SpywareInfo Home
Warning: include(/home/swicom/domains/spywareinfoforum.info/public_html/newsletter.php): failed to open stream: No such file or directory in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Warning: include(): Failed opening '/home/swicom/domains/spywareinfoforum.info/public_html/newsletter.php' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Warning: include(/home/swicom/domains/spywareinfoforum.info/public_html/modules/banners/rotater.php): failed to open stream: No such file or directory in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Warning: include(): Failed opening '/home/swicom/domains/spywareinfoforum.info/public_html/modules/banners/rotater.php' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Merry Christmas Everyone!!

I hope everyone has a good holiday.

Drive safe. Take a cab if you get wasted.

Or better yet, pass out in the host's bathroom. ;-)

December 25, 2002

Stop using Lavasoft's Ad-aware

I truly hate that it has come to this. Lavasoft's Ad-aware used to be a fine product. Not only was it the only free solution for finding and destroying advertising spyware, it was also a good program. However, Lavasoft has abandoned Ad-aware 5.83. Support is still offered at their support forums and via email, but the program is no longer being updated to handle new spyware targets. In fact, I feel that it is necessary to recommend to everyone that they simply remove Ad-aware version 5 entirely. Using it in its current, unupdated form can be, and has been proven to be dangerous.

Ad-aware has not had a reference file update since September 24. I've personally submitted over a dozen new spyware/hijacker targets and lord knows how many updates to old spyware/hijackers. Other developers on my private mailing list update when new targets are submitted to them. Lavasoft has not.

Take Common Name for example. I sent out a special alert about this and even asked all of my readers to post the warning on various message boards about how Common Name can damage your internet connection when removed improperly (thank you for doing that). It is a very dangerous piece of software if you remove it wrong, and thankfully most people took the warnings seriously.

Lavasoft did nothing to update its removal routines for the Common Name toolbar to protect its users. This means that using Ad-aware in its current state to remove CommonName Toolbar will leave you without an internet connection. This is not theory, it is fact. I've seen it happen to people.

Lavasoft has stated numerous times that the current version will not be further updated so that the next version 6 can be developed. Version 6 is now three and half weeks overdue, with no explanation of why it is not out yet, or any estimate of when it will be released.

Consider this for a moment. What if your anti-virus product suddenly stopped updating its detection files for months on end? What if dozens of new virii were released in the wild, and older virii mutated? You are stuck unprotected by a product that now cannot work properly. Would you demand your money back?

Are you one of the many who shelled out $15 USD for Ad-aware Plus so that you could have real-time protection against spyware installation? I don't know what Lavasoft's refund policy is, but personally I'd be looking it up if I had purchased this abandoned product.

Don't bother going to their support forums to complain about it. They have now made it a policy to delete postings which they do not like. They deleted posts by the founder of Comet Cursor in a running thread asking how to get Comet Cursor removed as a target. A representative of Spyware Nuker (see below) not only had his posts deleted, they actually banned his IP address from the boards. They've even had the gall to delete some of my posts, and I used to be an administrator there. It makes you wonder what Lavasoft has to hide that they have to delete posts and ban the posters like that. Several moderators and administrators have resigned in disgust over this practice, myself included.

For these reasons, SpywareInfo will no longer host, mirror, or provide links to any Lavasoft software. I cannot endorse a product which could wreak havoc on the users system simply because the company refuses to update it.

There are four main alternatives for spyware detection and removal which I recommend. For removing advertising spyware, I recommed either the free Spybot S&D, or the $29.95 Aluria Spyware Eliminator.

For removing surveillance spyware, keyloggers, and password stealing trojans, I recommend either the $69.95 Spycop, or the $39.95 X-Cleaner.

Please note that all of those except Spybot are affiliates. Purchasing them using the links provided will generate a commission for SpywareInfo. This has nothing to do with their recommendation here. Spybot is the most highly recommended of the four.

EDIT 12/28:
It seems that the publicity about this matter prompted Lavasoft to release a response several hours after this newsletter was released. While it's sad that it took this sort of publicity to elicit a response from them after so long, at least they are now admitting that the current version cannot be used for many recent spyware/hijackware programs.

"The 5x engine is old and to keep ahead of our target base needs to be replaced. Are we saying it is bad or ineffective? No. But to effectively and safely remove many new targets and those older ones, which have changed/mutated, we would need to do a major upgrade of 5.83 and it’s reference file as well."

"The 5x engine (in its current configuration) cannot handle many of the new targets correctly. As stated in #1, the entire Ad-aware executable would need to be rewritten."

