Slashdot Mirror

...here.

(Where is the laughing? Why do I not hear laughing? Well at least there's no DRM...)

For the embedded Winsock ones, use lspfix.exe. Just be careful. Some of those are supposed to be there.

Not really true. Some CWS variants are really really hard to remove (in extreme cases, using the oxymoronically-named HackerDefender rootkit to disguise itself, plus hide and shut down CWShredder, AdAware, Spybot S&D et al when you try to install them), but everything is possible.

Basically, if CWShredder, Spybot and AdAware don't work for you, and you can't see anything on your HijackThis! log, first step is to search on the now slightly outdated CWS Chronicles and then on many of the excellent anti-spyware forums out there, all of which have encountered more variants of CWS than you could ever imagine. If you can't find someone else with the same problem, then post your HJT logs and other stuff and someone should be able to help you.

These parasites (it's not all spyware anymore) are now really, really, really out of hand - the CWS people, especially, but there's even worse people out there - and something needs to be done to stop them. Unfortunately, that's not going to happen anytime soon - since the companies that make most of these are "legitimate businesses", as opposed to idiot teenagers with Visual Basic. Shame.

There's two utilities I use on a regular basis for winsock fixing:

1. LSP Fix. This program will let you see what dll's are embedded in your TCP/IP stack. Most of the time it will even detect stuff that's not supposed to be there, but you do have the option to override its judgement. Spybot S&D also has the ability to look into the stack, but you can't use it to remove offending modules, nor see their actual dll filenames.

2. Winsock XP Fix. This nifty little utility will basically reset all registry settings for the stack back to what they're supposed to be. This is usefull if some nasty has totally trashed the stack on its way out the door. It would also appear it works on earlier versions of Windows (certianly Win2k) but I've never tried it on anything but XP.

I used to joke that as long as people break their computers I'd have a job, but there are times when the spyware thing really drives me up a wall...

Hey, what's so funny?

Dont agree to them. Simplest way to deal with EULAs. They offer you a contract, you decline it. Optionally you can offer a more reasonable contract to them, perhaps as detailed in the SVLA. The GPL is pretty much the only EULA I agree to these days.

The cheap CDs come with some hidden prices; secret censorshipand coercive censorship. Wired article here

But when you buy music at Wal Mart, are you getting the real version or the censored but identically packaged version made especially for that store? (This is why you never see those 'explicit lyrics warning' stickers at Wal Mart -- they just don't give you a choice and force their censorship on you without your knowledge or consent.)

My favorite fill-in address. I'm surprised it doesn't have more of a google following, although it hasn't actually been "valid" (in the fuck-a-spammer sense) for a number of years. Still, it seems like it should be a pretty clear indication to an address-demanding site/service, of how the user expects them to make use of the information...

Of course, if a fill-in form is ever wise to that one, I can always consult the list.

Yup, details of how to mess with the Dakota Digital camera can be found here, for instance.

The problem I've had with a few popup blockers is that they are not particularly intelligent. Some of them can't even tell the difference between a popup and when you create a new instance of your browser. Beating advertisers requires intelligent filtering at the HTTP stream level, and I've found that the Proxomitron is an excellent proxy that does this. Unfortunately, the writer burned out and it's no longer supported. As such, I've heard really good things about Provoxy, but I can't make a recommendation since I've never used it.

As far as Proxomitron goes, it makes my surfing much more pleasurable. Annoying Flash ads that pop up and make noise and block what you're reading? Gone. Pop-up mouse traps? I laugh in their face. Sidebar/banner ads? What are those? Sometimes, however, the Proxomitron DOES munge some sites due to its filtering, but all you have to do is double click its taskbar icon, punch the "Bypass" button, and reload your browser. A small price to pay compared to punching your monitor in because an ad just took over your browser.

For fighting spam, popups and malware in general, I find Cexx to be a good site. They have a decent list of anti spyware/adware apps, and lenghthy and informative analyses of the various spyware running around.

Section 9's cool too. It says that you waive the right to sue them in a real court, but instead will have a hearing before a "neutral arbitrator".

You can get the right to sue in court back, or alternatively force them to waive the right to sue YOU in court. See battle of the forms for more info.

it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address.

Maybe they should team up with this company.

