Slashdot Mirror

Forget popups, even worse are those Flash ads that pop up, make all kinds of horrible noise, and cover what you are trying to read. I almost stopped going to wired.com because of those. After a visit to CounterExploitation , I discovered the Proxomitron and tried it out...It has eliminated 99% of ads. It even lets the "good" popups though, such as when you are shopping online and your cart pops up. Sometimes it causes problems with legitimate sites that require certain Javascript commands to operate properly, but it's easy enough to temporarily turn off Proxomitron to see those sites.
It basically works by acting as a local proxy on your computer. As web requests comes down, it rewrites the http stream on the fly to get rid of objectionable commands (blink tags, status line scrollers, background midi music, popups, etc). All filters are 100% customizable, but the ones it comes with do a great job.

Try this link for links to such lists. I have used the technique in the past, but stopped when pages simply refused to load on many of my favorite sites.

Still, it's a neat thing to try.

He's not on my Special Friends list yet?

Q. Why should I install PhoenixNet solutions for my end-users?

A. Installing PhoenixNet solutions will provide tools and software applications to help your end-users get the most out of their computer. It provides them with a personalized web-browsing experience, essential business applications and special offers from leading online services. In addition, the home and search settings will be customized for consistency with the system settings for country and language, a particular benefit to users located outside of North America.

Q. What are the benefits of becoming a PhoenixNet Partner?

A. PhoenixNet Partners with a Partner ID can participate in upcoming incentive and co-marketing programs and can receive e-mail bulletins on the latest end-user tools as they are added.

Q. What is the difference between installing a PhoenixNet-enabled motherboard and a non-PhoenixNet-enabled motherboard?

A. If your computer is built with a PhoenixNet-enabled motherboard, a portion of the PhoenixNet software resides safely within the BIOS ROM (Read Only Memory). PhoenixNet solutions launch automatically at the initial start-up of your new PC and it sets the home page and search page default based on system settings detected on the computer. If you don't have a PhoenixNet-enabled motherboard, PhoenixNet software is available on the CD-ROM containing the motherboard drivers. If you decide to pre-install PhoenixNet software for your end-user, the home page and search page will be automatically set up the first time the end-user connects to the Internet.

Q. How do I put my company logo and branding information on the Graphic Launch Screen?

A. First you need to ensure that your PCs have a PhoenixNet-enabled motherboard. Second, you need to have a PhoenixNet Partner ID. Lastly, you need to obtain a software utility from PhoenixNet which will enable you to add your logo and company information to the Graphic Launch Screen. [...]

Q. What options do I have for pre-installing PhoenixNet solutions?

A. You have several options to select from during the PhoenixNet solutions installation:

You can change the default settings of the home and search page

You can select which software tools and applications you want to pre-install on the computer. (Note: the end-user always has the option to add items if they register with PhoenixNet and/or they elect to install additional PhoenixNet solutions [that translates to "give me more shitty spyware please" in BIOS-maker-speak -ed.] from the Motherboard Drivers CD-ROM.)

PhoenixNet(TM) invites you to join our other partners in our global valued-added distribution network. Contact us by e-mail, fax or phone, and please tell us about your business, to find out how PhoenixNet can expand your marketing efforts and the value of your systems [...].

According to a document from the Phoenix website:

B. BIOS Security Services
Because external clients must access security information or functionality only the BIOS can provide, PhoenixBIOS provides BIOS Security Services for both internal clients (such as Setup nodes) and external clients not linked with the BIOS. This new technology uses two tables, one that defines security states and the other that defines the permissions under which access to a device is allowed. It is also possible to govern individual Setup items with separate security provisions. The BIOS Security Services provide a mechanism for external clients to extract information from the BIOS or instruct the BIOS to perform a specific function.

From a motherboard manual:
4.1.2 PhoenixNet Online Services
When the PhoenixNet ILS detects an Internet connection, it makes contact with the PhoenixNet server and delivers user-selectable services from PhoenixNet's Internet Partners. These services are delivered to the user as hotlinks on the desktop and in the web browser or, as applications that PhoenixNet automatically packages, downloads and installs.

Unfortunately a lot of people don't actually read the EULA. They just click through until the software is installed. Even if you do read it it's full of dense obscure legal language that mostly doesn't apply to you. Advertising software if implemented correctly can allow developers to make money from their software without requiring the end user to pay.

