Companies bundling spyware, adware with open-source media player

Summary:VideoLAN named-and-shamed at least 25 companies that are guilty of bundling spyware and adware programs with the highly rated open-source VLC media player.

VideoLAN developer Ludovic Fauvet has come out swinging against companies that bundle adware and spyware with the open-source VLC media player.

"At VideoLAN we’re really fed up with all those websites/companies that are tricking our users to download malware and violate our IP by distributing misleading versions of VLC without conforming to the GPL license," Fauvet said.

"What bothers us the most is that many of them are bundling VLC with various crapware to monetize it in ways that mislead our users by thinking they’re downloading an original version. This is not acceptable," he added.

follow Ryan Naraine on twitter

Fauvet named-and-shamed at least 25 companies that were guilty of bundling spyware and adware programs with the highly rated open-source media player.

"The result is a poor product that doesn’t work as intended, that can’t be uninstalled and that clearly abuses its users and their privacy. Not to mention that it also discredits our work as volunteers and that it’s time-consuming, time that is not invested in the development," he argued.

Fauvet called on users to always download the VLC media player from the project's official website.

Separately, VideoLAN shipped a patch for a pair of "highly critical" security holes that expose users to computer hijack.

  • An integer overflow error when parsing a RealAudio data block within RealMedia (RM) files can be exploited to cause a heap-based buffer overflow.
  • An integer underflow error when parsing the "strf" chunk within AVI files can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities allows execution of arbitrary code, Secunia said in an advisory.

The vulnerabilities are confirmed in version 1.1.10. Prior versions may also be affected.

Topics: Open Source, Hardware, Malware, Mobility, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.