Unless you were using an older version of Ad-aware, LSP-FIX would have fixed your tcp/ip stack. I used it on one of my friends computers and it worked perfectly. Of course I installed Mozilla while I was there and he asked me about it. I tried to explain that it was an opensource web browser but he just gave me a blank stare so I explained that it was an improved version of IE with a built in popup blocker and tabbed browsing.

In college a roommate and I performed an exorcism on a new Compaq computer his parents sent up for him. After formatting it and cleanly installing Windows 98, we loaded Half-Life onto it since that was the all-the-rage FPS on the dorm network at the time. I'd run it dozens of times without incident and blasted away at the hallmates for hours. But this other buddy of ours, Rob, couldn't run it. If he clicked the icon, the computer would bluescreen. Reboot, he tries to run it again...bluescreen. Eventually we just either let him play from MY computer, or have me run HL (click the icon) before turning over the controls. I think he and that machine must have been enemies in a past life or something.

...because a lot of my work is cleaning up those systems infested with spyware. And that's just my parents, co-workers, and friends' systems. My co-worker has a laptop that she telecommutes with, and her sister got a hold of that thing and loaded just about every cute freeware app she could grab on the 'Net. This thing was so loaded down with spyware that they were wrestling each other for control over Internet Explorer, and it wouldn't even browse. I don't remember exactly how many hits Ad Aware picked up, but it was several hundred.

I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.

I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html.
Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.

In light my experience, I shudder to think what Joe Sixpack must have on his system....

Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.

While the BOFH really did allow beancounters to play Doom for a chance to save their files, the BGFH did something very similar to the original program stated in the article.

http://cexx.org has a list of potential threats in popular Windows software as well as ways to counter them, you might want to check it out.

I would have pointed you to this link at cexx.org for info on how scummy new.net is, but if you visit it you'll see that new.net's scumball lawyers forced them to take it down! Instead, see this link for new.net info & removal instructions.

In summary: FSCK NEW.NET!

I remember that, from my broke-college-student days. Everyone used to start up 'move the mouse' scripts and go to sleep, and usually got caught. I figured it probably checked for more involved activity, such as actual Web surfing (clicking on links, and such), so I wrote two different scripts: one to move the mouse in such a way as to sequentially click through a set of Netscape bookmarks at a randomish interval (between 3 ~ 5 minutes IIRC), and another to generate an insanely huge set of Netscape bookmarks (arranged as something like 25 folders with 25 links per folder) by turning it loose on any randomly-chosen list-o-million-links pages and letting it collect all the links. Did this for a few months...start the click script and rake in the $$$ while in class or sleeping. Unfortunately, this was toward the end of AllAdvantage when they began limiting how many hours per month they'd actually pay for, so by the end I was getting checks for...what was it...$12.50 per month I think. Eventually it just went out of business.

Just looking around, I still have the QBASIC script that generated bookmark files. (Yeah yeah, Qbasic and all, but it was semi-ingenious in those days. The script called C:\Windows\ping.exe to verify all the servers, to prevent e.g. "DNS Error" dialog boxes that would interfere with the link-clicking, as well as filter out anything that looked like an ad-link, etc.)

A few other useless-but-interesting facts I'm remembering about these services... AllAdvantage used the IE HTML renderer; it basically just displayed a Web page in its main window. The HTML for this was embedded in the .EXE, which did not checksum itself. Just find the <IMG SRC=... tag in the binary, and change the width and height attributes to all zeros. Viola, no more blinky blinky.

While you were at it (messing with the .exe, and all), you could change its internal name and window title so that the adbar programs (Cashsurf, EPIPO and whatever else existed at the time) wouldn't detect one another and close down.

And then of course, there was always WindowsSniper...

how about: This one?

• Trend Micro Damage Cleanup - Free, Effective at catching a multitude of viruses and malware (Detects some spyware as trojans or adware)
• Spybot Search & Destroy
• Ad-Aware
• CWShredder - Kills CoolWebSearch variants
• HijackThis! - Powerful general tool for cleaning up what the others miss
• LSPFix - to fix broken LSPs that interfere with Windows' TCP/IP stack

Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...

The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.

