Warning: include(/home/swicom/domains/spywareinfoforum.info/public_html/modules/banners/rotater.php): failed to open stream: No such file or directory in
/home/swipart/public_html/spywareinfoforum.info/modules/nav.php on line
17
Warning: include(): Failed opening '/home/swicom/domains/spywareinfoforum.info/public_html/modules/banners/rotater.php' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in
/home/swipart/public_html/spywareinfoforum.info/modules/nav.php on line
17
Spyware Weekly Newsletter :· July 17, 2006
The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Please read our Terms of Use for quoting guidelines. http://www.spywareinfoforum.info/newlsetter/july17,2006.
Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.
The contents of this newsletter is all commentary.
Table of Contents
Hello Again
Permalink | Top
Welcome to the Spyware ... Yearly? Sorry, bad joke.
I'm sorry about the prolonged pause since the last newsletter. I do have a good excuse though. I had to go for treatment for a severe case of clinical depression. I have been cruising on some pretty potent medication for a while, which they finally reduced at the end of last month. Good stuff to have, if you are throwing a frat party.
I want to say "Thank you" to my partner Catherine, to the staff at the message board (especially cnm and Maddoktor), all of the volunteers at the message board and to my web host. There were some serious problems with the message board while I was out of it, including a break-in by Russian script kiddies. They kept everything running in my absence.
Anyway, I am back now. The regular, weekly ranting (AKA, the newsletter) will resume, starting now.
There are some important changes that I should mention.
The location of the news headlines part of the site has been moved. Now it is located at www.flyinghamster.com and is run by my partner, Catherine. The previous location, www2.spywareinfoforum.info, is no longer used and I will disable it shortly.
This is not new but I will mention it anyway. All subscribers to the newsletter with an aol.com address have, again, been deleted from the database (all forty of them). I could go into the reasons why, except my web host already has done so. AOL, for the love of God, please fix your spam reporting system!
Finally, I goofed up and let the lease on my post office box expire. I am not about to publish my street address so, for the moment, any donations to the site will have to go through Paypal.
I think that covers everything. Assuming everything goes well, another newsletter should be out next Monday. See you then.
Spycop Antispyware and Evidence Terminator
Permalink | Top
Program: Spycop Antispyware
Price:
$49.95 $39.96 [
20% off until July 24, 2006]
Purchase Spycop [
Use coupon code SPYC-4XL4-INFO]
Program: Evidence Terminator
Price:
$49.95 $39.96 [
20% off until July 24, 2006]
Purchase Evidence Terminator [
Use coupon code EVTM-OQ67-INFO]
Spycop + ET Bundle:
$79.90 $69.93
Purchase Spycop + ET Bundle [
Discount is applied automatically until July 24, 2006]
There is the sort of spyware that comes from installing programs like Kazaa and Imesh. This kind of spyware will track your web usage to produce more relevant pop-up ads. This is an annoying and unfair invasion of privacy. However, other than the aggravation of dealing with pop-up ads and spam, this kind of spyware usually is not dangerous (well, except to your blood pressure). These usually can be cleaned up with products such as Ad-aware and Spybot.
More dangerous are the surveillance and monitoring programs. These programs are used to gather all of the information necessary to steal your identity and ruin your credit. A business rival can bribe an employee to install spyware on the company network. Or the company itself might install spyware to watch you while you work. These programs cost money to buy for testing and not all antispyware companies can afford to keep up with each new version.
SpyCop is the leading solution for finding computer monitoring spy programs, keyloggers, and commercially available software designed specifically to record your screen, email and passwords. SpyCop will detect the spy, tell you when it was installed, and disable it. SpyCop claims to have the largest database of surveillance spyware.
SpyCop also makes Evidence Terminator, a program that cleans out the traces of computer usage that Windows leaves lying around. This includes browser cache, temp files and recently opened documents among other things. You should shred paper documents at home and in the office, if you don't want people reading them. The same goes for your PC.
More information about Spycop http://www.spywareinfoforum.info/downloads/spycop/
More information about Evidence Terminator http://www.spywareinfoforum.info/downloads/spycop/eterminate.php
Don't forget, even if you catch all the spyware on your computer, someone can still sneak up behind you and peek over your shoulder. Spycop won't help with that, so you might think about buying yourself one of these monitors. ;-)
Also, our sister site, FlyingHamster.com, has a discount for Spyware Doctor. Go have a look.
If you have any problems with the ordering page or with the coupon codes, please email Catherine http://www.spywareinfoforum.info/email2.php.
New Escalation In The Malware War
Permalink | Top
The war for control of your computer may be about to enter a whole new level of complexity. Security researcher Joanna Rutkowska has announced that she has created technology which can subvert any computer operating system running on newer X64 hardware.
