Spyware Weekly Newsletter :· February 11, 2004

The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/feb11,2004.

Permalink | Top

From Patrick Kolla, developer of Spybot S&D antispyware:

For the past two weeks, I got massive complaints from people who saw recommendations for Spybot-S&D on some TV show or heard about it on TV, and tried to go for it through the TV/radios website. Somehow, a bad link to Spybot-S&D is on its way and leading people to think that SpyHunter or SpyKiller would be the recommended Spybot-S&D. People downloading these two are forced to pay to remove spyware, and in the case of SpyKiller are even directed to us for support!

So my warning: please double-check what you've got before you pay anything!

Also, if you were mislead to SpyHunter or SpyKiller through Google AdWords, please contact Google. Google promised me some weeks ago they wouldn't do any more advertisement on my trademarked name "spybot", but I again receive complaints that they do, and this struggle with Google is going on for 4 months now.

Permlink | Top

There is the sort of spyware that comes from installing programs like Kazaa and Imesh. This kind of spyware will track your web usage to produce more relevant pop-up ads. This is an annoying and unfair invasion of privacy. However, other than the aggravation of dealing with pop-up ads and spam, this kind of spyware usually is not dangerous. These can be cleaned up relatively easily with Ad-aware and Spybot.

More dangerous are the surveillance and monitoring programs. These programs are used to steal passwords to bank and credit card accounts. A business rival can bribe an employee to install spyware on the company network. Or the company itself might install spyware to watch you while you work. These programs cost money to buy for testing and not all antispyware companies can afford to keep up with each new version.

SpyCop is the leading solution for finding computer monitoring spy programs, keyloggers and commercially available software designed specifically to record your screen, email and passwords. SpyCop will detect the spy, tell you when it was installed and disable it. SpyCop claims to have the largest database of surveillance spyware, 401 targets in all.

SpyCop also makes Evidence Terminator, a program that cleans out the traces of computer usage that Windows leaves lying around. This includes browser cache, temp files and recently opened documents among other things. You should shred paper documents at home and in the office if you don't want people reading them. The same goes for your PC.

Spycop and Evidence Terminator are discounted 20% for SpywareInfo readers for this week. Evidence Terminator and Spycop together are discounted by nearly $45.00.

More information about Spycop http://www.spywareinfoforum.info/downloads/spycop/
More information about Evidence Terminator http://www.spywareinfoforum.info/downloads/spycop/eterminate.php

Don't forget, even if you catch all the spyware on your computer, someone still can sneak up behind you and peek over your shoulder. Spycop won't help with that, so you might think about having this little gadget. ;-)

Permalink | Top

The World's Best Browser Just Got Better

Mozilla Firebird (renamed now to Firefox) has been updated to version 0.8. Although it is still officially a beta program, in my opinion, this is the world's finest web browser. Firefox blocks all pop-up advertising, disables script kiddie javascripts that resize your windows and is immune to all known browser hijackers.

Firefox empowers you to accomplish your online activities faster, more safely and efficiently than any other browser, period. Built with Tab browsing, popup blocking and a number of other seamless innovations, Firefox redefines web browsing.

Download your copy today and enjoy the web instead of suffering it with buggy, outdated browsers.

The new Mozilla email client, named Thunderbird, has been updated to version 0.5. I used Thunderbird for several months and really liked it, particularly the Bayesian spam filter. You click a button to mark an email as spam and eventually it will start marking similar emails as spam. False positives were virtually nonexistent because it learned to mark the same emails as spam that I would have marked.

Unfortunately, previous versions of Thunderbird were not ready for prime time. There were enough minor bugs and enough features not implemented that I stopped using it a couple of months ago. To be fair, each new version of Thunderbird has been a very dramatic improvement over its predecessor. I'll give the new version a look soon to see what has improved.

Please be patient while downloading. The download servers are being strained to capacity with these new releases. Use the BitTorrent link if you have that program installed.

Permalink | Top

Most people will agree that AOL's internet service software is bloated garbage. Certainly I never would want something like that installed on my computer. It is invasive and unnecessary to install that sort of software to connect to the internet. For that matter, no ISP software at all should be necessary for an internet connection.

Recently, however, AOL has sunk to a new low. Both AOL's internet software and the AOL Instant Messenger program (AIM) are force installing unwanted software called Viewpoint Media Player on people's computers.

There is no option to not install Viewpoint. In fact, if you remove Viewpoint, it will be reinstalled the next time you load AOL! I could hardly believe it when the first person reported this at the message board. Then a dozen more people showed up to report the same thing.