So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1... :-)

so, youre basing your 'if you install it then you agree' on what exactly? did the contract fairy bring you a note from god saying thats how contracts work now? there is no legal connection between installing the software and agreeing to the contract. they are completely seperate. i can think of a dozen ways to install any particular piece of software without ever having to deal with the agree/decline dialog, or to continue installing after declining. or, better yet, to amend the agreement (see here for something along these lines) before agreeing to it. or are you saying people dont have the right to modify contracts before they sign them any more (every person i know who has ever accepted a job will be sad to hear this).

The most recent actual "hack" I've been involved with is the single-use (Dakota) camera. So far, the 25-picture disposable camera has been made to also support time-lapse computer-controlled photography, continuous video (i.e. Webcam) modes, and been able to store (in my brief, informal test) 58 pictures.

The rest of these might not be considered hacks per se, just projects.

A project that never got finished would have put a high-power subwoofer amplifier in my car, complete with an authentic '60s fluorescing vacuum tube as a level display. Much classier than the usual LED-bargraph arrangements popular with the kiddies these days. Unfortunately, in the middle of building this I got offered a job and moved 'cross-country, but didn't have room to pack the unfinished bits+pieces and all my electrical test equipment in my little 2-door.

In my college years, I had the position of running an underground student newspaper. An issue was released 'every few weeks' when its dedicated editors were free/bored enough to put one together, but one thing everyone thought would be nice would be to commandeer the University (dorm) cable system after-hours for a student-run movie and wierd footage channel. Starting at about midnight or so, this would replace a lame "information channel" text marquee (which was always several weeks out of date and advertising events whose deadlines had come and gone), that was currently occupying a perfectly good cable channel.

We had obtained keys to the main hub room (also the cable feed room), so inserting the signal was not a problem. The student TV footage was intended to begin late at night, when university officials were guaranteed not to be watching, and would be pre-recorded. This presented a minor problem, however: everyone on the 'staff' had early classes and poor memories, and could not be counted on to get into the hub closet after hours to insert the day's programming and press 'play'. Also, while some students (volunteering for the Computer center) did legitimately have access to these areas, students going in and out of there after hours would arouse unnecessary suspicion from campus security.

It was decided that the best solution was to equip the VCR with a 'remote control' of sorts that would allow it to be controlled over the dorm network via the abundant Ethernet connections available in the room. This would allow for automated starting and stopping as well as manual intervention as necessary; footage could then be loaded during the daytime hours at the convenience of those involved.

Making a VCR Internet-ready is not has hard as it sounds. I simply built a board with eight simple Darlington transistor circuits (corresponding to 8 data pins on a parallel port) to drive the important VCR function buttons via this port. A simple Web server (disposable '386) running a perl-based CGI interface allowed Web-based control of the parallel port bits, which in turn operated the disposable VCR with wires soldered into the appropriate front-panel switches.

The tricky part then became finding controversial/interesting/non-stupid, but legal, student-produced content worth displaying, but that's another story.

I have an All-Your-Base-derived signature, that's enough slashdot subculture for me :-) If I wanted to score /. points, I'd make some kind of half-assed Soviet Russia comment (In Soviet Russia, YOU make BEVERAGE tipsy! I.S.R., bottle cap look down on YOU! etc.), and link it to Goatse..ahem... goat.cexx.

You must work for Compaq.

The Cue Cat was a glorified privacy-invading bar code scanner that flopped in the markeplace (even though they gave away 1 million of these beasties). I still have 3 of these things given to me through various magazine subscriptions. If I ever find the time I will have to hack the cat.

...that a portable MP3 player starting at $299 was not engineered to have user-replacable batteries, yet a $10 single-use digital camera was?

I'd really like an iPod... $300 is an awful lot to spend on something that will end up costing $99 more when the battery finally croaks. Yea, I know about the site that sells iPod batteries, but the last thing I pried apart to work on (an old 486 laptop) still has pry marks from when I opened it to replace the CCFT. While the laptop needed the CCFT replaced due to improper handling (I accidentially dropped it), the iPod will eventually need a new battery no matter what. This means a $300 device that I'll either have to spend $99 on at some point, or live with pry marks on the case.

Apple really needs to come out with an updated version of the iPod to address this battery issue. As much as I want an iPod, the battery issue and the format war between WMA and AAC is enough to make me sit on the sidelines and watch instead of buy. If Apple fixed the battery issue and added WMA support (and why not? they claim iTunes is run at a break-even point just to sell iPods.) they'd have hands down the best portable MP3 player on the market.

