* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Competitor install a daemon which kill our product process

Our competitor installs a autostart daemon which detect our product process and just kill it!

The daemon monitor  processes and check its EXE name. If rename any windows EXE to our exe name, it would be killed.  Windbg shows that the daemon calls TerminateProcess against our process.

What should we do? Thanks!
leiju Send private email
Tuesday, September 20, 2011
 
 
The competitor program behaves similar to some viruses. How the competitor program gets installed on you users computers?
If they install it you can't do much.
iMonad Software Send private email
Tuesday, September 20, 2011
 
 
Sorry, that's hilarious.

You should email the competitor and ask them why. If they don't respond, well worded blog post. I'll tweetbook it for sure.
Bring back anon Send private email
Tuesday, September 20, 2011
 
 
That is fantastic. In a way, you could say this was a severe flaw in Windows that this is still allowed.
Scorpio Send private email
Tuesday, September 20, 2011
 
 
write own daemon or sturt up routine to kill their daemon.
Tim_Thaler Send private email
Tuesday, September 20, 2011
 
 
> How the competitor program gets installed on you users computers?

I'm guessing the intent is

either (a) if a user runs trial versions of both programs,  users will see your program never even starts, and therefore buy the competitor

and/or (b) if user is thinking of switching from competitor to you, they try your program, see it doesn't apparently work and give up.


Well you have 3 things you could do:

1. Sue or threaten to sue them. Talk to a lawyer first obviously. Don't do it yourself.  I might be considered unfair competition or something like that.

2. You could make anti-malware companies aware of the daemon and what it does.  Stick to known proveable facts when describing the daemon and how it is installed, and don't get all emotional. It's up to the anti-malware companies to decide whether it counts as malware, trojan, etc., by their own criteria - you don't want thing to turn round on you, but you get accused of malicious submitting an innocent competitor to the the malware companies.

3. Make your program dodge their bullet, by randomly changing its process name or something like that.
S. Tanna Send private email
Tuesday, September 20, 2011
 
 
Reminds me of:
http://en.wikipedia.org/wiki/Core_War

Sounds pretty bad. Just make sure you are 100% sure of the facts before you make any accusations. Also it might be worth talking to a lawyer.
Andy Brice Send private email
Tuesday, September 20, 2011
 
 
You could always have the process rename itself to the name of the daemon process.  Then it might try to kill itself first and throw an exception since it can't terminate the process.
SteveM Send private email
Tuesday, September 20, 2011
 
 
Thanks!

@S. Tanna,

  yes, you are right about the intent. And thanks for the suggestion.

@Andy Brice

  I am pretty sure but will still collect more info.
    a. if rename any windows EXE to our product name, it just exit.
    b. if rename our EXE, the issue disappear
    c. if kill the daemon, the issue disappear.
    d. WinDbg shows the daemon call TerminateProcess once our EXE get started.
leiju Send private email
Tuesday, September 20, 2011
 
 
I suspect all is as others have stated, but can you clarify:

1. What type of application is this?
2. Is this the type off application that a user might only want or only could have one type running at a time?
3. Is there a configuration in the other app that allows for it to kill your app?
Mike Dixon Send private email
Tuesday, September 20, 2011
 
 
>>>2. Is this the type off application that a user might only want or only could have one type running at a time?

  The apps could conflict with each other if some tech issues are not handled carefully.


>>> 3. Is there a configuration in the other app that allows for it to kill your app?

 Come on.  I didn't check and doesn't have one in hand now. but I really don't think so.  And does that make any difference?
leiju Send private email
Tuesday, September 20, 2011
 
 
On your download page notify the users of this virus. As far as you are concerned it is a virus to your application. Virus does not have to target more than one software. All it does is interrupt another process intentionally without the knowledge of the users. therefore it is a virus. Also in your install program check for the daemon and notify the user of the situation and ask if you can kill and remove the daemon. At the end of the day , users are your best ally. Educate them and get their sympathy. users don't like to be manipulated.
cn Send private email
Tuesday, September 20, 2011
 
 
I like cn's suggestion. Here is what I'd try to do:

1) Contact the authors and ask them why they are doing it and whether there is a less violent way to co-exist. If this works out amicably, you're done.

2) Document everything you have attempted to do to resolve the problem. Blog that shit but don't make it a big deal. Perhaps just stick it in as part of a flurry of posts. Use names, but keep it factual.

2a) Contact anti-virus companies. Don't know how well this will go but worth a shot.

3) In the installer, check for the other guy's software and if found, put up a giant warning and link them to your blog post.

You need to make sure you aren't going to take the blame and the blame is correctly placed. If this works out, then you're done. If not, you'll have to sue (assuming you *can* sue them).
Bring back anon Send private email
Tuesday, September 20, 2011
 
 
If this is true, then your competitor is manipulating (i.e. sabotaging) the customer's computers. This may be a serious crime, depending on your specific legislation. And if he doesn't happen to be Sony, he won't get away with some free CDs.

