FlightSimLabs Installs More Questionable Stuff On Users' Machines, Then Threatens Reddit

from the bumpy-landing dept

Hopefully you will recall FlightSimLabs, the company that makes custom add-ons for computer flight simulation software. FSL made it onto our pages after a Reddit user noticed that every installation of FSL software, including that of a legitimate purchase, installed a file named “test.exe” which was not just a form of DRM, but which also serves as a Chrome password dumping tool, extracting user names and passwords from people’s web browsers. Whatever the fuzzy line between DRM software and malware, FLS’s installation of its text.exe file clearly leapt over that line with a flourish. The backlash in the Reddit communities and elsewhere was swift and severe, leading Lefteris Kalamaras, who runs FSL, to release the following statement.

We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!

And that really, really should have been the end of it. If nothing else, the backlash from the community should have informed FSL as to the precise tolerance its customers had for this type of nonsense, which is to say zero. Amazingly, despite Kalamaras’ promise, it appears FSL tried to give this DRM thing another try, and somehow managed to make itself look even shittier in the process.

Just before the weekend, Reddit user /u/walkday reported finding something unusual in his A320X module, the same module that caused the earlier controversy.

“The latest installer of FSLabs’ A320X puts two cmdhost.exe files under ‘system32’ and ‘SysWOW64’ of my Windows directory. Despite the name, they don’t open a command-line window,” he reported. “They’re a part of the authentication because, if you remove them, the A320X won’t get loaded. Does someone here know more about cmdhost.exe? Why does FSLabs give them such a deceptive name and put them in the system folders? I hate them for polluting my system folder unless, of course, it is a dll used by different applications.”

If you don’t have a technical background at all, essentially FSL attempted to deliver DRM again onto users’ machines, but named the files to mimic a common Windows background file that users see all the time. It’s actually quite common for a user opening Task Manager to see several instances of cmdhost.exe running at once. In other words, it’s the kind of thing nearly everyone would scroll past, assuming its legit.

As several people on Reddit have pointed out, this sort of misleading naming of software services is a hallmark of malware.

“Hiding something named to resemble Window’s “Console Window Host” process in system folders is a huge red flag,” one user wrote.

“It’s a malware tactic used to deceive users into thinking the executable is a part of the OS, thus being trusted and not deleted. Really dodgy tactic, don’t trust it and don’t trust them,” opined another.

Why FSL seems to get all of its best ideas from the realm of malware is an open question. The company put out a statement explaining that the file is a part of its product activation software and that the file had been vetted by every major antivirus maker out there. Both appear to be true, which doesn’t even begin to explain why FSL, having had its reputation so thoroughly tarnished recently, thought pulling this name convention trick with its DRM was a good idea. Reddit users remained on the warpath, causing FSL to really torpedo its reputation even further.

In private messages to the moderators of the /r/flightsim sub-Reddit, FSLabs’ Marketing and PR Manager Simon Kelsey suggested that the mods should do something about the thread in question or face possible legal action.

“Just a gentle reminder of Reddit’s obligations as a publisher in order to ensure that any libelous content is taken down as soon as you become aware of it,” Kelsey wrote.

Noting that FSLabs welcomes “robust fair comment and opinion”, Kelsey gave the following advice.

“The ‘cmdhost.exe’ file in question is an entirely above board part of our anti-piracy protection and has been submitted to numerous anti-virus providers in order to verify that it poses no threat. Therefore, ANY suggestion that current or future products pose any threat to users is absolutely false and libelous.”

The letter concluded with the suggestion of how much FSL would just hate to have to get their lawyers involved if the Reddit moderators left the critical posts up. The mods refused to comply, leading to FSL sending another message to the moderators accusing the critical posts of being defamatory and, if not cleaned up, the company would have “no choice” but to send in the lawyers.

Just to be clear, the legal threats here are nonsense. Contrary to the claims in the message, Reddit is not under any “obligation as a publisher” to take down such content, thanks to CDA 230. Oh, and all of that presumes that the original content is, indeed, libelous. Which it is not.

The mods again refused, while also accusing FSL of trying to game Reddit’s voting system to push down critical posts.

“While what you do on your forum is certainly your prerogative, your rules do not extend to Reddit nor the r/flightsim subreddit. Removing content you disagree with is simply not within our purview.”

The letter, which is worth reading in full, refutes Kelsey’s claims and also suggests that critics of FSLabs may have been subjected to Reddit vote manipulation and coordinated efforts to discredit them.