Oh well, I guess I'll be getting more blank CDs for my portable MP3 CD player this Xmas.

And the camera takes an ungodly ammount of power - something like 0.3A (=0.9W) when idle... and that's without the flash, which I'm sure is much more!

One thing I noticed is that the camera's on-off switch is actually a momentary switch. This implies that there's some circuit watching that switch for a status change. I'm not up on analog circuitry -- anything beyond 1's and 0's seems like black magic to me sometimes -- but doesn't that mean that there's a non-zero current draw on the batteries, even while the camera sits unopened on the shelf?

Myself, I've got all the parts and I'm looking forward to building my interface this weekend. I bought my Dakota at Ritz the day of the original Slashdot article, in anticipation of its successful hacking.

I've got a CueCat (sorry, :CueCat) curled up somewhere at home, too.

Someone who could rig a custom interface, and do the code needed would likely be able to charge $75+ for the time they burned on a silly project like this if they had rather used it to do something usefull.

Sounds like a useful application of time to me. How else, at the cost of only some hours burned, do you simultaneously get disassembler and reverse-engineering practice, C++ experience, and your resume in front of 10,000 computer-and-electronics geek eyeballs? :-)

The pictures at terrainhost seem to be the worst. Cexx's camera looks much better and my camera is in the middle, quality-wise. Seems like poor quality control rather than poor design.

1. The camera can take a decent picture.
2. That's the ulgiest and gaudiest wallpaper I have ever seen.

Actually, some of these points are not in the articles, and (not surprisingly) seem to be causing some confusion based on some of the comments I have seen above.

1) The cameras are purchased, just like any ordinary (non-digital) disposable camera. There is no rental agreement, nothing to sign, no deposit, etc. Some previous comments have asked about this. Also, the camera IS cheap; the hardware itself costs probably no more than $25-50 to manufacture, and likely pay for themselves in 1 or 2 processings. The big draw is that you can use them in potentially hazardous environments, and if it gets destroyed or stolen, this only sets you back $11 + a few minutes to solder a new connector into a new camera.

2) The batteries are changeable by the user - they are ordinary AA alkalines. They will last much longer than 1 25-picture cycle (I haven't yet managed to exhaust a set), but when they do run down, just open the battery cover and pop in fresh ones.

3) The sensor is actually 1.3 megapixels, not 2MP as claimed on the package.

4) The picture quality is mediocre - but not nearly as bad as these samples would have you believe (I don't know what happened to that guy's cam). Try the samples here and here (middle of page) for other samples. The biggest problem seems to be motion blurs from not holding the camera steady enough (the "shutter speed" is pretty slow). The other problem is that the lens is adjusted to be in-focus at some specific point probably between 4-12 feet from the camera. In practice, your subject will usually not be exactly at the in-focus distance. While you've got the camera open to solder in a little USB socket (or whatever), you can rotate the lens to adjust it for other distances, up to within an inch of the lens.

5) Concerns that this hack will be singlehandedly responsible for driving the cameras off the market, driving Ritz out of business, etc., seem largely unfounded. They will probably go off the market anyway - last time I was in Wolf Camera, the sales associates were actually warning people away from these cameras, saying that they would get slightly better image quality from the film disposables (for less $$, and 27 vs. 25 pictures - it's a no-brainer, come to think of it...)

Actually, some of these points are not in the articles, and (not surprisingly) seem to be causing some confusion based on some of the comments I have seen above.

1) The cameras are purchased, just like any ordinary (non-digital) disposable camera. There is no rental agreement, nothing to sign, no deposit, etc. Some previous comments have asked about this. Also, the camera IS cheap; the hardware itself costs probably no more than $25-50 to manufacture, and likely pay for themselves in 1 or 2 processings. The big draw is that you can use them in potentially hazardous environments, and if it gets destroyed or stolen, this only sets you back $11 + a few minutes to solder a new connector into a new camera.

2) The batteries are changeable by the user - they are ordinary AA alkalines. They will last much longer than 1 25-picture cycle (I haven't yet managed to exhaust a set), but when they do run down, just open the battery cover and pop in fresh ones.

