SpywareInfo Home
Warning: include(/home/swicom/domains/spywareinfoforum.info/public_html/newsletter.php): failed to open stream: No such file or directory in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Warning: include(): Failed opening '/home/swicom/domains/spywareinfoforum.info/public_html/newsletter.php' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Warning: include(/home/swicom/domains/spywareinfoforum.info/public_html/modules/banners/rotater.php): failed to open stream: No such file or directory in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10

Warning: include(): Failed opening '/home/swicom/domains/spywareinfoforum.info/public_html/modules/banners/rotater.php' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/swipart/public_html/spywareinfoforum.info/modules/banner.php on line 10
March 10, 2003

Microsoft is spying on you .... and yes there is proof

People have been saying for years that Microsoft is spying on people using Windows. People have been spouting crazy sounding theories about how Microsoft knows what is on your computer, knows what movies you are watching, and is installing software over the internet without your knowledge. Those people are usually dismissed as kooks and paranoids, and are often challenged to "run a port sniffer and see for yourself". Well, it seems that a lot of people have a lot of crow to eat, because as it turns out, Microsoft really is spying on its users, and they've been caught at it red-handed.

German tech news portal tecchannel is reporting that when users of Windows XP use the Windows Update web site, it transmits a list of installed software and the hardware configuration of the machine to Microsoft. Using custom-built software which takes advantage of an undocumented function of the Windows API, tecchannel has logged the data being transmitted to Microsoft just before it is encrypted. Their testing also reveals that Microsoft can identify your machine uniquely if they chose to do so, and could even lock you out of the site altogether.

The first six pages of the article are free. This is a subscription web site, so the complete article is not available to non-subscribers, but you can buy the article in pdf format for $2. When you buy the article, they also send you the custom software they used to log this activity. Since there is absolutely no doubt that a future "update" from Microsoft will disable the undocumented API function used to gather this evidence, they provide no support for the software.

This shouldn't really be a surprise. As I said, people have been saying it for years, but there is always the naive majority who refuse to believe that these sorts of abuses happen until the hard evidence is rubbed in their face. Last year rumors circulated that Microsoft's Windows Media Player was spying on them by sending back information of the music they listened to and the movies they watched. As before, the uninformed refused to believe the rumors, ridiculing those making the suggestions rather than investigating for themselves.

An investigation by noted privacy advocate Richard Smith found proof that once again, the rumors were true. Using a port sniffer, Smith found that each time a DVD movie is played on a computer which is online, Media Player 8, which ships with all copies of Windows XP, contacts a Microsoft web server to get title and chapter information for the DVD. In violation of Microsoft's stated privacy policy, the server was setting a cookie with a unique identification code that enabled Microsoft to track what DVDs were being played on that particular computer. Rather than acknowledge that they had violated the privacy of their users, Microsoft merely shrugged and said "oops" before updating their privacy policy to include the behavior that they had been caught engaging in.

This wasn't the first time Microsoft has been caught lying in its privacy policy. Last year, an FTC investigation concluded that Microsoft made false promises about how secure it kept the consumer information it collected. The Director of the Bureau of Consumer Protection at the FTC, Howard Beales, said that Microsoft had been collecting information about the day and time consumers logged into participating Passport Web sites without their knowledge, and storing data for longer than it claimed.

It wasn't the first time it's happened, and it won't be the last time it happens. I am sure that the next time someone tries to warn people that Microsoft is doing something wrong, the same people who blindly refuse to listen will again display their ignorance with taunts and insults. History is full of examples of people reacting to theories that disagree with their own beliefs by ridiculing those who come up with them. In the end, no one looks more foolish than those who use childish insults as a substitute for intelligent argument. Keep that in mind the next time someone warns about privacy being invaded.

Featured Product

Permlink | Top

SpyCop is the leading solution for finding computer monitoring spy programs, keyloggers, and commercially available software designed specifically to record your screen, email, passwords and much more!

SpyCop will detect the spy, tell you when it was installed, and optionally disable it! SpyCop can find over 354 surveillance spyware programs!

Once you're our customer, you can update the spyware database with a simple click of the mouse. This will ensure SpyCop has the latest releases of spyware to search for.