The problem is it's often not done properly. There are spyware apps like aureate that operate in stealth mode by passing themselves off as Windows system processes and making sure that they don't even show up the task list or binding themselves to winsock so that you delete or uninstall them your Internet connection stops working. Microsoft should be made to fix these holes in IE but I think some pressure should also be applied to the people that write these programs.

If they're so legitimate, how do I keep ending up on their lists? (To hear it from them, I have opted in quite a lot.)

I like this idea. So we can emulate .Mac servers, BNETD servers, advertising servers, Cydoor servers, and even :CueCat servers. Setting up independent servers has the obvious advantage of being independent from an ultimate authority, decentralizing the service and making it more useful to the Internet community. So I ask Slashdot, what commericial or otherwise propertiary server will be reverse-engineered and cloned next? My vote is in for an Oscar/TOC server so one could use AOL-IM to communicate with one's LAN.

there is hope! we need counter-exploitation! visit this site: http://www.cexx.org

my personal favorite is proxomitron! bye bye annoying popups!

No, it means that spyware research groups are forbidden to package "specimens" on disks or Web sites and pass them around.

This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network. You can try Kazaa Lite, which is Kazaa without the spy/scumware. I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

Using AdAware to delete cydoor.dll will likely leave your P2P client not working. That's where the dummy cydoor.dll comes in. It allows the client to start without providing any of the unwanted cydoor functionality.

For more info on spyware and scumware in general, check out the quite wonderful Counterexploitation site...

Hope this helps...

This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network. You can try Kazaa Lite, which is Kazaa without the spy/scumware. I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

Using AdAware to delete cydoor.dll will likely leave your P2P client not working. That's where the dummy cydoor.dll comes in. It allows the client to start without providing any of the unwanted cydoor functionality.

For more info on spyware and scumware in general, check out the quite wonderful Counterexploitation site...

Hope this helps...

FYI... if you use Ad-Aware to remove the spyware components of Kazaa, it kills the program.

IIRC, Kazaa needs Cydoor to run. Fortunately, there's a dummy Cydoor DLL available. (Can't say that I've used Kazaa or Kazaa Lite in a while, though...I started running Shareaza recently, which is spyware-free, ad-free, and works with a true decentralized network.)

...what Compaq is smoking. I've ranted about their connectors (and screws!) before, but this one took that little throbbing vein in my forehead to new heights. I recently had to replace a failed power supply in a Compaq Deskpro system. The power supply connection on the motherboard is specially keyed so it will not accept a standard supply! The Compaq supply is keyed to match, but the connection is electically identical to the real thing. The machine is back in service, but it took a bit of filing off little plastic nubs to get it that way.

and cue-cat

I wonder if these would diminish somewhat, if everybody maintained a s*** list (I mean "special friends" list), easily accessible on a Web site. That is, when you receive a Special Offer from some company claiming you OPTED IN, don't just send it to their upstream provider (this tends to be ineffective, because remember, you OPTED IN), but go ahead, visit their web site, and pay particular attention for contact-us links--try their WHOIS info too--and make sure *they* OPT IN as well. It's work, I know, but it's a lot more fun than trying to convince UU.NET/etc. to disconnect a high-paying pink server.

The catch-22 is recognised and we explain to customers that the problem is in the PC and they need to access the info via a working machine. And while "We do not support or officially recommend" ad-aware we let them know it may fix them up and keep them clean.

Everyone is sue-happy, we gotta cover our butts. In an ideal world, "Layered Service Providers" and "Internet Explorer Helpers" would be easily disabled.

However, also from the Gamespy website:
Some U.S. states and foreign countries provide rights in addition to those above, or do not allow excluding or limiting implied warranties, or liability for incidental or consequential damages. Therefore, the above limitations may not apply to you or there may be state provisions that supersede the above. Any clause declared invalid shall be deemed severable and not affect the validity or enforceability of the remainder. These terms are governed by the laws of the State of California and may only be amended in a writing signed by GameSpy Industries.

In addition, there are also a number of legal challenges to EULA's and the like (although I'm not sure whether any have succeeded yet) - see here and here, for example

I don't know whether any applicable laws apply in the States, but the UK has laws which effectively mean that even though you've put up a sign saying you can't have something (eg refunds in shops), it doesn't have any legal bearing over your statutory rights.

Other laws apply which require companies to have signs in prominent positions - preventing vehicle clamping firms from stealth clamping. The legal stuff link on their home page is right at the bottom corner - you have to scroll right down (well past the files link) to even see it. OK, we'll let them off, so long as the files page has a prominent link. Erm, not quite - again right at the bottom, this time wrapped in a font size=-2 tag. Well done chaps.

