Spyware Weekly Newsletter :· August 26, 2003
The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/aug26,2003.
Your Desktop is Direcway's Billboard
Direcway has been running remote access software on their customers' machines for who knows how long, and they have never disclosed it. Direcway has used that software to display advertisements on the private property of people already paying at least $60 per month for their service.
The first full page ad pitched their new webmail service. The second was a virus alert message. What will be next? Will Direcway start displaying "relevant offers" on behalf of their "trusted partners?"
That sounds ludicrous, doesn't it? It sounds insane. Surely an ethical company concerned about its reputation would never do such a thing. Sadly, it would appear that Direcway executives check their ethics at the door when they arrive at the office. As crazy as it sounds, Direcway is using a previously unknown remote access feature of their internet connection software to download full page advertisements and open them on the computers of their customers.
How do I know this? I am a customer of Direcway, and it happened to me.
Direcway has not disclosed that its software allows its employees to access customer computers remotely, at least to the knowledge of every single customer with whom I've discussed this. For some strange reason, the good looking redhead on the TV commercials never mentions that. She also fails to mention that full page advertisements might accompany the $60 monthly bill.
So, when are the lawsuits going to be filed you ask? Unfortunately, there won't be any. Direcway's service contract gives them full permission to download and install any piece of software their employees see fit to install. It also allows them to display advertisements.
I can find no document that explains how far into my file system Direcway's access extends. Do have access only to their own software, or do have access to the entire hard drive?
I have financial data on this computer. I have a file the contains the email address of every subscriber to this newsletter (don't worry, that particular file is protected with 2,048bit super encryption). I have login information for dozens of web sites, including several of my own. I am a software consultant and have signed non disclosure agreements with several companies. The very names of some of the files on this computer are covered by those agreements and I could be sued if those files were accessed.
To put it bluntly, I have confidential information on this computer to which Direcway has no damned business having access. That information sits behind a NAT router, a firewall, an antivirus program, an antitrojan program, and several antispyware programs. It never occurred to me that my ISP had a backdoor cutting through all of this protection. Can you take a wild guess at how I feel about that?
If Direcway can use that software to access my computer, so can someone else. What is to stop a hacker from downloading the free software, available from Direcway's public FTP server, and hacking away at it to figure out how this remote access works?
Now I ask you, would you spend thousands of dollars with an ISP that accesses your computer to display advertisements? Read the article, and then visit the forums and lets hear what you have to say about this.
Links:
http://www.spywareinfoforum.info/articles/direcway/ :: Your Desktop is Direcway's Billboard
http://www.spywareinfoforum.info/forums/?act=ST&f=15&t=10047 :: Discuss this at the forums
Mailwasher Pro and Benign
|
|
Program: Mailwasher Pro
Platform: Windows 95, 98, NT 4, ME, 2000 or XP
License: $29.95 $19.95 [Use SPYWAREINFO as your coupon code]
Download
Program: Benign
Platform: Windows 95, 98, NT 4, ME, 2000 or XP
License: $34.95 $24.95 [Use SPYWAREINFO as your coupon code]
Download
I had actually planned to have a different product here this week. However, with email worms by the tens of millions choking inboxes worldwide, I decided to bump that other program and instead work out a discount on these two great programs.
Those of you on dialup that have received hundreds or even thousands of sobig-infected emails, you have my deepest sympathies. Even on broadband, it would have taken me forever to download thousands of emails with a 70KB virus attached to them if it hadn't been for Mailwasher. I wouldn't be surprised if some of you on dialup are still downloading all that email. :(
It's bad enough that these viruses are coming in and wasting your bandwidth and filling up your inbox. What makes it worse is that fact that you know you'll be deleting every one of them if you can manage to download them all.
If you use Mailwasher, you don't have to download those emails in the first place. It will check your mail server for new messages and show you what is there without downloading the entire email. For instance, the day sobig.f was released into the wild, I woke up to find 123 emails that were nothing but virus carriers. How many of those did I download? Zero. Mailwasher let me kick every single one of them right off the server.
Here is a tip to help you deal with the sobig worm.
If you don't have it already, download and install Mailwasher. With the program running, hold down the CTRL key and tap F7. Click the "Filters" tab. Name it whatever you like. The "Status description" is what you will see when Mailwasher lists your email. Under "Action", put a check box in "Mark for deletion". At "Apply this filter when:", select "any rule below is satisfied".
