Spyware in Kazaa, Limewire, Grokster

BigMacMike writes: "The San Francisco Chronicle (via the sfgate.com website) has a story that Kazaa, LimeWire, and others have secretly hidden software in their applications that track users' browsing habits." Not the first time. The corporate response is that they literally didn't know what was in these secondary applications that they were providing to be downloaded and installed alongside their primary program. Believe it if you wish.

Hm.....

[bleckywelcky]

Does it really matter all the much? Most of the stuff spyware could obtain from my uses would be pretty useless anyhow.

Re:Hm.....

[psxndc]

Not useless to the marketing people, especially if the RIAA or MPAA say "Hey kazaa, we'll make your life hell" (like they're already trying to do, but can't, etc) and kazaa says "please don't hurt us. How about all this free data on people's downloading habits in exchange for easing a little pressure. What movies they download, what songs they listen to, etc?"

psxndc

Re:Hm.....

[Temjin]

On the indivual basis, spyware doesnt really concern people. However, when one steps back and takes a bigger look at the whole situation they come to realize that people are becoming more and more watched by different corporations in different ways.

I may not seem bad now, but just wait until a couple of years where our society will look like something straight out of "1984". This is only just a small step away from putting spyware in consumer electronics that communicate over the internet. Now, THAT is scary.

Re:Hm.....

[FFalcon]

I don't know about anyone else, but anytime I install an app and I see that it has installed other crap without my permission, I dump it.

Netscape 6 pulled the same trick, covering my desktop with AOL ads. It lasted about 5 minutes before I got fed up and unintalled (only later found out about Mozilla).

It's time for distributors of software to be up-front about the adware/spyware/sleazeware that they bundle with their product. Until then, we'll have to vote with our disk space by not using these programs. Instead of Kazaa, check out Morpheus, which performs the same function but without the "Clicktilluwin" garbage.

Re:Hm.....

I may not seem bad now, but just wait until a couple of years where our society will look like something straight out of "1984".

People have been saying this for over 60 years now. Guess what, the world still doesn't look like 1984. Some people are just really paranoid.

Re:Hm.....

It's not that of a big deal that ClickTillUWin would know every detail of all the websites that you visited.

In another news, millions of slashdot posters applied the XP anti-spy freeware because it is evil for Microsoft to make your XP computer phone Microsoft's time server every week so that your computer can synchronize with NIST's atomic clock.

Re:Hm.....

[pod]

That's all good and all, but Kazaa does not have any of this information. The 3rd party spy-ware addons are just that, 3rd party. They give Kazaa money, and Kazaa gives them an installer.

Re:Hm.....

[PeeOnYou2]

Its true that Morpheus doesn't have the click till you win garbage, but it has quite a problem with its ads. I get an error popup about 20 times a day saying it couldn't connect to some goddamn ad site that it was trying to popup on me.

Not only that, but they use these REALLY annoying ads that feature people talking to you and junk, and it kind of interferes with whatever you're doing like listening to songs, watching movies, jerki... er.. etc....

Re:Hm.....

[PeeOnYou2]

It is good for us to at least be cautious. That way you ensure that it DOESN'T actually happen.

If EVERYONE just shrugged it off and called it paranoia, then hey.. they could just pull one over on us..

The few have to be paranoid for the good of the majority, and don't get any credit unless the evil intentions are actually proven...

:) or maybe im just paranoid...

Re:Hm.....

I guess you don't mind that I've been reading all the documents on your drives, send to the printer, and sifting through everything you type at your keyboard.

Good. I didn't really need permission but it's nice to know that you're too stupid to care.

Re:Hm.....

[Black+Parrot]

> Netscape 6 pulled the same trick, covering my desktop with AOL ads.

The reason I finally ditched Netscape 4.* on Linux is because I have a dialup connection and anytime I hang up with Netscape running it started complaining after a while that it can't find netscape.com and a couple of other sites. I don't have any idea why it phones home, but even if it's completely harmless I don't care for the idea of software making contacts that I didn't request. So it's out the door with Netscape, thank you very much.

Re:Hm.....

[Quixote]

it started complaining after a while that it can't find netscape.com and a couple of other sites.

When DNS lookups fail, Netscape tries to lookup a couple of "well-known" hosts like netscape.com, to see if the problem is localized, or something is wrong with the network.
At least thats what I think it does. I could be wrong, not having access to the sources....

Re:Hm.....

The "What's Related" feature as well as a couple other things will phone home. I think you can disable all of it in the prefs.

Re:Hm.....

[Black+Parrot]

> At least thats what I think it does. I could be wrong, not having access to the sources....

"Aye, there's the rub."

Re:Hm.....

[Codifex+Maximus]

What? Netscape dropped a couple of icons on your Windows(tm) desktop? EGADS!

I just drag em to the trash and Voila! they're gone. Problem solved.

By the way, this:
> I don't know about anyone else, but anytime I
> install an app and I see that it has installed
> other crap without my permission, I dump it.
sounds alot like Windows(tm).

Re:Hm.....

[ncc74656]

Its true that Morpheus doesn't have the click till you win garbage, but it has quite a problem with its ads. I get an error popup about 20 times a day saying it couldn't connect to some goddamn ad site that it was trying to popup on me.

That's nothing that Squid can't handle. Morpheus runs just fine through it and doesn't complain about anything.

Re:Hm.....

Just get an ad-killer. If you proxy through Internet Explorer, it'll kill the Morpheus ads. Right now Proxomitron is your best bet and it's configurable. WebWasher, which is nice and easy to use, is starting to show its age and doesn't get along well with some JavaScript and a lot of other stuff.
http://proxomitron.org/

Mac versions

[anfloga]

Does anyone know if this applies to Mac versions of Limewire?

Re:Mac versions

[christurkel]

No, the program seems to be Windows only, according to LimeWire.

Re:Mac versions

[evil_roy]

Mac versions don't have the spyware.

Re:Mac versions

[rebug]

Man, we poor Mac users miss out on all the good software.

"We are currently evaluating support for violating Mac OS users, and this document will be updated to reflect any changes."

Re:Mac versions

Which suggests the Mac binary distribution may have completely different spyware (or some other proprietary software problem). Perhaps it would be better to compile the app from source so you can take advantage of all those eyes looking at the source code.

Re:Mac versions

gnucleus (http://gnucleus.sourceforge.net)
is the first open-source gnutella client
with segmented downloads, ala kazaa or morpheus...
the only gnutella client i use these days, check it out. :)

Double Edged Sword...

[11thangel]

Take your pick. Let people know what you download, or don't download things. Free music has a price, and it's really not all that bad if your computer doesnt have anything REALLY incriminating on it. No, I'm not saying spyware is good, I'm saying that given the choices, it's not THAT bad.

That and linux kazaa run as a restricted user would yield some interesting spyware data :)

Re:Double Edged Sword...

[Cheshire+Cat]

Free music has a price, and it's really not all that bad if your computer doesnt have anything REALLY incriminating on it

This is frighteningly similar to the arguement that if you have nothing to hide, why, you won't mind the police searching your house. Its not the fact that I'm trying to hide something, I just feel that its an intrustion of my privacy when programs report my activities to a third party.

Re:Double Edged Sword...

[Bert64]

Also what if the security of the companies recieving all this spyware data, was compromised... I would like to control what information about me is stored on what computer systems, atleast if someone breaks into my computer and steals data, it`s my own fault. .and i can kick myself.. What am i to do if someone cracks the spyware database?

Re:Double Edged Sword...

The similarty ends at that the US constitution protects its citizens through the Bill of rights (First Eight Ammendments) from that kind of survelliance by the Government. These are private companies, and can essentially put anything in their license agreements to take away your privacy.

Re:Double Edged Sword...

[drsquare]

So what? It's not like they know you from Adam. They're not going to publish your habits in the newspaper or anything. All the info they have on you will just be put in some database for marketing purposes. Hardly anything to get all wound up about.

Re:Double Edged Sword...

[Cruciform]

So if you download Kazaa to pirate music and someone gets info on your machine specs then too damn bad.
That's like a busted drug ring complaining to the judge because they set up a new crackhouse, and an undercover cop happened to work that neighborhood.

Be aware of what you run. If you're going to run software that's intended purpose is to rip people off, don't expect to get off scott free yourself.

(not targeting you specifically Bert, just some of the threads in general)

(and let's not hear another "But we're just taking money from the record companies!" rant please :) )

Re:Double Edged Sword...

[42forty-two42]

Copying music==incriminating

'Nuff said.

Re:Double Edged Sword...

[sjames]

No, I'm not saying spyware is good, I'm saying that given the choices, it's not THAT bad.

By acting covertly, spyware acts to circumvent choice. To be a true choice, it would explicitly indicate that it would send your browsing history to a remote server, and would give you the CHOICE of accepting that or not running/installing the application.

Re:Double Edged Sword...

[mgv]

So if you download Kazaa to pirate music and someone gets info on your machine specs then too damn bad.

There are actually non infringing uses of the Kazaa software.

The spyware doesn't discriminate though, I'm sure.

BTW, does anyone know if Morpheus has spyware. I was under the impression it doesn't, which is why I use it.

Michael

Re:Double Edged Sword...

[Alien+Being]

And I am trying to hide something. But it's none of their fscking business what it is. They'll never know whether it's illegal, cuz they aren't going to see it.

...liberty and justice for all.

Re:Double Edged Sword...

[Cheshire+Cat]

As far as I know it doesn't. Instead Morpheus has tons of ads. I'm using it right now and it seems to be working pretty good.

Re:Double Edged Sword...

Hey, I say the same things with trojans or similar things....

if someone uses my computer to launch D.O.S and its doesnt bother use up to many of my resources, why should I care?

All you 'its not that bad' people make me think that if you were in germany half a century ago, you wouldnt have minded anything as well.

Re:Double Edged Sword...

From what I understand? This isn't just what you're downloading on the service. This is EVERY WEB SITE YOU VISIT, PERIOD. Two very different things.

umm

Sorry, but this is REALLY old news... this has been out for at least half a year now.

wow... now i feel kinda bad...

[Mr.+Quick]

... for downloading all that pr0n...

hope limewire doesn't sell this info to my girlfriend...

"honey, this jenna jameson person has alot of stuff on your computer, do you work with her?"

Re:wow... now i feel kinda bad...

[echomonkey]

Ha, yeah... I wish I could work with her. ;)

Re:wow... now i feel kinda bad...

I know I work it to her.

Re:wow... now i feel kinda bad...

[sharkey]

hope limewire doesn't sell this info to my girlfriend...

Why not? Maybe she'll take it as a hint, and get you that special collector's edition gift.

morpheus

[MiTEG]

If you don't like spyware, try out MusicCity Morpheus. Almost the same thing as Kazaa, but on the front page, they guarantee "no spyware". I'd say to vote with your $$, but since both services are free, you'll have to vote with banner-clicking.

Re:morpheus

[mlk]

While a great application, it has a VERY aggressive advertisement scheme. It regularly pops up adverts that you can only kill with a Ctrl+Alt+Del, End Task.

Re:morpheus

[Fecal+Troll+Matter]

Incorrect. You can close the adverts by clicking the 'x' in the corner. Some of them are more annoying than others - I recently woke up to a jingle for some shitty Canadian Cocksucker Club, or something.

Re:morpheus

[TheAJofOZ]

While a great application, it has a VERY aggressive advertisement scheme. It regularly pops up adverts that you can only kill with a Ctrl+Alt+Del, End Task.

Every once in a while it pops up an advert that you can kill by clicking the close button for the window. I'm not sure what version you're using but I've never had a problem with clicking the close button to get rid of the ad.

Re:morpheus

not all, some disable both the title bar, and the the ablity to do anything in the start bar.
You can either click on the advert, or kill it.

Re:morpheus

[mlk]

maybe it just does not like me, but it regularly pops up a bloody webcam advert, which is a MSIE window with tool bars, wnidow borders etc turned off, then shows some bloody irrating flashing gif. Right click on the start bar, and close is grayed out leaving two choices, click on the ad, or Ctrl Alt Del.

Re:morpheus

click the task on your taskbar, then hit alt + f4 to close the current window (even though "x" won't work)

Re:morpheus

[cetan]

You're just so use to the banner ads that look like windows pop-up alerts you're not seeing the forest for the trees. The [x] in the corner closes the ad. Really it does.

Re:morpheus

[torklugnutz]

So, just ALT+TAB to bring it to the front and ALT+F4 to kill it. I get that tricky webcam ad a lot as well.

Re:morpheus

[mlk]

ohhh no it does'nt (tried). And yes I can tell an ads attempt to look like a window from a window, change the colour scheme.

Re:morpheus

[AsnFkr]

the only thing i dont like about morpheus is it makes my windows box *REALLY* unstable. but still, its a good place to get simpson eps.

eric.

Re:morpheus

[MushMouth]

I thought you guys were sophisticated.

add this to your "hosts" file

127.0.0.1 ads.musiccity.com

(if you don't know where that is do a find hosts, it is somewhere in your windows directory. Morpheus will no longer pop up any ads

Re:morpheus

Atguard filtered that automatically. I didn't even know it was there until now.

Re:morpheus

I have an old 486 win95 box for running morpheus (along with atguard). It is on 24/7. I only reboot it may be once a month. It is very stable. Much better than gnutella.

Re:morpheus

[npietraniec]

Mod this up. This guy's a genius.

Re:morpheus

To eliminate pop up windows displayed in morpheus, try popupkiller (link). Just add any popup windows that it doesn't kill to your blacklist. Additionally, it takes care of those nasty geocities popups.

Re:morpheus

[cetan]

I've been using morph for months now and there have been no cases of adds that one can not close.

Re:morpheus

[Ender7A]

The only bad thing about Morpheus is the constant popup ads every 5 seconds. I can't really complain since the service IS FREE, but why did it have to be POPUPS?!?! Anyway, Popup killer is good to stop it but it is still annoying. Also I have noticed that the system hicups every few minutes. I think it has something to do with the ads updating but I am not sure. Anyone know?

Re:morpheus

A much simpler way to do this would be to add ads.musiccity.com to the Restricted Sites zone in IE. This will disable scripting in ads, which will get rid of popups and annoying ads, but will leave images alone.

Re:morpheus

[arkanes]

I can confirm what the parent says. The little close button just takes you to the ad page. However, (in win2k) you can close the ad by right clicking on it's icon in the taskbar and selecting close. Alt-f4 also works.

Re:morpheus

[afedaken]

Since I've put

127.0.0.1 ads.musiccity.com

in my hosts, the pop up ads have disappeared... :-)

Re:Morpheus

[rworne]

The best thing about Morpheus is that if you use it in conjunction with Proxomitron, or just monitor the IP range it tries to access, you can block the ad frame on the lower left *and* prevent popups.

Morpheus has never been better.

Robert

Re:Morpheus

[Anonymous+Pancake]

agreed, I use morpheus as well sometimes to get divx's. You can ever block the ads in it if you have some form of ad-blocking software that works with ie (all of them)

Re:morpheus

[inquisitor]

Actually, the easiest way to kill it is to ALT-TAB to the hidden window, then hit ALT-F4. Ka-CHING!

With me, anyway, Morpheus doesn't bring up that rubbish so often. Maybe this is because I have a rule in my personal firewall prohibiting it from using port 80 (and a load of rules meaning that DoubleClick, RealNetworks etc are completely inaccessible). Oh, well.

Re:morpheus

Or just disable JavaScript in your default (Internet) zone. I do this, and usually just get a blank box instead of an ad in Morpheus.