This new technology, dubbed "Blue Pill", uses hardware virtualization support built into 64 bit AMD processors. With Blue Pill, an active operating system can be separated from the computer's hardware and placed into a virtual machine environment. Theoretically, Blue Pill also could work with 64 bit Intel processors that support hardware virtualization.
Basically, the compromised operating system would be running on top of Blue Pill, the way a regular application runs on top of the operating system. Blue Pill would be in control of the operating system and would define its "universe". That is an oversimplification, but it should give you the general idea. While it would be theoretically possible to detect that a system has been compromised in this way, it would be extremely difficult.
According to her blog postings on the technology, Blue Pill requires no machine restart, does not require interaction with any operating system security and is undetectable. Conventional methods of detecting a rootkit would fail to discover a Blue Pill rootkit.
Let me tell you, this is not something to which I look forward. It is difficult enough as it is to find and destroy a modern browser hijacker. Their creators already are using rootkits to hide their garbage. If and when malware starts hiding behind this sort of protection, it may be nearly impossible to remove. Rutkowska claims that, even if a security company had the source code for a piece of malware, Blue Pill would prevent them from ever detecting it.
Rutkowska plans to demonstrate the technology at the upcoming SyScan conference in Singapore and at the Black Hat conference in the USA.
I want to mention one thing, before the letters start arriving. Rutkowska built this Blue Pill software around an existing feature of newer processors, in a way that (I sincerely hope) was unintended by those chip makers. If she hadn't figured out how to do this, someone else would have. It is in the news. Security software companies are aware of this, though I can't imagine how they will respond.
It is better that a security researcher discovered this first, rather than the people who hijack your computer and pop up pornographic ads in front of your children. Of course, that assumes she really was the first...
Did Microsoft Drop Spyware On Us?
Permalink | Top
I read a number of news sites, usually on a daily basis. One story seems to have been all over the place for an entire month. Microsoft was caught in the act of doing something extraordinarily stupid. Again...
The events around this story have changed a few times since I first started writing this article. If this article seems to be a little chaotic, it is because I've had to rewrite it three times already, to include new information.
Windows Genuine Advantage (WGA) is software that rifles through a Windows system to determine whether or not it is a pirated copy. It is not quite mandatory - yet - but you do have to install it in order to download non-critical updates to Windows and various Microsoft software, such as Media Player 11 and Internet Explorer 7. You must have it installed if you want to use the Windows Updates web site.
It is not a well-liked bit of software, as it has a tendency to flag perfectly legitimate copies of Windows as being pirated. Microsoft proudly proclaims the fact that "80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys".
If you ever want to explain the concept of "spin control" to someone, here is the perfect example. If 80% of WGA "failures" are correct, the flip side is that 20% of failures are incorrect. Software that does it wrong on every fifth attempt is software that needs to go back to the debugger.
Anyway...
So what has Microsoft done now that has people so riled up about WGA? If only it were just *one* thing...
Rumor One
The rumor: Microsoft slipped WGA into a package of critical updates back in May. Many people are saying that WGA was included in that month's round of updates, with its name disguised to make it look like a security update. Microsoft does have a history of doing that sort of thing.
Well..... not quite. It was included, but it doesn't seem to have been disguised.
I haven't been home long enough in the last few months to update my own computer, so I decided to see for myself whether or not WGA was in the list. It was there all right, plain as day. It was not disguised as something else, at least not on the day I took that screenshot. How it was listed in May and June is something I have no way of checking.
Of course, that still leaves the following question: Why was a supposedly optional piece of software listed in Automatic Updates in the first place? I could be wrong, but it was my understanding that the Automatic Updates program was to be used only for bug fixes. If they start trying to slip in other stuff that people may not want, it will discourage them from using Automatic Updates.
Anyone who had set Automatic Update to install all updates would have received WGA. Anyone who used the "express" method of installing available updates would have received it. Anyone who looked at the list of updates, before installing anything, may have seen it first, at least in July.
Rumor Two
The rumor: Microsoft pushes WGA on their Windows Update site, disguising it as an update to the software that makes Windows Updates work. This rumor is true.
On a computer running Windows XP, you must have WGA installed before you can use the Windows Update web site. If you do not, the site will not allow you to proceed until you do install it.
On a PC without WGA, this is the first thing you see on the Windows Update site: http://www.spywareinfoforum.info/images/ms/winupdate1.jpg
As you can see, there is no mention of WGA. It doesn't matter whether you choose the "Express" or "Custom" option, because either of them will land you on the following page: http://www.spywareinfoforum.info/images/ms/winupdate2.jpg
This page tells the visitor that "To use this latest version of Windows Update, you will need to upgrade some of its components". That is entirely false.
