FlightSimLabs Installs More Questionable Stuff On Users' Machines, Then Threatens Reddit

from the bumpy-landing dept

Hopefully you will recall FlightSimLabs, the company that makes custom add-ons for computer flight simulation software. FSL made it onto our pages after a Reddit user noticed that every installation of FSL software, including that of a legitimate purchase, installed a file named "test.exe" which was not just a form of DRM, but which also serves as a Chrome password dumping tool, extracting user names and passwords from people's web browsers. Whatever the fuzzy line between DRM software and malware, FLS's installation of its text.exe file clearly leapt over that line with a flourish. The backlash in the Reddit communities and elsewhere was swift and severe, leading Lefteris Kalamaras, who runs FSL, to release the following statement.

We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!

And that really, really should have been the end of it. If nothing else, the backlash from the community should have informed FSL as to the precise tolerance its customers had for this type of nonsense, which is to say zero. Amazingly, despite Kalamaras' promise, it appears FSL tried to give this DRM thing another try, and somehow managed to make itself look even shittier in the process.

Just before the weekend, Reddit user /u/walkday reported finding something unusual in his A320X module, the same module that caused the earlier controversy.

“The latest installer of FSLabs’ A320X puts two cmdhost.exe files under ‘system32\’ and ‘SysWOW64\’ of my Windows directory. Despite the name, they don’t open a command-line window,” he reported. “They’re a part of the authentication because, if you remove them, the A320X won’t get loaded. Does someone here know more about cmdhost.exe? Why does FSLabs give them such a deceptive name and put them in the system folders? I hate them for polluting my system folder unless, of course, it is a dll used by different applications.”

If you don't have a technical background at all, essentially FSL attempted to deliver DRM again onto users' machines, but named the files to mimic a common Windows background file that users see all the time. It's actually quite common for a user opening Task Manager to see several instances of cmdhost.exe running at once. In other words, it's the kind of thing nearly everyone would scroll past, assuming its legit.

As several people on Reddit have pointed out, this sort of misleading naming of software services is a hallmark of malware.

“Hiding something named to resemble Window’s “Console Window Host” process in system folders is a huge red flag,” one user wrote.

“It’s a malware tactic used to deceive users into thinking the executable is a part of the OS, thus being trusted and not deleted. Really dodgy tactic, don’t trust it and don’t trust them,” opined another.

Why FSL seems to get all of its best ideas from the realm of malware is an open question. The company put out a statement explaining that the file is a part of its product activation software and that the file had been vetted by every major antivirus maker out there. Both appear to be true, which doesn't even begin to explain why FSL, having had its reputation so thoroughly tarnished recently, thought pulling this name convention trick with its DRM was a good idea. Reddit users remained on the warpath, causing FSL to really torpedo its reputation even further.

In private messages to the moderators of the /r/flightsim sub-Reddit, FSLabs’ Marketing and PR Manager Simon Kelsey suggested that the mods should do something about the thread in question or face possible legal action.

“Just a gentle reminder of Reddit’s obligations as a publisher in order to ensure that any libelous content is taken down as soon as you become aware of it,” Kelsey wrote.

Noting that FSLabs welcomes “robust fair comment and opinion”, Kelsey gave the following advice.

“The ‘cmdhost.exe’ file in question is an entirely above board part of our anti-piracy protection and has been submitted to numerous anti-virus providers in order to verify that it poses no threat. Therefore, ANY suggestion that current or future products pose any threat to users is absolutely false and libelous."

The letter concluded with the suggestion of how much FSL would just hate to have to get their lawyers involved if the Reddit moderators left the critical posts up. The mods refused to comply, leading to FSL sending another message to the moderators accusing the critical posts of being defamatory and, if not cleaned up, the company would have "no choice" but to send in the lawyers.

Just to be clear, the legal threats here are nonsense. Contrary to the claims in the message, Reddit is not under any "obligation as a publisher" to take down such content, thanks to CDA 230. Oh, and all of that presumes that the original content is, indeed, libelous. Which it is not.

The mods again refused, while also accusing FSL of trying to game Reddit's voting system to push down critical posts.

“While what you do on your forum is certainly your prerogative, your rules do not extend to Reddit nor the r/flightsim subreddit. Removing content you disagree with is simply not within our purview.”

The letter, which is worth reading in full, refutes Kelsey’s claims and also suggests that critics of FSLabs may have been subjected to Reddit vote manipulation and coordinated efforts to discredit them.

Once again, responding to internet posts and comments a company doesn't like by trying to censor them, particularly after going through a reputational gauntlet previously, might just be about as dumb as it gets. Between the DRM, the shady installation of software, and the anti-consumer behavior to cover it all up, one wonders what flight simulator mod could possibly be worth engaging with FlightSimLabs ever again.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 6 Jun 2018 @ 3:46am

    Flight sim people are weird and trapped

    If you invest in flight sims any or all you likely have thousands tied up in hardware plus whatever software and you are likely obsessed so you aren't going to throw it all over to play doom xxx no your ready for extortion, what was that err ... nintendo? flight sim game that called you a looser, if your already down with that you may was well play BDME and slavery and you.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2018 @ 7:44am

      Re: Flight sim people are weird and trapped

      Um, what?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2018 @ 8:54am

      Re: Flight sim people are weird and trapped

      ARE YOU HAVING A STROKE SIR?

      DO YOU SMELL TOAST?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Jun 2018 @ 1:07pm

        Re: Re: Flight sim people are weird and trapped

        Sorry I’m late!

        F: Face drooping. Ask the person to smile, and see if one side is drooping.
        A: Arm weakness. Ask the person to raise both arms.
        S: Speech difficulty.
        T: Time to call 9-1-1!

        Best of luck on your recovery!

        reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 6 Jun 2018 @ 4:07am

    So, yet again, a company installs literal spyware on innocent peoples' computers and openly breaks various laws in order to try and make money they imagine is owed to them (on the very broken assumption that a pirated copy equals a full priced lost sale).

    So, which tactic will our resident idiots use? The one where any action is acceptable if a company thinks it's losing money, lying about everyone who dares criticise said companies, or do we have the one where all gamers are personally attacked because a tiny niche market unaware of this company's actions might continue to but from them?

    Let's see. The stupidity of those trying to defend these companies' actions is sometimes as entertaining as the actions themselves.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2018 @ 4:47am

      Re:

      Remember when average_joe and out_of_the_blue furiously insisted that the Sony rootkits were an "anomaly"? Never mind the fact that Sony was never punished for it, as recent as five years ago before this company rightsholders demanded for the right to install malware on computers they thought belonged to pirates.

      Copyright-types - always going to be a fucked up bunch.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 6 Jun 2018 @ 5:38am

        Re: Re:

        Their stance has always been the same - the law is the law and cannot be questioned, violators must be punished. Unless breaking it makes *them* more money, in which case it's perfectly optional and everybody else's rights are forfeit.

        reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 6 Jun 2018 @ 4:49am

      Re:

      How exactly does this NOT violate the Computer Fraud and Abuse Act?

      And given that the company has been caught violating the Act quite recently, why is there no indictment?

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 6 Jun 2018 @ 5:36am

        Re: Re:

        I'm sure someone's either working on it, or the company is such a niche / irrelevant entity it's taking their own self-promotion to get authorities to notice them. Actually, why indict them now, when they seem intent on publicising everything bad they're doing in public forums?

        Either way, I'm positive that what they're doing has to be more illegal - and is certainly more morally objectionable - and the piracy they claim to be trying to fight.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Jun 2018 @ 6:33am

        Re: Re:

        Just because something is illegal does not mean the AG or DA will press charges or even investigate. Selective enforcement of the law is a favorite go to for the authoritarian law n order types.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Jun 2018 @ 6:36am

        Re: Re:

        And given that the company has been caught violating the Act quite recently, why is there no indictment?

        Two words: Selective enforcement.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 6 Jun 2018 @ 7:00am

          Re: Re: Re:

          That, and some affected person actually has to report it to a prosecutor.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 6 Jun 2018 @ 10:19am

          Re: Re: Re:

          Selective Enforcement is technically Unconstitutional and runs afoul of several "equal protection under the laws" statutes that exist practically all over the place in government and law.