Gator

[SHS_Tempest]

This isn't the first time either... I understand that LimeWire also tries to install the Gator spyware software. This is why I wouldn't use Proprietary Software if you're concerned about privacy, you never know what you're getting.

Gaining access to blocked ports for Kazaa etc???

I have friends on the campus network (actually not a lie, for my DSL works fine off-campus) who still have the port Kazaa uses blocked and I am trying to help out the non-technical friends. Is there a quick and dirty guide somewhere to setting up an HTTP proxy for this purpose? Oh yeah, this isn't offtopic either, uh... SPYWARE SUCKS!!!!
Ok there...

What's that weird button in Kazaa?

[wackybrit]

Did anyone else notice that when you're running Kazaa, there's often a tiny (approx 5 by 5 pixels) 'button' in the top left of the screen? Even if Kazaa is minimized to the tray.. Anyone know what -that- is? It doesn't do anything when I click on it. Happens on all the computers with Kazaa I've seen so far.

As for people who whine and bitch when they just keep hitting 'Next' in the install program without noticing the screen that lets you turn up all the different crap Kazaa installs, I have no sympathy.. but if they're actually -hiding- stuff in the program that you can't turn off in setup, I wanna know!

Re:What's that weird button in Kazaa?

I'm not dumb enough to run kazaa so I wouldn't know.

Re:What's that weird button in Kazaa?

The 5x5 button you refer to is a screen glitch caused by Cydoor (SpyWare), if you want to strip it you need to find a hacked copy of cd_clint.dll and replace the one KaZaa installs.

Prophecy[uatw]

Re:What's that weird button in Kazaa?

[beebware]

I've noticed that as well on my Windows 2000 Professional machine. I've never related it to Kazaa, but now you mention it, when Kazaa is running it's the only time the grey 'mini-button' appears on the top-left hand corner of the screen.

Re:What's that weird button in Kazaa?

[mbcbvn]

Here's a theory I can't test because I don't have Kazaa (and I'm not about to install it for fun).

Is it possible that this is a very tiny pop-up that houses a type of spyware that can be found using Bugnosis in a regular IE window?

Bugnosis

Re:What's that weird button in Kazaa?

There are two files called cd_clint.dll and cd_html.dll in \%systemroot%\system. Hex-editing all instances of http:// to some non-existant protocol makes the Cydoor software not report a failure to Kazaa (since IE can't get fffp://whatever) and leaves the ad-box grey (if you delete the cached ads).

Re:What's that weird button in Kazaa?

I experienced this as well, with W2K, it always looked like a button, but with XP you'd notice that you can drag it on the screen and it's a tiny little window- however I didn't find the application/process associated with this, but just focus it (click) and close it (Alt-F4).
(it comes back after a while though)

If it is some spyware thing, they wouldn't really have to open a window for the application, it could just operate in the background.

Maybe it's opened via some scripting - I can't really figure out whether the ad bar in Kazaa shows just banner images or HTML snippets that might also include scripts. This would, however, explain why the window is visible at all.

A dangerous precident

[GSAlien]

I was under the impression that it was illegal for companies to install this sort of spyware. Is it legal for companies to write software that reports back to the creator. If so, is it illegal under the DMCA to block those reporting mechanisms in your firewall?

Re:A dangerous precident

[Tom7]

> If so, is it illegal under the DMCA to block those
> reporting mechanisms in your firewall?

No. The DMCA anti-circumvention clause is only about software that controls access to a copyrighted work.

Re:A dangerous precident

Fuck the DMCA

Re:A dangerous precident

[kenydl]

In the UK we have the Data Protection Act (1998), which makes it a crime for anyone to collect personal electronic data it without asking permission (this has to be a defiant opt-in ask not a check the box to opt-out). The person/company must be registered with the DPR (Data Protection Registrar) If data is collected the person must be informed of what data is being collected, what it is going to be used for and what the possible consequences of this is to the person.

If this not followed then, the data must be destroyed, the people compensated for damages, and the person/company is struck off the DPR. This makes it illegal for them to store or process any electronic personal data.

Interestingly, under the DPA it is illegal to export personal data from the UK, unless that country ensures an "adequate level of protection" for the rights of the data subjects. This does not include the USA as it has no DPA or equivalent only companies, which claim they will do so (but they are not legally obliged to do so)

IANAL so I don't know about the application of this law in a multi-country setting eg Internet spyware. I would assume that if some poor Norwegian kid can get arrested due to the DMCA, then the same should be true for US companies with UK data.

Re:A dangerous precident

[Fred_A]

FWIW this is also illegal under French law under pretty much the same conditions. The penalty is 5 years in jail and about 300 000 Euros in fines.

French law can be applied to any foreign entity as long as the "crime" happns on French soil/jurisdiction. So it could be invoked in such a case.

Re:A dangerous precident

would someone _please_ file a complaint in a French or U.K. court? I would, but I can't afford plane fare:).

who cares??

These companies are monitoring your usage only for demographic information. If you think that Limewire is recording your browsing and then sending it off to the government to be placed in a giant evil national database then you're stupid and paranoid. If you don't like spyware then don't use these programs. But the authors worked hard and have a right to put whatever they want in their program in order to recieve compensation. And you have the right not to use it.

Re:who cares??

[Tazzy531]

Note taken. But the gripe here is the fact that they have been secretly doing this. I don't mind seeing an ad here or there when I visit a website or have to register to get a service because I know where that information is going. But if they have been secretly doing this, it makes you wonder what else they have installed on your computer.

I mean, according to your reasoning, it would be perfectly ok for the developers of limewire (per se) to install a keysniffer to log your password for your online banking site without telling you that they are doing that.

Re:who cares??

[CoyoteGuy]

Don't be so ignorant. End users have more rights installing software than the creators of the software do. You are saying that if they decide to do so, they could install keyloggers to trap your credit card info, so they can pull money off your card, in order to compensate themselves. Don't be so foolish.

They create software. They are not and should not group spyware with their apps. Plain and simple, if they can't afford to keep their software project up without spyware, then either find another way to fund the operation, or don't start at all. What happened to people actually using their heads and devising a CLEAVER way to make money off of their software, without resorting to dirty tricks?

And if you think they didn't know what they were getting into, you're wrong. How can you claim total ignorance to an app packaged along with your app??? That's deception at its finest, gentlemen.

Re:who cares??

It'd be nice if they at least acnowledged the spyware. But they didn't and now they're getting twice the bad publicity: once for requiring spyware in the first place, and once for outright lying about it.

And who knows what they're doing with the information they collect? They're already lying about not including spyware, so who's to say that they're not selling your info to spammers? Or keylogging your credit card number for a few unnoticed $1 charges on 100,000 cards? Maybe someday the RIAA will offer rewards for turning in copyright infingers, and the Kazaa, etc authors will go to their lists (which according to them don't exist) and turn in a few thousand ex-users, which would make their lives hell even if there was no actual infingement going on.

If you trust them not to do anything with your info (that they're still lying about obtaining), fine. I don't.

Re:who cares??

devising a CLEAVER way

a cleaver?

As if We Didn't know already

[justanyone]

use Ad Aware and discover what we already should have known. Bearshare and AudioGalaxy do, too. Big deal.

Zonealarm shows it's doing funky stuff.

The solution to this is: don't use them. Or, use a version of them that doesn't have the spyware. Limewire version 1.3 is a little slower but doens't have ads or spyware (but 1.7+ does).

-- Kevin

Re:As if We Didn't know already

[ag3n7]

1.7 doesn't appear to have any spyware additions on it... I think it started the release AFTER 1.7.

Double checked with ad-aware.

Death Knell for Closed Source Software

[Black+Parrot]

IMO, spyware is the single issue that is going to weigh heaviest in the scales in the eventual switch of businesses (and sensible users) from CSS to OSS.

It's a real shame, though, that most businesses can't seem to see any value in the internet beyond collecting data about consumers.

Re:Death Knell for Closed Source Software

[andrewski]

I don't think it's a shame at all. These corporations need to go back to the nothingness that their business plans were founded upon. Really! As soon as we see the end of banner ads, popups, popunders, scammies (or whatever the term is for the pages that you have to view for a mandtory amount of time before you can see the info you really want), and have a more 1992-era internet again, I'll be happy.

E-Commerce has gone from a revolution to a FUCKING JOKE!

Re:Death Knell for Closed Source Software

[loraksus]

dont forget about __SPAM__ and annoying fucking banner ads!

Re:Death Knell for Closed Source Software

i totally hear that. two things to say:

1st is that a good way to block email might be to have passwords on them. you can change it every month but everyone has to use my name in order to send me something (otherwise it gets blocked by the server).

2nd is that i'd love junk mail from thinkgeek, or gbcomp.com (canadian hardware place), or other things. i DO have money to blow on things. but viagra is just not my thing. neither are "other singles like me". they need to develop some way for permissions on emails. kinda like "do you wish to trust microsoft corporation" little check mark. things that aren't trusted, don't get through. give ME the power to change my habits.

they are winning by using freaking brute force. (zerglings WILL eventually get through, it might just take a few hundred to do the job, but to use 3 ghosts, now that's a bit more skill). they send to everyone hoping the few get through back to them. and it costs nothing cause it's the same people that play the damn hunters maps with unlimited money. email is cheap (or borrowed/ stolen)

if i could only see two people with a video camera. i'd love two geeks (one with a baseball bat, one with a video camera) to bust in a spammers door, beat him twice while getting to his computer, point a gun to his head to keep him still (unloaded) and then confirm that it IS him, and beat him to death and share THAT on morpheous! i'd download it AND share to everyone i know.

i'll be either guy. someone just needs to use their 1334 skillz to find where they live. i'll even travel overseas! (i'd prefer guy #1 btw)

blue_tiger9@hotmail.com

:D

Re:Death Knell for Closed Source Software

[drsquare]

And who's going to fund all the sites? Advertising is probably the only way most sites can afford to run. You'll end up with an Internet consisting of around 6 sites. And as people will lose interest in the Internet, ISPs will close down, and there'll be no way onto the Internet apart fro at libraries/colleges etc. Then the only people able to get on the Internet will be nerds and students. Hardly an Internet I'd like to see.

Re:Death Knell for Closed Source Software

[RubberDuckie]

IMO, spyware is the single issue that is going to weigh heaviest in the scales in the eventual switch of businesses (and sensible users) from CSS to OSS. While many, if not most, people who read /. are concerned about spyware, I don't think the avearge Joe is concerned about it enough to change the way they use their computer. Some people I know have a hard time clicking 'accept' on the license agreement. Those folks won't go to the trouble to d/l and compile a OSS program. For the casual computer user, which is the majority of the people out there, the primary concern is ease of use not 'freedom'. I'm not condoning that statement, but it seems to be true.

Re:Death Knell for Closed Source Software

[PurpleBob]

Some people I know have a hard time clicking 'accept' on the license agreement. Those folks won't go to the trouble to d/l and compile a OSS program.

That's a red herring. Just because a program is open source, that doesn't mean the end user has to compile it.

Re:Death Knell for Closed Source Software

[RubberDuckie]

Very true, but many open source programs do require you to compile them. The main point being, that in general, OSS programs are more difficult to install that closed ones.

Re:Death Knell for Closed Source Software

I admin a few Linux systems for endusers that have NO compiler on board and yet have a huge range of applications and divergent hardware. (The "no compiler" remark means that none of the software needed to be locally compiled)

Re:Death Knell for Closed Source Software

[nyjx]

Maybe - but watch software corporations who build "non-free" competitors to these free programs rub their hands with glee - now they can point out how dangerous it is not to buy products from well known vendors.

Furthermore, they will have a point at least as strong as the argument for making the source readable - most user don't have the time or ability to read through source code...

Re:Death Knell for Closed Source Software

[RLiegh]

Please tell me which of the following is easier:

a)
#pkg_add -v
b)
double-left-click
click to accept defualt installation directory (assuming, of course, you don't want to change it)
click to continue
click
click
click to finish.

Dunno about you; but I like installation procedures I don't have to babysit.

Re:Death Knell for Closed Source Software

[andrewski]

Ummmmmmmmmmmm, don't you know that banner ads hardly give anyone money anyway?

I remember when the internet was about useful information, not targeted marketing. It was better when it was only nerds and students.

Re:Death Knell for Closed Source Software

[PurpleBob]

You can say it all you want, but it's still bullshit. There is nothing inherent to open source which makes it harder to install.

Any reasonably-complete open-source software has binary installation packages (RPMs and debs), which are often easier to install than Windows programs. Compilation of these packages is typically only done by people who want fine-grained control over their system, and who have the time and knowledge to do so. If the program "requires" you to compile it, it's a good sign that the package is meant for developers, not end users.

Re:Death Knell for Closed Source Software

[ncc74656]

Some people I know have a hard time clicking 'accept' on the license agreement. Those folks won't go to the trouble to d/l and compile a OSS program.

That's a red herring. Just because a program is open source, that doesn't mean the end user has to compile it.

...not that compiling a program is that big a deal anyway. Back when I knew bugger-all about C (I was pretty decent with BASIC and 6502 assembly, though, and I was picking up Pascal in the entry-level CS courses...does this date me? :-) ), I was downloading stuff like sox and pbmplus and building these programs for my own use because the admins hadn't seen fit to provide them. The instructions with most source code had enough info to do a basic install, and I figured out enough about makefiles that I was configuring stuff to run out of my home directory without much trouble.

Now skip forward from the early 90s to today. With most programs set up to use autoconf, most of what's out there often requires little more than ./configure --prefix=whatever && make && make install to build. If you're just slightly clever, you throw in the optimization flags (-march=whatever ) that will tailor the program for your hardware. It's barely more involved than tweaking an autoexec.bat or config.sys used to be.

BearShare

[MoceanWorker]

another program that gives a user access to the gnutella network comes with 3 spyware programs to spy on users...

first being Onflow Media Player... it is a Flash-like browser plug-in which displays animations and transmits user behavior information (not further specified) to the Onflow central servers.

second being SaveNow... SaveNow displays context-related shopping pop-up windows in IE... the context information seems to reside on the client side so that no information has to be transmitted to the central server

third being New.net, which is an alternative Domain Name Service which allows you to connect to TLDs like .free , .shop, .game and .xxx, etc, etc.... also, as they have to query an alternative DNS to let you access these sites, they will be able to track every visit to new.net-"powered" sites.

not to mention all of these programs have silent auto-updates...

why can't we all just use FreeNet? :-\

Re:BearShare

[if]

the onflow player transmits no more information that what's collected in web log + the amount of time it runs (viewing time). if you think the onflow player is spyware then you might has well consider your browser spyware as well.

Re:BearShare

[42forty-two42]

IT's Freenet, the N in Net is not capatalized. And you forgot the link.

Re:BearShare

[arkanes]

Yes, but my browser doesn't send ANYTHING to third parties. "Whats collected in web log" is rather alot of personal info.

Re:BearShare

[Spunk]

Yes, but it does allow you to uncheck these files. Naturally, I didn't trust them, but Ad-Aware told me that BearShare didn't install anything funny.

I'm happy about that, since BearShare seems to be the only file-sharing tool I can get working on my Pentium-Classic.

/me is listening to Times of Danger :)

Re:BearShare

[scrytch]

In BearShare's defense, installation of all these programs is optional. I skipped them all because they all looked like crap. Let's see, Yet Another Proprietary Media Format Codec -- specifically targeted for delivering ads (we all want to see more ads, don't we?), some barbie-ware ("tee-hee, let's go shopping!") and another attempt at an AlterNIC, a good idea, but I know of zero sites worth visiting that use them.