According to the response, Ad-aware 6 will not be available until January for Plus users, and February for the free version. In the meantime, I guess their users are just simply out of luck.

To those in the tech and security industry helping to get the word out about this, thank you. To those selectively quoting and misquoting this newsletter to suit your own response to it, you are making the problem worse. Either quote the whole section or quote none of it.


EDIT 1/12

Regarding the Langalist of Jan 13, which was a great newsletter as always, I feel I should clarify something. I'm not suggesting all four programs be used at the same time. I'm recommending any one or any combination of these four programs. I recommend either Spybot or Aluria for advertising spyware, dialers, browser hijackers, etc. For surveillance spyware such as keyloggers and other computer monitors, I recommend either Spycop or X-Cleaner. These four are among the best, so I listed all four.

Unlike Fred Langa, I do not recommend the latest Pest Patrol, for reasons which I am considering discussing in the next issue (Wednesday Jan, 15). I'll just say that I personally believe the company may have done something very unethical and I no longer recommend or accept sponsorship from Pest Patrol.

There has been further coverage of Ad-aware in the December 31 issue as well if you wish to read more. You can always read the most current issue at http://www.spywareinfoforum.info/newlsetter/.


The Ebay Toolbar

Permlink | Top

Last issue I explained why the Google toolbar should not be considered spyware. This week I'm going to tell you about a toolbar that is spyware. The following is a quote from Patrick Kolla, the developer of Spybot S&D.

It's verified now that the eBay toolbar is violating eBay's own Privacy Policy. According to eBays Privacy Policy, Appendix 2, stuff like IPs etc. is given to Advertisers only in a non-personal manner, to External Service Providers only with given permission (which is not asked for in the toolbar license agreement) or upon direct contact (which the user doesn't know anything about).

[During testing] The toolbar contacts both MediaPlex (adfarm.mediaplex.com) and DoubleClick (ad.doubleclick.net), using at least the first as a page relocator. That means this relocator page at MediaPlex receives the whole URL that the toolbar calls. It receives all search terms, and in the POST (formular) data of the HTML header it will also receive any formular data you enter or that is transmitted automatically.

The mediaplex relocator also contains some long number that could be a GUID [Editor: A GUID is a Globally Unique Identifier].

The least thing those two advertisers could monitor is the keywords you search for on ebay; MediaPlex is using their cookie for the toolbar, so they can track you very easy.

The worst thing that is - theoretically, not proven - possible would be much more access to your ebay account, including information about everything you bought or sold, for example.

Detection is going to be added [to Spybot S&D].

SpywareInfo Weekly Feature

As a service to our readers, SpyWareInfo is offering a weekly special on software that we believe will benefit any computer user. It is our intent to obtain the very best possible price for our readers. As such, you will find that software will be offered at a reduced price, for a one week period. Our marketing division strives to negotiate and to obtain this discount for a week. Our large readership support enables us to approach program developers for such a reduction in price. Not only will you be receiving the finest software at a discounted price, your purchase through this site will be financial support for our editor and staff. SpyWareInfo will only offer the finest products – products that we would not hesitate to use on our own computers.

If you have a product that you would like to see highlighted in this space, please contact our Director of Marketing, Ms Catherine Forsythe. We will review the product and approach the developer if the program meets our stringent standards. We thank you for your support – if a software program interests you, please tell your friends – send them here. You will be doing a multiple good deed…

X-Cleaner removes traces of documents opened, pictures viewed. Detect and remove "spy" software that logs your activity. Permanently erase files using the industrial shredder. Know if users are snooping your keystrokes! Portable! So small you can take it with you to public machines. No installation required - simply download and use.

X-Cleaner, which normally retails for $39.95, is available to SpywareInfo visitors for 10% off the regular price!

Click here for more details

Quicken Installing Spyware?

Permlink | Top

Do you use TurboTax by Quicken? Then you need to be aware that it has possibly installed digital rights management software on your computer that many sources are labeling spyware. We've had a thread running at the forums for a week or two about a third party application called C Dilla that is installed by TurboTax.

According to an article at privacyandspying.com, C Dilla is a copy protection program that installs without disclosure with certain programs such as game demos. The article says that it may disable your CD burner when copy protected software is on your computer, monitors what copy protected software you are using and how, disables "certain" internet downloads, and possibly sends user data off to a remote server without permission.