          But it's not like we expect citizens to give enough of a shit about that for there to be a change in their voting habits. There are much bigger issues to be addressed like who is fucking who in the privacy of their own bedroom and if money was involved or how to take peoples guns away. No matter which party you pine for the problem remains the same.

          reply to this | link to this | view in chronology ]

          • icon
            Bergman (profile), 6 Jun 2018 @ 7:38pm

            Re: Re: Re: Re:

            Unconstitutional enforcement of a law can result in the law being struck down via constitutional challenge. Given how much prosecutors rely on badly written laws like that, you'd think they'd be more careful.

            reply to this | link to this | view in chronology ]

  • icon
    Berenerd (profile), 6 Jun 2018 @ 4:29am

    FSLabs new motto: CRASH AND BURN!!!!!

    reply to this | link to this | view in chronology ]

  • identicon
    spodula, 6 Jun 2018 @ 4:44am

    Its certainly a daring PR strategy based on previous attempts by others to do the same thing.

    Still you never know, perhaps they have found the right combination of legal expertese, bullshit and threats to prevail where others have failed.

    On balance however, i probably wont be putting my money on it though.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 6 Jun 2018 @ 4:56am

    Nothing shady here at all...

    The company put out a statement explaining that the file is a part of its product activation software and that the file had been vetted by every major antivirus maker out there. Both appear to be true, which doesn't even begin to explain why FSL, having had its reputation so thoroughly tarnished recently, thought pulling this name convention trick with its DRM was a good idea.

    ... because as any good salesman/programmer/anyone with a working brain knows, the very best way to make it clear that a particular bit of code is totally aboveboard and not at all shady is to covertly slip it in with the rest of your program, using a technique commonly used by those pushing malware.

    Their previous stunt of adding malware to their program burned through all the trust they might have enjoyed, and that they tried this leads me to suspect that despite their 'we're sorry you were offended' apology for that stunt, they haven't learned a thing.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2018 @ 10:39am

      Re: Nothing shady here at all...

      It also makes me wonder what hidden capabilities the new software has. Antivirus can only stop known malware, sure an antivirus company can analyze and produce new definitions, but unless I see proof of who the top consulting firms were as well as a report, I wouldn't trust their latest attempt at malware.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Jun 2018 @ 12:05pm

      Re: Nothing shady here at all...

      that they tried this leads me to suspect that despite their 'we're sorry you were offended' apology for that stunt, they haven't learned a thing.

      They've learned that if they get caught all they have to do is issue an "apology" and then carry on as before.

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Clik Soft (profile), 6 Jun 2018 @ 5:08am

    Development And Industrial Training Company

    9781896895 - Industrial Training Company In Chandigarh, Mohali |ClikSoft, Advance PHP, CMS), iOS , Android , Networking, Autocad, Embedded, Web Designing etc. Industrial Training Company In Chandigarh, Industrial Training Company In Mohali.ClikSoft is a Professional SEO and Website Design / Development Company in Mohali and Chandigarh. 100% Clients Satisfied with us.

    reply to this | link to this | view in chronology ]

    • identicon
      Development And Industrial Training Company Custom, 6 Jun 2018 @ 5:39am

      Re: Development And Industrial Training Company

      I wasn't. Horrible horrible service.

      reply to this | link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 6 Jun 2018 @ 5:57am

      Re: Development And Industrial Training Company

      Our SEO is based on spamming unrelated forums with BS messages, we'll get you punished by the rankings while robbing you blind.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jun 2018 @ 6:24am

      Re: Development And Industrial Training Company

      Have you tried contacting FlightSimLabs - I have a feeling your company's will like a plane, i mean house, on fire.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jun 2018 @ 7:20pm

      Re: Development And Industrial Training Company

      Posting a spam ad, on a story about a company that does shady things. Targeting the kind of audience that reads a legal/tech blog. Brilliance!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 6 Jun 2018 @ 5:25am

    Eeveryone knows that the proper way to implement DRM is to use code injection to escalate privileges so you can replace the boot loader.

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 6 Jun 2018 @ 6:06am

    We did this to stop the pirates!!!!!!!!

    Of course we used underhanded tactics used by those with ill intentions, but we're the good guys!!

    Hey wait, why are you guys using pirated versions with this "feature" stripped out?!!?

    You HAD a devoted customer base.
    You fucked them over once, pretended you were sorry, and are SHOCKED your latest bad idea burned you so bad.

    You can tell it's a really bad plan because they are playing all of the cards trying to remove people stating their opinion on a game company who uses malware style tactics. Vetted by AV vendors... because AV NEVER FAILS.
    Because you assholes put a password dumper on our machines last time we're supposed to trust you this time that its safe?
    Produce a letter from an outside firm that your misleading program is not a threat to anyone.