The only thing the "Download and Install Now" button at the bottom will do is to install Windows Genuine Advantage. WGA is not a component of Windows Update. Windows Update is only one of the many things at Microsoft that requires WGA validation.
On the bottom of that page, there is a link for more details. When and if the visitor clicks that link, they would see that the "components" the page wants to install really is Windows Genuine Advantage. http://www.spywareinfoforum.info/images/ms/winupdate3.jpg
Informed consent? No, I don't think so.
Rumor Three
The rumor: Once installed, WGA will contact a Microsoft server every time the computer is rebooted. This rumor was true.
WGA did call home, every time the user rebooted their computer. This was never disclosed by Microsoft until AFTER they were caught doing it. Many people are calling WGA spyware because of this and a number of lawsuits have been filed.
While the installation of WGA on the Windows Update site *was* disclosed, just barely and underneath a deceptively-worded description, there was *not* a disclosure that WGA would be checking in with Redmond every time the computer restarted.
That behavior was not explained. After being roasted alive with bad publicity, Microsoft decided to remove the call home function. They also claim to have updated the license agreement to explain more clearly what WGA does.
According to Microsoft, all that happens during this communication is that a configuration file tells WGA whether or not it should turn itself off. If Microsoft had bothered to explain this up front, rather having to be caught out in public, they may have avoided a couple of lawsuits.
Rumor Four
The rumor: Microsoft is going to "turn off" copies of Windows that do not have WGA installed, later this year. Microsoft flatly denies this rumor.
This rumor started in a way that makes me doubt the truthfulness of the original report. I find it hard to believe that any company would do something so foolish. Then again, stranger things have happened.
Supposedly, a user of Microsoft's "One Care" service became annoyed that it would raise a flag, if automatic updates were turned off. This person called Microsoft's support number and asked if there was a setting somewhere that would make One Care ignore the update settings.
During the course of the conversation, the discussion drifted to Windows Genuine Advantage. The support tech let it slip that, sometime this coming Fall, Windows would be disabled for people who have not installed the very latest copy of Windows Genuine Advantage.
The exact quote, according to the person who initially reported all this, was:
"In the fall, having the latest WGA will become mandatory and if its not installed, Windows will give a 30 day warning and when the 30 days is up and WGA isn't installed, Windows will stop working, so you might as well install WGA now."
Let me be clear again. This rumor started when someone posted the above quote to some newsgroup. More likely, either the support tech was spouting nonsense or the entire incident never happened.
Nevertheless, several news sites picked up on that almost immediately and it made headlines all over the place. Understandably, many people were ready to set fire to Bill Gates, when this statement became public.
Microsoft, who evidently employs the most ignorant public relations people in the world, made the situation worse by refusing initially to deny the rumor. When tech columnist Ed Bott asked Microsoft for a comment, this is what came back to him:
"As we have mentioned previously, as the WGA Notifications program expands in the future, customers may be required to participate. Microsoft is gathering feedback in select markets to learn how it can best meet its customers' needs and will keep customers informed of any changes to the program."
After publishing that bizarre response at ZDNet, Bott received another reply from someone at Microsoft's public relations firm. It rambled for a while, after flatly denying that copies of Windows that lack WGA will be disabled. It did not answer Bott's question of whether or not WGA was about to become mandatory. Now, apparently, they are refusing to take any interviews on the subject.
That can't be a good sign. If they are planning to make WGA installation mandatory, exactly how are they planning to "enforce" it? If this is not planned, why don't they simply say that?
All of the issues surrounding WGA are extremely confusing. Microsoft is not helping the matter. If you ask me, Microsoft needs to fire their entire PR firm and hire one that knows what it is doing. You fight rumor with truth, not by stonewalling.
All that can be stated with any certainty about this WGA situation is that someone went from office to office at Microsoft, whacking people over the head with The Stupid Stick™.
Unlocking The Back Door
Permalink | Top
The FBI has drafted legislation that would require manufacturers of network routing hardware to install back door access codes into their products. The legislation also would require ISPs to filter through a customer's internet usage to pinpoint VOIP traffic.
The purpose for the back door access codes is to enable law enforcement to carry out wiretapping on persons using VOIP communications. As it stands now, it is difficult to tap into VOIP telephone calls. The legislation would, basically, expand the 1994 Communications Assistance for Law Enforcement Act (CALEA), which requires telephone companies to make sure conventional telephones can be tapped, if necessary.
I have to wonder if the FBI really came up with this or if it was some lawyer in the Justice Department whose understanding of internet technology equals that of my cat. I find it hard to believe that anyone with any experience, either with internet technology or cybercrime, would make a proposal like this.
Putting "hidden" access codes into network equipment is a recipe for absolute chaos. Those codes will be found. That is not a theory or a concern. That is absolute, iron-clad fact. People discover back doors in consumer routers all the time and they ALWAYS end up on those "full disclosure" mailing lists.
