The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/feb04,2004.

Permalink | Top

As I mentioned several weeks ago, I ordered a faster server to host SpywareInfo. The old one is just too wimpy to deal with the site. This new server is a real monster. So far, it seems to be handling the load without breaking a sweat.

I spent Friday, Saturday, Sunday and most of Monday transferring web sites, files, databases, settings and various other things. Uploading anything over satellite is a lost cause, so doing it from here was not an option. I was at my grandparents' house to use their DSL connection (and sleeping on the world's most uncomfortable couch each night). Several gigabytes of data flowed back and forth through Bellsouth's network at a steady 256kbps.

I won't say it was a smooth move, but at least I didn't break anything (aside from deleting a mailing list with 11,500 addresses on it). I fumbled around a bit with the backup/restore functions on the servers and swore at both the old and new servers more than once.

One task that did not go smoothly was changing the DNS records. DNS is what translates spywareinfoforum.info to the IP address of the server where spywareinfoforum.info is hosted. The server is brand new and, apparently, the name servers had not been registered yet when I went to switch my site's DNS to them. Because of this, my registrar, GoDaddy.com, refused to perform the DNS update as instructed because it thought the name servers were unregistered.

I am extremely disappointed at GoDaddy's failure to honor their agreements. I pay them to maintain registration of my domains and to point them to the name servers I select. I do not pay them for their opinion of my name servers' validity. That is none of their concern. I do not appreciate the 24 hour delay caused by this breach of contract.

I sincerely hope I don't have to upgrade servers again for a long time. The old server used an Intel Celeron 1.4Ghz processor. The new server has a Pentium IV 2.6Ghz Xeon. The difference in performance is very dramatic and I hope it will handle SpywareInfo without a problem.

Permlink | Top

Program: Spy Sweeper
Author: Webroot Software
Platform: Windows 95, 98, ME, NT, 2000, XP
License: $29.95 $19.95 (SpywareInfo readers save $10.)
Purchase: Click here to purchase

Spy Sweeper is an antispyware program from Webroot, the company that makes Window Washer (another program that I really like). It has received some very favorable reviews and awards. Spy Sweeper received a 4 star review from PC Magazine in September.

Spy Sweeper absolutely rocks. On my computer (Athlon XP 1700, 512MB RAM), Spy Sweeper scans in less than thirty seconds. You also can set it to do a much more extensive scan of the entire hard drive. This takes much longer (about 8-10 minutes on my machine), so I would advise doing this when the computer is not being used. Spy Sweeper will let you schedule an automatic scan, so this is no problem.

The slick interface is very user-friendly and intuitive. You can install this on your grandmother's PC and she will not have any trouble using it. If you don't know what a particular button does, just hover the mouse over it for a description.

Spy Sweeper will detect and eradicate virtually every known adware, spyware, browser hijacker and porn dialer out there and it is updated soon after new ones are discovered. It also seeks out surveillance spyware and keylogging trojans.

Spy Sweeper provides active protection against home page hijackers and cookies belonging to web sites known to invade your privacy. It also monitors your PCs memory to watch for targets being loaded in the background.

The results list, showing the targets found after a scan, is the best of any antispyware program. If 20 components are found that all belong to Gator, Spy Sweeper will collapse those results to a single line. Most other antispyware displays an enormous list of individual items and that makes it hard to read. Expand the listing and it will show you each component it found along with its location.

At the bottom, Spy Sweeper shows detailed information about each component, including location and to which category it belongs. If you want more information about a particular item that has been detected, highlight that item in the list and click the "More Details" button to be taken to Webroot's online database to read more about it. Not everything has a description yet, but they are adding more to it all the time.

Spy Sweeper is careful to point out when removing a particular piece of adware will cause the program that installed it to stop working. Some free programs such as KaZaA will stop working if you remove the obnoxious adware bundled with it, so this is a nice feature.

Click here to save $10.00 on Spy Sweeper (Discount ends very soon).

Links:

http://www.spywareinfoforum.info/rd/spysweeper0204 Spy Sweeper Product Info
http://www.spywareinfoforum.info/email2.php Suggest a product

Permalink | Top

With this add-in you can permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files.