I could see myself even putting up with spyware if it was something, well, useful.

Corporate ramifications

[maniac11]

Interesting that legit companies are using the kind of tactics once reserved for the more 'underground' elements... and that they're using p2p (read: illegal file sharing, regardless of the flame war that it might start) all that much moreso.

Re:Corporate ramifications

[tomstdenis]

Kinda an aside.

File sharing is not what most groups like the MPAA and RIAA are against.

Its the piracy thats associated with it.

If you used Gnutella to share programs/music that you yourself wrote, than the RIAA or MPAA wouldn't care. But because you're a leech off of society and download stuff and use stuff you shouldn't have they crack down.

So don't say "p2p is illegal" because it isn't.

Re:Corporate ramifications

[Bert64]

P2P isn`t illegal, nor is the mp3 format... but that`s not what a lot of people seem to believe.. I was told to delete ALL mp3 files from my computer at work, I even had a personal visit to my office by someone assigned to task of deleting mp3s. I had mp3s of my own creation, aswell as mp3s of some friends music, where i know the artists well, and perfectly legal posess mp3s of their work. But because of the public branding of mp3s as being "pirated" music files, i couldn`t convince the people at work, and the files were deleted. They then had the nerve to pass me a catalog and ask me to buy some CD`s to listen to at work.

Re:Corporate ramifications

[tomstdenis]

See that's the type of logical defense you can use.

Defendant: Your honour, copying my friends cd's is legal because the MPAA are a bunch of assholes.

Judge: Hehehehehe, oh really?

Re:Corporate ramifications

Why would the Motion Picture Association of America care whose CDs you were copying, anyway?

Re:Corporate ramifications

[tomstdenis]

Sorry, RIAA but you get the point.

You can't just say "Its legal because I say so" crap...

Tom

Re:Corporate ramifications

[rudy_wayne]

"File sharing is not what most groups like the MPAA and RIAA are against.

Its the piracy thats associated with it."

WRONG! The MPAA and RIAA are against file sharing.

There is no piracy involved with the various file sharing programs. It's not piracy -- it's file sharing. It's people doing what they have done since the beginning of time -- trading and sharing their personal property with others.

The MPAA and RIAA want to eliminate fair use and most importantly eliminate the private ownership of property.

Re:Corporate ramifications

[Chris+Hiner]

Convert them to Ogg Vorbis files :)

originally called a trojan

[4n0nym0u53+C0w4rd]

This past week there was an article on some other source (can't remember) that focused on the whole issue of whether it was a trojan (last paragraph of this story).

As I recall, the spyware also sent the urls that users visited to a machine with an odd domain name (something like 2001-007.com) EVEN IF PEOPLE WANTED TO AVOID INSTALLING THE SPYWARE. This is why it was called a trojan.

I'm not sure if it turns out the software wasn't sending the info (reporter error) or if they've glossed over that fact...

Either way. Blah. Spyware is why I don't play Snood anymore. They use gator which does all sorts of lame stuff to hide itself on install.

Look, if you have to trick users or hide your program, then it probably isn't a "valuable bonus program." Stupid marketing bastards...

Re:originally called a trojan

[H310iSe]

It was in the register (my other regular read who scoops slashdot at least 1/2 the time BTW) - and people above seem to have been missing the point, yes, this is not gator or some other silly thing, it's spyware classified as a trojan by antivirus vendors because, it appears, no-one knows what exactly it does.
LINKS: - the register article
zdnet on the trojan
symantec listing the file as a trojan

Re:originally called a trojan

[HamNRye]

Agreed, snood has not only lost out on my PC buisness but my Game Boy Advance business as well.

The funny thing is that I used to run Gator because I needed gator for remembering my passwords for Nutscrape 4.72. Then it lingered on the machine for a year or so, then it came a parasite-ware. It just reminded me to remove it.

These programs are trojans. No doubt about it. They exist because they are installed by users who don't know better, don't explain what they do, and then hide in the system. Ummm... That's a trojan. Would BackOrfice still be a trojan if it was required to install it when you installed Jimbo's Chicken Pluckin' game??

The problem is that the available advertising systems are owned by companies like "Cydoor". (Formerly Auerate, formerly Radiate) And they are the kind of people who think that this kind of thing is acceptible.

I like in the story where the "ClickTillUWin" guy is complaining about lost buisness. You are advertising with a shady group. You should expect backlash. You should have known that Cydoor was responsable for the Real Player spyware, etc., etc., etc.... If you're advertising Jeri Curl juice in the Klan Times, don't be suprised at a drop off in buisness.

Along similar lines, advertising with DoubleClick is the easiest way to make sure your ad gets blocked. doubleclick.net has had a permanent 127.0.0.1 since before Jon Katz screwed up Slashdot.

When you respond to annoying advertising, you get more annoying advertising.

~Hammy
Nothing4Sale.org

Re:originally called a trojan

[SuzanneA]

What REALLY annoys me about gator, is that recently they've started attaching themselves to popups ads. 50% of the times I visit IGN.com or such, a popup will appear, and if popupkiller doesn't get it in time, i'll get a 'accept certificate for Gator.exe?' notifcation.

Bundling spyware with an app (where you can always use the defense 'if you didn't want it, you shouldn't have installed the app, or should have asked the app vendor what they install') is one thing, making it distribute via popups, and hoping that stupid people will have confirmation on web installs turned off, is plain and simple virus-like behaviour.

If the information was they collect was useless...

[stefanlasiewski]

If the information they collect was useless, then they would not collect the information.

LimeWire and Linux

So how does the spyware work under Linux. I mean I guess they could sneek something in there cause the install is completly automated. But I don't think they would be able to get it to run as a sevice. Could they?

Limeware "spyware free" ?

The sad thing is, Limeware claims to be "Spyware Free!" on their website, and takes PayPal donations.. Hmmph!

Well.

[zachusaf]

Yes, this has been old news for awhile.If you're looking for P2P sharing then go for something like Morpheus.What they did was wrong, but it could have been worse, such as if they tracked what you downloaded i.e. bomb manuals, next thing you know you're getting a visit from Uncle Sam...

get rid of all spy ware

[flynt]

Download the acclaimed Ad Aware program (link provided) here. It searches your registry and all your drives for running and installed spyware programs. It works great.

Re:get rid of all spy ware

[debrain]

A point of interest: If all the intellectually affluent people know how to, and indeed do, uninstall spyware, and this margin is not taken into account by the people that are recepients of the spyware data, would this not lead to a sponsoring of a dumber internet by promoting the sites that attract, well, the less technically fortunate?

Suppose HP (who is advertising here right now, by the looks of it) is looking to advertise on the net - if the spyware data they buy shows that Slashdot, for example, is hardly even notable on the top spyware list, would this not be detrimental to Slashdot's (or rather VA's) efforts to make a buck off advertising, and in particular directed advertising? Advertisements that are possibly better directed to Slashdot may go to PC Magazine (for lack of a more appropriate choice) or other "mainstream" service.

Of course, when advertising a car, Slashdot is hardly well-directed advertising and is oft notably a selection of people most fortunate technically, but there is probably a clear area where the technically inclined can find better content on any topic over the internet that spyware would never reveal statistically.

Re:get rid of all spy ware

[Sgs-Cruz]

Jeez, do you know what you've done? We've almost slashdotted C|NET... You hear that? That's the sound of 500,000 slashdotters downloading AdAware from ftp.ind.net -- GAWD, it's slow.

Re:get rid of all spy ware

[ClickWir]

if the spyware data they buy shows that Slashdot, for example, is hardly even notable on the top spyware list

I think they should have to go through a trial and error just like everyone else does. It's not fair they get the extra edge on people. I mean animated banner ads are bad enough, thankfully with IE you can hit the stop button and actually STOP animated gifs on webpages.

I used to think that the whole Flash Animation thing was awesome, I see it used for nothing but ad's anymore. Noone seems to make much use out of it besides for making really annoying ad's.

The ad companies have so many steps above us, flashing banners, onload sound files that advertise, junk email, popup windows, popunder windows, pop offscreen windows.

So maybe they only make $50 million from putting an ad on Site A when they could have made $60 million if they put it on Site B. THEY STILL MADE $50 MILLLION!! ... for example. Point is they are not stupid people, they are going to make money either way. They may not care if the annoy and piss off almost everyone that see's their ad's that riddle the internet and highways and general LIFE overall... they should have to go through the trial and error just like everyone else.

Maybe if they actually were advertising something that was made well and not a hunk of junk, they might actually sell it. There's a lot to be said for products that sell themselves. Who, besides perverts, needs an X10 camera that is so "small and usefull"? No one. But they sure are selling it every where you look.

Yea, life's not fair right? So what else is new.

Re:get rid of all spy ware

Mozilla is even better than IE in that respect. You can set it to display only one loop of GIF animations. No need to even hit 'stop' to stop the pain.

Re:get rid of all spy ware

[linzeal]

Well can't we send them fake data? I mean we could have an open source client that would spew praise (lots o clicks) on defined sites.

Re:get rid of all spy ware

[Coreigh]

I'm sure that most Slashdotters don't fault marketing companies for collecting data to tailor advertising to suit us.

It's when they do it without asking for permission to collect the data and use system resources ( whatever little it may be ) on our computers that we get offended.

No matter how it would mess up market targeting plans the world should operate on an "opt in" basis rather than "opt out", Im sure the marketeers can develop new and better ways to target ads.

-----

Re:get rid of all spy ware

[scrytch]

Of course, when advertising a car, Slashdot is hardly well-directed advertising

Slashdot is fabulous turf for car sales. Young, technical (love them gadgets), well-off, single (lots of disposable income), and male. Won't sell a lot of minivans, no, but sportscars, you betcha.

Re:get rid of all spy ware

Injured/Killed:

Usa: 20something/maybe 2 Afghanis: 1000s/1000s

Being a stronger military doesn't make you in the wrong. If you throw rocks at men with guns trying to hurt or kill them, is it fair to expect them not to shoot?

Maybe they really didn't know what was in there...

[kaiidth]

Given that The Register had a story on the discovery of a Windows trojan found in Limewire and such, it doesn't seem implausible that the companies in question didn't sit down and think about what the rest of the code did.

Added to which, whilst I agree that spyware is Not A Good Thing, it seems kind of weird that the companies producing distributed filesharing applications would be intending to monitor precisely what said applications are used for. That would presumably make it harder for them to claim innocence when the RIAA come calling? Or so it seems to my addled mind.

A few things

[loraksus]

First - the worst spyware/malware/virus.

Fucking Bonzai Buddy
I swear that fucker resides in the MBR it is such a pain to get rid of. Once it is gone, windows is unstable (yeah, yah troll on, 2k is damn stable before this shit is installed)

Second, the exec lies thru his teeth.
And the clicktilluwin "not do anything until activated" motto is pure bullshit, this thing starts sending data from the moment it is installed beside limewire.

Of course, http://www.lavasoftusa.com/index.html is an awesome prog - ad aware lets you know what shit you have on your system and then removes it usually quite effectively. To be honest, shit like this might actually be a good arguement for open source, how many "features" are installed in popular programs that we have no idea of - i.e. they have been integrated into the program. Its also a really fucking good arguement for using opera (BTW, you know /. says that a majority of people are using ie 5.0, opera allows you to change its settings so it looks like it is ie (for the fucking sites that wont let other browers in) I switched, i dunno about others..

One last thought: Clicktilluwin
It was classified as a trojan horse, because that is what it is - think of this - if the av manufacuters bent over a desk for these fuckers (declassifying this "program" as a trojan), you think that they would protect you from the FBI?!?!!?
Shit, if the threat of a lawsuit is all it takes, someone could make a virus, sue all the av companies that made solutions, and then sell "protection"...

Re:A few things

[Kanon]

Does anyone know how to detect Bonzai Buddy and remove it? Adaware doesn't seem to list it.

Re:A few things

[VertigoAce]

I noticed a few of these spyware programs after my brother installed kazaa and bonzai buddy. I found most of them, but my computer was *really* unstable afterwards. None of the games on the computer would start and DirectX was having some problems as well. One puzzle that I didn't figure out was a file called "Explorer.exe" hidden in the C:/Windows/Explorer directory (I'd expect that it was interfering with the normal explorer.exe, but I couldn't figure out what it was supposed to do... it did interact with another program called dlder.exe which was also hidden).

Re:A few things

[zcat_NZ]

Well, detecting it is easy; it's a big purple gorilla that pops up as soon as you try to do basically anything.

Removing it is damned near impossible; If the machine doesn't have too much installed on it I would highly recommend making a backup of all your data and completely reinstalling windows.

I've manually removed it three times; the last time worked and left the computer reasonably OK, but it took me over an hour and I can't remember exactly what I did. A complete reinstall of everything usually takes less time and effort.

Re:A few things

[PurpleBob]

That "explorer.exe" is part of ClickTillUWin, in fact.

Re:A few things

The free version of Opera uses the cydoor trojan to display ad banners. But you can add these lines to your hosts file to block them. Or you can use a proxy like junkbuster to block those domain names.

0.0.0.0 ins1.opera.com
0.0.0.0 ins2.opera.com
0.0.0.0 rgs1.opera.com
0.0.0.0 rgs2.opera.com
0.0.0.0 rps1.opera.com
0.0.0.0 rps2.opera.com
0.0.0.0 www.cms1.net
0.0.0.0 www.cms2.net
0.0.0.0 www.rgs1.net
0.0.0.0 www.rgs2.net
0.0.0.0 www.bns1.net
0.0.0.0 www.bns2.net

That's why I use the other Fasttrack client

[xX_sticky_Xx]

I've seen the discussions on the Fasttrack forums about this problem. The creators have consistently denied knowledge that the programs were indeed spyware. My question: when the sales people from these spyware vendors were offering Kazaa et al money to include these programs in the clients, what did the Kazaa creators THINK the purpose of said programs were? It seems just a little too easy to claim total ignorance on this.

Kazaa and SpyWare

[CoyoteGuy]

Whenever a piece of software find its home on my hard drive, I SHOULD and MUST have knowledge of 3rd party appz that come with it. It is absolutely horrible business strategy to attempt to force users to install spyware. To those that don't really care, and to those tho argue that file sharing isn't free... Napster never had spyware, it didn't punish its userbase with spyware, and trojans to track your web habits. If a file sharing program is to be adopted globally, it must be done right, or not at all. I understand that these companies need to make money somehow, but this is totally wrong. This type of behavior will lead to horrible things in the future. It is those people who are passive on these topics that doom the rest of us. All it will take, one day, is a really nasty worm virus to begin spreading through an application that so many people have (Windows comes to mind). And I also know for a fact, that 80% of the Kazaa and Morpheus userbase are irresponsible users that could care less about viruses and trojans as long as they get their pr0n, mp3, and video fix. Well boo hoo to you. You represent a very large percentage of ignorant computer users who shouldn't have a computer to begin with. Why would you pay $1000+ to get a computer, $40 a month on broadband, and be so irresponsible with this privelige bestowed upon you? At the very least, if you are running Win32 OS's, PLEASE, FOR GOD SAKES secure your fricken boxes. That means a stateful packet inspecting firewall with rules, a competent virus scanner, and some common sense. You guys should see my snort logs... So many unsuspecting users running a form of a web server unknowingly, and blasting others on their network segment with port scans and trojans trying to find others to play with. Seriously, I've had enough of those with no common sense. When you buy a car, you don't leave your keys in the door.. Don't do the same with your OS if you choose to run Windows, and can't secure the box. At least hire someone to take a look at that mess of a box you call yours, and reccomend a solution to you. Or at the very least, install linux, run iptables with string matching, an IDS, and Kazaa, and have fun!. Coyoteguy Sick of all those insecure Win32 boxes in the hands of 13 year olds addicted to pr0n.