Viewpoint Media Player displays certain multimedia content over the internet. I discovered this software on my own machine last April and I DID NOT AT ALL like finding it there. The reason for that can be found in their privacy policy:

The software creates a unique tracking number ("Customer Unique Identifier" is their term). This number and other information is transmitted, without asking, to Viewpoint servers. The software downloads updates and installs them on the computer, also without asking.

The privacy policy states that "The Viewpoint Media Player will soon be capable of tracking information about the content it displays and how the user interacts with it. When the Viewpoint Media Player displays Viewpoint content, it tracks the URL it is served from, as well as Viewpoint file data tagged by the author in XML. This data can include, but is not limited to: the names of objects and textures displayed, and the names of animations invoked."

Combine all that with the fact that it is installed without permission or proper disclosure. I'm sorry, but you do not install software on my computer that transmits data across the internet without my permission. For that matter, you don't install any software on my computer without my permission, period.

After finding this thing on my computer last year, I sent Viewpoint a letter asking how it is distributed. From their reply, I determined that AIM had installed it. I then downloaded a fresh copy of AIM from AOL's web site and installed it again (I had removed it months earlier). There was absolutely no disclosure whatsoever that it was going to bundle Viewpoint.

There are other things that AOL software does. For instance, some software such as Netscape and ICQ 2000b will insert free.aol.com into Internet Explorer's "Trusted" security zone. When you put a web site in the "Trusted" zone, Internet Explorer will allow that site to download, install and execute any piece of software completely without interaction with the user.

The reason for AOL inserting that entry became clear when we started spotting ActiveX files from free.aol.com in people's HijackThis log files at the message board. AOL is inserting their web site into the "Trusted" zone so that they can install software without the user knowing they are doing it!

AIM is adware. That is, it displays a small banner ad in the program and it also pops up an advertisement window when you launch it. Recently, AIM has even started to download movie trailers and play them at random intervals. You heard me, AOL is using peoples' internet connection to download huge video files in order to play movie trailers.

Both AOL's internet service software and AIM also install a piece of software called Wild Tangent, again without asking. Wild Tangent is used to play games and other multimedia. Some Winamp plugins also use it. The problem with Wild Tangent is that it installs an autoupdater and turns it on by default.

Wild Tangent's updater will transmit data about the computer on which it is installed. That data includes hardware specs, some information about installed software and how the user is interacting with the software. The company says this is done to see how their software is used and that they might share it with third parties. Several antispyware products detect and remove Wild Tangent.

When are software developers going to understand that they cannot transmit data from a person's machine without their permission? There are laws forbidding data theft, so why are they allowed to do this? When are they going to understand that they cannot download and install software without permission?

There are better and cheaper Internet Service Providers. Go to BroadBandReports and find one. There are other instant messenger programs that will let you use the AIM network as well as several other networks such as Yahoo and ICQ. Two very good multi network instant messengers are Trillian and GAIM.

AOL has been losing more subscribers over the past couple of years than they have gained. They are going to lose far more if they don't change this behavior. This is unacceptable and I would never put up with AOL's behavior. I suggest you don't put up with it either and find a company who will treat you with some respect.

Permalink | Top

While looking for a replacement for AOL, you might come across the Yahoo/SBC internet service. A friend of a friend signed up for this service and the software they gave him took over his entire computer.

There were 8 running processes all associated with the Yahoo/SBC software. It changed his Internet Explorer settings for the Search Bar, Search Page, Start Page, Default Page URL, Default Search URL, and the SearchAssistant. It installed a BHO, a toolbar, 2 context menu items and 3 MSIE buttons. It registered 6 different files to load at Windows startup, including IP Insight, which usually is regarded as spyware.

It also disabled his ability to save bookmarks on his computer. The software forced him to save his bookmarks on Yahoo's web site. It wouldn't let him change his home page either.

I put his HijackThis log file on the site so you can see for yourself the mess it made of his system. He restored those settings to default with HijackThis and they weren't changed back, so at least the hijacked settings can be restored permanently.

I'll say it again: you do not need to install ISP software to connect to the internet. Plug in your modem and that is all you need to do (with rare exceptions).

Permalink | Top

German Supermarket Caught Tracking Customers

German RFID Scandal: Hidden devices, unkillable tags found in Metro
Future Store

Germans say, "Nein! We wont be your versuchskaninchen"

"We won't be your versuchskaninchen." That's the message German privacy advocates are sending to executives at the Metro Future Store in Rheinberg, Germany after discovering RFID devices hidden in the store's loyalty cards. They also found that RFID tags on products sold at the store cannot be completely deactivated after purchase, despite Metro's claims.

