, hides itself from the user, intercepts system calls, monitors running processes and provides no way to uninstall it. I do not want to discuss now how methods like this should attract users to buy legitimate CDs – though I personally will never ever buy a CD with that kind of protection.
I want to discuss another thing – a concept of “well-mannered software”. The idea came to my mind when recently I was installing several programs on my PC. All of a sudden my firewall told me that the installer wants to connect to the Internet. There was no reason why the installer was supposed to do it – it never told me about “looking for updates” or “downloading additional components”, so I blocked the connection. Surprise, surprise – the installer didn’t complain about that, it just quietly completed the installation with no error messages. Well, actually, it quietly made an attempt to make something run on startup, which was detected by SpyBot, and also forbidden by me. The same happened with other programs I’ve installed – I just had to sit, watch the installers and keep slapping their hands when they tried to do something they were not supposed to.
It seems to be the current state of things: the software considers itself to be smarter than the user, and doesn’t bother to tell the user about its actions. If a computer can be considered as a house for the software, then the user is its landlord, and the applications are tenants. So now the tenants run the house, and the landlord is pushed aside. This makes some people angry, some people miserable, and it definitely makes all of us very insecure.
So, here I suggest the new trend, the new direction – “Well-Mannered Software” (WMS).
WMS should follow just one simple rule
WMS should not do anything, which is not necessary for its normal functions without explaining the action to the user and getting the user’s permission.
An installer should not go online without telling the user “I am going to check for updates – will connect to the site blah.com. Is it OK?”
An image viewer should not add an item to your startup sequence without asking “I will install color manager to run on startup. OK?”
And a music CD should not install a poorly written piece of malware on your computer without…. No, it just shouldn’t do it at all.