Not that the people who downloaded it didn't have any responsibility to run a virus scan of their download, of course. However, you do expect a "reputable" company that you get files from should prevent this from happening in the first place. It just adds a little touch of irony to the little check box found in the security warning popup which appears when you go here Always trust content from Gamespy Industries, Inc.

For a look at how EULA's should be, check the SVLA at CEXX.org

It does not spy on the user either, and plenty of information about this is available at their site and in their newsgroups, where independent individuals have analyzed Opera and found that it does not in fact spy on the user.

Besides, anti-spyware sites claim that Cydoor are no longer into spyware. Not that it matters, since Opera only uses Cydoor's servers to get ads, no software from Cydoor.

The last time I thought about Phoenix BIOS and networking was when I had to deal with the bios installing network marketing icons to the desktop of Win machines I was configuring for work.

After the incident with PhoenixNet, I decided never to buy a phoenix bios again.

I can see this one reporting marketing data back to the mothership bigtime. No thanks.

Well known anti-spyware sites would disagree with you.

http://www.opera.com/support/supsearch/supsearch.c gi?options=index&name=570

Not only that, but anyone with a brain (and a packet sniffer) can analyze the traffic and see that they are telling the truth.

And the code in Opera which handles ads is 100% written by Opera's own people. It uses no external code.

And while they are partnered with Cydoor, that's no problem since Cydoor has "cleaned up its act considerably", according to this site:

http://www.cexx.org/cydoor.htm

So get your facts straight please.

My Audiogalaxy has 0 spyware, and I think it is very usefull. Audiogalaxy didnt always have it, and I use the last version before spyware was added (0.608w). I simply never upgraded, and everything functions perfectly well. As far as Fastrack, I use Grokster. It only has one piece, Cydoor, and i use the Cydoor Condom replacement dll from cexx.org. Plus there are a ton of spyware free hacks such as Kazaa Lite which provides convienence for even the novice user. Its really not as bad as you make it seem. Ad-aware and some community effort gets rid of spyware real easily.

the SVLA.

Adaware doesn't replace the CD_CLNT.DLL file that is installed by Kazaa, you have to pick it up from somewhere else. You also need to install an alternate hosts file defining a number of sites to point to 127.0.0.1 to ensure that BDE is not reloaded.

http://cexx.org/osama.htm

The wnad.exe program initiates connection to www.rankyou.com:80 and other sites, apparently for the purpose of transferring personal information and downloading targeted advertising for later display. According to reports, wnad.exe hijacks the Web browser to display pop-up ads every hour or so. While it is claimed that the purpose of the software is to raise money for the American Red Cross, the suspicious activities associated with
the software tend to cast distrust on these claims.

Or send them your own agreement.

Something like this, perhaps?

Radlight's official site uses an image that says "Download it now!" and has a CNet logo on it. But the link now points to simtel, not CNet. How did they get away with continuing to use CNet's logo and using it to point to a non-CNet site?

(cexx.org admin: if you're reading this, please make a page I can link to that has "Radlight" in the title. I wanted to link "Radlight" at the beginning of my comment to your site to push it up in the Google results like users have done for Gator.)

You still need the fake cydoor replacement, otherwise you can't use Kazaa.

Sure, an unwanted program designed to take up your hard drive space and CPU cycles is "bad"-ware. However, is "spy"-ware the right term?

No, it's not.

You're right, the Brilliant Digital Media app is not technically spyware. However, the Brilliant Digital Media app is far from the only thing that comes along with kazaa's official installer.

You also get the Gator "companion," and Cydoor's "ads on software." -- Both of which certainly are "spyware."

Sure, an unwanted program designed to take up your hard drive space and CPU cycles is "bad"-ware. However, is "spy"-ware the right term?

No, it's not.

You're right, the Brilliant Digital Media app is not technically spyware. However, the Brilliant Digital Media app is far from the only thing that comes along with kazaa's official installer.

You also get the Gator "companion," and Cydoor's "ads on software." -- Both of which certainly are "spyware."

Another alternative is using a dummy dll which acts like the Cydoor dll. Although I don't know if Cydoor is the problem in this case, but if you're using Kazaa (or other Cydoor-loaded software) this is an easy way to disable it by tricking Kazaa into thinking its running Cydoor.

