I literally just cancelled my McAfee subscription because of annoying constant pop-ups like this. At least this one from Microsoft is a legal notice. McAfee constantly spams you to turn on unnecessary features, and even changes settings periodically to turn things on like “browser monitoring”. Literally worse than old school pop-up viruses.
More importantly, it also never caught a single thing. Windows Defender does fine. My buddy in cyber security suggested them for safety despite how bad they are, but I can honestly recommend you should never, ever, get it. Just keep backups and be prepared to nuke your system if needed, and save yourself a pop-up every other day.
I recently made the mistake of installing Avast, and it does the same annoying garbage. The actual settings are buried under a metric shit ton of “Did you know that…?” pop-ups that appear every single time no matter how often you select “do not show me this again”, and it constantly urges you to buy the “premium” version for extra features that are literally useless to me.
And it was a pain to uninstall as well. Some files survived the official Avast uninstall AND separate uninstall from the Task Manager, and messed with the Windows Defender, which was unable to recieve updates for a while until I found and nuked the hidden residue of Avast.
Does your buddy in cybersecurity solve most of his problems by reinstalling Adobe Acrobat and restarting, and if that doesn’t work, muttering about hackers and walking away? Because John McAfee himself didn’t recommend using what the software bearing his name became and was more likely to put a bullet through his PC than install that shit.
While he was living, I don’t think his bullets were most likely to go through another human, but I do believe he was living on a boat because he had to flee Belize (I think?) because we was wanted for murder and couldn’t return to the US because he was wanted for various things there, too (probably including that murder because it was an American).
His advice is only relevant here because his name is on the software, not because he was a good role model. Fascinating guy, but not one to look up to.
Sounds like some people I’ve encountered who really don’t know shit, and have just survived on the ignorance and impressionability of others they con into paying/employing them. Then they just Google every problem they’re tasked with fixing.
Could be. I had the same objections, and brought up how I thought Norton and McAfee were supposed to be garbage. His take was that McAfee had cleaned their act up and was best in class in addition to Windows Defender. I mentioned elsewhere but he’s in the Intelligence Community so he may have reasons he can’t tell me, or just looking at different attack vectors than your average sysadmin. I’ll ask him.
Oh man I totally forgot about this, thanks for the ping.
He said:
“Reasoning? Sigs are only as good as their aperture. McAfee is on a lot of a boxes, catching stuff and creating new sigs. They also have a large staff of very talented people out there finding stuff and creating sigs.
The app does annoyingly keep trying to upsell you. Do they say why it sucks or is it just contempt for the company?”
Which is a valid question. I didn’t actually see anyone say why it sucks here. Literally everyone just said he’s dumb and outdated, when his original advice to me was:
“McAfee is an industry leader. Not bloatware anymore. Can buy for all your devices including phone (one purchase). Defender is excellent. No one solution is better than layered defense. I run defender, McAfee, and fireeye. Malwarebytes is good [this was in response to my earlier question], but you get what you pay for. Kaspersky is sus enough that it’s not permitted on usg or contractor machines. John is insane and may have killed someone. He’ll be found dead with a hooker and enough coke to take down an elephant.”
Then months later when I bitched about paying for it and asked if I really needed it, he said I had to get it because the signatures come out weekly.
So actually curious what other people think. I’ll link this comment to other people who pooh-poohed it and ask why.
He’s in the IC (and so is the other guy who recommended it), so less “sysadmin best practices” and more “stopping state actors” practices, so maybe that has something to do with it. I’ll tell him the Internet thinks he’s wrong and see what he says. He definitely wasn’t saying it was great at the time, just that it was needed in addition to Defender and was way safer than Kaspersky which is basically spyware.
The US intelligence community, or a subset thereof, apparently.
I have no idea his personal skill level or knowledge, but without putting him on blast I know his company has been involved in big stuff. He could theoretically focus more on a different aspect of security and have got this part wrong, I don’t know the details of his job very much by design.
Still making it look like you can get rid of the ads but it doesn’t do that is assholedesign anyways, because they make it a don’t show again button, but they don’t say it only applies to that specific ad. Meaning they can push different ads to you
KDE Connect is also available through Google Play and most likely signed with a different key as the F-Droid Version. Since Play Protect checks the App signatures, it probably detected this discrepancy and determined the App was fake. Not really an Assholedesign as this is a valid concern if a normal user downloads an app from the internet.
On the other hand it’s a valid case to have the app installed by means other than the play store. I can’t imagine they have found this discrepancy in signatures for the first time.
You can actually sign the F-Droid app yourself, if you use reproducible builds.
There’s reasonable odds the signatures still won’t match though, because Google requires App Bundles now, and then they build and sign the APK, rather than allowing the developer to build and sign their own APK.
Technically you can use the same key (see “Best Practices” of this page), but it’s kind of shady, and requires giving your private key to Google.
It could just ask before removing shit. Remove the permissions, freeze the app, prompt the user to confirm they meant to install it from somewhere other than the playstore. Hell, since it can detect F-Droid is installed, maybe use some context clues and ask the user to confirm this app was installed from there?
More importantly, can you tell it to ignore certain apps? I don’t know, I’ve had Play Protect turned off forever. If not, that’s absolutely asshole design.
Interesting. But should this apply to many apps on F-Droid? I also have an app published on both the Play Store and F-Droid and I don’t recall having seen requests to change the application ID to avoid clashes between stores.
KDE Connect is likely a special case; as it is a PC integration app, and a very feature-loaded one at that, it accesses a whole bunch of sensitive stuff like notifications, clipboard, direct file access, SMS functions, keyboard inputs and more.
More than any other non-root-accessing app, you do not want a trojanised version of KDE Connect on your phone.
If the signature matches, Google probably won’t care where they are installed from. I suspect that the KDE Connect in fdroid is signed with a different certificate than on google play, causing it to be flagged as an impostor. This could probably be easily prevented by using the same cert or different app identifiers (to cause them to be treated as different apps).
All F-Droid apks are signed with a different key than the play store one: you do not upload your key when you publish on F-Droid and all the apps are built from source by the F-Droid build servers.
Strongly advice you to just turn off Play Protect. It sends your list of installed apps to Google (not that the Android as a whole will stop doing that even after you turn it off). They don’t do shit.
It’s really a shame that that is even normalized. Why is it their business to know what apps are installed on a personal device? Just one more way to fingerprint users and advertise to them.
I remember arguing with a google fanboi about Google’s diktat for Android apps to not have a shutdown button. He was waxing lyrical about how Google PBUH is all knowing and works in mysterious ways. I said google does this so that you can’t turn off its spyware shit.
There was a similar thread where Play Protect blocked installation of Signal. As it turned out, said copy of Signal was indeed fake, as op downloaded it from F-Droid, where it’s not being distributed.
Then this is a KDE Connect issue. If they sign with different keys, they should use different app names (in the manifest, the visible name could still be the same). If two apps have the same identifier but are signed with different certs, Google is right to treat one of them as an impostor.
assholedesign
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.