So, collect fail-proof evidence. Best would be to disassemble the competitor's product and isolate the specific code. As a start, use a hex viewer to search for your process name, maybe it's stored in plain text.

Talk to a lawyer, obviously.

Talk to a public relation agency about how to get the best possible PR for your own product out of this.
Secure Send private email
Tuesday, September 20, 2011
 
 
cn: "On your download page notify the users of this virus. As far as you are concerned it is a virus to your application. Virus does not have to target more than one software. All it does is interrupt another process intentionally without the knowledge of the users. therefore it is a virus."

Nope.  A virus replicates.

You are describing malware in general.

Sincerely,

Gene Wirchenko
Gene Wirchenko Send private email
Tuesday, September 20, 2011
 
 
stand corrected. Malware is the term i really wanted to use
cn Send private email
Tuesday, September 20, 2011
 
 
You couldn't ask for a better testimonial...

My concern is the issue of two such programs at once, which is a possibly valid reason to shut yours down, though it should tell the user and give them the choice.

AC
Reluctantlyregistered Send private email
Tuesday, September 20, 2011
 
 
What's that old saying? "Never ascribe to malice which can be explained by incompetence", or something like that.

OP said: "The apps could conflict with each other if some tech issues are not handled carefully."

This sounds like a lazy dev that didn't want to handle things carefully so put in a 'fix' for some bugs they were running into.
Doug Send private email
Tuesday, September 20, 2011
 
 
"Check for the other guy's software and if found, put
up a giant warning and link them to your blog post."

Probably not good enough. If I saw that, I'd just not bother with the software, as I don't want to download something that is involved in a  war with another company. As a customer, that turns me right off.
Richard Kimble Send private email
Tuesday, September 20, 2011
 
 
Not if you expose it as malware. don't make it seem directed just at your software. Just expose it as malware. create a tool that disables it and let them download it.
cn Send private email
Tuesday, September 20, 2011
 
 
find out which country they are from. If it is US, report them to FBI. it is a felony. really. installing malware is a felony in us. if it is from outside the US, expose that too and really play it up. don't just put it on your blog. post is to as many places as you can. this will hurt them more than you think. and if what you are saying is REALLY true, there is nothing they can do about it. evidence is already out of their hands.
cn Send private email
Tuesday, September 20, 2011
 
 
cn, exposing it as malware is exactly what you *shouldn't* do. As a potential customer, if I see a product warning me about malware and how to stop it affecting the product, I'd just turn right around and walk away from the product immediately. It's not worth my time and money to always be wondering if the malware is going to "get" my purchase one day in the future. The idea is not to scare your customers away with horror stories and tales of woe, even if you make it look as though it's generic malware. Nobody wants to invest in something that has a negative stigma attached to it.

My recommendation: don't mention it at all. Just submit it to anti-virus companies for inclusion. They do it. I've submitted malware to them before. It's not hard.
Richard Kimble Send private email
Wednesday, September 21, 2011
 
 
> Come on.  I didn't check and doesn't have one in hand now. but I really don't think so.  And does that make any difference?

Yes, as a matter of fact it does. You have failed to include ANY idea of what type of program this is. So the answer is: "It Depends".

I already said that it basically sounded fishy, BUT without details we can't give anything but general ideas.

For example, if their apps purpose is to forbid apps that have global keyboard hooks, and your app has them, then it would be totally legit.

Don't expect detailed answers to your problem if you don't give any details on the problem.
Mike Dixon Send private email
Wednesday, September 21, 2011
 
 
Create a watchdog application that your main application launches.  The watchdog app should monitor your main app.

If your main app closes cleanly via the normal ways your program can exit, signal the watchdog to terminate.

If the main app abruptly terminates, have the watchdog pop up in a window in the foreground with a message briefly describing that the main app terminated abnormally ... then provide a link to a web page that describes the causes ( such as the competing software product. )

I wouldn't necessarily try to one-up the competitor's malware attempt with your own malware; I'd try to communicate professionally about the situation with your customer or prospective customer.
Jim Lawless Send private email
Thursday, September 22, 2011
 
 
I don't know how to do this, but can't you just protect your app from unwanted termination, like Avira Antivir does?  I've never looked into it, but there's obviously a way to do it.  You can't kill Avira in the Task Manager or by any other method.
Richard Kimble Send private email
Sunday, September 25, 2011
 
 
Thanks for your suggestions, guys.

Follow ups:

My partner sent a warning email. And the reply is

----------------------------------------------------
Thanks for you email.

We were detecting the program which prevent our software to * ** in our debug version.
We are sorry for that still enable in the released version.

Don't worry about that, we will remove the detection and release a new version today.
----------------------------------------------------

 
Background Info,
-------------------------------

1. There are a lot competitors/products in our niche. Nobody use this block trick.
2. we don't have a daemon so there is no need to kill us for testing.
leiju Send private email
Sunday, September 25, 2011
 
 
See. I was right.
Bring back anon Send private email
Monday, September 26, 2011
 
 
PS: They're bullshitting you about doing it by accident but the problem is solved.
Bring back anon Send private email
Monday, September 26, 2011
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz