The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/sept10,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

1. Don't Shoot The Messenger
2. Mailwasher Pro
3. Dialer Catches Microsoft Security Advisor Off Guard
4. Doctors Required To Inform On Patients
5. The Cost Of Doing Business
6. Google vs The Media
7. Dell Update
8. Headlines

Permalink | Top

I recently tested out the newest version of Yahoo Messenger. Several articles came out on the first of this month claiming that Yahoo's newest Messenger program is sneaking software onto users' computers and I wanted to know if it was true.

Guess what? It's not.

I downloaded the Messenger installer from Yahoo's web site and installed it. I also downloaded the previous version of Messenger and installed that, then let it update itself. Both methods used the exact same installer. The installer has a digital certificate which was signed on August 25, an entire week before the news stories were published.

I did some digging at Google's news search engine and took a closer look at those articles. Nearly all of them are syndicated copies of a story written by CNet reporter Stephanie Olsen. The same story was posted to several other news sites, most of which seem to be owned by or affiliated with CNet News.

In the version of the story that appeared at ZDNet UK's web site, an editor inserted a lead paragraph which states "the 'default' installation of YIM now surreptiously [sic] installs myriad other things as well".

All of the stories include the following quote from well known privacy consultant Ray Everett-Church:

"The hidden check boxes during installation are a common practice for companies trying to further extend their reach onto your computer desktop," Everett-Church said. "Companies have a responsibility to very clearly indicate what is being installed during that process and give a clear opportunity to reject software."

While that is certainly a good quote and while I agree with the sentiment, it has nothing to do with Yahoo Messenger. The boxes aren't hidden. The installer discloses very clearly what is going to be installed. Right at the top and written in great big letters, it says "Choose the Products to Install". If you click the link for a custom installation, it lets you deselect all of the extra stuff, except for the VOIP software.

Sure, these things are installed by default unless you tell it not to install them. However, the installer makes it blatantly obvious that these extra things are going to be installed and it allows you to deselect them beforehand.

Just to be sure, I tested that as well and found absolutely nothing installed that shouldn't have been installed. There were no links on the desktop, no bookmarks littering the links folder, no change in the home page and IE's default search engine still was set to use Google.

Nothing is installed behind the user's back. None of the extra stuff included in the installer is objectionable and they are all optional, except for the VOIP software. Yahoo's installer clearly discloses that those things are included and lets the user opt out of them. In short, that is exactly how software installers should work and I can't figure out what the CNet article is complaining about.

Permalink | Top

Program: Mailwasher Pro
Author: Firetrust
Platform: Windows, Linux, Mac OS X
License: $37.00 $24.95 until Sept 16, 2005 with coupon code spyinfo
Purchase: http://www.spywareinfoforum.info/rd/mailwasher0905
Coupon code: spyinfo (Expires September 16, 2005)

Mailwasher always has been one of my favorite email filtering programs. The current version of Mailwasher even works on Linux and Mac, as well as all versions of Windows from 95 on up. It is user friendly, highly configurable and loaded with features.

Mailwasher connects to your ISP's email server and downloads the headers and part of the contents of your email. After examining your email, it assigns a color code to each one, according to whether it believes it to be legitimate mail, spam or a virus.

Mailwasher allows you to delete unwanted email without downloading it. When you finally open your regular email program (something Mailwasher will do for you if you want), all of the spam and viruses already are gone before you download anything. This is very useful considering all of the email worms going around today, especially for those of you using dial-up internet.

Mailwasher has numerous features in the current version:

• My Friends List - This lets you whitelist email addresses and choose whether or not they appear in the list when Mailwasher checks your email.
• First Alert - What this does is check the body of each email against an online database of known spam and lets you decide what to do with it. It also allows you to report an email as spam to the First Alert network if it was not flagged the first time.
• My Blacklist - This lets you add email addresses or entire domains to a blacklist. You can automatically delete and/or bounce emails from these addresses. Just note that you never should bounce spam or viruses, as the return address always will be fake.
• My Filter - You can create custom filters and tell Mailwasher how it should handle them. For instance, if you don't want email written in Russian or Chinese, you can automatically delete any email written in those languages. The filters use regular expressions and can be very powerful.
• Learning - Mailwasher can be taught what you consider to be unwanted email. For instance, if you receive certain emails that you do not want, but they are not spam and would not normally be flagged as spam, Mailwasher will learn to treat them as spam if you tell it to do so.
• Origin of spam - It can check the address of the machine that sent you email against various spam blacklists. You can add other blacklists to the program. I would recommend against any automatic deletion of email based on this particular check, as public email blacklists tend to be inaccurate.
• Virus warnings - Mailwasher can warn you if an email appears to be carrying a virus. Speaking from experience with the program, this check usually is very accurate.
• Spamcop - Mailwasher allows you to report spam to Spamcop, if you have a Spamcop account.

Until Sept 16, Mailwasher's price is reduced by a full third. If you have any problems with the ordering page or with the coupon code (spyinfo), please email Catherine http://www.spywareinfoforum.info/email2.php.

Permalink | Top

Ed Gibson, Microsoft UK's new chief security advisor and a former FBI agent, has admitted that a rogue dialer program infected his personal computer. The dialer was active for an unknown period of time and added £450.00 to his telephone bill. British Telecom, unsympathetic to the fact the charges are fraudulent, is insisting that he pay the bill.

I've discussed dialers many times. They are very small programs that can be dropped onto a PC in numerous ways. Once they are activated, they will use the computer's modem to make telephone calls to very expensive services. The company responsible for the dialer will bill the victim's telephone company, which then passes the charge on to the victim.

These dialer programs can be blocked very easily, if a telephone carrier chooses to do it. Many carriers can block access to these services or to the countries hosting them. If a customer is trying to make a legitimate phone call to these numbers, he or she can ask an operator to place the call manually, bypassing the block.

Most telephone companies do not do this. They make money on these fraudulent billing charges, so there isn't much of an incentive to block them. They know full well that they are participating in fraud. Everyone knows that ethics are not a big consideration for businesses these days and this is a perfect example of that.

If it should happen to you, there are some things you can do. These tips apply specifically to the United States, but should more or less apply in most countries.

Install an antivirus program and let it quarantine the dialer. Don't delete it because you'll need it for proof. Most antiviruses will catch most dialer programs.

File a police report. Tell the police that you are the victim of fraud and keep copies of the police report. Sadly, it may take some effort to convince the police that a crime has been committed, depending on how knowledgable they are in your area.

Dispute the charges, in writing, with your telephone carrier. Inform them that a malicious piece of software has infected your computer and is responsible for the charges. Fax or show them copies of the police report. Depending on which company you are using, that might be the end of it right there, as a few carriers simply will write off the charges.

If the telephone company refuses to do anything, contact the Public Service Commission in your state or the equivalent. Also contact the office of your state's Attorney-General. Many states have started taking these dialer companies to court and your Attorney-General already may be familiar with the company that is trying to scam you.

Finally, and this is the one that will make you grit your teeth, do not pay the charges. If your bill includes an extra $87.00 because of a dialer, subtract $87.00 from the bill when you pay it, with a note stating that the amount is in dispute. Keep doing that as long as the situation remains unresolved.

Obviously you will run the risk of having your telephone service disconnected. Letting the company know that you are in contact with the Attorney-General and Public Service Commission might scare them off. Paying the rest of the bill also reduces the chances of you being disconnected, but don't count on that. It is up to you whether or not you want to stand your ground and refuse to pay. If you pay the fraudulent charges, your chances of ever seeing that money again are very slim.

Here is another piece of advice, one coming from experience. Argue, politely, with the first customer service rep for a few minutes. When that leads nowhere (and it probably will), ask for that person's supervisor. Argue with that person for a few minutes, then ask for the next supervisor up the line.

After doing that once or twice, you probably are talking to someone with the authority to cancel the charge. They almost certainly will be less experienced with dealing with customers themselves and probably will be more inclined to work with you. After a few rounds with this person, angrily inform him or her that they now have a choice. They can cancel the charge and keep you as a regular customer, or you can pay the bill and close your account right on the spot.

You would be amazed at how well that works when trying to make an obstinate company do something they don't want to do. I once talked a bank out of a bogus overdraft charge by doing this. When you can talk a bank out of money, you know you have accomplished something.

The good news here is that telephone companies are starting to become less relevant. If it absolutely comes down to it, you can give your phone company the finger, cancel the service yourself and start using Voice over IP (VOIP). With a fast cable internet connection, you really don't even need telephone service. Most VOIP services can make telephone calls all over the world for free.

Permalink | Top

I have just read about a very disturbing erosion of privacy. Last month, President Bush signed into law the "National All Schedules Prescription Electronic Reporting Act of 2005".

This law mandates that any person dispensing controlled substances, ie. prescription medicine, has to report to their state government the name, address and phone number of their customer and the names of the drugs dispensed to them. This law applies even to veterinarians selling restricted medicines for pets.

That information goes into a database that can be accessed by local, state and federal law enforcement agencies. In fact, the state can share the information with anyone it pleases. Citizens have no right to know who is accessing the data, no right to opt-out of being in the database and no right to change any incorrect information.

I am shocked. How did this law sneak in without someone making noise about it before now? If doctors and pharmacists can't be trusted to keep medical information private, it will sow distrust between doctor and patient. Some critics predict that it will lead to people not filling prescriptions or traveling to Canada and Mexico to fill their prescriptions.

So now you can't even buy medicine for yourself or your pets without it being recorded into a government database. What happened to the days when it was illegal and unethical for a doctor to provide medical information about their patients without their permission?

Permalink | Top

"The Capitalists will compete with themselves to sell us the rope with which we will hang them all." - Vladimir Ilyich Lenin

Lenin was a very smart, very shrewd man. With that one sentence, he correctly identified the greatest weakness of a capitalist society - the fact that people will do business with the devil himself if they can make a nice profit in the meantime.

Texas Instruments sold RFID tracking technology to China which they promptly put to use in tracking their citizens.

Google and MSN willingly censor news sites and blogs that criticize the Chinese government or talk about such dangerous topics as religion or democracy. Cisco helps with this effort by selling routers to the Chinese which can block web sites based on their content.

To the small but growing list of American companies that assist the Chinese government in oppressing their population, you can add Yahoo.

Yahoo provided information to the Chinese government about a Yahoo email account belonging to a reporter. That information led to his being captured and sent to a prison camp for ten years. What heinous crime did this reporter commit that called for ten years in prison? He emailed to other journalists his notes about a government memorandum detailing how they intended to restrict the media. I hope you people at Yahoo are proud of yourselves for helping to catch such a dangerous maniac.

Though they still claim to be a communist government, communism is as dead in China as it is in Russia. Businesses there are run on the capitalist model and much of the profits go directly to the Chinese treasury. The Chinese government is a huge company that uses the world's largest army to keep the employees in line.

Yahoo and the others are so eager to do business with this company that they willingly assist them in keeping the Chinese people ignorant and under tight control. Personally, I wouldn't be able to sleep at night if I knew I was helping a government to enslave its people. I wonder how they're sleeping over there at Yahoo?

Update:
Privacy International is calling for a worldwide boycott of Yahoo because of their collaberation with the Chinese government.

Permalink | Top

If you believe several stories appearing in the media over the last few weeks, Google is fending off a PR disaster due to their policy of not speaking to CNet until next year.

A few weeks ago, CNet published a story about the disturbing amount of information Google has about people. To make their point, the story included information about Google's CEO, Eric Schmidt, which the reporter found by searching Google's search engine for 30 minutes.

The information really wasn't all that private. Mainly it was some public information about the amount of some stock trades. Nevertheless, Google was offended and ordered their PR people not to talk to CNet for one year.

Ever since, several news publications have run stories about it. Every single one of these articles have several things in common. They all speak of the information published about Schmidt and Google's reaction to it, then go on basically to restate the entire article. Each article suggests that Google is having a "PR Nightmare" or dealing with a "PR Disaster" or that Google is "taking heat" over their policy.

The funny thing is that not one of the articles explains what they mean. They never say from whom Google is taking heat. They never explain how this "PR disaster" is effecting Google. In fact, the only source of any "heat" directed at Google is from the very news articles talking about it. No one but other reporters are paying any attention to the whining.

Yes, Google overreacted. The information that CNet published was public information about some stock trades. It was nothing important or dangerous. If they had published his phone number or his address or something like that, I probably would be calling for the head of that CNet reporter right alongside Google.

The media also is overreacting. They are trying - and failing - to portray this as some huge corporate giant censoring the media. Reporters and their editors have a tendency to confuse the meaning of the First Amendment. Yes, they have the freedom to say what they want. That doesn't mean people are required to listen to or talk to them.

If the people at Google decide they are not going to talk to a certain media outlet, then that is their right. It's not as if they sued CNet, demanded that they remove the information or removed them from their search engine indexes. They were offended, so they decided not to talk to them for a year. Very reasonable if you ask me.

Google has the right not to talk to someone - we all do. I once refused to talk to the Wall Street Journal for a while because one of their reporters twisted and misquoted something I said to write a hatchet job on Lavasoft. I still refuse ever to speak to that particular reporter again, although I've talked with several other reporters from that paper since then.

The media needs to get over it. This is not the big deal they are trying to portray this to be. They are the only ones complaining and it makes them look silly.

Permalink | Top

I asked for owners of brand new Dells to write to me in the last newsletter. I managed to write back - just once - to everyone who originally wrote to me. Then a lightning bolt fried the network card in my computer. I had no way to answer those emails again until the new ethernet card arrived. And when that happened, I needed to work on this newsletter, so I still haven't done it.

Sorry for going quiet on everybody. It couldn't be helped. For those of you who wrote, thank you very much. I'll be going back to those emails again this weekend.

One way or the other, I'll reveal the big secret about Dell next week. I'm just trying to confirm whether or not something is true before I start printing unverified rumors in this newsletter.

Permalink | Top

SpywareInfo has a new(ish) feature, listing news headlines relevant to spyware, privacy and safely using the computer. There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

This Spywareinfo News Section is updated every day - and several times during the day. It is a section of Spywareinfo that we hope will keep you informed on a daily basis - and keep your internet time a bit safer. Go have a look.