The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/may5,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

1. The Mike Healan Malware Defense System
2. Feature - Pop Up Sentry
3. New York Sues Spyware Peddler
4. Newsflash: Online Advertisers Still Don't Get It
5. AOL Rewrites Dodgy Privacy Statement
6. Companies Want RFID Sensors In Your Bedroom
7. Miscellaneous

Permalink | Top

Unlike the hundreds of thousands of people who find my site after searching Google, desperate to find out how to remove some obnoxious piece of spyware relentlessly spamming them with pop-up ads, I almost never have to deal with spyware infection on my own computer. Many people ask what I use to protect myself, so I'll list it all below.

The most effective single thing I do to prevent malware infection is not to use Internet Explorer (MSIE). There are so many malicious programs that will infect a computer through MSIE that I don't believe it's possible to count them all. Instead, I browse the web using Firefox.

Firefox is highly resistant to malware infection. There are a growing number of malicious web sites attempting to target it but none of them do it very well. In all cases so far, every method of installing malware through Firefox requires that the user voluntarily install it. Some people obliviously will give the malware permission but I am not one of them. The rule of thumb for any browser is, if something pops up asking permission to install software or to run a script, say "no" unless you know why the box is asking permission and you know that it is no cause for concern.

Second, I use a program called Startup Monitor to keep an eye on the locations where a program can be loaded when the PC boots up. If something tries to set itself to run when the computer restarts, a warning will pop up and ask me if I want to allow it. This program sees quite a bit of use. For some unknown reason, nearly every program written for Windows wants to load when the computer starts up. It is extremely annoying and I wish the developers of those programs would realize how annoying it is.

I also credit this program with saving me from a virus infection once. I accidently left my firewall down one night and a network worm managed to exploit some Windows security flaw to install itself. My resident antivirus program (AVG at the time) missed it. Startup Monitor didn't. When I woke up, I found a box asking me if I wanted zxsert.exe (or something) to run at start up. After looking into what that was all about, I discovered a virus that might have deleted my hard drive, if I had rebooted before removing it.

To protect myself from email viruses, I use another Mozilla program called Thunderbird to read email. To my knowledge, Thunderbird will not execute scripts or launch programs the way Outlook and Outlook Express will. Thunderbird is a little glitchy at times and it is not quite as convenient to use as Outlook Express. However, it makes up for that with a spectacular spam filter. The spam filter learns from you what sort of email you would rather not see in your inbox. And if it flags something innocent as spam, you can tell it that it goofed up and it shouldn't make that mistake again.

I have long since replaced AVG antivirus with Nod32. Nod32 is not free but it is the best antivirus program on the market, in my opinion. What sold me on it versus Kaspersky (also a fine antivirus) is the fact that I can scan hard drives over the local network. Nod32 won't even let me open a folder containing a virus, trojan or spyware file without throwing up a scary looking warning about all the nasty contents. And you can forget about a known virus loading itself into memory while Nod32 is running.

To keep out network worms that crawl in through open internet ports, I use Kerio Personal Firewall. It's small; it's light on resources; and it is simple to use. The current firewall is at version 4. I use the older version 2.15. Version 4.x has a bunch of add-ons (for a price) which I am not interested in and it uses far more memory and CPU than version 2. Kerio has hidden the link to the version 2 installer on their web site, but you can download it at http://www.kerio.com/dwn/kpf2-en-win.exe.

I have never (that I can recall) had spyware or adware installed alongside something else. By far the most common way to end up with spyware on your computer is by installing a free program bundled with it. To avoid this, I do something that most people don't do. I read the license agreements. In most cases, there is some indication, if not blatant disclosure, that a program has some sort of spyware or adware bundled into it. If I don't like what I see in the license agreement, I press cancel and delete the installer.

Last, but not least, I check WindowsUpdates at least once a week to see if there are any security updates to install. Although these patches occasionally cause trouble, it is better to install them and hope for the best. Always save a restore point first (assuming your PC has System Restore running), just in case the computer has a psychotic episode after installing an update and you have to remove it.

This is how I keep malware off of my personal computer. The programs I mentioned are not the only alternatives available. They are merely the programs which I choose to use. Don't send angry letters because I didn't mention your favorite browser or email program.

You also should not take this as a recommendation on how to protect your own PC. This is just what I do. Since I don't use Internet Explorer as a browser, I really don't worry about keeping safe and so I don't do all that I could. For someone who can't switch to another browser for some reason, I have an article on the web site explaining how to use Internet Explorer in relative safety.

I hope that between this and the older article on the web site, I can keep a few people from becoming infected with malware. The internet may be a very seedy neighborhood but you can walk the streets safely with a little knowledge.