Once again, responding to internet posts and comments a company doesn’t like by trying to censor them, particularly after going through a reputational gauntlet previously, might just be about as dumb as it gets. Between the DRM, the shady installation of software, and the anti-consumer behavior to cover it all up, one wonders what flight simulator mod could possibly be worth engaging with FlightSimLabs ever again.

Filed Under: , , , , , , ,
Companies: flightsimlabs, reddit

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FlightSimLabs Installs More Questionable Stuff On Users' Machines, Then Threatens Reddit”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Flight sim people are weird and trapped

If you invest in flight sims any or all you likely have thousands tied up in hardware plus whatever software and you are likely obsessed so you aren’t going to throw it all over to play doom xxx no your ready for extortion, what was that err … nintendo? flight sim game that called you a looser, if your already down with that you may was well play BDME and slavery and you.

PaulT (profile) says:

So, yet again, a company installs literal spyware on innocent peoples’ computers and openly breaks various laws in order to try and make money they imagine is owed to them (on the very broken assumption that a pirated copy equals a full priced lost sale).

So, which tactic will our resident idiots use? The one where any action is acceptable if a company thinks it’s losing money, lying about everyone who dares criticise said companies, or do we have the one where all gamers are personally attacked because a tiny niche market unaware of this company’s actions might continue to but from them?

Let’s see. The stupidity of those trying to defend these companies’ actions is sometimes as entertaining as the actions themselves.

Anonymous Coward says:

Re: Re:

Remember when average_joe and out_of_the_blue furiously insisted that the Sony rootkits were an “anomaly”? Never mind the fact that Sony was never punished for it, as recent as five years ago before this company rightsholders demanded for the right to install malware on computers they thought belonged to pirates.

Copyright-types – always going to be a fucked up bunch.

PaulT (profile) says:

Re: Re: Re:

I’m sure someone’s either working on it, or the company is such a niche / irrelevant entity it’s taking their own self-promotion to get authorities to notice them. Actually, why indict them now, when they seem intent on publicising everything bad they’re doing in public forums?

Either way, I’m positive that what they’re doing has to be more illegal – and is certainly more morally objectionable – and the piracy they claim to be trying to fight.

Anonymous Coward says:

Re: Re: Re: Re:

Selective Enforcement is technically Unconstitutional and runs afoul of several “equal protection under the laws” statutes that exist practically all over the place in government and law.

But it’s not like we expect citizens to give enough of a shit about that for there to be a change in their voting habits. There are much bigger issues to be addressed like who is fucking who in the privacy of their own bedroom and if money was involved or how to take peoples guns away. No matter which party you pine for the problem remains the same.

That One Guy (profile) says:

Nothing shady here at all...

The company put out a statement explaining that the file is a part of its product activation software and that the file had been vetted by every major antivirus maker out there. Both appear to be true, which doesn’t even begin to explain why FSL, having had its reputation so thoroughly tarnished recently, thought pulling this name convention trick with its DRM was a good idea.

… because as any good salesman/programmer/anyone with a working brain knows, the very best way to make it clear that a particular bit of code is totally aboveboard and not at all shady is to covertly slip it in with the rest of your program, using a technique commonly used by those pushing malware.

Their previous stunt of adding malware to their program burned through all the trust they might have enjoyed, and that they tried this leads me to suspect that despite their ‘we’re sorry you were offended’ apology for that stunt, they haven’t learned a thing.

Anonymous Coward says:

Re: Nothing shady here at all...

It also makes me wonder what hidden capabilities the new software has. Antivirus can only stop known malware, sure an antivirus company can analyze and produce new definitions, but unless I see proof of who the top consulting firms were as well as a report, I wouldn’t trust their latest attempt at malware.

Clik Soft (profile) says:

Development And Industrial Training Company

9781896895 – Industrial Training Company In Chandigarh, Mohali |ClikSoft, Advance PHP, CMS), iOS , Android , Networking, Autocad, Embedded, Web Designing etc.
Industrial Training Company In Chandigarh, Industrial Training Company In Mohali.ClikSoft is a Professional SEO and Website Design / Development Company in Mohali and Chandigarh. 100% Clients Satisfied with us.

That Anonymous Coward (profile) says:

We did this to stop the pirates!!!!!!!!

Of course we used underhanded tactics used by those with ill intentions, but we’re the good guys!!

Hey wait, why are you guys using pirated versions with this “feature” stripped out?!!?

You HAD a devoted customer base.
You fucked them over once, pretended you were sorry, and are SHOCKED your latest bad idea burned you so bad.