At the bottom, click the "More Rules" button until you have nine rules. For each of them, choose "The 'Subject' field" "contains" and then for each rule, add one of the following subject lines:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
When you are done, it should look identical to this screenshot: http://www.spywareinfoforum.info/images/mailwasher/virusfilters.png
These are the rules I set up a few days ago, and not a single virus has gotten past them.
Also check out Benign from the same company. Benign (B9) is a utility that eliminates potential viruses, worms or other potentially malicious code from your email. It does this by rewriting the "source code" of the email. The scripting and IFrame attacks that make Outlook and Outlook Express so vulnerable to viruses are filtered out. It can also rename or delete potentially harmful files. Benign can also remove web bugs used by spammers to verify that you received their spam.
We have arranged for a $10 coupon for both of these programs. Mailwasher has been absolute life saver here. Believe me when I say it is software worth every cent that you spend on it. If you use the coupon code SPYWAREINFO when you are on Firetrust's "checkout" page, it will reduce the price by $10. This coupon expires on September 2, so hurry.
Download Mailwasher
Download Benign
My partner at SWI wanted to say something here.
Usually, I do not have written commentary on the feature product. However, with these two exceptional products, I must mention that these are extraordinary prices. The software developer had suggested even higher prices but Spywareinfo was able to secure these prices.
Spywareinfo tries to do its utmost to present the readers with the best prices and this is one example of where the pricing is superb for two fine products, from a leader in the field of email safety.
Catherine Forsythe
Director of Marketing
SpywareInfo
[PS, go visit Catherine's web site. --Mike]
Links:
http://www.spywareinfoforum.info/rd/mailwasher/ :: Download Mailwasher
http://www.spywareinfoforum.info/rd/benign/ :: Download Benign
http://www.dogreader.com :: Catherine's web site
Please Stop Bouncing Infected Emails
While we're on the subject of the sobig virus, I have a message for all email server administrators.
If the antivirus software installed on your mail server is set up to bounce emails with viruses attached, please turn that feature off. Unless you've been in a cave for the past week, you know that tens of millions -possibly hundreds of millions- of emails carrying the sobig.f virus have been hammering email servers worldwide. Not a single one of these emails has the real sender's address in the FROM: field. Not one of them.
The person listed in the FROM: field is not infected with a virus. Someone with that person in their address book is infected. Your bounce message serves no useful purpose and is contributing actively to this problem. Please, look at the CPU and bandwidth usage of your servers. Every email server on the planet connected to the internet is under the same or greater load, and you, personally, are contributing to that load.
Please stop bouncing the virus emails. Route them to /dev/null/ and be done with it.
There has been an in-depth discussion of this very issue at Slashdot recently. The Slashdot commenters were in rare agreement over the issue. Bouncing an email carrying a virus that spoofs the FROM: address is not only useless, it causes additional harm.
Those of you who disagree with me, please spare me your arguments in favor of sending these bounces. You will never convince me of their merit while I continue to receive roughly 50 bounces per hour in my inbox.
Links:
http://ask.slashdot.org/article.pl?sid=03/08/21/2151250 :: Slashdot discussion
New Google Toolbar Includes Auto Updater
Sadly, Google has taken a page from the book read by the bad guys. Their wonderful toolbar has gone rogue in the last several versions. Google Toolbar 2.0 includes an update function that checks Google's servers for updates, downloads those updates, and installs them automatically. This is all done with no user participation. That in itself is fine. However, the Google toolbar doesn't allow you to disable this.
That's right. The Google toolbar now features an updater function that doesn't allow users to disable it. Quoting from my own article, "there are countless reasons why someone would want to stay with a slightly older version of a software application. There is no legitimate, ethical reason to force the user to upgrade their software. Not a single one."
I do have some good news however. After that article was published, it was picked up by Lockergnome and I have received numerous copies of emails sent to Google's toolbar development team. I have it from a reliable source that Google will almost certainly will create an optional setting to turn the updater off. This is not a statement from Google, but I do trust the source. I'll wait and see, and hope it comes true.
"Google" and "Google Toolbar" are registered trademarks of Google inc.
Links:
http://www.spywareinfoforum.info/articles/googleupdater/ :: New Google Toolbar Includes Auto Updater
http://toolbar.google.com/ :: Google Toolbar Site
Windows Patches May Become Automatic
In the aftermath of the MSBlast worm, Microsoft says it may be time to change the way Windows updates its security patches by making the process automatic by default.