3) The sensor is actually 1.3 megapixels, not 2MP as claimed on the package.

4) The picture quality is mediocre - but not nearly as bad as these samples would have you believe (I don't know what happened to that guy's cam). Try the samples here and here (middle of page) for other samples. The biggest problem seems to be motion blurs from not holding the camera steady enough (the "shutter speed" is pretty slow). The other problem is that the lens is adjusted to be in-focus at some specific point probably between 4-12 feet from the camera. In practice, your subject will usually not be exactly at the in-focus distance. While you've got the camera open to solder in a little USB socket (or whatever), you can rotate the lens to adjust it for other distances, up to within an inch of the lens.

5) Concerns that this hack will be singlehandedly responsible for driving the cameras off the market, driving Ritz out of business, etc., seem largely unfounded. They will probably go off the market anyway - last time I was in Wolf Camera, the sales associates were actually warning people away from these cameras, saying that they would get slightly better image quality from the film disposables (for less $$, and 27 vs. 25 pictures - it's a no-brainer, come to think of it...)

Actually, some of these points are not in the articles, and (not surprisingly) seem to be causing some confusion based on some of the comments I have seen above.

1) The cameras are purchased, just like any ordinary (non-digital) disposable camera. There is no rental agreement, nothing to sign, no deposit, etc. Some previous comments have asked about this. Also, the camera IS cheap; the hardware itself costs probably no more than $25-50 to manufacture, and likely pay for themselves in 1 or 2 processings. The big draw is that you can use them in potentially hazardous environments, and if it gets destroyed or stolen, this only sets you back $11 + a few minutes to solder a new connector into a new camera.

2) The batteries are changeable by the user - they are ordinary AA alkalines. They will last much longer than 1 25-picture cycle (I haven't yet managed to exhaust a set), but when they do run down, just open the battery cover and pop in fresh ones.

3) The sensor is actually 1.3 megapixels, not 2MP as claimed on the package.

4) The picture quality is mediocre - but not nearly as bad as these samples would have you believe (I don't know what happened to that guy's cam). Try the samples here and here (middle of page) for other samples. The biggest problem seems to be motion blurs from not holding the camera steady enough (the "shutter speed" is pretty slow). The other problem is that the lens is adjusted to be in-focus at some specific point probably between 4-12 feet from the camera. In practice, your subject will usually not be exactly at the in-focus distance. While you've got the camera open to solder in a little USB socket (or whatever), you can rotate the lens to adjust it for other distances, up to within an inch of the lens.

5) Concerns that this hack will be singlehandedly responsible for driving the cameras off the market, driving Ritz out of business, etc., seem largely unfounded. They will probably go off the market anyway - last time I was in Wolf Camera, the sales associates were actually warning people away from these cameras, saying that they would get slightly better image quality from the film disposables (for less $$, and 27 vs. 25 pictures - it's a no-brainer, come to think of it...)

LSP-Fix is the easiest way I've found to fix the garbage that New.Net leaves behind. I've worked on computers that have had New.Net uninstalled but still couldn't use the net - I guess their uninstaller is really borked. LSP-Fix fixes their problem in a matter of seconds, doesn't even require a reboot, IIRC.

I don't think they can legally require this until some form of lexical authority publishes a reference definition for the term 'spyware'. Until Merriam-Webster or similar publishes it in a dictionary, I will most likely continue to use the Steve Gibson definition (it's pretty common), under which Gator IS spyware, and will always hold a place in our hearts - let the lawyers come.

Here are the programs you need to have a k-133t windows system.

1. AOL- DUH, they are the greatest ISP ever.

2. Webshots - Impress your friends with your changing wallpaper!

3. Hotbar - Skin Internet Explorer and Impress your friends!

4. AOHell This program will make you l33t!

5. Incredimail This makes your e-mail look k00lah then everyone elses.

6. Microsoft Outlook because all the anti-virus tools work with it. You don't want to use another e-mail client, you might get a virus!

7. Comet Cursor. Makes your cursor R0x0r.

8. Intruder Alert 99 You need a firewall, the internet isn't a safe place!

9. Gator Gator is an awesome program that helps u remember ur passwords. This way u don't have to fill out stupid forms!

10. BO Server The guys in my gaming clan sent me this, they said it would improve my FPS, and make windows run faster. I think it did!