Re:Kazaa and SpyWare

[Grahf]

Hey, I've got a cheap windows PC and I'm not 13! . . . but I'm still addicted to porn. Ah, hell.

not a problem if you're running linux

[kubla2000]

This is not an issue, afaik, if you're running any of these apps for linux.

This was discussed on The Register a couple of days ago.

From the article:

"We sometimes bundle advertiser applications with our installer in order to help pay for our costs here at Grokster. We are normally given an installer from the advertiser which we run during the installation of Grokster. We have no access to the source code of these third-party installers and so we rely on what our advertisers say these programs do. To the best of our knowledge, this particular advertiser simply placed a link to a free online lottery on the desktop. We were never informed that it installed or was a Trojan."

If you run a leaky os, what do you expect?

Re:not a problem if you're running linux

Wow, I guess the, what, fifteen hundred people worldwide who run Linux on the desktop are pleased as punch.

You've just got to shoot your mouth off about running Linux at any available opportunity, don't you? Jeez, I wonder why nobody likes you guys.

Re:not a problem if you're running linux

[Webmonger]

If you run a leaky os, what do you expect?

I'm sorry, but this has nothing to do with Windows' security or lack thereof. Anytime you run a binary you did not compile yourself (including a compiler), there's a chance that it will do heinous things to your computer. Like adding lines to ~/.bash_profile that run spyware.

Posted from Mozilla on Debian GNU/Linux machine.

Re:not a problem if you're running linux

[kubla2000]

I'm sorry, but this has nothing to do with Windows' security or lack thereof. Anytime you run a binary you did not compile yourself (including a compiler), there's a chance that it will do heinous things to your computer. Like adding lines to ~/.bash_profile that run spyware.

True 'nuff. But what are the odds that you're going to get a *nix binary that includes binaries that haven't been compiled by the distributor?

Re:not a problem if you're running linux

That's unviable here. We're assuming that the people who wrote our joy-spreading trojan compiled it themselves on *nix.

Re:not a problem if you're running linux

[checkitout]

I'm sorry, but this has nothing to do with Windows' security or lack thereof. Anytime you run a binary you did not compile yourself (including a compiler), there's a chance that it will do heinous things to your computer. Like adding lines to ~/.bash_profile that run spyware.

That's assuming you read every line of code, and fully understand it -- for everything you install. The only difference is that you could *in theory* remove the offending peice of code much quicker than waiting for a patch release. Plus, lets face it, many of these programs are pretty questionable to begin with, so their third party add-ons can't be a whole lot better.

Re:not a problem if you're running linux

If you run a leaky os, what do you expect?
EXACTLY
EXACTLY
It's so simple and so UNDENIABLE and unavoidable as a conclusion. Windows is not safe. The people who make it do NOT have your best interests at heart. Under the guise of being helpful and friendly, Windows will take the side of your attackers and help them break-in/spy on you. I got this message from the Windows OS itself within 3 months of first beginning to use a PC. Fortunately, I found somewhere to turn!

I don't know why it takes SO MUCH abuse and so many depantsings for some slow children to grasp this point. (I guess some of us have abnormally low counts of nerve endings in our recta.)

If you run Windows, chances are you are spied on and/or vulnerable to trojans. RIGHT NOW. You'll find out how it's happening only 6months from now. Or 12 months, or a year and a half from now, AFTER the damage has already been done. Then you remove the spyware program or detox your files with some add-on scanner that comes out after the fact and can't protect you during the initial outbreaks. How smart and clever of you Windows users! Now you're safe and sound YOU THINK. Until 6 months later when, AGAIN...
Stupid stupid stupid
WAKE UP ALREADY

Add it all up, review the record for the applications and the OS - the bottomline is you're totally insane to run that family of SLEAZY product as your OS if you care ANYTHING about your privacy or your security. It's a fucking petri dish for every disease known to programmers. Every single casual user of the Windows OS THAT I KNOW has been 0wned/virussed and-or had important data destroyed by Windows when it curled up and died for no known reason. Most more than once.

If I felt I had to give anymore money to that bunch of gangsters in Redmond, WA I would gnaw my arm off in SHAME at my stupidity. No no never again - fool me once shame on you, fool me twice shame on me.

Re:not a problem if you're running linux

You have a point - in theory. But you can't seriously claim that spyware is rampant in the linux community like it is on windows. So what's the difference? Open source. I'd like to see you get spyware into a binary distributed by Debian or one of the mirrors linked from its homepage.

Re:not a problem if you're running linux

wow, you must know stupid people, 'cos i've been running windows for 6 years without being "0wned/virussed and-or had important data destroyed" [sic]

Re:not a problem if you're running linux

Some of us are already awake. Just because you know tons of stupid people who do stupid things with their machines don't assume every Windows user is a newbie or a fool. I've been running Windows for going on 6 years and I have never been "0wned/virussed and-or had important data destroyed by Windows when it curled up and died for no known reason". If you were (or are) a stupid computer user who has been virus infected or spied on, don't blame Microsoft blame yourself.

Re:not a problem if you're running linux

[Webmonger]

Ah, but the distributor could get infected, if they didn't do a line-by line review of all the software they distribute.

I should have elaborated in my previous post; I think the reason Linux hasn't had many widespread viruses is because Linux is run by tech-savvy people, not just because of its security model. Savvy users understand what root is for. Clueless users are almost as capable of spreading viruses on Linux as on Windows.

Clueless Linux users could be the dark side of World Domination

How can you tell if it's installed?

[Toddarooski]

So how can a user tell if this tracking program has been installed on their machine? The article was awfully skimpy on details...

Re:How can you tell if it's installed?

download ad aware from lavasoft or download.com

Re:How can you tell if it's installed?

[loraksus]

Ad aware, scans registry / files for spy/mal/etc ware and removes them

http://www.lavasoftusa.com/index.html

Re:How can you tell if it's installed?

[kubla2000]

You can also do as The Register's oft-quoted article suggests:

Those who prefer to see to their own Trojan removal need only search for a hidden directory under their \Windows directory called \Explorer. Simply delete the \Windows\Explorer directory, along with the companion file Dlder.exe in the \Windows directory.

Re:How can you tell if it's installed?

[Scutter]

Note that the latest Ad Aware completely failed to even notice (let alone remove) "Bargain Buddy", which installs itself with LimeWire even when you expressly tell it not to. And it's a bitch to remove as it installs to multiple directories and tries to reinstall itself immediately upon deletion.

more info

CNN has more info here

Here's an article

[alleria]

from The Register as well about this.

Old News To Me

[Cylix]

I noticed this several weeks ago. An application called something like whagent.exe would crash during my kazaa sessions.

My only guess was that it was not fairing well after I put in place measures to block known spyware apps.

I simply removed the offending program and now I'm probably a little less spyware free. I have grown to expect such things from useful free service providers, but on occassion I've been known to circumvent their efforts.

What makes you think they only log downloads?

[Carnage4Life]

I wrote an article on Kuro5hin entitled The Spyware Invasion when I found out that there was a piece of Spyware(WebHancer) on my machine that was logging EVERY URL I VISITED. It turns out that this company sells these statistics that they obtain from over 16 million unsuspecting users to businesses for over $12,000 a pop.

What bothered me in particular about this approach is that I know a few websites that log users in with their pasword in the URL (Slashdot is one of them) and I wondered exactly how many of my passwords and userIDs had been sent to webHancer over the past weeks I had it unknowingly running on my machine. Of course, I quickly ran Ad-Aware on my machine and changed all my online passwords.

PS: The offending application that installed this spyware was AudioGalaxy.

Re:What makes you think they only log downloads?

[Kanon]

Audiogalaxy have since mended their ways. The current installer asks if you want to install any of the spyware (1 at a time) and doesn't if you say no (I checked this with adaware).

In the past they did install webhancer without asking.

Re:If the information was they collect was useless

80% of the humans on this world are useless, so do they kill themselves for being useless?

FreeNet

[HamNRye]

Because if we all used FreeNet it would crash like a Microsoft built cessna flown by John Denver.

Re:FreeNet

[gnovos]

Because if we all used FreeNet it would crash like a Microsoft built cessna flown by John Denver.

Um, how exactly does a plane "crash" when it the engines don't start and the body can't stay held together long enough to make it to the runway? :) hee hee.

Excuse me while I laugh

Software designed to steal software and music... that steals your user history and information.... that's hilarious.

Information wants to be free, after all.

So use Ad-Aware!!!

[glrotate]

Detects and cleans most of this garbage. Lavasoft

A requirement for every windows desktop.

Kazaa has it big time...

[tcc]

AD-AWARE (current 5.62) is one of the BEST ad removal tools for windows computer, grab it at Lavasoft. It's free, it has updates (download the latest definition file after installing the 5.62 version) and I've tracked it's every move with a filesystem scanner, and it doesn't put thrash anywhere in your system.

It scans Registry, cookies, files, dlls, and it found the Kazaa backdoor installed in my system. Usually when you put a software you can remove it's tracking bugware and the main software will still run (I remember posting an article here over a year ago about bearshare having that same type of crap that Kazaa is using right now but it got rejected). What's interresting about Kazaa is if you remove the offending DLL (which is Cydoor bugtracking stuff), Kazaa won't start anymore, this really shows how BAD they want to track your moves.

While I don't have anything against software companies making a buck by selling tracked info, I do have something against companies being hypocritical about it. When you install Kazaa, it offers you a lot of "free stuff" that any above average users knows that it means advertising stuff, spamming and tracking. This is okay in my book at LEAST it's part of the installer and if you don't know and say yes, well that becomes your problem. What I find really hypocritical is i've unselected EVERYTHING exept "Kazaa needed files" and it STILL installed that bugware thing, and it's not mentionned anywhere CLEARLY in the installer. People get pissed at microsoft activation process which is clear, known and way less intrusive than that, but they let that pass in exchange of leeching free MP3, vids, p0rn and warez. If one day the big suppliers of content on that services have an FBI raid at their places, they'll scream justice and claim that FBI couldn't use the informatin that Kazaa was getting from them because it's not constitutionnal. Well I'd say, make up your mind, if you want P2P and privacy, go to some other service, an example, Download winMX, run Ad-aware in case there's anything installed with the newer versions, and it will probably still run after the cleaning process (I use winMX I love it). Don't support crooks like Kazaa and bearshare that are trying to look friendly, on your side, and pro this and that, while they turn around and sell your browsing habbits without your knowledge.

Also, notice when you're not uploading or downloading, but kazaa is running.. your drive burps every 5 seconds.... I'm still trying to figure out why.. it doesn't stop even after an hour.. it's not "windows-typical" drive burping.

Anyways... hope that helps anyone out there.

Re:Kazaa has it big time...

I'm sure it helps lavasoftusa.com....

Re:Kazaa has it big time...

[LiENUS]

problem is kazaa wont run unless cd_Clint.dll exists, www.cexx.org has a cd_clint dummy dll file that will deactivate it and let kazaa continue to run.

Re:Kazaa has it big time...

[gmarceau]

Which file system tracker did you use? I've been looking for something like that.
Do you have any idea how the burping could not show up on the tracker's log?

Re:Kazaa has it big time...

[Reziac]

Someone kindly informs us,

What's interresting about Kazaa is if you remove the offending DLL (which is Cydoor bugtracking stuff), Kazaa won't start anymore, this really shows how BAD they want to track your moves.

One might check said .DLL for any plaintext IP addresses, and armed with your trusty hex editor, replace any found therein with the time-honoured 127.0.0.0

BTW having read the Kazaa bug-report forums for a while, it became clear to me this is a company that doesn't give a tinker's damn what it does to users, so long as it makes a buck.

Re:Kazaa has it big time...

[Tackhead]

> Also, notice when you're not uploading or downloading, but kazaa is running.. your drive burps every 5 seconds.... I'm still trying to figure out why.. it doesn't stop even after an hour.. it's not "windows-typical" drive burping.

I don't use spyware, so I never installed Kazaa, so I can't help you. But I'm curious, too. (I hate advertisers, and anything that threatens to kick over the rocks under which they grow is k00l by me ;)

So try a utility like this one: Sysinternals' filemon.exe

Could be as innocent as your swap file, 'cuz some Windoze proggies leak memory like sieves. Could be something less-than-innocent. Let us know!

Re:Kazaa has it big time...

That's 127.0.0.1, cluebie.

Re:Kazaa has it big time...

[tcc]

>So try a utility like this one: Sysinternals' filemon.exe [sysinternals.com]

That's what I was using for Ad-Aware scanning... there's a lot of tools at sysinternals to track the software that tracks you. Theres also Regmon for monitoring changes made to the registry that is interresting.

One last thing you might want to check is a tcpmonitor process (there's one at sysinternal as well I think) to check where it's communicating (if you want to go that far)

For you linux people there's also a flavor of filemon (file access tracking discussed above) for linux, you can grab it Here

Re: Kazaa has it big time...

[Omniscient+Ferret]

You can track the changes in real-time, or you can let it do whatever then check the files for changes.

In real-time: FileMon installs a driver that transparently tracks filesystem accesses. If you want to see what accesses the drive every five seconds, this is a good tool for it.

If you want to see what files were modified, use programs like AIDE (on Unix) or Tripwire (on Unix or Windows 2k/NT, apparently), or InstallWatch (Windows). If you just want to see where an install program left its files, this is good. If a given program is just reading (not writing) files, or leaving temp files in ignored directories, then this is not effective.

You can examine the source for AIDE & Tripwire, so this isn't a chicken-and-egg problem.

Re:Kazaa has it big time...

[Sarcasmooo!]

This was what I was about to point out. How can they deny that they knew the spyware was there, when a lot of these programs know enough to refuse to operate when the spyware is removed?

Re:Kazaa has it big time...

Find out how 127.*.*.* gets routed before you spew, please.

Re:Kazaa has it big time...

[Jade+E.+2]

Regarding your drive burps, the Fasttrack clients (Kazaa, Morpheus) by default act as 'super-nodes', which maintain lists of shared files not only on themselves, but on 'nearby' peers as well. They then respond to search requests not only with their hits, but also with hits from other nearby nodes. The idea behind this is that people with fast connections and processors take some of the burden off the lesser-endowed. It seems to me that making this be the default behavior in every client sort of defeats the purpose, but they didn't ask me. I suspect that this behavior (indexing and searching file lists from other hosts) is probably at least partially responsible for your drive activity. You might try going into the options and disabling Super-Node behavior and see if that stops it. I'm too lazy to install one of the clients on this box just to check :)

Re:Kazaa has it big time...

[netringer]

problem is kazaa wont run unless cd_Clint.dll exists, www.cexx.org has a cd_clint dummy dll file that will deactivate it and let kazaa continue to run.

Yeah. I deleted the CyDoor crap. When trying to run KaZaA I get a error window with:
&lt!gt You have uninstalled a part of KaZaA that is needed to run. KaZaA will quit now so you can re-install it.

&lt sarcasm&gt OH! NO! Sorry! Please don't tell on me. I'll go right out and re-install it. Sorry, sorry, sorry, sorry!&lt/sarcasm&gt

Like the previous poster I carefully unselected all of the add-in crap when I installed KaZaA justdays ago.

It really pisses me off. I haven't even used KaZaA yet and they've been spying on me. Bye, KaZaA! I hope you don't mind, but rather than re-installing as you've commanded me, I'll just UN-install the rest.

OT: I noticed that the RealPlayer install HIDES selected "features" below the part of the window you see. You see a bunch of option boxes that are, by default, unselected. If you notice the scrollbar and scroll down the window, you see dozens that ARE selected. That way they can sneak them in and say you chose them. Sleezeballs.

I'm very grateful for this heads up. Thanks, Slashdotters!

Re:Kazaa has it big time...

[scrytch]

So just run morpheus. Same network (fasttrack), no spyware. Ok, so it's buggier than the chinese embassy, but it does the job.

Re:Kazaa has it big time...

[eremos]

this site says that later versions only track which ads you see and click on (some useful info on other spyware apps as well). Not all that diff from doubleclick, really.

Of course, I don't know whether kazaa actually has one of these later versions.

In any case, I don't think it tracks what you download, browse, etc.

And if you're still paranoid, get Morpheus instead. It installs a little thing called BDE Projector, but that's easily uninstalled doesn't cause any problems.

Oh, and I use Ad-Aware. It's awesome, and hasn't picked up anything related to Morpheus. Updated weekly, at the very least.

Re:Kazaa has it big time...

Have you tried Morpheus? Morpheus is exactly the same as KaZaa but without the adware.

Re:Kazaa has it big time...

[mbennis]

In case you are lazy here is the direct link

This one backfired on them...

[sjehay]

It would appear that the stuff bundled with LimeWire is flagged up by antivirus software - oops... bit of a mistake there :-)

I quote:

It has come to Lime Wire's attention over the past 24 hours that one of the bundled software installers included with LimeWire 2.0.2 for the PC is now considered a SpyWare/Trojan by various anti-virus software packages. We have received complaints from our users and we have worked quickly to resolve this issue by putting out a new beta immediately yesterday and rolling LimeWire 2.0.3 for the PC into production at 3:30PM EST today (Jan 1. Note that this did not affect LimeWire 2.0.2 P (LimeWire PRO) users.. We will be communicating further with LimeWire 2.0.2 PC users as information becomes available.

Workaround for all of this nonsense: don't download the Windows-specific version, get one of the ones without an installer (such as the Linux or Solaris versions) from here and use that instead. It removes one layer of laziness as you have to install the JRE and make the icon yourself, but it does mean that the ONLY code that LimeWire can install and execute on your system is a) visible and b) written in Java, which means it can't do anything too evil (read: anything platform-specific).

Hope this helps...

Re:This one backfired on them...

[Jay+Carlson]

No, running the packaged Linux version of limewire on Windows still gets you Windows components. I just tried this and it extracted a "CBanner2.dll" and "LimeWire20.dll" into the install directory. So maybe you're not getting all the stuff packaged into the standard PC install, but there's still a bunch of wacky code there. Maybe it's time to go find a *truly* weird architecture. Bet there's no spyware for the OS/400 JVM...

[...] one of the bundled software installers included with LimeWire 2.0.2 for the PC is now considered a SpyWare/Trojan by various anti-virus software packages. We have received complaints from our users and we have worked quickly to resolve this issue by putting out a new beta immediately yesterday[...]

So the question is, did they remove the SpyWare/Trojan, or did they just hide it better?

Re:This one backfired on them...

[sjehay]

On the page I linked to in my original post you can download versions for Linux, Solaris etc. which come WITHOUT AN INSTALLER - i.e. you just un-tar/zip them and get some .jar files you can run (and if you're lucky a shell script to do it for you) - no Windows or spyware nonsense at all. That's what I was talking about; I don't know about the Linux installer at all as I've never used it.

Re:This one backfired on them...

[Jay+Carlson]

versions for Linux, Solaris etc. which come WITHOUT AN INSTALLER - i.e. you just un-tar/zip them and get some .jar files you can run (and if you're lucky a shell script to do it for you) - no Windows or spyware nonsense at all.

Right, and when I run those jar files, they extract a bunch of Windows DLLs. So yes, the independent spyware installers don't come with this, but Windows-specific components do.

I don't know what those DLLs do. Of course, I don't know what the Java code does either....

Re:This one backfired on them...

[BCoates]

> b) written in Java, which means it can't do
> anything too evil (read: anything platform-
> specific).

(call this phydrive.java, then `javac phydrive.java && java phydrive`)
--->8---
import java.io.*;

class phydrive {
public static void main(String[] args) throws Exception {
FileInputStream fis = new FileInputStream("\\\\.\\C:");
FileOutputStream fos = new FileOutputStream("diskbytes");
byte[] data = new byte[4096];

fis.read(data);
fos.write(data);
}
}
--->8---

On Win2000, as an Administrator, This gives me the first 4k of my C: drive. I imagine write works as well, but I don't have a breakable box lying around at the moment... Wouldn't be surprised if the linux equivalent works, too.

Java code you run out of a local file (as opposed to java you run in your browser) is assumed safe (although you still get niceities like bounds checking, unless you have a jre that supports disabling that)... so remember to read tha source and don't trust those .jar-s.

--
Benjamin Coates

Re:This one backfired on them...

[sjehay]

Yes, Java applications are trusted and so can do anything they like without security warnings or the SecurityManager stopping them, but my point was that there's no Registry.addKey() or similar such evil things, so you cannot do anything platform-specific like that from within the Java home. However, as Jay Carlson point ed out, even on the installer-free versions for Linux etc. the actual .jar file contains a pair of .DLL files, so it's eminently possible that LimeWire could check to see if the platform is Windows and if so call native methods to do nasty stuff like install spyware from those .DLLs... Is there a way to make the JVM report a different operating system?

It's ClickTillUWin

[Kman_xth]

Here's a (dutch :P) site about this thing, with more details http://www.zdnet.nl/News.cfm?id=14504 The article says that LimeWire 2.0.2 and Grokster ask on installation if you want to install a certain 'service' or program called 'ClickTillUWin'. Whether or not you confirm or deny this request, it secretly DOES install it on your pc. This so-called online lottery game contains the trojan. If you go to clicktilUwin.com you'll see that there are possibly more programs 'infected' by this trojan (check the partners section). What is basically does (according to the above article) is install a file called Dlder.exe. When you start the p2p program it came with, dlder.exe will automatically start too and download a second piece, called explorer.exe (and no, not the same one windows users normally have). This program then does some things to the windows registry and sends usernames and your ip adress to http://www.2001-007.com. Symantec (the guys of Norton Antivirus) have called this thing a trojan horse and all of their antivirus applications will regognize it as one. The above article also states that other antiviruscompanies have also already updated their software (waiting for you to press the 'update button' that is :)

Re:It's ClickTillUWin

[Reziac]

http://www.2001-007.com immediately redirects to clicktilluwin.com. Which caused Netscape (3.04, js off, images off, NO plugins) to complain "This page contains data of the type 'octet/stream'. Do you want to get the plug-in?"

WTF does that mean??

Re:It's ClickTillUWin

As is usual with these shady type companies, they can't configure a server or even make a web page to save their lives.

Re:It's ClickTillUWin

[Kman_xth]

Their site holds a (fairly useless) flash animation. And you probably don't have flash installed.

Re:It's ClickTillUWin

Broken MIME type configuration on the webserver. Since IE will look at the file extention instead, they don't know it's a problem.

Re:It's ClickTillUWin

[Florian+Weimer]

The server is misconfigured, it is sending a Flash 5 animation with "Content-Type: application/octet-stream".

Unlike other, more popular software companies which try to hide that they are spying on their users, ClickTillUWin is open about its business.

If you install such software, it is simply your own fault.

Re:It's ClickTillUWin

[Reziac]

Ah, thanks... yes, I have no banan^H^H^H^H^H Flash installed, but normally just get the standard message. Misconfigured server, eh? Why are we not surprised?

BTW, I have a nasty habit of inspecting before installing, so have avoided installing adware or its cousins of any species. :)

Ad Aware

[SplendidIsolatn]

I personally run Ad Aware to get rid of all other Spyware except what KaZaA needs. If you delete KaZaA's spyware, it will stop running. I guess it's a trade-off of privacy versus convenience. But I don't blame KaZaA, except for not letting people know they are being tracked. They have provided FREE software which is really good. I just wish they'd make money some other way.

Happy downloadin'

Here's a weird one for you...

Two of my colleagues at work have this same problem - every day, at certain times, a new web browser will suddenly pop open, with an address already filled in. This sometimes happens even when no browser is running.

The OS is win2k, and the browser is IE. The URL is different each time. I think this is some kind of ad-trojan thats wormed it's way on (wouldn't surprise me since the corporate directive is that everyone must use Windows 2k, Outlook 2000 and IE).

Both of them have nothing unusual (i.e. nothing that everyone else has), except yahoo messenger. I and several others do have messenger, and are not affected.

Any ideas?

Re:If the information was they collect was useless

Well, how about you set an example for them?

Symantec's description of the trojan

[Kman_xth]

http://securityresponse.symantec.com/avcenter/venc /data/w32.dlder.html

For a desribement of the trojan in grammatical correct english :)

Value?

[mlknowle]

One important question is the value of the data they collect. Will advertisers buy such 'black market' data? Or is the data collected by the developers 'just because they can?'

It is really in these companies' best interest to risk losing the faith of their users for this data which probably won't make them any money?

Re:Value?

[stickyc]

In my experiences, the people that buy and sell this data are oblivious to where it came from and that it might be gathered in a less-than-pleasant fashion. Their primary concern is accuracy and price.
The demographic data junkies at most corporations I've dealt with are college graduates with degrees in sales and marketing, not comp-sci. Their news pages are wsj.com and ESPN.com, not slashdot or kuro5in.
On the bright side, they're all virus paranoid and if things like this show up in NAV and they somehow make the connection - that's good. The problem is, they're usually virus paranoid because they've once (or twice, in many cases) launched "BRITNEY.EXE" thinking it actually was nudie pics of Britney, only to spam their entire company with the latest Email virus.
My point being they find things like this out the hard way, and as long as there's thousands of these people out there to buy the 'evil' data to learn the lesson, there's a market to sell 'evil' data.

This needs to be re-iterated

[LS]

Limewire is GNU licensed, and therefore open source. If you have a problem with spyware, then roll your own version. I don't even think the source code has the spyware, so all you have to do is compile. Now as for other closed source software that doesn't tell the user of it's misdeeds - I can't defend that.

LS

Linux Kazaa Client

[arminhammer]

There is a linux kazaa client in early beta, but it works ok and contains no spyware.
You can find it here: kazaa media shell

Maybe something will be added in future releases, we will see.

Some Good Advice, Again....

[thumbtack]

It's been put up here lord knows how many times, but here goes again. I use the Lavasoft software Ad-Aware to check and clean my system on a regular basis. Not only do I use it, if I have a friend who is having problems with their system, I usually will run it there as well. nine times out of ten they have a program that is running in the background, that Adware classifies as "Spyware". Removing the "spyware" components my the friends system often fixes the problems they are having. It always finds things that shouldn't be on their system. We can debate cookies forever, but I'm talking about software that serves ads, sends information, or otherwise takes control of your system or partially takes control.

The old sage about not installing software from unknown sources applies more than ever, I don't know who these people are, but from reports I've seen and heard I wouldn't even consider installing them.

. If I do download software and install it (it inevitable) I scan the download for viruses and trojans, backup my registry, install it and then run Ad-Aware. If Ad-Aware detects anything from the program, i uninstall the sucker. Then I reboot and run the old registry as well.

Didn't Know?

[SquierStrat]

That's the stupidest lie I've ever heard! :-) I meant really...we're shipping with software we have no clue about...hyuk hyuk!

Blah. I'd disagree with the fellow who says this is a death knell to closed source software though, since, a) most folks don't care and b) the number of people who use this type of software is in the minority.

limewire

[Cardhore]

It seems the spyware is windows only. Also worth mentioning is that you can compile Limewire from CVS and doing that you will not compile the spyware. However...

Limewire (for Windows) installs spyware even if you uncheck the box!

SaveNow Must Die!

[fm6]

There's all kinds of nasty spyware and adware out there, but the one that raises my blood pressure is SaveNow/WhenUShop. This is supposedly a voluntary opt-in system, but some program (probably BearShare) installed it covertly on my system and didn't remove it when I uninstalled.

The lost of privacy was bad enough, but SaveNow seems to work by hooking into Windows Explorer and intercepting a great many application events. For a long time I blammed the resulting performance hit on a combination of my own excessive system tweaking, buggy Explorer plugins, and MS software bloat. It wasn't until Explorer froze up totally that I realized some background process was interfering with it, and found the culprit by process of elimination.

It strikes me that this is not very different from activities that have gotten people sued or even arrested. It's all there -- unauthorized access, theft of services, malicious action. Perhaps it's time we gave Mister Ashcroft a call!

Re:SaveNow Must Die!

[aussersterne]

Perhaps it's time we gave Mister Ashcroft a call!

This is America. If a corporation does it, it's never a bad thing. It's only the consumers and the average working class joe who are evil+expendable.

Re:SaveNow Must Die!

You don't get it, do you? When some teenage haXXor goes and writes a Trojan, our grand justice system says lock him up with the murderers and pedophiles for the rest of his life. But if some "monied corporation" decides to covertly install spying software on all their consumers' computers, well, that's good for the economy! It maximizes their consumers' buying experiences! It provides value-added services for their responsible, commercial partners! To say otherwise would be un-american, anti-capitalist, and probably aiding some terrorists somewhere!

Re:SaveNow Must Die!

[kz45]

You don't get it, do you? When some teenage haXXor goes and writes a Trojan, our grand justice system says lock him up with the murderers and pedophiles for the rest of his life. But if some "monied corporation" decides to covertly install spying software on all their consumers' computers, well, that's good for the economy! It maximizes their consumers' buying experiences! It provides value-added services for their responsible, commercial partners! To say otherwise would be un-american, anti-capitalist, and probably aiding some terrorists somewhere!

From your post, YOU obviously don't get it. When a teenager releases a trojan on the public, It causes millions and sometimes billions of dollars worth of damage.

I do feel people writing viruses should get community service / a hefty fine, rather than jail time.

Think about this: awhile back, I updated my linux server to the latest version of the kernal at the time. It corrupted my FS, and thus I lost months of valuable work. SHOULD LINUS BE RESPONSIBLE?

If the answer to this is yes, then software companies should also be responsible for releasing spyware.

Re:SaveNow Must Die!

Think about this: awhile back, I updated my linux server to the latest version of the kernal at the time. It corrupted my FS, and thus I lost months of valuable work. SHOULD LINUS BE RESPONSIBLE?
If the answer to this is yes, then software companies should also be responsible for releasing spyware.

Sure, Linus should be responsible, so long as you can prove in court that he intentionally trashed your FS. Thus demonstrating this comparison for the invalid one that it is.

~~~

Re:SaveNow Must Die!

[sjames]

Think about this: awhile back, I updated my linux server to the latest version of the kernal at the time. It corrupted my FS, and thus I lost months of valuable work. SHOULD LINUS BE RESPONSIBLE? If the answer to this is yes, then software companies should also be responsible for releasing spyware.

The difference is that Linus had no intention of corrupting your data, spyware exists to spy on you. The second difference is that Linux tells you what it is, what it does is well known, and it explicitly disclaims any warranty. Spyware conceals what it is/does and since a disclaimer would be a dead giveawy, it has none.

In short, it's no different than any other trojan except that it is better written (to remain hidden) and is distributed by people who are old enough to be considered adults in the eyes of the law (unlike many trojan writers/distributors).

Re:SaveNow Must Die!

[MillionthMonkey]

From your post, YOU obviously don't get it. When a teenager releases a trojan on the public, It causes millions and sometimes billions of dollars worth of damage.

This is commonly (although not always) true, but is irrelevant to the point he was making, which sailed over your head. He was saying that prosecutorial resources are applied preferentially to individuals as opposed to corporations. If a backdoor/Trojan is released by a corporation, it arouses little attention. If a teenager writes a similar program they're all over him in a heartbeat! Just take a look at all the Trojans that are being released by shady software companies. Go down the list. Some of them are so obnoxious that they are reported by antivirus utilities. If a teenager wrote some of these, he'd be in serious trouble! He'd be in jail waiting for his military tribunal. The corporations that produce these programs operate in plain sight with no fear of prosecution. The law hasn't caught up with technology. It's still tiptoeing around the issue of spammers. But it's certainly caught up to the teenaged miscreants, hasn't it?

Think about this: awhile back, I updated my linux server to the latest version of the kernal at the time. It corrupted my FS, and thus I lost months of valuable work. SHOULD LINUS BE RESPONSIBLE? If the answer to this is yes, then software companies should also be responsible for releasing spyware.

This is an exceptionally silly point. First of all, Linux is free and comes with no stated legal guarantees. There is nobody to sue. Second, Linus didn't design the patch with the intention that it would corrupt your filesystem. If a company releases software that corrupts my computer on purpose, I would hope that they would be nailed to the wall. I don't know what legislation would pertain to that situation but there certainly doesn't seem to be any prohibiting spyware.

Re:SaveNow Must Die!

No, you're responsible. You should know better than to run a spanking new kernel unless you're a beta tester. Let the rest of the people run it for a week or so and if you see no complaints and need a feature only present in that release then give it a go. On the other hand, if your current kernel is working fine for you and you have no need for additional features then why bother upgrading? Hell, I'm still running 2.4.0 on my server. Works fine, doesn't crash, and I have no need to upgrade.

Re:SaveNow Must Die!

I once had a user call and report that her computer was running extremely slow and would take about 15 minutes for IE to start up. I went to her desk and noticed cpu utilization was at 100% and 1 GIG OF VIRTUAL MEMORY WAS IN USE!

I went to the other tab and it was SaveNow! So I deleted the executable and rebooted and the system was working fine. Turns out SaveNow was was unsucessfully trying to get out through our proxy. The way it was programmed was to keep trying indefinitely. I hate them!

Re:SaveNow Must Die!

[Will_Malverson]

Of course, you can also download WhenU directly at CNet's Downloads.com. The "customer" reviews are amusing, as half of them are obvious fakes from the company, and the other half are pissed off real people. You can read them here.

Re:SaveNow Must Die!

the savenow 'application' mentioned is also installed along with our British Telecom, IP inverse software, or so it seems with a speedway ISDN modem.

Zonealarm and tripwire caught it by name, sending shit back to BT.

Re:SaveNow Must Die!

"Monied corporation"? You have to be kidding.

These are scumball little outfits that are trying to sell nearly worthless marketing data by preying on people who are predominately involved in illegal activity. As it said in the D&D manual -- There Is No Honor Among Thieves.

The (umm) Solution is something you won't like -- banning filesharing clients.

The cops don't care about this activity for exactly the same reasons they don't care about drug dealers shooting each other. You can upload trojans all day long to warez servers and nobody will care. Make something that spreads to corporate mail servers, and then the law is interested.

(Besides, overall this is a good thing. If Ma and Pa Kettle get the idea that all of these Napster-wannabes are virusware, they will stay away and the whole filesharing thing will stay under the RIAA radar.)

Re:SaveNow Must Die!

We've had that same problem in the computer labs at the large university for which I work. In our case, SaveNow was trying to do something. I don't remember what that something was, but something else(sorry to be so vague; this happened many months to a year ago) on the computers would prevent it from working. But SaveNow was persistent. Whatever it was trying to do, it tried to do it every few seconds. Pretty soon, our app logs were being filled with this crap in addition to the obvious performance hit which you've already mentioned.

Thank God that we finally were able to move from NT to 2000, which doesn't seem to be affected by this.

Data protection....

... I would like to control what information about me is stored on what computer systems

You can, in the UK at least. It's called the Data Protection Act, 1984. Any company keeping data on you must, inform you they are doing so, at your request provide you with that information, and correct it if it is wrong, or face rather large fines. I believe you can request that they delete any information held about you.

I think other EU countries have similar laws. IANAL, but I don't know how well this applies to anything that may be considered "anonymous" data, or when the company collecting the data is outside the juristiction of the Data Protection Act...

What would be funny though is to track how much bandwidth all these spyware programs use and send a bill to the recipient(s) of the information to compensate you for bandwidth costs... could charge say.... $1 per kilobyte?

Re:Data protection....

[Bert64]

Some people are on lines which charge for data transfer volume, leased lines and corporate ADSL in germany for instance, charging upto 35DM per gigabyte, but spyware would have to transfer a lot of data to start costing the victims money.
Perhaps someone should reverse engineer the protocols used by these tools, and create a program for people to run, which sends random/garbage data back to the central server.. It would be amusing to know i am visiting http://ybgqjXimzgsrcgggz2Bjzt7mminfhy/jJsb94Vag a lot...

Re:Data protection....

be funny if the marketing companies suddenly realizied that millions were visiting goatse.cx about 100 times a day....imagine the commercials....

Re:Data protection....

[mgv]

Perhaps someone should reverse engineer the protocols used by these tools, and create a program for people to run, which sends random/garbage data back to the central server..

They encrypt the data sent using public key technology. Ironically it has made it hard for the RIAA to work out what is being done by whom without breaking the DMCA. The actual files are sent unencrypted P2P unfortunately.

Of course, a DOS attack probably could just send garbage to work. This is probably not the right way to deal with spyware, IMHO.

Does any file sharing program available today encrypt the actual files transmitted? Just wondering.

Michael

Re:Data protection....

charging upto 35DM per gigabyte

what's a dm? oh, i see, kind of like a euro.

Re:Data protection....

[ncc74656]

Does any file sharing program available today encrypt the actual files transmitted? Just wondering.

While it's not the first program that comes to mind for acquiring mp3z, doesn't Freenet encrypt everything? IIRC, it's also designed to enable anonymous/pseudonymous publication in that a file you put up on Freenet isn't traceable back to you.

Why?

[CaptainSuperBoy]

Free music doesn't have to have a price.. it's not like there is some kind of trade-off between free music and spyware, dictated by the laws of physics. As a user and a software developer, I think spyware is unethical and I won't support its use or use it on my computers. There's perfectly good peer to peer software that doesn't have spyware (Morpheus) so that's what I use..

Spyware risks

[Jenova]

Spyware doesn't just contain the risk of compromising system security. It actually degrades the system performance as well.

I installed BearShare last year, not knowing there was spyware. It was only when my system started slowing down(sluggish games , slow window redraws) that I noticed that it has a loaded a spyware(SaveNow).

I have kept off installing any new software from then on untill I have verified that the software does not contain spyware.

This is especially important now that my family does electronic transactions thru the same computer too.

It is a pity, because of this, I generally distrust free-beer software these days.

Re:Spyware risks

[Harumuka]

By avoiding free-beer software, you are not immune to spyware. Case in point: NewsUpd.exe, spyware installed when installing Creative Labs hardware, such as SB 16. It is not disclosed in the license agreement nor mentioned in the documentation. Cexx said it best:

This really burns me up. This isn't some sleazy shareware application downloaded from God-knows-where, but legitimately purchased hardware from a legitimate-looking company, that is installing advertising spyware along with its hardware drivers!! This is a clear betrayal of user trust. (Ed. note: I discovered this particular piece of spyware when installing a Creative Labs SB16 on my OWN system, so I am quite obviously angered. The heads-up came when Zone Alarm alerted me that an unknown application newsupd.exe was trying to access the Internet. Creative has yet to make good on my request for a refund on my advertising-subsidized hardware purchase.)

Re:Spyware risks

[netringer]

It was only when my system started slowing down(sluggish games , slow window redraws) that I noticed that it has a loaded a spyware(SaveNow).

Yeah. The home PC is Pentium II 350. It works fine unless there are a half dozen .DLLs running in the background and/or intercepting every CPU instruction for whatever reason. What I'm endlessly tracking down and stomping out is ANY unneeded .DLL that is taking CPU cycles. I remove and unstart virus scanners, add-ons. and plug-ins until the system peps up and seems usuable again.

I just had I.E. lock-up fairly often- not even the scroll bars worked. I finally figured out that it was just pegging the CPU. Now I I know that it was because I had the damned CyDoor .DLL desparately trying to send off stolen spy data on the last few URLs I went to.

I don't suppose the programmers hired by these scum put any emphasis on getting the spyware to be effecient code that will behave well. You know they write and test it on a current 1GHz Intel and if it works mostly OK there it goes out to infect the unsuspecting masses.

I'll have a new AMD Athlon desktop system real-soon-now. It's sad that you have to add CPU horsepower just to have a viable system that can defend itself from these scum buckets.

Before you hit reply to tell me to run a real O/S and a real browser, know that I use Opera, Netscape, and Mozilla. I also use those to check on where a bottleneck is. It is good to know that these scumbags don't write .DLLs to intercept those. I need IE for sites I tolerate where Java is .asp-Java-on-Windows-with-IE. I also dual-boot the PC to Mandrake.

Flatter

[Graymalkin]

I'm not totally positive this is entirely true but I've noticed an anomoly whilst running LimeWire on Windows. When it launches a little 2x2 pixel entity pops up in the top left corner of the screen. It can be clicked and moved around the screen but doesn't respond to anything else I've tried except Alt+F4 which makes it go away (I assume closes it). It also doesn't shot up in task manager as an individual process so I'm further assuming it is a thread in the LimeWire process contained in the JVM. I haven't cared enough to further try to figure out what it is. Is it mentioned in LimeWire's literature and has anybody else seen it?

More information.

[milkman1]

This was originally noted on the vuln-dev list in late december. For your amusement here are some links:

Grokster and possible trojan

Clicktilluwin DLDER Trojan"

The False Alarm Award

[afree87]

Yesterday, a program called "ExPlorer" kept on crashing when I shut down my computer, and a small, unremovable box would appear in the corner of my screen at random times. I suspected a virus, but my software would not detect anything. So, I went to work myself. When my computer started crashing and my Internet connection stopped working, I opened up System Information and located a second explorer.exe in a hidden directory called Explorer.

After a few reboots, I managed to stop the program from running, and then examined its raw assembly code. From the plaintext I could decipher, it seemed to be calling some website called "2001-007.com". Renaming the file to virus.exe (in anticipation), I rebooted again, found my connection working, and visited the site.

2001-007.com is another name for ClickTillUWin, the website that comes with Limewire. Insert your own annoyed reaction here. The smegheads at ClickTillUWin had designed spyware that acted in all effect like subseven or some worm.

So, if you think you've got a virus on your Windows computer but can't detect it with the usual methods, don't panic; get Ad-aware. You'll be better off for it.

LINUX spyware?

Is it possible to do the same in linux?
If a machine had a few utilities (like ps, among others) modified by the spyware so running processes could not be effectively monitored, i could see that happening. however, if such machine were to run tripwire or any similar utility to verify file integrity then it would be impossible for spyware to installl itself surreptitiously. Right?

By the way, does anybody of any recent LINUX versus WINDOWS 2000 Server study as thorough, well documented, and objective as the somewhat dated but relevant "Microsoft Windows NT Server versus UNIX " report by John Kirch found at http://www.linuxfocus.org/English/May1998/article4 1.html ?

Gnapster

[Lumpy]

I wonder if they'll try to sneak it into Gnapster... Oh wait... I could read the sourcecode and see it there....

another example that Open source is better.

(Besides, Gnapster on OpenNAP servers is useful (would be more useful if people would get a clue and open the ports on their firewall to actually share those files.)

and the only thing I would love to see changed... if you disconnect, the server erases that you existed and all your shares instead of listing them... that is a pain in the butt.

Re:Gnapster

[PurpleBob]

But there's the irony. LimeWire is open source!

The thing is that the binary that they distribute for Windows is not the same thing you'd get from compiling the source...

Learning the lesson of proprietary software

You can't rid yourself of spyware, back doors and other hidden bad software by using a proprietary tool. Recommending one proprietary application to modify the effect of another is unwise.

OLD OLD OLD NEWS

This story broke a week ago. Man /. is getting really crappy. I bet this story was submitted every day for the last 7 days before some bonehead moderator had a brainfart and finally let it through.

Re:OLD OLD OLD NEWS

[drsoran]

Last week? These programs have had spyware installed along with them for months (or longer). It's certainly nothing new or exciting. Get a copy of Ad-aware if you're paranoid. It seems to be pretty good at cleaning that stuff up.

Re:OLD OLD OLD NEWS

pay attention in class nit wit. he's saying slashdot is linking and promoting ancient news.

Re:OLD OLD OLD NEWS

That's certainly nothing new dipshit. Of course slashdot promotes ancient news. They've been doing it for years. What the fuck do you think this is CNN?

Burn All SpyWare!

I see a lot of people don't care about SpyWare. I think everyone should. Maybe it's not that bad, but it's the principle - What they are doing is spying on you. Monitoring you.
If you don't do anything about it, it's only gonna get worse. Feed them a crumb, and they'll take the entire arm! Or whatever the saying is.

Cexx.org has a nice article on how to neutralize spyware.

For those interested, KaZaA utilizes spyware by the name of CyDoor - That article on cexx.org explains what it does.

For those of you who care about privacy, and can't live without KaZaA, this may interest you: Dummy Files for use with KaZaA - or ANY other app that uses the CyDoor spyware rendering it harmless.
They Uncymesh file on the same page kills the spyware when i.e. KaZaA is not in use (when it is it's active!).

All in all I can recommend going through cexx.org, lots of interesting stuff. And yeah, support Ad Aware!

Intentionally Anonymous Counter Exploiter

Re:Burn All SpyWare!

Poor Bill. I bet his hosting expenses are gonna go through the roof after all those links.

Open Source Software

[lostchicken]

Has anyone seen anything like spywire snuck into open source software?

The only way I see to do it would be to include spyish code as a 'feature'. We need to be very careful when accepting such features.

We can't believe that just because something isn't secret that it isn't malicious, no matter how innocent the reason may seem.

SpyWare

[NetNinja]

As the previous post mentioned above "Ad-aware" is a great program to snif your winblows boxes for spyware.
The January issue of "Smart Computing" has a great article describing which programs are spying on you and some other recommended programs to protect your machine.

This is normal.

What do you expect from closed source (then untrusted) "free" programs? Spyware is a business, and these companies make money out of the information they sell on what the users do.
If you want 100% security, then use Open Source only software. On windows there's Gnucleus, on Linux there are many (Lopster, gtk-gnutella, Gnapster, Qtella, etc.).

Anyone remembers of the Interbase backdoor?
There was one, hidden for 9 years into million of lines of code, but it was discovered and made public by someone only two months after Borland released Interbase's source code.
The simple answer is: stay with Open Source! It's the only way to ensure 100% reliability and security to your systems, your data and your work. There's no way to hide malicious code if you have the source.

How about CometCursor?

[ewhac]

A friend of mine keeps getting CometCursor installed on her laptop without her permission. She runs AdAware every so often to find and remove it, but it keeps reappearing.

She suspects it's being installed covertly by some Web sites she visits (though we haven't yet isolated which ones). She surfs with IE, but even so, it seems highly improbable to me that something like CometCursor could be downloaded and installed behind the user's back.

I know CometCursor is spyware, but does anyone have more details about this particular behavior?

Schwab

Re:How about CometCursor?

[Zalgon+26+McGee]

Has she ever clicked on "Always trust content from Comet Cursor"? That may be the reason.

Re:How about CometCursor?

because the first time she installed it she checked off the "always trust software by this company" box. so any time something tries to install it. it doesnt bother asking and does it behind the scenes.

Re:How about CometCursor?

[filtersweep]

Comet cursor is an enigma to me too... I ended up with it myself on my "pristine box"- my audio workstation that I go out of my way to keep very "clean: (ie. no games, no nothing...).

It is possible it is bundled with something else under a different name- but I definitely did not give permission for it.

Re:How about CometCursor?

It can also piggyback on activex. Change your internet zone to secure, dissallow activex in that zone.

installing apps with less than root privilege

Hey, perhaps we should evolve towards setting up groups and permissions (e.g. with UNIX/Linux) so that one never needs to trust application software (and even most system software) when installing it. It could run with less than root privilege. I guess a lot of applications are already setup like this and run with only user privileges.

That crappy Secondpower

[libreazul]

On my IE browser, second power.com inserts itself as my default homepage. where is this piece of software? I'll burn it soon after I find it. Thanks -Dave

If you want to use Kazaa w/o the spyware...

[AnimeFreak]

Use Morpheus. I have known about Kazaa and it's spyware built-in for quite some time now, yet Morpheus is better as it doesn't have spyware and it also allows you to download MP3s larger than 128 kbit.

Getting older versions of Limewire also allows you to defeat the spyware.

Sort of.

[CdotZinger]

The last Mac version of Limewire I tried (18 or 1.8, I think) didn't install any "spyware," per se; there was no piggybacked Trojan. But, according to my firewall's log from back then, it did try to "phone home" about seven times a day, and hunted for another open port when it failed. So, "Trash" is your friend.

Re:Sort of.

[Grahf666]

Do older versions do such things, i.e. 1.7b? I didn't upgrade, cuz 1.8 has a bunch of useless shit (mp3 player that doesn't work), and gives you WAY less options to toy with.

uninstalling ezula..

[rockclimbingtech]

Ezulamain being the program bundled with Kazaa and Morpheus, possibly others... to uninstall with windows go to start/programs/accessories/system tools/system information, and you can edit which programs automatically start with your computer. Ok, so everyone already knew this/could have figured it out, ... come to think of it, posting windows instructions on slashdot is like playing hockey in afghanistan...

Then they came for the Windows users

[Sloppy]

but I didn't run Windows, so I didn't speak up.

Then they came for me, and there was no one left to speak up.

this

and had an opportunity to be notified and decline if they so choosed.

huh? if they so choosed???? wtf???

trojan?

[Jnxer]

http://www.limewire.com/index.jsp/trojan

Bulls**t

The software companies claiming they weren't aware of the 'features' of the spyware they installed in their apps is ludicrous. Their entire business model is tied to said spyware. That is their only source of revenue. To claim ignorance is absolutely pathetic, I don't know how they sleep at night.

ADP?

[johnnyproton]

When I installed LimeWire 2.02, I requested that ADP wasn't installed, but it is still running in my task manager.

Does anyone know what this program is?

Re:ADP?

might be spyware. try downloading ad-aware and see if it is.

Why is this flamebait??

[psxndc]

WTH moderators? This is the second time in a week I've seen something modded down unnecessarily. If anything, mod this comment up. Sorry man.

psxndc

Re:Why is this flamebait??

[ThatComputerGuy]

I see you haven't read /. much lately...

Norton AntiVirus 2001

[acrhemeied]

Downloaded LimeWire the other day. When first I ran the program, I remember the auto-protect thing scare the hell out of me when it found a bug it classified as 'backdoor.trojan'. The file was 'dlder.exe', created in a temp directory called 'RarSFX0'.

Believe it if you wish

[SuperDuG]

This is slashdot "News for Nerds. Stuff that matters." not "Tabloids for nerds. Stuff that doesn't matter".

As for spyware and adware, if you are using one of these programs chances are that you aren't doing it for legal reasons from the get-go. Do you really think that you have any rights while breaking the law???

Seriously people you can't really argue how these companies are "bad" when you yourselves are using these programs for completely illegal purposes. All these programs do is suck bandwidth and violate copyrights.

Granted there are legal reasons to use these programs, but the other 99% of the traffic is no where near legal. If you don't like the spyware then don't install the programs... if you want massive amounts of mp3's and pr0n then go ahead and download them, but be aware ... they are going to throw ads at you that will maybe score them a buck or two.

On a side note I'm actually tired of Napster clones always making the page on slashdot and this will be the last comment I make to such a story because all we're doing is helping to promote copyright violations and fuel the fire that made the DMCA possible.

Re:Believe it if you wish

Are you seriously saying that there's no legitimate use for Peer to Peer file sharing? That all legitimate file transfer must be based on large, "legitimate" servers like download.com?

Please.

And as far as fueling the DMCA fire, I think it's more likely that the DMCA has fueled the fire in the belly of people in general, who have come to see copyright for the corporate sham that it is--now it's not just the technical elite that choose to ignore it.