Permalink | Top

Program: Pop Up Sentry
Price: $29.95 [ 30% off for Spywareinfo readers until May 13, 2005]
Purchase Pop Up Sentry (www.popupsentry.com)
[Save $8.98 by using coupon code SPYWAREINFO]

When a major program developer like Nick Skrepetos has a new release, Spywareinfo pays attention. Nick has had a great track record of programs that have been featured in this space. Nick developed Panicware's famous Pop-Up Stopper and his recent program that was featured here was SuperAdBlocker. These programs are impressive in themselves. Now, Nick has moved directly into blocking spyware, as well as stopping all types of advertising.

As with all programs that try to be featured here, it has a thorough review by testers and reviewers that Spywareinfo uses. Third party reviews are not good enough - we want to use the program ourselves and really find out what works and what is trash. This program is effective. However, there was one concern. The scan for spyware was slow and so we contacted Nick. Here is Nick's reply to that concern:

"Pop-Up Sentry!'s spyware scanner may appear to take longer than other spyware scanners to scan your system. The reason for this is that we scan the entire drive, file by file just as a virus scanner would, as we are seeing spyware/adware infections that use all types of files (not just .DLL, .BAT, .EXE, .COM, etc). We are also seeing many files "dropped" into systems that are not referenced in the registry or Windows Startup.

If these files are left on the system, as user could inadvertently click them and re-infect their systems, or other spyware/adware could initiate the execute of these files. We see this directly with the LOP.COM component installed by the Messenger Plus! application from www.msgplus.net . Further, Pop-Up Sentry! does not consider cookies as "spyware/adware", as they themselves cannot harm your computer. Pop-Up Sentry! features real-time protection to prevent the installation of other spyware applications and offers real-time reporting and updating to block new spyware/adware that may not be detected. Please take advantage of this system so we may assist you and update our rules databases. The database is typically updated daily to include new definitions."

This program is excellent. The time spent scanning is well worth it. There is free 24/7 Support. This is one program that lives up to its claims. And this price will not be found anywhere else. This was Nick's goal:

"We realize that the majority of computer users need to have the power to block harmful spyware/adware and annoying pop-up ads, but also need a product that does not require extensive or confusing configuration to work properly," said Nick Skrepetos, founder of PopUpSentry.com. "Pop-Up Sentry is exactly that - easy to use, yet extremely powerful in blocking all types of Internet annoyances. It comes correctly pre-configured for the majority of users and is fully configurable for advanced users."

Pop-Up Sentry meets that goal and provides continuous service during your time online. It really provides exceptional protection for a small price.

If you have any problems with the ordering page or with the coupon code (SPYWAREINFO), please email Catherine http://www.spywareinfoforum.info/email2.php.

Permalink | Top

Finally, it has happened. I've waited years for this. The Attorney-General of New York has filed a lawsuit against a company for no other reason than that the company peddles spyware.

The company under fire is called Intermix. Among the programs they distribute are KeenValue and Incredifind, names which no doubt many of you will recognize. These two programs have caused many, many people to seek out SpywareInfo's message board and ask for help in removing them.

I always have been of the opinion that installing software on someone's computer, without their permission, is illegal. It would seem that Eliot Spitzer, New York's Attorney-General, agrees with my opinion. I wish him the best of luck in prosecuting Intermix. I want him to win and set a good precedent that will prompt other states to go after spyware peddlers. Spyware companies have had a free ride for far too long and it is time the gravy train came to a halt.

Permalink | Top

I am absolutely disgusted by this. Read the following quote and ask yourself if you've ever seen anyone make a more self-serving, condescending and arrogant statement.

Mookie Tanembaum, founder and chief executive of United Virtualities, says the company is trying to help consumers by preventing them from deleting cookies that help website operators deliver better services.

"The user is not proficient enough in technology to know if the cookie is good or bad, or how it works," Tanembaum said.

In the immortal words of Bender the robot, BITE MY SHINY METAL........... you get the point.

The people who run these advertising companies have to be among the most clueless people on Earth. For years, they have dismissed the privacy concerns that people have about cookies by saying that people can "opt out". You can opt out either by accepting a cookie that tells their servers to ignore you or simply by deleting the cookies. This is what they have said for years when someone brings up privacy concerns.

And now they're trying to sneak around to replant the cookies that people deliberately remove.

United Virtualities is offering online marketers and publishers technology that attempts to undermine the growing trend among consumers to delete cookies planted in their computers.

The New York company on Thursday unveiled what it calls PIE, or persistent identification element, a technology that's uploaded to a browser and restores deleted cookies. In addition, PIE, which can't be easily removed, can also act as a cookie backup, since it contains the same information.

They deliberately are attempting to bypass a person's efforts to "opt out" of the cookie tracking carried out by most online advertising companies. I'm no lawyer; is this even legal? For certain it is highly unethical. It shows a callous and malicious disregard for the wishes of the individual web surfer. Even those who don't regard cookies as a privacy risk agree that surfers should be able to control them as they see fit. After all, it is their machine, not Doubleclick's or Burstnet's.