Exactly how much chaos would occur depends on how the manufacturers alter their equipment. If the access code gives full control over the routers, the rest of the world will watch America drop entirely off the net one day. If it allows only for monitoring of the traffic flowing through the router, you can expect identity thieves and blackmailers to have a field day. In either case, it would cause exactly the sort of thing the FBI is supposed to prevent.
Now don't misunderstand me. If they want to require ISPs to make it easy to pinpoint VOIP telephone calls, that's fine, although I am hearing that it will cost a bloody fortune to do it. The FBI and other police agencies need a way to carry out wiretapping. That is a necessary part of law enforcement and counterterrorism. Criminals talk themselves right into jail all the time.
I simply do not see how putting back doors into all routers in the United States makes that any easier. Even if it did make it easier, it still would be an idiotic idea.
When the FBI wants to monitor a regular phone line, they make arrangements for that with the telephone company, plug in their equipment and turn on the tape recorder. They do not require that every telephone in the country can be activated by a secret code. Why not? Because it would be unnecessary for their purposes and it would be incredibly stupid.
One other thing about this proposal caught my eye (and CNet's). Currently, the Justice Department is required to announce publicly the total number of communications intercepted by federal law enforcement agencies each year. For some unknown reason, they want to do away with that requirement. When a government agency that is tasked with monitoring and/or arresting people wants to eliminate oversight requirements, that makes me nervous.
Oversight of such agencies exist for a reason. Public oversight of these agencies were not created to counter a theoretical problem. Oversight laws exist because, before those laws were created, various law enforcement and intelligence agencies abused their powers in an illegal manner. I wonder why the Justice Department would want to remove some of that oversight now?
What's next? Eliminating the need for a court order, before tapping phone calls? The intelligence agencies are doing that already, when they believe terrorists are involved.
The FBI wants to make their job of catching criminals and terrorists easier. I have no problem with that. I don't want to see another skyscraper fall to the ground any more than they do. Eliminating public oversight doesn't help with that. Opening every router in America to attack with hidden passwords doesn't help with that. Someone, either at the FBI or at the Justice Department, has lost all perspective and needs to take a big step back, before they destroy the very thing they are guarding.
Like Kicking Over An Ant Hill...
Permalink | Top
I don't know whether to laugh, cry or throw my hands in the air at the stupidity of some people.
Earlier this month, Microsoft announced a new product, called Private Folders. It was a free encryption program. Basically, you drop files into a special "folder", which then are encrypted. It is a simple concept, which probably explains why there are hundreds of other programs that do exactly the same thing.
The reaction to Microsoft's announcement was astounding. So-called "IT Administrators" started running around in a panic, as if someone had kicked over their ant hill. The outcry against the release of this software was phenomenal.
"What if users forget their password and lose their company documents? How do we provide support for this? How do we block it??"
It was as if hundreds, perhaps thousands, of "IT Administrators" all woke up one day, read this announcement and suddenly discovered the concept of encryption software. Ugh!
Google the phrase ENCRYPTION SOFTWARE. There are 148 MILLION hits, plus no less than 48 advertisements across the top and bottom of the results. Did these people honestly not realize such a thing existed??
Microsoft, nonplussed at the sight of so many "IT Administrators" running around in terror, decided to cancel the Private Folders project. There are rumors that existing copies of Private Folders may be disabled in a future update to Windows. You shouldn't worry though, since apparently you have 148 million chances to find another program.
I'll help with that. I'll list three encryption programs that I have no problems recommending.
GnuPG aka GNU Privacy Guard - This is a command-line program based on OpenPGP, which is considered to be the strongest possible encryption available to consumers. It is widely believed that not even the US National Security Agency can crack the encryption. It should work on just about any computer platform out there.
For Linux, there is a very good graphical front-end to GnuPG that works with KDE, called KPGP. That is what I use myself. I don't know if it works under Gnome. If KDE is installed, it should work. If there is a free Windows program that adds a graphical front-end to GnuPG, I've never heard of it.
PGP - This is the commercial version of PGP and is expensive. It works on Windows and Mac OS.
TrueCrypt - I have never used this myself but everyone who has used it loves it. It creates a file, then mounts that file as if it were a new hard drive. This is similar to a feature in the commercial version of PGP. It also can be operated in a mode that makes it extremely difficult to detect that it has been used at all. It works on Windows or Linux.
I can't be sure without testing it, but TrueCrypt seems to not use a public/private key pair system the way PGP does. It does use powerful encryption algorithms, such as Blowfish, AES and others. For home users, this program will be more than enough. For business use, you probably should stick to PGP.
Keep in mind that in certain countries, the posession of encryption software is a crime against the state. Make sure you are not living in one of them, before you download any of these programs.