Order today and received free software and database updates for life!

SpyCop is available to SpywareInfo visitors for 20% off the regular price! This offer ends March 17.


ebay's collaberation ... err.. "cooperation" policy

Permlink | Top

The other day, I read a very disturbing article in the Haaretz Daily. It seems that ebay.com has been turning over nearly every scrap of data it has about its customers at the mere request of law enforcement, no subpeona required. As if this weren't bad enough, ebay also actively investigates its own customers in home-grown "sting" operations designed to generate evidence of crimes which is then turned over to the authorities. All of this is allowed in ebay's badly-mislabeled privacy policy.

What makes this total disregard for the privacy of its users even worse is the fact that ebay also owns PayPal and half.com, a popular online bookstore. If you buy something at an auction, send money to a family member, or buy a book using any of these sites, you have just given ebay permission to hand over all the mundane details to the FBI.

This also effects me even though I'd never even been to ebay's web site until I read this story. I accept donations towards the web site's upkeep through Paypal. That means that every detail of every donation I've ever accepted might be freely available to any government official who knows how to use a fax machine. I've been looking for a different way of accepting donations online, but I'm not finding very many. Amazon rejected me for some unknown reason ??? when I applied to open an account with them, so the next most convienant option is out.

Intuit faces class-action lawsuit over hidden SafeCast software

Permlink | Top

A California attorney has filed a class-action lawsuit againt Intuit for deceptive trade practices related to the secret bundling of SafeCast digital rights software. Macrovision's SafeCast software protects the license for Intuit's TurbotTax 2002 tax software. This software was not disclosed to customers and is not removed when TurboTax is uninstalled. As a result of the negative publicity, Intuit has started distributing an uninstaller. Unsurprisingly, the uninstaller doesn't work.

Intuit and Macrovision both have been trying to deceive the public about this software. For example, documents that were once available at Macrovision's web site which detailed the abilities of SafeCast and contradicted statements made by Intuit started disappearing after I started linking to and quoting from them. An investigation by extremetech found that Intuit's claims that you could use the software on more than one computer in limited mode without activation was a blatant lie. Without activating the software on additional machines using the internet (or by calling Intuit on the phone), the software refuses to function at all.

Extremetech's investigation dispelled some rumors about SafeCast, and also confirmed others. For instance, it was originally believed that the SafeCast technology installed by TurboTax was spyware. Judging by the documents formerly available at Macrovision's web site (which have now all vanished), SafeCast's abilities would technically make it spyware by giving publishers the ability to "gather valuable data about [their] customer base". Each publisher who uses SafeCast can decide which features to use and which not to use. The investigation shows that Intuit probably did not enable the features which would have allowed it to gather information about their users. This means that TurboTax is probably not installing spyware.

Another rumor which made the rounds was that SafeCast was writing to hidden sectors of the hard drive not normally used by Windows. As it turns out, this is not rumor, it is fact. Extremetech found that SafeCast was reading and writing to a hidden sector of the hard drive. It is the same area of the hard drive that boot sector viruses infect. This is apparently where the license information is being stored. This is a very unsafe area to store that information, and there are reports of it causing problems with other copy-protected software.

There were rumors that SafeCast would interfere with cd burner drives after TurboTax was installed. I've had several reports of people who say that after installing TurboTax, their cd burners malfuntioned while SafeCast was running in memory. Terminating the SafeCast process cleared up the problem.

Extremetech did not find any of these problems, and even speculated that these reports may be from people mixing up SafeCast with SafeDisk. SafeDisk, also by Macrovision, does interfere with cd burning. SafeDisk overwrites legitimate driver and system files with its own files that disable the burners in certain circumstances and also monitors how you are using the burner.

My advice is don't use TurboTax at all, spyware or no spyware. Maybe next year the feature that gathers demographics will be enabled. Intuit has lost whatever trust they may have once had with their customers and there has been a mass migration to less intrusive software made by less insulting companies. The two main alternatives are TaxAct (which I would recommend) and TaxCut (which has a horrible privacy statement). One reviewer at Amazon.com summed up the feelings toward Intuit quite nicely when he said "After all, if they don't trust us with their software, why should we trust them with our taxes?"