Overview

When you distribute an Office document electronically, the document might contain information that you do not want to share publicly, such as information you've designated as 'hidden' or information that allows you to collaborate on writing and editing the document with others.

The Remove Hidden Data add-in is a tool that you can use to remove personal or hidden data that might not be immediately apparent when you view the document in your Microsoft Office application.

You can run the Remove Hidden Data add-in on individual files from within your Office XP or Office 2003 application. Or, you can run Remove Hidden Data on multiple files at once from the command line. In either case, in order to run the tool, the application in which the document was created must be installed. For instance, you cannot use the tool on a word document unless MS Word is installed.

Links:

http://www.spywareinfoforum.info/newlsetter/rd/31 :· RHD Tool

Permalink | Top

I read an article at Security Focus recently that made my blood boil in anger. In this article, Tom Mullen states his opinion that everyone running a version of MS Office older than Office XP is stupid.

Tom Mullen says that the blame for massive virus infections, such as the recent MyDoom outbreak, is the result of the stupidity of users who are happy using Office '97 or Office 2000. Because you do not rush out immediately to buy the latest, bleeding edge software from Microsoft, you are stupid and it is your fault that MyDoom spread so rapidly. At least that is what Tom Mullen says.

I clicked the link to the article thinking I was going to read a serious article, with serious ideas about security. I didn't realize the article was a press release from Redmond, exhorting people to buy newer Microsoft products. How much did that advertisement cost?

Stupid users? I am using Windows 2000, which now is about 4 years old. This makes me stupid? Microsoft continues to issue patches for Windows 2000. If they fail to protect against the security flaw they are designed to fix, is Microsoft stupid for failing to fix the problem or am I stupid for not immediately rushing out to buy Windows XP or 2003 Server?

Security Focus is supposed to be a site for adults to read about and discuss security issues. Instead, what we received in this article was "you're stupid". Was this article written by a spoiled child sitting in a schoolyard? Why would an editor allow such juvenile nonsense to be published?

Links:

http://www.securityfocus.com/columnists/217 :· Faith No More

Permalink | Top

Since we're talking about stupidity and Microsoft already, we might as well talk about Microsoft's answer to the spoofing vulnerability in Internet Explorer.

In early December, someone published details of the spoofing flaw. Internet Explorer will not display an entire internet address in the address bar if it contains certain characters. This means it can load one site while displaying another in the address bar.

http://www.paypal.com/cgi-bin/webscr?cmd=_login-run@spywareinfoforum.info/stealpass.cgi looks close enough to a real Paypal address that it might fool some people. The browser will treat everything to the left of the @ character as a user and/or password to be sent to the site listed to the right of the @ character. If you look closely at the address, you can see that it actually loads spywareinfoforum.info, not paypal.com

The spoofing flaw would allow someone to hide the second half of that address. Although your browser will load spywareinfoforum.info, it will appear as if paypal.com is loading, right down to the address in your address bar.

Rather than fix this flaw, instead Microsoft has broken Internet Explorer. With this new patch, Internet Explorer no longer will load http addresses that contain passwords. It still will load ftp addresses however.

Internet addresses with user and passwords in them are valid hyperlinks. They allow you to bypass the login prompt on a password protected web site by filling in the user name and password automatically. It is a very useful feature and we make frequent use of it at SpywareInfo on our private mailing list.

Microsoft is going to cause far more problems than they solve by removing support for these addresses. There are valid reasons for creating those addresses. This is like a locksmith fixing a broken lock by nailing the door shut. Microsoft ought to fix the flaw in their browser, not remove the feature affected by the flaw.

Permalink | Top

Last week, I mentioned a study published by HP Labs which concluded that people show concern for their privacy only when they have something deviant to hide. As promised, we are printing a rebuttal of this junk science study.

This rebuttal is written by none other than my partner-in-crime, Catherine Forsythe. Catherine is working on her second degree with a double major in statistics and research design. She is an expert in statistical analysis and rolled her eyes in disgust at this bogus study from HP.

From Catherine....

There is a research article published on the HP site which addresses the issue of Privacy and Deviance. This social issue is researched by Bernardo Huberman, a PH.D. in Physics. In his brief profile, Dr. Huberman's experience is listed as working "in condensed matter physics, dealing with systems ranging from superionic conductors to two dimension superfluids". His area of expertise is not in the social sciences.