~~~

Re:Believe it if you wish

You are such a pompus ass!

Wait a second...

[asteinberg]

As usual, the general consensus here seems to be quite an extreme reaction. The New York Times article I saw in the paper this morning paints a slightly better picture, apparently it was more of a misunderstanding by the people behind Kazaa/Grokster/Limewire than it was an intentional "conspiracy" of sorts...
This (free registration required of course) is the Times article I read. I'll paste in some relevant points:

The companies that produce LimeWire, Grokster and KaZaA have since posted new versions of their software, without the tracking program. The maker of LimeWire also issued an apology.
...
The game is free, although users first view an advertisement. The program collects information about sites visited over the last two days to better place ads.
...
Mike Calderone, president of Strategic Advertising Services Inc., which runs the ClickTillUWin game, said outside distributors had been instructed to get users' permission before installing the software -- but that was not done.

Greg Bildson, chief technology officer of LimeWire L.L.C., said the company was led to believe the program did no more than link to a game, making the permission request unnecessary.

Robert Regular of Cydoor Technologies Inc., which distributed the ClickTillUWin software to the file- sharing companies, said the program was not supposed to collect information until users activated it -- and had an opportunity to be notified and decline if they so chose.

Mr. Regular said he did not believe that deception was intended by any of the parties.

So while we shouldn't excuse these companies for doing something wrong, I think we should at least accept their apologies and believe them when they say that they did not intend for it to be as bad as it is.

And as for the spyware in general, I never install it personally, but I say if people choose to install it and as a result it helps these software companies to make some money, then I see nothing wrong with them including it with their installation programs (of course with an option not to use it).

Duh...ZoneAlarm is spyware !

wake up, za labs parent company own a huge datamining company , and where do you think they get their data hmmmmmmmmmmmmmmmmm

Re:Duh...ZoneAlarm is spyware !

[MsGeek]

Use a hardware firewall. Software firewalls are just as secure (or insecure) as the operating system they run under. I wouldn't run a MS operating system on the Internet without one, and I'm an MCSE. Go ahead, flame away...I passed my last test and got the last of my Borg parts yesterday.

However, I did have the cojones to get the Hotmail address "PenguinistaMCSE." So far MS hasn't said boo to me about it. Heh heh heh...

Actually I wouldn't run ANY computer without a hardware firewall on the Internet. Period.

Well then.

"if you think the onflow player is spyware then you might has well consider your browser spyware as well. "

Then why bother paying someone to install it?

Speedy

[SlackBastard.net]

I submitted this same story a week ago, when the original alerts came out. It was, of course, turned down with no reason given.

I guess it's not what you submit, but who submits it?

Whatever.

Re:Speedy

[Legion303]

Some cheese with your whine, sir?

-Legion

Ummm...

[Niet3sche]

Haven't we known this for months and months and months? I thought so. :/

lazy me

i wrote about this trojan in the last kazaa article on slashdot 2 weeks ago:

http://slashdot.org/comments.pl?sid=25190&cid=27 40 032

i guess i should make a real name so people actually read my posts : |

Funny how Tivo is ok to /. tho !

i hear all the /.'ers condemming software spyware but then they seem perfectly comfortable with Tivo logging their viewing habits then selling it to advertisers ?

Re:Funny how Tivo is ok to /. tho !

Hardly.

I won't use Tivo specifically because of both the logging, and the subscription services. Tivo much prefers to sell you the $10 month service rather than just a device.

I just must be a crappy journalist

[Rinisari]

I submitted this story two days ago :-)

Anyway, I'm glad it got up.

AudioGalaxy & VX2

[Tony.Tang]

AudioGalaxy's software unfortunately now installs VX2 by default. We didn't know this when we installed AG, and were subject to a pop-up ad so frequently, it was unbelievable. At first, I suspected the sites we were visiting, but they were even coming up on Google!

The big throw was that the ads that were being served up always seemed to come from different places. One day, I decided to look into it, and discovered that all the ads were being downloaded from VX2.

VX2 is a very devious piece of sofwtare, logging every one of the sites you visit, and then popping an ad every once in a while. If you surf quickly, throttles itself; surf slowly, and it pops for every site. Quite devious, really.

• VX2's site - fairly informative
• Cexx's site - VERY informative -- tells you everything you need to know about vx2

I recommend downloading some of the software that's already been mentioned (e.g. adaware) -- they do a very good job of getting rid of all sorts of garbage.

Re:AudioGalaxy & VX2

Somedays I wish we could go back in time and kill the people who "invented" the first banner ad on the web. The Internet was so simple and user-friendly before all these damned ad sponsored services started popping up spying on us. Even EfNet IRC servers have degenerated into constant porn spamming and Usenet is a wasteland for spam on anything unmoderated. The Internet is pretty messed up. I say everyone should just logoff and give up. Maybe the spammers will go away and we can sneak back in. :-)

Google Toolbar is spyware

[BrookHarty]

I run proxomitron at work, I noticed that i kept hitting google when I was working on a company website. Later I noticed Google was already indexing my website. Like most users I trusted google wouldnt bounce my URLs off google, but they did.

Also, I started using Tiny firewall and started to block alot of software. Couple things I noticed, alot of m$ software trys to talk to the net. Office, Explorer, Windows Networking (not plain tcp/ip), m$ hardware drivers for mouse and keyboard, media player.

Also using a firewall stopped alot of freeware programs that grabs ad's worked great, they just couldnt get the banner ads or talk to the net.

We also use firewall software on our Sun production boxes we use EFS, encyrpted firewall software. It has a nice ACL list you can really lock down traffic. Only open port 80 for web traffic, and only to the load balancers, only allow SSH on the control network. Sometimes while your putting in a new network, the firewall ruleset is very basic, locking down the boxes help add a some security, and everything is logged to a logging server.

-
I was so naive as a kid I used to sneak behind the barn and do nothing. - Johnny Carson

Re:Google Toolbar is spyware

[ONU+CS+Geek]

The Google Toolbar asks you if it can send personal information back to Google. You can turn it off if you like. Quoteth the Toolbar:

Use of the Advanced Features of the Google Toolbar requires that information about the sites you visit be sent to Google. This is needed to make these features possible. With all advanced features disabled, no information about the sites you visit will be communicated to Google.

Re:Google Toolbar is spyware

[PhunkySchtuff]

Yes, the Google Toolbar _IS_ spyware, and they tell you in no uncertain terms that it is.
If you read the description of it before happily clicking OK, OK, OK, you would know exactly what information is transmitted back to Google, and why.
That groovy little "Page Rank" bar you have on the toolbar, needs to know what URL you are on, so it can give you the pagerank.
If you chose to install without the advanced features, then it wouldn't report anything back to google at all.
-- kai

Kazaa - spyware = Morpheus

[Otto]

Kazaa and Morpheus both use the same P2P network, notably the one made by FastTrack, a company based in the Netherlands. So, if you want to use the network without spyware, give Kazaa a miss and grab Morpheus instead. Also, I think Morpheus has a Linux client available (I may be wrong on that though).

Disabling Morpheus's ad banner

[Otto]

Almost forgot: to disable Morpheus's advertising, add:

127.0.0.1 ads.musiccity.com

to your hosts file. Done and done.

FREE way to find and remove this stuff

[Krelnik]

There are lots of software programs like Ad-Aware that will clean these up for you, but my goal is to have LESS software on my PC, not MORE.

I found an nice free website that will run a JavaScript in your browser that detects various kinds of spyware and directs you to instructions on how to remove it. He also offers the source up for free so webmasters can help combat this scourge by hosting the script on their own pages. (That way all your site visitors will be warned about they spyware as they visit your site). It doesn't seem to detect this one though.

I dug this up when I discovered a few months back that AudioGalaxy had secretly installed a similar application called VX2 on my PC. The odd thing was that Audio Galaxy wanted to install BonziBuddy too, but it let me choose. But no choice with this other one. Fortunately it was easy to remove and AG runs fine without it.

SongSpy XE 2.0 and iMesh 3.0 have stealth spyware

[giveuptheghost]

SongSpy, now in version XE Beta 2.0, is installing a very nasty spyware app called FTapp without users' knowledge whatsoever - not in the license agreement that users have to agree to when they install SongSpy, nor in the FAQ on their website.

In fact, their FAQ says this (here):

"What is your privacy policy?

"We're still working on pulling together a formal policy in full-blown legalese. But rest assured that we ourselves are privacy zealots and won't be doing anything remotely devious with the information you provide us. Also, we take pride in how little we know about what you are doing on SongSpy, you aren't tracked, logged, or monitored for analysis by the client software."

I looked up FTapp with Google and found nary any info, except for a virus entry for FTapp in McAfee's Virus Information Library. FTapp's entry in McAfee's Virus Information Library says the following:

"Virus Characteristics: This is an advertising/user monitoring trojan. Once running this trojan may track your web browsing activity and/or display advertisements.

"Indications Of Infection: Presence of the file FTAPP.DLL

"Method Of Infection: This trojan is installed via an executable.

"Removal Instructions: Use specified engine and DAT files for detection. Use the ADD/REMOVE Programs Control Panel in Windows to remove this program."

In fact, an entry for FTapp is in the Add/Remove Program applet of Windows' Control Panel. But, if you try to remove it, it says that there was an error and asks if you wish to just remove the install entry from Add/Remove Programs. Thus, FTapp CANNOT be uninstalled this way; it will remain.

At the time I discovered FTapp on my system, I assumed that the next step was to just delete the (unhidden) folder C:\Program Files\ftapp. I've done this and haven't had any problems yet.

The folder C:\Program Files\ftapp contains two files: FTapp.dll and FTapp.mon. Viewing the properties sheet for FTapp.dll didn't reveal much, but opening FTapp.mon was my greatest cause for alarm. In it appears to be lots of websites I've visited recently.

SongSpy users cannot even contact SongSpy, either. Their support, in its entirety, is the FAQ, and the only way they have set up to be contacted (here) is at staff@songspy.com, and only for business proposals or if someone is from the media (hint hint).