Spyware is getting more attention

Permlink | Top

Employee Internet management specialist Websense is reporting that more than 30% of business networks in Europe are infected by one or more spyware applications. Despite all the legal muttering about clickthrough agreements and disclosures, few people knowlingly install these programs. Just as with home users, these applications are installed by employees either while surfing the internet with security settings too low or by downloading popular ad-supported software such as KaZaa and Morpheus.

With home users, the advertising spyware that these sorts of programs install can be annoying and frustrating, as well as a violation of the privacy of the people using those computers. These same applications in a corporate setting are a much more serious problem. They open up a breach in the network through which any number of security problems may arise. By design, the spyware logs information about the computer use and environment and transmits it to the vendor in an effort to better target the ads shown to the user. The information which is sent back to the spyware vendors could easily be intercepted enroute by a "man in the middle" attack. Most advertising spyware uses weak encryption that is trivial to crack.

The privacy and security risks are not the only problem. There is also the time involved in cleaning up the mess left behind by browser hijackers. Browser hijackers are not spyware, usually. Most often a browser hijacker's whole purpose is to redirect the victim's browser to a page of the hijacker's choosing. This is done to enhance advertising revenues. Programs which do this often dig themselves deeply into the system and try to hide themselves from detection software. Parasites such as CommonName Toolbar and others have running processes which will reinstall any missing components seconds after they are removed, making removal difficult and possibly even dangerous.

C2Media, the maker of the infamous lop.com software, recently began using several techniques for defeating detection software. The techniques include using trickler-style installers which download and install components over the internet rather than having the entire application bundled into the installer. It also installs with randomly-generated filenames and ActiveX CLSID numbers. This means that every infection by this software is different, because it mutates randomly. This makes it difficult to automatically detect, although ironically it makes it very easy to spot and clean up by those of us who look at log files generated on the infected systems. We clean several dozen lop hijacks per week at the support forums. Other forums which offer tech support also clean up dozens of lop infections every week.

Internet Service Providers are also getting fed up with spyware. I've been contacted by hundreds of ISP support techs about various browser hijacks since I started SWI. Dozens more have links to SWI on their homepages or support pages to help their customers who have been hijacked. The two online spyware scanners here and here get hundreds of hits per day that come from these ISPs.

Earthlink is so fed up with fixing the problems caused by spyware and browser hijackers that they are looking for an "official" anti-spyware program to refer their angry customers to. There is no "official" anti-spyware program, but fortunately there is a growing list of programs which will detect and remove these parasites.

Some of the companies behind these programs are just looking to cash in, going so far as to steal the database and design of more established programs. At least three programs are free, PepiMK's Spybot, Lavasoft's Ad-aware (which has two paid versions as well), and Javacool's SpywareGuard. SpywareGuard will actually prevent a spyware infection if the program is included in its growing database, just as a good anti-virus program will prevent a virus infection.

There are also several commercial anti-spyware programs which cost anywhere from $20 to $80. Of the freebies, Spybot is the best at detecting the advertising spyware and browser hijackers, but the author can only add expensive surveillance spyware when someone "donates" a copy. By selling at a profit, these commercial anti-spyware programs are able to purchase that expensive software and add support for detecting it. I have a list of detection and prevention programs on the site's download page. There are several categories of software there you might be interested in, so be sure to check it out.


Permlink | Top

Sorry for missing the last issue everyone. I've had computer problems, ISP problems, weather problems (which caused more ISP problems), and a good old-fashioned case of writer's block. Ugh. I'm behind on everything at the moment. I'll definitely try to avoid missing any more issues.

There has been a significant update to the online X-Cleaner spyware scanner. The earlier version had a few bugs that couldn't be worked around because of some goofy behavior by Windows. Also, since it was a pure ActiveX applet, it could only run on Internet Explorer with ActiveX enabled.

The program has been redesigned so that you can load it in Internet Explorer as a regular ActiveX applet just as before. However, if you have another browser which doesn't do ActiveX, or if you'd rather not turn on ActiveX at all, you can also click a link directly to the program. When the download prompt comes up, choose "open" or "run from current location" (depending on your browser and version of Windows). Check it out.