    Cause - We use sketchy tactics that can screw our cusotmers.
    Effect - Why are more people looking for pirate copies stripped of this latest stupidity??

    You have them locked into your platform, but you've done a very good job of pushing them to find a replacement. Hell a competitor could offer a discount to those customers fleeing you & make a killing.

    Grats on trying to destroy your company yet again, I hope you manage to do it this time so that you can learn. Stupid should hurt and I hope you get sued into oblivion so a reputable person like Martin Shkreli can buy you in a bankruptcy sale... he might be a prick but hes honest about it.

    reply to this | link to this | view in chronology ]

  • icon
    Avatar28 (profile), 6 Jun 2018 @ 6:57am

    Brilliant tactics

    Trying to bully/threaten users on Reddit is only about one or two steps less stupid than threatening 4chan. I can't imagine this works out well for them.

    reply to this | link to this | view in chronology ]

  • icon
    OA (profile), 6 Jun 2018 @ 8:06am

    ...the file had been vetted by every major antivirus maker out there...

    1. Awhile ago I came to the opinion that AV maker sometimes mark files known to be harmless as malware and vice versa. As a result, IMO, they lost any presumption of trust.

    2. FSL's relevant relationships are with their customers, potential customers and the law; NOT with pirates or AV companies.

    ...why FSL, having had its reputation so thoroughly tarnished recently, thought pulling this name convention trick with its DRM was a good idea...

    Like so many others, FSL seems to be suffering from Contempt-of-Customer, and a lack of concern for law or decency. As others have said, so many seem to think they deserve as much money as can be gotten and have little restraint about the doing.

    ALSO, actual pirates would just strip the DRM anyway!

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 6 Jun 2018 @ 8:33am

    Whatever the fuzzy line between DRM software and malware

    There is no line, "fuzzy" or otherwise. DRM is malware, and needs to be recognized by the law as such. Accusations of copyright infringement need to be treated the same way as accusations of any other lawbreaking: the accused is innocent until proven guilty in a court of law. People aware of this issue have been trying to raise the alarm ever since the DMCA was first passed, and now look at how many other places the presumption of innocence is under attack in our society! We need to push back.

    reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 6 Jun 2018 @ 9:50am

    Let them sue

    I say let FSL sue Reddit and see what happens.
    It wouldn't take long for Reddit's lawyers to show that FSL's tactics don't pass the "duck test": if it looks like malware, if it smells like malware, and if it quacks like malware, then it's malware.
    And look- a judge ruled *on the public record* that FSL is installing malware! Won't that be great for their business?

    reply to this | link to this | view in chronology ]

  • identicon
    Sunhawk, 6 Jun 2018 @ 4:32pm

    A bit of poking around and apparently this file that's been "vetted" more or less is a hollow shell of administrator privilege that another process can slip themselves into.

    Which is, needless to say, *not* at all safe; it effectively opens your computer wide open. And (possibly) gives admin access to the flight sim and all other add-ons as well.

    Again, very much *not* a desirable thing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Jun 2018 @ 5:09pm

    Don't buy their shit. Use Free Software.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jun 2018 @ 3:43am

    "It's actually quite common for a user opening Task Manager to see several instances of cmdhost.exe running at once."

    Just a technicality. This is not quite correct. Windows doesnt have a cmdhost.exe but it has conhost.exe and cmd.exe. The name has been chosen to create confusion with them.

    reply to this | link to this | view in chronology ]

  • identicon
    brian Whittle, 14 Jun 2018 @ 4:30pm

    system files

    Programs should either save in their own folders not strewn around the operating system. Sure piracy can be the death of smaller developers but heavy-handed responses are never the answer.

    reply to this | link to this | view in chronology ]

  • icon
    amozabael (profile), 20 Oct 2018 @ 3:49pm

    There are legitimate uses for functions that malware uses

    I wouldn't say that they are putting more malware into the computer from this alone.

    The Oblivion Script Extender (OBSE) which is required to run many Mods for the game TES-IV Oblivion uses DLL Injection when it is launched. A common tactic used by malware.

    This is how it inserts the code to allow for the extended scripting capabilities that OBSE dependent mods use for their enhanced features that would otherwise be impossible.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.