You mean this?

of the CRAPULTER. check it at CounterExploitation

A nifty tool I've just discovered is Bart's Boot CD. I'm using the CD that has multiple boot images on it. Boot with CD-ROM support, boot with network support, and an offline NT password recovery tool. The network support image will autodetect the network card and load the driver for it. Pretty neat.

I did a little hacking on it this week so that we could use it for drive imaging the computers in our labs at school.. Two key strokes and my brain dead co-workers are at the Drive Image screen. We have three different network cards in our computers, so that autodetect feature is really nice.

We only deal with network problems for students, and only then with software. We aren't allowed to open the computer to check things out, so I don't have to carry any screwdrivers or anything. I carry along a Knoppix CD and a CD filled with software.. School's Norton AV Corporate client, Adware & Spybot, latest IE setup files, lasest Mozilla & Netscape for Windows and Mac, a ton of NIC drivers, Win98 CAB files, Wink2k SP4 and XP SP1A, and some other random software. Also has some of Symantec's cleaners -- Klez, Nimda, etc.

One particular piece of software I carry is LSPfix. Basically, it'll fix what Net.net's spyware crap screws up. We had a quite a few problems with New.Net's crap last year, so this little program saved me some time quite a few times.

Although I agree with what you're saying, I think ham radio has advantages over the internet, thus it could have a new life if ham operators would start advertising as such.

For just gabbing, although others can listen to your conversation, at least noone is saving or tracking what you're clicking or typing.

More importantly, because radio can send data, it can be used where the internet won't go (far at least). Two things that come to mind are video links for remote controlled planes or do it yourself space exploration and many other projects I haven't thought of at this moment.

1. Install *BSD/Linux on the watch
2. Get their watch to receive stuff from their local WAP
3. Start a pirate wireless radio service that broadcasts l33t content just like the regular service does, thus allowing more features like Slashdot updates, pr0n, and broadcast messages from their system at work.

Judging by their past experiences. Perhaps it would be in Wal-Mart's interest to strike up a deal with Clearplay or any of the other companies who get to decided what we should and should not see.

Mike

This idea is not new. I've actually seen such proposals months if not few years back. More on this later on.

Overall, the linked EVLA is more user-oriented - it has demands that are annoying to some end users such as "don't make me click more than once", "don't ask me twice if I want to quit", "ask me to register only once", etc., etc.

Even though it does qualify as funny, it doesn't really address what should be in this kind of "agreement" and definitely doesn't address the terms and conditions that are imposed by most EULAs. These conditions include restrictions on types of use, reverse-engineering, vendors' rights to revoke license at any time, vendors' rights to invade users' homes, users' non-existent rights, etc., etc.

If you would like to look at a more serious document related towards this issue, look at Software Vendor License Agreement that I found before. That would seem more fair to me.

See also the Software Vendor License Agreement.

All you need to do is put up a firewall to block all traffic from the machine to the internet and then monitor where the machine tries to connect to. It has to use either DNS or an IP address to make the connection. If it uses DNS then you can either add a host file entry or block an entire domain by putting that domain into your own DNS server.
If it uses an IP address (unlikely) then you can probably just block connections to those IPs with your personal firewall software.

This is a horrible, bad idea and even if it were not Phoenix is not the one to trust with this sort of thing.
The last time they did this (not exactly the same thing but still with the BIOS contacting the internet) they screwed everyone by discontinuing the program and letting the domain go to spammers.

It is just lovely having my sister call me up to tell me her home page has been changed to a porn page and then discovering that that was a BIOS function.

If they haven't updated their techniques since the PhoenixNet crap then this is also easily avoided by installing Linux or FreeBSD or any other non-windows OS. In the PhoenixNet case the BIOS runs its stupid little program only in a Windows environment.

I find it hard to believe that someone that reads /. would actually choose to use Gator. I could see the average computer user getting suckered into using it, but /. readers supposed to be smarter than the average computer user, aren't they? Maybe you are just trolling?

Look here for some info on Gator and what it does: http://cexx.org/gator.htm

Spy Sites
As a side note, if you can't find a big enough list, you can always load the spyware on a test machine.

Gryftir
Death to all Fanatics!