A Microsoft representative said the company is "giving strong consideration to enabling Auto Update by default in future versions of Windows," though the company has not yet committed to a time frame. If Microsoft decides to go ahead with the change, it could be implemented in "Longhorn," the code name for the next version of Windows expected to come out in late 2004.
Automatic installation of security patches might have helped prevent the recent MSBlast worm, which successfully attacked hundreds of thousands of PCs that had not installed a month-old patch.
Currently, automatic updates are available as an option. Microsoft executives said the company decided not to make the feature a Windows default with Windows XP after customer feedback that suggested people did not want Microsoft controlling their PCs.
I think I have made clear my opinion of software that updates itself. Three weeks ago, I compared Windows 2000 Service Pack 4 to a trojan when it appeared to be refusing to allow users to turn off its automatic update service.
Now I will shock you by saying that Microsoft's idea of enabling automatic updates by default is not a terrible idea. As long as they leave the option that allows the user to turn updates on and off, I have no problem with this. Someone who doesn't understand how to go into the control panel and turn off updates is better off with Windows updating itself.
Personally, I always wait at least a week after a patch comes out and a month after a service pack comes out before I install it myself. Microsoft is notorious for releasing botched patches that cause more trouble than they fix. On the other hand, running a computer that is never updated is a bigger threat to that computer than all but the worst of Microsoft's buggy patches.
My approval of this idea depends on two things. One, the control panel must contain an applet that allows the automatic updater to be turned off. Two, Microsoft must stop releasing patches and updates that cannot be uninstalled. Microsoft sometimes does release bad patches that cause more harm that whatever they are patching. There must be a way to remove a patch once it is installed.
If Microsoft can do that, then I will support their idea of turning the automatic updates "on" by default.
Links:
http://news.com.com/2100-1009_3-5066612.html :: Windows patches may become automatic
http://www.pcworld.com/news/article/0,aid,112120,00.asp :: Microsoft Ponders Patching Possibilities
Mozilla Coffee
Mozilla Firebird is hands down the best web browser in the world. No other browser matches its rendering engine, ease of use, and user friendliness. Mozilla is the open source browser on which Netscape 6 and 7 are based. When AOL dropped development of the Netscape browser, the Mozilla project lost its main source of funding, although AOL did donate one million dollars to the new Mozilla Foundation.
The RJ Tarpley's Coffee Company of Athens, GA USA has started a special program for coffee lovers who also love the Mozilla browser. Half the profits from orders made by Mozilla users goes directly to The Mozilla Foundation. For more information, please visits RJ Tarpley's web site.
Links:
http://www.mozilla.org :: The Mozilla Foundation
http://www.rjtarpleys.com/mozillacoffee.html :: RJ Tarpley's Mozilla page
The Soap Box Opened at MikeHealan.com
First of all, I am sorry for skipping the newsletter last week. I needed a break, and there wasn't much worth writing about last week anyway. The break gave me a much needed rest, and it gave me time to catch up on several projects that had fallen behind.
One of those projects was the opening of a brand new web site, The Soap Box. The site is centered around the message board. The topics for discussion there are politics, privacy, technology, entertainment, and everything else worth debating. I will soon begin writing articles to publish there. I am a very opinionated person (as if you couldn't tell ;-) ) and many things I write about don't fit in very well at SpywareInfo. That is what will be published at The Soap Box.
Stop by, check it out, stand up on a soap box and rant about something ;-). http://www.mikehealan.com
Recommend SpywareInfo to a friend
Do you like SpywareInfo and this newsletter? Then please tell a few friends about it! We are trying to come up with ways to increase the number of visitors to the web site and the number of subscribers of this newsletter.
Recently I signed up for RecommendIt's service, also used by Scot Finnie and Fred Langa. When you use RecommendIt's service to send a link to a friend or family member, you can also choose to enter a contest with a grand prize of $10,000.
The privacy policy of the site looks solid and I did ask around if anyone had heard anything bad about it before I signed up for it. You can use their service to recommend SpywareInfo to someone you know at http://www.recommend-it.com/l.z.e?s=881459
Of course, you don't *have* to use RecommendIt's site to send a friend a link to the site. Just sending an email will also do the trick.
Links:
http://www.scotsnewsletter.com Scot Finnie's Newsletter
http://www.langa.com/newsletter.htm The Langalist