Quicken makes no mention of this software anywhere on their web site (that I could find), although possibly there is some disclosure in the click-through EULA. Considering that it is illegal in many places to provide customer financial data to third parties without the customer's consent, if you use TurboTax to do other people's taxes for a living, this third party software might actually be causing you to break the law. I'm sure the application doesn't send financial data back to .... wherever ... but since it isn't discussed anywhere on the Quicken web site, how can we be sure?

C Dilla is now a target of Spybot S&D. At first the developer was worried that removing it might actually break one of these ridiculous copyright protection laws that Hollywood keeps buying in Washington D.C. I pointed out at Spybot's support forums that there is nothing illegal about a third party uninstallation program. Or that if there were, Microsoft was breaking the law itself with its add/remove control panel applet. I'd like to think that my argument helped persuade him to include this garbage as a removal target and I hope all the other spyware removal companies also add detection for it. Just be aware that removing C Dilla will most likely disable whatever installed it, as is the case with many programs that install spyware. Make sure your documents are backed up in a standard format and is accessible by whatever you replace it with.

Panicware Popup Stopper - Panicware's top of the line product features our most advanced ad blocking, cleaning and surfing enhancement technology. Say goodbye to those pesky X10 and Casino ads! Protect your family and your privacy by stopping Internet tracking. 30 day free trial - free tech support and an unconditional money back guarantee!

CommonName Becoming A Common Problem

Permlink | Top

Weeks ago I warned about a new version of Common Name toolbar that if removed improperly will severely damage your internet connection. Well, it seems that Common Name has updated yet again to be more resistant to removal. There are manual removal instructions at Doxdesk.com, but what appears to work just as well is to run the latest, fully updated Spybot S&D in Windows safe mode.

Spyware Nuker Part Two

Permlink | Top

Last week I mentioned a new piece of software for removing spyware called Spyware Nuker, which many people consider to be spyware itself. The two main reasons for this opinion were the association between Spyware Nuker's owners and Lion's Pride Enterprises (responsible for the WNAD spyware), and also the product's EULA, which I quote below:

"You acknowledge that "Trek Blue" may, at their sole discretion and for any purpose, provide updates, automatic or otherwise, to the "Trek Blue" Program(s) including but not limited to the advertising or other value-added software and technology."

"By installing, downloading, copying, updating or otherwise using the "Trek Blue" Program(s), you specifically agree to include and/or accept the noted software and technology through which "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients provide value-added upgrades and applications to your computer."

Company representatives pointed out that this EULA was included in a beta version of the product, left over from the previous owner of the software, and was never intended for public release.

Jamie Leasure, founder of TrekBlue Software, has released this statement on the matter.

Spyware Nuker, owned and distributed by TrekBlue Software, does not contain any spyware or adware, never has, and never will. The only instance of data transmission occures when we update Spyware Nuker with new spyware/adware profiles that enable it to detect new and emerging treats.

TrekBlue regrets the oversight regarding the original EULA provisions, which suggested adware might be part of the program. That portion of the EULA has been removed. Plese note that, despite that provision, no spyware/adware was ever installed alonmg with Spyware Nuker.

Finally, please note that TrekBlue is not and never has been owned by Lions Pride Enterprises, nor has any owner of Lions Pride Enterprises ever held any ownership iterest in TrekBlue.

The EULA in the newer version of Spyware Nuker has this clause now:


You acknowledge that the "Trek Blue" Program(s) include technology which allows "Trek Blue" to provide auto- updates to the software directly to your computer to make sure you are always running the most current version of the software. By installing, downloading, copying, updating or otherwise using the "Trek Blue" Program(s), you specifically agree to include and/or accept the noted software and technology through which "Trek Blue" provides upgrades to your computer

It seems that Spybot S&D has started targeting this program for removal as of a recent update. I'm not sure of the exact reason for its inclusion.

Originally I was going to link to the Spyware Nuker web site for this section. However, I decided against it as it seems that merely loading the product's home page causes it to start downloading Spyware Nuker......

Help keep SpywareInfo going! The SWI web site received over 120,000 visitors in November, and that many visitors uses up a lot of bandwidth. If you'd like to make a contribution to keep the bills paid, we have a PayPal account set up for just that purpose. http://www.spywareinfoforum.info/support.php

Free Download

Permlink | Top

xp netstat bar

Program: XP Netstats Bar
Author: Mizotec Software Solutions
Size: 816KB
Platform: Windows XP
License: Free

XP Netstats Bar is an application that monitors all of the open ports on your computer. It tells you what ports are open, what addresses they are trying to contact, and what applications are trying to open these ports. It is extremely important for you to know what is going on behind the scenes as this will help you prevent spyware and even hacking on you computer.

