October 10, 2002
Many of you may remember the rantings of Steve Gibson some time ago about Netscape's Smart Download download manager. If you've never read it before, you should read Gibson's page where he exposes this software as "spyware". After this became public knowledge, outraged victims filed a lawsuit against Netscape for running spyware on their computers.
Netscape's defense has always centered around their click-through End User License Agreement. Netscape's argument is that the users agreed to having the spyware on their system by the very fact that they installed it. A judge has ruled recently that by placing the user agreement for that plugin where it is difficult to find, the agreement is invalid. Hopefully this precedent will be used in other cases where inadequate click-through agreements are used as justification for all sorts of mischief. Lop.com anyone? (more)
Nowadays, spyware and adware companies have learned their lessons and usually include some sort of notice that their software is going to install and what the privacy implications of this are. Usually it is written in language calculated to confuse anyone but a corporate attorney and often buried so far down in the click-through agreement that the user never notices it to begin with. Privacy advocates fought hard to force these companies to make those agreements, and yet people don't take the time to read them. That alone would dramatically reduce the number of incidents where someone discovers that they have spyware installed and has no idea where it came from.
Unfortunately, it wouldn't stop the problem completely. As people became more savvy to the ways of spyware and adware and started reading those click-through agreements more closely, another way had to be found to sneak software onto our systems through the back door. Ironically, it was Microsoft which provided spyware developers with the means to do this.
By taking advantage of people's tendencies to fiddle with their computer's settings without understanding what they are doing, malicious developers are able to use activex scripting to download and install software right through the web browser. The script can be inserted into a page or into a popup window and run when the page is loaded. If the Internet Explorer security settings are set to "low", the software is installed without the user being aware that anything has happened. This trojan-like method of distribution has been dubbed "drive-by downloading".
It is in this manner that software such as Comet Cursor, the Xupiter toolbar, and the Search-Explorer toolbar have been installed on people's computers without the consent or even the knowledge of the user. The outrage that this has caused in the internet community has led the makers of just about every spyware removal program on the market to begin targeting software caught installing in this manner. The reason a security setting exists to restrict this method of software installation is to prevent infection of such things as viruses and trojans. Any software which exploits activex to install in this manner is a trojan in my opinion and deserves to be targeted.
I recently participated in a thread at the security forum at DSL Reports with representatives of eAnthology's Stop-Sign anti-virus. It turns out this company also takes advantage of that foolish security setting to install its software onto people's computers and there were some heated complaints about it on that forum. When representatives of the company began replying to the thread, I took the opportunity to warn them that if they continued to use these methods, it would cause them to be targeted by anti-spyware programs. It took some "convincing", but from the statements made by the company reps, it looks like the company will soon be withdrawing those installers. For their sakes, I certainly hope so.
Another piece of software that is being withdrawn is NewDotNet's Firstlook. Although this isn't spyware, some people thought it was and wondered where it came from after finding it installed on their systems. NewDotNet itself is bundled with other software as a sponsor, and Firstlook was recently included as a separate component of NewDotNet's own software.
Apparently, there was disagreement within the company about the project from its beginnings. An official at NewDotNet is quoted as saying "...for some reason, marketing thought this would be a good idea even though the rest of the company said otherwise. It failed miserably as planned and has been pulled..." and " ...the negativity generated from the firstlook functionality was not worth the risk of losing any users...." "...the majority of the company pushed to not release firstlook in the first place, but you know marketing departments." "Our latest version still installs the firstlook files, but they no longer function. In one of our upcoming updates the firstlook files will be removed as well."
Spectorsoft, a company which makes and sells keylogging spyware, has scored some free publicity recently. A developer for SpyCop has discovered that Spectorsoft has included a function which simulates a system crash when it detects spyware detection software such as SpyCop, SpySentry, AntiSpector, SpectorDetector, X-Cleaner, Who's Watching Me?, Nitrous AntiSpy, and SpyCop's Single File Scanner. As part of this fake system crash, it terminates the process for the detection software. (more)
This is a serious mistake on Spectorsoft's part, as it's malicious activities are sure to bring it to the attention of other software which does not yet detect it. For my part, I brought this up to the anti-spyware software developers subscribed to a private mailing list which I send out when I discover new spyware or hijackers and suggested that they all add detection for Spectorsoft products. If you make software that detects and removes spyware/malware/hijackers/<insert term of your choice> and want to be included on this mailing list, please contact me.
Scribbled by Narzy (to his congressional reps)
I am writing you today to give my support for the "Digital Media Consumers' Rights Act" bill introduced by Reps. Rick Boucher, D-Va., and John Doolittle, R-Calif.
Over the last Six years since the DMCA was enacted it has been blatantly abused, from scientoligists threatening the worlds largest and most popular search engine (www.google.com) with legal action for indexing Internet sites the spoke negatively of the organization, to the RIAA and MPAA harassing consumers with locks on digital devices such as DVD players, preventing people from making archival copies of purchased media (which is a right given under the original copyright act.) It goes against consumer rights in every direction and against the beliefs and foundations of America.
I agree that companies have the right to protect their interests and intellectual property, however this system is and has been already in place from the foundation of our country. Through our court systems, companies have the right to protect their works by sueing, and filing appropriate applicable criminal charges against individuals who decide to violate and distribute copyright and copyrighted works, this is part of protecting a copyright, and a business expense these companies can and must endure.
I am aware these groups and companies such as large media conglomerates and advocacy groups such as the RIAA and MPAA have large monetary backing, however I strongly believe and know that you are not one to take into these pressures and know that you have the influence to protect consumers against invasion of such tactics by these companies and groups.
I ask for your support with us in this matter, and to protect consumers.
If you have any questions on my views on this matter or require an "expert" opinion on such matters from a consumer side of this topic please feel free to contact me.
Thank you for your continued support,
Write to your own representatives
As mentioned in the last issue, I have started the ball rolling on The Harvester Project. The purpose of this project is to deliberately sabotage the results that spambots bring back to their owners. By having dozens of pages on your web site, each with dozens of bogus addresses, the results of an email harvest from your web site will be total garbage. Rather than having legitimate addresses to spam, the addresses collected from a member's web site will all bounce and the spammer controlling the bot will be unable to sell or use those addresses. Plus, unlike the methods used by the anti-spam vigilantes of MAPS, SPEWS, and ORBS, no one but the actual spammers will be harmed by this.
I've had several people contact me and express the opinion that this is a waste of time because spammers don't care if their spam bounces. Well, if that were true, they wouldn't be bothering to harvest valid addresses in the first place. Somehow a spammer derives more profit this way than they would spamming random addresses, therefore it is worthwhile for this project to sabotage their efforts.
I've been a little slack in updating the page in the last week because I've had other things going on. However, I'll be updating it again tonight and adding several more sites to the membership. I haven't yet chosen a logo for the project, so if you're good with graphics and want to design one, let me know. I need one graphic at 88 x 31 and another at 125 x 35.
And remember, spread the word about this project!
I've been making some changes to the location of the articles on this site. For instance, the Hijacked! article which used to be at http://www.spywareinfoforum.info/hijacked.html is now at http://www.spywareinfoforum.info/articles/hijacked/. Every other article has also been moved in a similar fashion. I've set an .htaccess file on the server to redirect requests for the old filenames to the new filenames. If you link to any of my articles, please check out the links page for the new locations.
Many thanks to the folks in the chat room for proofreading this issue and pointing out my many, many, many typos.