"Versuchskaninchen" is the German word for guinea pig, which is how German consumers feel Metro and its partners have treated them since opening the Future Store last year to test experimental RFID applications on live shoppers.

More: http://www.spywareinfoforum.info/articles/RFID/Metro_Rheinberg.php

Anti-Spyware Software Accused of Spying

According to a report in Cnet, complaints could be filed to the Federal Trade Commission against anti-spyware companies allegedly using its software to spy on customers.

A group of Web users have created a network of Web sites called Spyware Warrior (www.netrn.net/spywareblog/) where they post reports on anti-spyware programs allegedly installing offending files to spy on users. Spyware programs can access a user's computer hard drive and leave little, or no indication it was there.

More: http://www.thewhir.com/find/articlecentral/story.asp?recordid=744

Stripping Adware/spyware from PC Can Be Tricky

One of the biggest challenges a computer owner can face is getting rid of adware or spyware, programs that can sneak onto your PC when you agree to download free utility software from the Web.

In addition to monitoring your activity on the Internet, adware and spyware can lock you into an unwanted home page and swamp you with pop-up advertisements.

Removal can be difficult because the designers of such programs often try to keep them out of sight on your PC.

More: http://www.spywareinfoforum.info/newlsetter/rd/36

Computer Spyware

Are you being spied on in your own home?

You might not recognize it, but it's possible you're being secretly tracked.

Here's how to avoid a new form of electronic stalking. It's called spyware and it does what it sounds like it does. It secretly tracks the internet habits of millions of computer users.

The stealth program hides on your computer and captures personal information that can lead to everything from unwanted spam and pop-ups to identity theft.

More: http://www.wthitv.com/newsdet.asp?id=4712

AdWare - Controversial Contextual Advertising

Adware and 'contextual targeting' were some of the hottest buzzwords of 2003 and are destined to continue to thrive and reinvent themselves through the rest of 2004. Contextual targeting can be anything from syndicated search engine pay-per-click buys on editorial-related web sites to delivery of ads by way of software, typically downloaded by a user but sometimes surreptiously bundled in with another download - known as AdWare (and in some cases such software that tracks user behavior has been deemed Spyware).

More: http://www.searchenginejournal.com/index.php?p=262&c=1

The Trouble with RFID

Indeed, such warnings might once have been dismissed as mere fear-mongering. But in today's post-9/11 world, in which the US government has already announced its plans to fingerprint and photograph foreign visitors to our country, RFID sounds like a technology that could easily be seized upon by the Homeland Security Department in the so-called "war on terrorism." But such a system wouldn't just track suspected Al Qaeda terrorists: it would necessarily track everybody--at least potentially.

More: http://www.thenation.com/doc.mhtml?i=20040216&s=garfinkel

Great Taste, Less Privacy

Visitors to an art exhibit at the Pittsburgh Center for the Arts got more than their martinis when they ordered drinks at a bar inside the gallery's entrance. Instead of pretzels and peanuts, they were handed a receipt containing the personal data found on their license, plus all the information that could be gleaned from commercial data-mining services and voter registration databases like Aristotle. Some patrons also got receipts listing their phone number, income range, marital status, housing value and profession. For added effect, the receipt included a little map showing the location of their residence.

The magnetic strips and bar codes on the back of most state's driver's licenses contain more information than people think. The way the swipers use the information might surprise them as well: Some bars and restaurants scan driver's licenses to catch underage drinkers and fake IDs, but they're also using the information for marketing purposes.

Some people say there's no privacy violation in scanning licenses because the information on the bar code is the same information on the front of the card. A bar owner could easily photocopy the card and get the same data. But privacy advocates say the electronic file makes data collection, entry and combination far easier.

"It's an area of concern," said Rich Carter, director of technology and standards for the AAMVA. "The policy is that you shouldn't be collecting the info for one purpose and using it for another. If you're telling them you're using it to verify their age, you shouldn't be using it to market them."

Rose said the bar hasn't caught a single underage drinker or fake ID with the device, but he has had customers "raise hell" over having their license scanned.

More: http://www.wired.com/news/privacy/0,1848,62182,00.html

Permalink | Top

Running SpywareInfo has become an expensive thing to do. Somewhere on the order of 300,000 visitors use about 200 gigs of bandwidth every month. This is not a cheap web site to host.

If you would like to help with the costs, there are two options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 2378
Reidsville, GA USA 30453

Thank you very much for your contributions.