You can tell it’s a really bad plan because they are playing all of the cards trying to remove people stating their opinion on a game company who uses malware style tactics. Vetted by AV vendors… because AV NEVER FAILS.
Because you assholes put a password dumper on our machines last time we’re supposed to trust you this time that its safe?
Produce a letter from an outside firm that your misleading program is not a threat to anyone.

Cause – We use sketchy tactics that can screw our cusotmers.
Effect – Why are more people looking for pirate copies stripped of this latest stupidity??

You have them locked into your platform, but you’ve done a very good job of pushing them to find a replacement. Hell a competitor could offer a discount to those customers fleeing you & make a killing.

Grats on trying to destroy your company yet again, I hope you manage to do it this time so that you can learn. Stupid should hurt and I hope you get sued into oblivion so a reputable person like Martin Shkreli can buy you in a bankruptcy sale… he might be a prick but hes honest about it.

OA (profile) says:

…the file had been vetted by every major antivirus maker out there…

  1. Awhile ago I came to the opinion that AV maker sometimes mark files known to be harmless as malware and vice versa. As a result, IMO, they lost any presumption of trust.

  2. FSL’s relevant relationships are with their customers, potential customers and the law; NOT with pirates or AV companies.

…why FSL, having had its reputation so thoroughly tarnished recently, thought pulling this name convention trick with its DRM was a good idea…

Like so many others, FSL seems to be suffering from Contempt-of-Customer, and a lack of concern for law or decency. As others have said, so many seem to think they deserve as much money as can be gotten and have little restraint about the doing.

ALSO, actual pirates would just strip the DRM anyway!

Mason Wheeler (profile) says:

Whatever the fuzzy line between DRM software and malware

There is no line, "fuzzy" or otherwise. DRM is malware, and needs to be recognized by the law as such. Accusations of copyright infringement need to be treated the same way as accusations of any other lawbreaking: the accused is innocent until proven guilty in a court of law. People aware of this issue have been trying to raise the alarm ever since the DMCA was first passed, and now look at how many other places the presumption of innocence is under attack in our society! We need to push back.

John85851 (profile) says:

Let them sue

I say let FSL sue Reddit and see what happens.
It wouldn’t take long for Reddit’s lawyers to show that FSL’s tactics don’t pass the “duck test”: if it looks like malware, if it smells like malware, and if it quacks like malware, then it’s malware.
And look- a judge ruled *on the public record* that FSL is installing malware! Won’t that be great for their business?

Thad (user link) says:

Re: Let them sue

I say let FSL sue Reddit and see what happens.
It wouldn’t take long for Reddit’s lawyers to show that FSL’s tactics don’t pass the "duck test": if it looks like malware, if it smells like malware, and if it quacks like malware, then it’s malware.

That’s…not how defamation suits work.

First, there’s the question of Reddit’s liability. Techdirt has quite a lot of articles on this subject under the section 230 tag, and Highlights From Former Rep. Chris Cox’s Amicus Brief Explaining The History And Policy Behind Section 230 is an excellent recent primer.

Second, there’s no "duck test". Calling the files that the software puts on the user’s computer "malware" is an opinion based on disclosed facts; therefore, it’s not defamatory. Here are a couple of good, recent Popehat articles that deal with the question of opinions based on disclosed facts:

Stephanie Clifford aka Stormy Daniels Files Questionable Defamation Suit Against Donald Trump In New York: Analysis

About The Bogus Defamation Claim Against Lee Stranahan

The difference between defamation and opinions based on disclosed facts is also near and dear to Techdirt, as it was the crux of Shiva Ayyadurai’s failed lawsuit. There’s plenty of information under the shiva ayyadurai tag, and a summary, plus the judge’s opinion, under Case Dismissed: Judge Throws Out Shiva Ayyadurai’s Defamation Lawsuit Against Techdirt. (As far as I know, the case is still pending appeal, but don’t expect Ayyadurai to do any better the second time than he did the first.)

Sunhawk says:

A bit of poking around and apparently this file that’s been “vetted” more or less is a hollow shell of administrator privilege that another process can slip themselves into.

Which is, needless to say, *not* at all safe; it effectively opens your computer wide open. And (possibly) gives admin access to the flight sim and all other add-ons as well.

Again, very much *not* a desirable thing.

amozabael (profile) says:

There are legitimate uses for functions that malware uses

I wouldn’t say that they are putting more malware into the computer from this alone.

The Oblivion Script Extender (OBSE) which is required to run many Mods for the game TES-IV Oblivion uses DLL Injection when it is launched. A common tactic used by malware.

This is how it inserts the code to allow for the extended scripting capabilities that OBSE dependent mods use for their enhanced features that would otherwise be impossible.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...