The variables used were weight and age as information factors that people in the study would value. One wonders, though, how much privacy is in these variables. Isn't a substantial amount of weight and age information revealed merely by being present in the experimental setting?

There are other design factors of the study that raises some questions. There were 127 participants and the report says "59% male". For a small sample on issues of weight and age, this seems like quite as disparity between male and female participants. There may be significant gender differences between males and females, especially on the issue of disclosing weight.

The sessions were not balanced for gender effects. "Five of the sessions were mixed gender, three were female only, and two were male only". It seems that the manner in which the study was conducted introduces initial confounding variability - that is, the design of the experiment does not control for factors that could impact upon the final results. One would think, for example, that there would be an equal number of males and females. A balanced number would offset in some manner the possible gender differences. However, this was not done.

The conjecture, as stated in the study, is "that people are willing to reveal information whenever they feel that they are somewhat typical or positively atypical compared to the social group". One wonders, though, how comparisons can be made when crucial extraneous variability such as gender is not controlled in the design and experimental groups are mixed and not balanced. It would seem that there would be gender differences in how men and women would approach and perceive this experimental situation. This issue does not seem to be addressed. Any statistical data gather from such an experimental design would seem to be questionable and lead to possible erroneous conclusions.

This study has drawn the ire of many at Slashdot. On the whole, the negative comments are well justified; and there are many excellent points made there. It is disconcerting that such work on a social science issue reaches conclusions that are not justified by the precision of the research design. Many readers do not question the methodology used to reach a conclusion and simply accept the presentation at face value. And, as such, people spread word of what may be a debatable conclusion. Unfortunately, in this case, the methodology does not pass close scrutiny and the results and conclusions may be based on questionable data.

Links:

http://www.dogreader.com/ :· Catherine's web site
http://www.spywareinfoforum.info/newlsetter/jan29,2004#junk :· Junk Science Award

Permalink | Top

Spyware cures may cause more harm than good

Web surfers battling "spyware" face a new problem: So-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase.

Millions of computers have been hit in recent years by ads and PC-monitoring software that comes bundled with popular free downloads, notably music-swapping programs. The problem has attracted dozens of companies seeking to profit by promising to root out the offending software. But some software makers are exploiting the situation, critics allege, turning demand for antispyware software into a launch pad for new spyware attacks.

More: http://news.com.com/2100-1032-5153485.html

Beware of Spyware, says computer pro

Does your computer hit you with pop-up ads as soon as you turn it on? Are you a sweet, little old lady inundated with computer ads for porn? Does a 900 telephone number keep showing up on your monthly billing and you've never called that number? Has your PC computer sloooooowed down?

If you can answer "Yes" to any of the above question, you may be the victim of "spyware," a nefarious computer program that is providing Brant Saunders with plenty of customers - too many.

More: http://www.spywareinfoforum.info/newlsetter/rd/33

Programs: Prevention Is the Best Way to Fight Adware

If there is a special place in hell for telemarketers, spammers, and malcontents who unleash computer viruses, there must also be a suite set aside for the purveyors of adware.

For the uninitiated, adware is free software you can download to your computer via the Internet. It often piggybacks on other seemingly useful programs, like the ones offering to calibrate your computer clock or provide weather information -- for free.

In reality, adware can carry a heavy price.

More: http://www.spywareinfoforum.info/newlsetter/rd/32

Spam, scam, spoof and spyware: beware epidemic in Internet empire

Spam, the circulation of unwanted electronic messages, is dangerous and expensive for businesses and individuals and is growing uncontrollably on an epidemic scale.

So says an official report prepared for an OECD-EU meeting on Monday and Tuesday. Confidence in the entire environment of Internet communications and electronic commerce is at risk.

A simple answer is not at hand, says the report which has just been declassified by the OECD.

More: http://www.spywareinfoforum.info/newlsetter/rd/34

Permalink | Top

Running SpywareInfo has become an expensive thing to do. Somewhere on the order of 300,000 visitors use about 200 gigs of bandwidth every month. This is not a cheap web site to host.

If you would like to help with the costs, there are two options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 2378
Reidsville, GA USA 30453

Thank you very much for your contributions.