XP Netstats Bar will fit itself to the top border of your desktop (see screenshot above). You can let it hide when it looses focus, to make room for other applications. You will then be presented with the icons of the applications trying to open ports on your PC. XP Netstats bar will tell you the number of connections this application is trying to make, the addresses it is trying to reach and gives you full information about the application. You can then decide if you want to leave this connection open or if you want to terminate the connection or even terminate the whole application.


* Reports all open ports and maps these ports to their associated applications. It then shows you the icon of the application for easier identification.
* Gives full details about each application and the ports it is trying to open, and what addresses it is trying to access.
* Netstats bar can identify different instances of an application and treat each instance as a different applications.
* Lets you terminate the connection or the whole application if you think it is doing something suspicious.
* Can present you with all the open ports, their local and remote addresses, protocols being used, status of the connection and the applications using these ports.
* Can resolve the host IP addresses to Url addresses.
* You can Whois, Trace or Ping any address.
* Full Network Statistics.
* Interactive TrayIcon showing incoming and outgoing data.
* You can monitor all connections or filter the TCP or UDP connections only.
* The application bar can auto hide, always be on top and even give you a sliding effect.

This Week's Poll

Permlink | Top

Gator Corporation is being sued by several web site publishers, including The New York Times, The Washington Post, and United Parcel Service for serving ads based on the context of their web sites while a person is visiting them. Gator's defense is that people have a right to see whatever they want on the web, not the owner of the web site. Certainly I agree with that. They have even sued a web site to prevent it from blocking Gator advertisments.

Of course, that would assume that people actually want Gator's software on their computer. Millions of complaints from users would suggest otherwise. Gator has a history of installing via popups without warning or notice, as I've covered before in this newsletter.

This week's poll is only for those who have had Gator installed on their computer before. Did you want it installed? Or were you surprised to see it there when it suddenly started showing you popup ads or turned up in your ad-aware/spybot scan?
Take this weeks poll at let me know (Registration required).

Results from last issue's poll:

Have you ever bought anything from a popup ad?

Yes (4%)
No (93%)
Only an X10 camera (2%)
Not sure (0%)

Webmasters, advertisers, are you paying attention here?

Final Ramblings

Sorry for missing the last issue everyone. I've been tweaking my new internet connection, trying to catch up with the web site, trying to empty my inbox of the nearly 200 emails that are in it, all of which need some sort of attention, etc. Hopefully that won't happen again.

Last issue I told you that I wasn't hooked up to Direcway service yet because their contractor, Net Communications in Atlanta, Georgia, was refusing to make the three-hour drive to install the satellite dish and modems. Several points off my unofficial review of my new ISP for choosing a lazy contractor 300 miles away.

However, I give them many more points for very swiftly taking the contract from Net Communications and giving it to someone else who was much closer. In fact, the new contractor told me they got the contract within minutes of the time I hung up with the Direcway representative.

If you invest in or do any sort of business with Net Communications in Atlanta, Georgia and stand to lose money if they have a bad financial year, then you may want to cut your losses while you can. If they handle this one business deal so poorly, they'll probably handle other business deals just as poorly.

I have to say I'm impressed so far. Right out of the box I got 1,300kbps on various speed tests and 2,300 after some tweaking. After some more tweaking I got my browsers to catch up with the speed and now web pages just snap open. I've done 30MB downloads at a steady 6,000kbps and I managed to download Linux the first night I had it (unfortunately, the power went out in the middle of the download and corrupted the .iso file).

It tends to go out about 5 or 6 times per hour for maybe 30 seconds, which is REALLY annoying and my upload speed is horrible. I need to contact them about that. I've also had four service outages in the nearly two weeks I've had it. Twice for weather, once for a DNS outage, and one outage is unexplained. Not a good thing. Overall though, I'm pretty impressed with the with what I'm getting. If I ever had to go back to dialup, I believe I'd commit hari kari.

Click the link at the bottom to unsubscribe from this newsletter.


Email Address

Tech Tips from Lockergnome.com

Support SpywareInfo with PayPal or Amazon - it's fast, free and secure!
Support SpywareInfo

Privacy news
Privacy News

All material on this web site is copyrighted
© 2001-2002 by Mike Healan. ® All rights reserved.

Proofread by the lovely Noggie

SpywareInfo banner originally designed by mockie