Everyone who has emailed me at any point in the last two weeks, I am currently very far behind in reading them. I'll get around to them at some point this week (I hope). If it was urgent, send it again please.

I've also gotten behind in updating the Harvester Project page. If you've contacted me to tell me you've joined up, thank you very much and yes I'll link you. I'll try to get to work updating that page tomorrow.

Do not sign up an address which uses an auto-reply of any sort. This specifically includes "out-of-office" auto replies. The newsletter goes out in the middle of the night, so obviously you will not be in the office and I don't want to know about it from 500 different people. Also do not sign up an address which requires I answer a question, input some access code, click a special link, or any other such nonsense. If you believe the address you wish to use will be spammed or sold by me, don't subscribe. Just read it online.

The above is part of the terms of use agreed to by all subscribers of this newsletter. I repeat here because of an incident last week. Do not subscribe an address on which you use an auto-responder. Auto-reply to my newsletter and you lose your subscription. I don't care that you are out of your office. Don't waste my time telling me about it.

This is mainly for those of you reading this online and thinking of signing up, but it goes for everyone. You will not subscribe to this newsletter with an address protected from spamming by any service which requires any action by me. This includes replying to a message with a particular word in the subject, clicking a link within the email, answering a question, doing a cartwheel, or any other similar nonsense. I don't have time for it and even if I did, I still wouldn't do it. If you intend to protect the address you already have signed up, unsubscribe first or I'll do it for you the first time I get the automated message.

The reason I'm going on about this is because some person signed their subscribed address up to bluebottle.com. Bluebottle makes all email senders reply to an email with some special word in the subject line to weed out the spammers. I looked at the address of the person and deleted their subscription. However, for some reason bluebottle kept sending the exact same email over and over and over until they had spammed me hundreds of times. After the tenth identical email arrived, I demanded that they stop sending their unwanted messages. They responded with what amounted to spam for their service, so I asked a friend to contact an administrator that he knew at their hosting provider to tell them bluebottle was spamming me repeatedly and I wanted it stopped.

The people at bluebottle.com are incompetant and they're also pretty stupid. I can't imagine any person with a measurable IQ sending spam in response to a demand to stop sending email. If you want to use these sorts of services, go ahead. I'm sure they'll cut down quite a bit on your spam intake. However, don't sign up the address this newsletter is sent to. You should also avoid bluebottle.com unless you want them sending hundreds of demands for replies to everyone sending you email.

Terms of use

Permlink | Top

Subscription Management

There really is no management. If you want off this list, click on the link all the way at the bottom of this newsletter. That will remove your address. If you want to change your subscribed address, unsubscribe the current address, then subscribe the new one.

If you're reading this online and want to get on the list, enter your address below and press the "Subscribe" button. You will receive emailed instructions for confirming your subscription request. Signing up an address that doesn't belong to you will result in my beating you with a tire iron.

Replying and forwarding

If you wish to reply to this newsletter, please keep the following in mind.

One, I get a godawful amount of email each day. On top of that is the spam I get which various people have been kind enough to sign me up for. For these reasons, I may or may not reply to your email depending on how grouchy I am when I read it. I also much prefer dealing with people at the message boards.

Two, if you do reply to this, please do not include the body of the newsletter itself. Highlight and delete is your friend, please use it before hitting send. Violators will have their email address sold to lop.com (kidding).

Three, technical support is not provided through email. None. At all. I used to do this, but I no longer can. Please use the message boards for all technical assistance. Thank you.

Four, please do not forward this newsletter to anyone. It is a large email full of HTML and advertisements. To some people, getting an email like this one forwarded to them would be considered spam. There is an anchor link at the top of each section which links directly to that item online. The newsletter itself will always be located at http://www.spywareinfoforum.info/newlsetter/.

Until next time.....


Email Address

Support SpywareInfo with PayPal or Amazon - it's fast, free and secure!
Support SpywareInfo

Tech Tips from Lockergnome.com

Privacy news
Privacy News

All material on this web site is copyrighted
© 2001-2003 by Mike Healan. ® All rights reserved.