I get the feeling this company has not seen Web marketers in the wild. There is no limit to what a failing dot.bomb will do to maintain its last few eyeballs. Have a look at the existing technologies (for example, IE with default settings) - a sleazy portal-potty can already hijack your homepage or add sites to your bookmarks. This is with *default* settings, which can even allow sites to install arbitrary code on your system.

How does a reasonable technology maker expect marketers to exercise restraint in the face of newer, more powerful, browser takeover technology?

I used this website to kill several SpyWare programs on my Windows machine at work. So far they don't mention any SpyWare software for Linux.

Might also want to unistall the B3D updater from the startup files and take uninstall b3d projector from the add/remove programs list (it doesn't really remove brilliant anyway). This kills all ads as well as removing the spyware. After doing those and changing the bitrate quality allowed for audio files, I can download up to ten files at once, run quarter screen video, play solitaire and have notepad and Opera running without taxing my machine (Athlon XP 1500, 512M PC133, cable connection.)

Second thought, it might be easier to just download the lite version.

In case you didn't know, Opera will only send information voluntarily. Opera doesn't harvest anything. You can set up your ad preferences to receive targeted ads, but these are disabled by default. The user actually has to enter information manually, and the information cannot be traced back to the user. In addition to this, Opera has run user surveys to find out who their users are. Cydoor have simply picked this information up from Opera's web pages.

Not only that, but Opera doesn't contain a single line of Cydoor code. The ad module is 100% written by Opera's own developers, and the only thing the ad module does is to download ads. It even sends and receives information from the ad servers in plain text, so anyone can look at what is being transmitted.

But that's not all. Cydoor no longer produce spyware. There is a myth online which never seems to die, and that is that Cydoor are into spyware. They did spy on their users at one point, but not anymore.

Your lies about Opera are, frankly, disgusting. You can even see what Opera writes about this and read exactly what the ad module in Opera actually does. But you don't care about facts, do you?

Gnome+Opera is a great combination, despite Opera using Qt!

One of the two 'opt-in' brokers listed in the article is Mindset Interactive, the captains of industry behind the VX2/Transponder/Respondmiter/Netpal/TPS108/etc. family of Windows spyware programs. For all intents and purposes, those programs are identical. Upon installation, they harvest and transmit the e-mail addresses stored under the Registry key

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts\\00000001

This is the location of the primary e-mail address configured in MS Outlook.

Why, that wouldn't happen to be this bunch of spyware monkeys, would it?

And your telling me that their email list gathering methods might be unethical? Who'd have thunk it?

rOD.

Installing Bearshare also installs two secret spyware apps. One of them does a similar redirection, but is especially evil because it bypasses firewalls like ZoneAlarm. More information about this at cexx.org/newnet.htm and lots of related stuff at the root cexx.org

Installing Bearshare also installs two secret spyware apps. One of them does a similar redirection, but is especially evil because it bypasses firewalls like ZoneAlarm. More information about this at cexx.org/newnet.htm and lots of related stuff at the root cexx.org

Fast Track associated spyware can still be removed by several utilities. Rather than hunting down each .DLL, you should simply download and run one of the utilities (which will clean out your system registry as well as .DLL and executables).

One good place for information is here, and a good utility by Lavasoft is available here.

I have not yet installed the new Morpheus client, but a report I read said that at least the latest Kazaa client is still installing these, even with the checkboxes for installing Gator, etc., left empty.

Somewhat disturbing is the fact that MusicCity didn't even bother to contact the Gnucleus developers about this in advance. They just picked up the code, rebranded it, end of story. No credit beyond the "incorporates Gnucleus technology" in the About dialog. No source code as of yet, and frankly if it is released it will be an embarassement because all you will see if you diff it with the original code is a bunch of advertising crap thrown in, and s/Gnucleus/Morpheus

MC's 'programmers' are of rather dubious merit. The original Morpheus took little or no programming effort on MC's part - they took the same FastTrack skeleton client that the others use and 'skinned' it. The only programming involved here was making the ad window and startup window point to MC's servers. That's it. The rest was all FT's work.

And now, what is it their 'programmers' were 'working hard' to accomplish over the past few weeks? Take a GPL gnutella client and rebrand it. Wow. All that MusicCity is going to bring to the gnutella network is alot more traffic. I wouldn't expect 'programmers' who only know how to toss in ads and logos to help improve gnutellanet itself, or come up with original ideas about how to use the current infrastructure more effectively.