Thankfully, there is an easy way for you to disable this attempt at usurping control of your computer. The technology utilizes Macromedia Flash and each user can change Flash's settings to disable this new PIE software. Follow the two links below and a small Flash program will be displayed to tweak the settings of the Flash plug-in. Pull the sliders on these pages all the way to the left (to set them at zero) and restart your web browser. Then you will be back in control of your own computer, as you should be.

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html#117498
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html#117717

Permalink | Top

In the last newsletter I mentioned that AOL had changed its privacy policy to something less than friendly. The main problem with it was this:

The new terms give AOL the right to eavesdrop on instant message chats and to use those messages in any way they see fit. They explicitly deny their users any right to privacy over the AIM network.

After that newsletter went out, AOL contacted the Houston Chronicle to explain the situation. AOL claims that the privacy statement was worded poorly and did not mean that AOL was monitoring or storing instant messenging chats or other forms of communication. Supposedly that portion of the privacy policy was meant to apply only to their web-based message board.

In order to clarify the point, they have rewritten the policy. They removed entirely the phrase which explicitly denied users any right to privacy. Was this simply a case of a lawyer choosing his words poorly or was AOL busted doing something distasteful and forced to engage in spin control? Whatever the situation, at least their new policy omits the clauses to which nearly everyone objected.

Permalink | Top

Certain e-commerce companies are promoting some very scary plans for RFID tags and sensors. RFID tags are tiny radio transceivers which transmit a short code identifying themselves when a signal is received from an RFID reader device. When embedded into merchandise, these tags allow a person with a reader to know exactly what the merchandise is, where it was bought, how much it cost and, potentially, who bought it.

One company, Accenture Technology Labs in Chicago, has created medicine cabinets and even bedroom furniture with embedded RFID readers. These readers are, of course, connected via the internet to certain e-commerce web sites. Imagine your own furniture detecting your new clothes and prescription drugs and reporting them to some marketing company over the internet. The reason for doing this is so that these companies can target very specific advertising at you.

My tin foil hat is on too tight you say? Not so; that is exactly what the company says it wants to do.

Both the wardrobe and the medicine cabinet scenarios link to e-commerce websites.

...

But the companies appear to want consumers to keep RFID tags attached to their clothes and other items, to make them available to internet-connected reader devices in stores, homes and on the street. That way, companies like Wal-Mart, Target and Best Buy can pitch new products to consumers based on what they are wearing or carrying, wherever the companies find them.

As a sop to privacy advocates, some spokespersons are entertaining the idea of giving the buyer the option to disable or remove the RFID tags. They would, of course, do this voluntarily. No doubt they hope to stave off calls for legislation requiring them to disable all tags at the point of purchase.

In my opinion, this would be worse than if all retailers refused to disable the tags. Why? At least if you know the tags are active, you can obtain a tag-killing device somewhere and use it yourself to debug new purchases. A handful of companies are making plans to make such products.

Under a voluntary system, some retailers would disable the tags and some would not. You would never know when or if the tags are still live when you leave the store with your purchases. And even if they claimed to disable it but actually did not, the retailer would not be breaking any laws. You wouldn't be able to force them to disable the tags and you wouldn't be able to hold them accountable if they lied to you about disabling them.

I still believe strongly that all retailers should be required to have tag killing devices at the register and should be required to ask the customer if they want to keep the tags live or not. This should be law, not an optional "self regulating" behavior. If, as some of these commerce groups are claiming, they really do intend to give the consumer that option, then they should have no objection to it being mandatory.

Permalink | Top

Sorry for the long absence between newsletters lately. I've had several things going on at home. I spent nearly a week moving the message board to a new server. I'm trying to convert a Wordpress blog to run spywareinfoforum.info (nearly done with that). I'm working out the details for a new business that I plan to operate here at home. I spent three weeks recovering from a nasty reaction to a drug that my doctor prescribed. And I've probably spent too much time playing video games for my own good.

Things are more or less back to normal around here now, so hopefully the "Spyware Weekly" will once again be "weekly". While I love seeing a finished newsletter and sending it out, sometimes I hate the actual writing part.

A few weeks ago, an internal process on my web server triggered the newsletter script. Some of you may have seen the result, an email from newsletter@spywareinfoforum.info that was blank except for an unsubscribe link. That has happened a few times before and I still don't know what is causing it. I simply disabled the script so that it wouldn't happen again.

I am growing very irritated with the php scripts I use to send out this newsletter. Usually, but not always, it works fine. When it does screw up, it usually does a pretty good job of that too. I've been thinking of moving the entire mailing list over to Dundee.net. That's the same mailing company Fred Langa and Scot Finnie use. The problem is that I'd have to spend roughly $50 sending out each newsletter, plus a $40 or $45 per month fee. If I did that, I'd probably have to charge for the newsletter and I don't want to do that if it can be helped.