It's great that MusicCity doesn't use spyware as a revenue stream like the Kazaa/Grokster slimeballs (Kazaa allows you to deselect about five different 'value-added' components on installation, but then goes ahead and silently installs cydoor anyhow. It also offers a nice Bonzi Buddy button in the client itself.. I don't know how much more polluted and ugly a p2p client could get) .. but that's about the only good thing you can say about them.

You can download it here: http://www.cexx.org/dummies.htm

Once you have done that, your software will run fine without ads.

• Registrant:
• 
  VX2 Corporation
  PO Box 27103
  Las Vegas, NV 89126
  US
  

Another report indicates that the Blackstone Transponder is connected with Mindset Interactive. And, sure enough, there's a press release from Mindset boasting about it:

• IRVINE, Calif.--(BUSINESS WIRE)--July 20, 2001--Mindset Interactive Corp. (OTCBB:MSIA - news) has just completed development of a new software application which provides advertisers with the ability to deliver an ``instant message'' to a consumer as they are purchasing a product or service from another site. Mindset Interactive currently offers a full suite of ad units that include:

  Keyword targeting: Whenever a consumer types in a keyword search on any search engine, Mindset's software can deliver an instant message to that consumer (i.e. if a consumer types ``cheap airfares'' into any search engine, the software reacts with an ad for low fares from an airline.)

  URL Targeting: When consumers visit a Web site Mindset has the ability to deliver a targeted ``pop up'' instant message. In this manner, an advertiser such as any automobile manufacturer can select to run instant response advertisements to consumers visiting car buying or leasing sites.

  Multiple message units (MMU): Imagine being able to serve pop up ads anywhere on the Web to consumers who are shopping in your product category. Mindset MMU's give you multiple impressions and allow you to control the order in which consumers view your messages.

And, for confirmation, we check Mindset's latest 10QSB filing with the Securities and Exchange Commission. They're not doing too well; they lost $247,000 in the last quarter, on sales of $252,000, and just had a layoff. They mention the "transponder", but call it "Net Pal":

• "Net Pal" - The "transponder" Net Pal software is a proprietary software application Mindset Interactive has acquired that will be downloaded onto a user's browser. The software will launch advertisements based on the contextual content of the website the user is currently visiting. The various features of the Net Pal software allow corporations the ability to market "on-line" directly to their client and prospect base.

Some friends and I had a lot of fun poking around in VX2's (Blackstone's) server in November-December 2001, adding our own ad campaigns, etc., after they were nice enough to provide the server's master password on a publicly-available set of VX2 testing instructions. (Stumbled on it during a Google search, scout's honor!)
No users' personal information was obtained, but we did walk away with some VX2 code signers, private key and some bad marketing materials as consolation prizes. (And of course, peeks at some unrelated crap they're working on.)

Some friends and I had a lot of fun poking around in VX2's (Blackstone's) server in November-December 2001, adding our own ad campaigns, etc., after they were nice enough to provide the server's master password on a publicly-available set of VX2 testing instructions. (Stumbled on it during a Google search, scout's honor!)
No users' personal information was obtained, but we did walk away with some VX2 code signers, private key and some bad marketing materials as consolation prizes. (And of course, peeks at some unrelated crap they're working on.)

Some friends and I had a lot of fun poking around in VX2's (Blackstone's) server in November-December 2001, adding our own ad campaigns, etc., after they were nice enough to provide the server's master password on a publicly-available set of VX2 testing instructions. (Stumbled on it during a Google search, scout's honor!)
No users' personal information was obtained, but we did walk away with some VX2 code signers, private key and some bad marketing materials as consolation prizes. (And of course, peeks at some unrelated crap they're working on.)

netpal.dll
vxsystem.dll
hi5.dll
hi6.dll
favboot.dll
kernellos.dll
reg3322.dll
ofrg.dll

(the ones I know of, anyway). The extras do such things as hijack your start page at intervals and overwrite your bookmarks with Amazing Deals and Special Offers.

The title was a little misleading. I was under the impression a spammer had actually filed suit against someone whose abuse@ letter got their service cancelled. Still I'm glad I read. I've had an AOL'er claiming to be an AOL Hometown admin send me an unsolicited legal threat spam, but I still think this Shi*man takes the cake.

Of course, I don't know whether kazaa actually has one of these later versions.

In any case, I don't think it tracks what you download, browse, etc.

And if you're still paranoid, get Morpheus instead. It installs a little thing called BDE Projector, but that's easily uninstalled doesn't cause any problems.

Oh, and I use Ad-Aware. It's awesome, and hasn't picked up anything related to Morpheus. Updated weekly, at the very least.