Also, iMesh 3.0 was just released this week, and it contains something called FTPBack/FTP_back/FTP Back. Also stealth, it's installed automatically during iMesh 3.0 setup and without users' knowledge and is set to run at Windows startup using the Windows Registry's Run key...

What address do these trojans contact?

[EMIce]

I'd like to set my private dns server to resolve them to 127.0.0.1 - I am especially interested in the kazaa one, since I use morpheus. I've already redirected sites like auto.search.msn.com, since every incorrectly url typed into IE is sent there.

Poison Them !

It's a pity that someone has not hacked the various protocols these 'tools' (in both senses of the word :-) use and developed a program to feed bogus data back to the spyware hosts.

If customers worked out that the spyware collected data was polluted with trash data they may look to other sources of info (ie opt in, etc).

Here is a comprehensive Hosts File that blocks em

[sh0rtie]

here is a really comprehensive hosts file that blocks morpheus,bearshare,hotline and 10,000 advert servers, daily updates, instructions and works on all platforms including Linux/beos/macs ;)

You installed that spyware.

[toofast]

A friend of mine worked at webHancer for a while. Trust me, there's a nice dialog that:
1. tells you what webHancer is
2. tells you what webHancer does
3. asks you if you want to install audiogalaxy with or without it.

I've installed audiogalaxy several times, and all you have to do is uncheck the check box. But most people click "Next" without even reading the dialogs.

You consented to it. That doesn't make it spyware, it makes it ignorantware.

Re:You installed that spyware.

[titansfreak]

Who the hell would want something that tracks all your web browsing and sends it to another company that can sell it to anyone without you knowing? Having to uncheck this "feature" is what still makes it spyware. Change it from an Opt-Out to an Opt-In and then it wouldn't be spyware, but then no one in their right mind would ever opt-in, would they?

Re:You installed that spyware.

[TheCrunch]

Well that's nice, but I've never installed AudioGalaxy and I found webhancer installed. I'm the sole user of my box and I've never seen anything telling me what webhancer is/does and whether I want to install it or not.

Re:You installed that spyware.

[func]

Hm, that's called "opt out", and most people consider that about as nice and fluffy as spam. Just uncheck the box, sure, the one box on 15 pages of install crap. Hey, I saw the stupid uncheck box, you can bet that the slimeballs that wrote the software are counting on the fact that a good percentage of the users will miss that checkbox.

Wow, invading peoples privacy for money - those guys are real kings!

Re:You installed that spyware.

[toofast]

Absolutely! Everyone misses the checkbox, so you end up with the "spyware". webHancer paid Audiogalaxy (and many others) a large sum of money to be able to bundle their software. Who do you think pays for all that "free" software? Companies like webHancer do. If not for their crappy spyware (I hate it as much as you do), Limewire et al. wouldn't exist.

Nothing comes for free. Want free software? Take a few minutes and read the 15 pages of dialogs.

Re:You installed that spyware.

Audiogalaxy added that information and check box after users complained about Webhancer being installed without their knowledge. Webhancer also caused the computer to be unable to connect to the internet unless it was uninstalled properly (using windows add/remove). So, not only was it spyware, it was potentially damaging. BTW, the fix for the connection problem involved downloading Webhancer again. ZDNet's review of Audiogalaxy and user feedback discussed this several months ago.

Re:You installed that spyware.

[Synic]

*COUGH* GPL software is free...

Re:You installed that spyware.

[toofast]

GPL software is free... But when you develop software for Windows, you have to buy Windows, plus you have to buy most of the software (compilers, ide's, etc.) to *make* your software.

So who can make free software for Windows? I can't.

Re:You installed that spyware.

Sorry, but thats not true. I have never installed audiogalaxy, but it was either LimeWire or KaZaA that put webHancer on my computer. I unchecked the box and yet when I ran ZoneAlarm it asked me if I wanted to allow webHancer to connect to the internet.

Double standard

[Random+Feature]

What I find most disconcerting about this entire situation is that if I do something like this I'm a "bad girl" and face possible charges under vague federal law but when a company does it nothing happens to them - they issue an "apology" and it's over.

-------

There _IS_ a opensource gnutella client for win32

[Ilgaz]

First of all I wonder how people get shocked about those companies making evil things...

Second is, I sure wonder how Gnucleus ( http://www.gnucleus.com ) which is a full open source program works perfectly on win32 platform isn't mentioned on messages.

The coder guy(s) say now it has even multi-source downloading, just like fasttrack.

There is also another problem, as those programs are closed source, how come they won't have _native_ spying? e.g. Morpheus sending current URL of IE easily from urlmon.dll to that dutch company? I mean, anyone checked it yet?

Never used Kazza, but I see it

[ClickWir]

I've never used Kazza. I have that same little thing your talking about. I've had my system scaned and cleaned many times by Ad-Aware (upto date), currently says I'm clean.

I do not have the cd_clint.dll file on my system. I don't know what it is, nor have I taken notice as to what I'm running when it's there. But I will now.

I also do not use any file shareing programs. Nor have I since the last fdisk/format.

Snood spyware?

[.smoke]

The only snood that i know of is an at least 3 years old mac game (that i have since seen windows incarnations of) that works kind of like a reverse tetris. does this goofy (yet addictive) game have some kind of extra, hidden functionality within the executable program?

!!!!WINMX!!!!

[ClickWir]

Limewire this, bearshare that, kazaa that too, even napster. I've seen them all and they all suck. WinMX has no spyware. No banners. No popups. FREE. It's got a great layout and tons of people on it with awesome connections.

Every pc should be scanned with Ad-Aware. But make sure you get the latest REF file for it or you'll be scanning for OLD spy/adware. New spyware comes out all the time, you need to keep it upto date. Just like your antivirus program.

How it works (the real facts)

[DABANSHEE]

1st a quote..

"F-Secure Virus Descriptions

NAME: DlDer
ALIAS: Trojan.Win32.DlDer, Troj_DlDer

This two-component trojan was discovered in the end of December 2001. The trojan being installed on a user's system constantly upgrades its main component that connects to 2001-007.com website and reports user's ID, web browser a user is using and all URLs that a web browser and all its child windows open. The trojan violates user's privacy and opens a security hole in a system by downloading and activating executable files.

The main component of the trojan is Explorer.exe file that is located in Windows folder in \Explorer\ subfolder (do not mix with the original Windows' Explorer.exe). This component is constantly upgraded by the second trojan component that has the name 'DlDer.exe' and is located in Windows folder.

The DlDer.exe file is most likely dropped to user's system by ActiveX applet or Javascript code that a user doesn't notice when he is browsing Internet. The exact way how this file is dropped is not yet known. The case is under investigation.

The DlDer.exe file when it is started downloads Explorer.exe file from a website and puts it to \Windows\Explorer\ folder. Then the trojan creates a startup key for Explorer.exe file. On next System restart the Explorer.exe file is activated and it creates a startup key for DlDer.exe file and starts to connect to 2001-007.com website and report user's ID, web browser and all URLs that a user visits to there.

We recommend to delete both trojan components from an infected system. If these components can't be deleted (locked files) they should be deleted from pure DOS (in case of Windows 9x system) or renamed with different extensions (EXA for example) with immediate system restart (in case of Windows NT/2000/XP system).

[F-Secure Anti-Virus Research Team, December 28th, 2001]"

Now some links

Astechnica Forum - "Is download.com infected with a virus???"

Arstechnica Forum - "explorer.exe and Explorer.exe"

Computing.Net Forum - "How to delete trojan in explorer.exe"

Gnutella Forum - "p2p Trojan info"

C:\WINNT\system32\drivers\etc\hosts

they probably wont mod up a helpful windows post, so the answer for windows users is in the subject line. ad-haters might like to add all these:

127.0.0.1 ads.x10.com
127.0.0.1 ads.musiccity.com

127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 Garden.ngadcenter.net
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 UGO.eu-adcenter.net
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 regio.adlink.de
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 toolbar.netscape.com
127.0.0.1 actionsplash.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.belointeractive.com
127.0.0.1 ads.bluefish.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.inet.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads.intelliads.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.ucomics.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 adserver1.harvestadsdepot.com
127.0.0.1 ads1.intelliads.com
127.0.0.1 cj.com
127.0.0.1 clickhereforcellphones.com
172.0.0.1 clickheretofind.com
127.0.0.1 clickthrutraffic.com
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 content.uclick.com
127.0.0.1 hitbox.com
127.0.0.1 kr123.com
127.0.0.1 qksrv.net
172.0.0.1 rmedia.boston.com
127.0.0.1 servedby.advertising.com
127.0.0.1 www.actionsplash.com
127.0.0.1 www.clickhereforcellphones.com
127.0.0.1 www.clickheretofind.com
127.0.0.1 www.clickthrutraffic.com
127.0.0.1 www.cj.com
127.0.0.1 www.kr123.com
127.0.0.1 www.qksrv.net
127.0.0.1 w26.hitbox.com
127.0.0.1 ads.nextlevel.com

Re:C:\WINNT\system32\drivers\etc\hosts

[Corporate+Gadfly]

or better yet, use internet junkbuster which is open source, cross-platform and uses regular expressions (you can cover a lot of lines with one regular expression) in its block file.

Old news

[fobbman]

2002-01-02 17:38:55 Trojan Installed During Grokster, Limewire Windows (articles,news) (rejected)

Morpheus

[crisco]

Morpheus is a windows app that works on the FastTrak network(same as Kazaa), claims not to install spyware and still works after I did the ad-aware thing. It pops up ads in IE every once in a while if you leave it running but other than that it gives you access to all the ill-gotten gain out there.

It Could Actually Be Ignorance

[SuperJames_74]

I'd like to address the issue of whether or not the "Kazaa folks" were aware of this slighting.

It's entirely feasible that "they" (I know, it's decentralized. But, for our purposes here, I'll refer to the various distributors [or whoever...] as a collective "they"...) were, indeed, not aware of the fact that the other bundled software just happened to be some bullsh1t, spy-ware, virii crap.

I work for a "tech" company, and the folks who actually make the decisions (i.e. - The Suits) know little or nothing about the technology. We're continually "partnered" or "integrated" or "bundled" with some company of whose software we are virtually ignorant of. We just get with them because the name sounds good...

So, based upon my own personal professional experiences, I would offer up the possibility that, while it may not be responsible/acceptable, it is certainly feasible that someone, somewhere decided to "leverage" some "service provider" or "industry leader" or some other such industry buzzword catchphrase BS, and we all ended up with hourly firewall alerts that a default action was taken to block an inbound IP connection to a known "Backdoor/SubSeven" port!

In short, I think it sucks, but it's likely not the fault of crazy hackers - rather, it's more likely due to incompetent "decision makers"...

But hey, what do I know?

How to Block all Banner Ads

[titansfreak]

See this for a complete list plus instructions (you still need to add ads.musiccity.com):

http://www.ecst.csuchico.edu/~atman/spam/adblock.s html

Re:If the information was they collect was useless

That's an entirely different matter. The humans in question simply aren't aware of their uselessness. The ad agencies, on the other hand, presumably have a fairly good idea of what can be sold vs. what might as well be a third belly button on their tongue.

Michael Calderone knows all about it

[alexburke]

I called him to ask what the fsck his executable was running on my machine for and how it got there. He denied it did any spying and said it only worked when you were on the ClickTillUWin site. (Basically a complete load of shit.)

If this sort of crap pisses you off too, drop him a line.

Registrant:
Preference Marketing Services
8170 S. Eastern Avenue, Suite 4613
Las Vegas, Nevada 89123
US

Registrar: Dotster (http://www.dotster.com)
Domain Name: MYTRAFFICTRADER.COM
Created on: 15-JUN-01
Expires on: 15-JUN-02
Last Updated on: 27-JUN-01

Administrative Contact:
Calderone, Michael michaelcalderone@hotmail.com
Preference Marketing
8170 S. Eastern Avenue, Suite 4613
Las Vegas, Nevada 89123
US
702-243-8714
702-207-6682

Technical Contact:
Callahan, Heather fred@aafunnypictures.com
Preference Marketing Services
8170 S. Eastern Avenue, Suite 4613
Las Vegas, Nevada 89123
US
208-664-3804
702-207-6682

Domain servers in listed order:
NS.BANNERHOSTS.COM
NS2.BANNERHOSTS.COM

Thiefware

[ThesQuid]

A good source for info on these programs (trojans) is Thiefware.com.
A lot of companies who don't even own these programs will try to scam businesses by trying to sell "keywords" on them. They make impressive claims of their installed "user base" that are wildly over inflated. And they don't bother to mention how they're hijacking people. Sheesh.

Re:Death Knell for Closed Source Software-freedom.

" For the casual computer user, which is the majority of the people out there, the primary concern is ease of use not 'freedom'. I'm not condoning that statement, but it seems to be true."

Unless loss of "freedom" conflicts with "ease of use".
Customer:What do you mean I can't copy my CDs to my RIO?

The Slimeball Shuffle

[BillX]

Just finished reading the SFGate article on the subject. What particularly struck my interest was the interview with Robert Regular--the name sounded familiar as I got into it with this very same marketing stiff last year, when his company's (Conducent Technologies at that time) TSADBOT spyware somehow got onto my system. (I must admit, as the webmaster of a semi-popular spyware information site, having one go undetected on my own system for nearly a month was rather embarassing.) At any rate, Mr. Regular's answers to my "clueless user" inquiries--not letting on that I had already dissected Conducent's app with a fine-toothed hex editor--led me to almost suggest that he drop the spyware biz in favor of a more lucrative position speechwriting for a certain ex-President.

Rather than redefining "is", it seems that our old friend has found a new home at Cydoor Technologies, makers of another KaZaA-transmitted disease, who are now pushing the ClickTilUWin trojan to spyware-friendly companies.

To quote the article:

• Greg Bildson, chief technology officer of Lime Wire LLC, said the company was led to believe the program did no more than link to a game, making the permission request unnecessary.

• Robert Regular of Cydoor Technologies Inc., which distributed the ClickTillUWin software to the file-sharing companies, said the program wasn't supposed to collect information until users activated it -- and had an opportunity to be notified and decline if they so choosed.

  Regular said he did not believe deception was intended by any of the parties.

I guess some things never change.

Re:Wait a second...Grandness of the crime.

"So while we shouldn't excuse these companies for doing something wrong, I think we should at least accept their apologies and believe them when they say that they did not intend for it to be as bad as it is."

Ignorence of the law is generally not considered an excuse. Wonder if their "excuses" would hold up in a court of law.
---
But your honor I didn't know that burying all that toxic waste would kill so many people.
Would you give me a lighter sentence if I promise not to kill so many next time?

Disinformation

[BCoates]

Anybody looking for a fun new project? Figure out what data these bastards send to/from your computer and screw with it. Make them think everyone is an 68 year old female BeOS user who spends most of her disposable income on bondage gear and Ted Neugent albums.

That ought to lead to some entertaining pop-up ads.

--
Benjamin Coates

Spyware in Mozilla

[rasilon]

Although it hides as the "What's Related" feature, Mozilla does exactly the same thing. Every URL you visit is sent to xslt.alexa.com. Just try it: add "127.0.0.1 xslt.alexa.com" to your /etc/hosts, fire up apache and Mozilla and tail the logfile...

127.0.0.1 - - [06/Jan/2002:10:58:03 +0000] "GET /data?cli=17&dat=nsacdt=t%3D1%26pane%3Dnswr6%26wid %3D4832&url=http://www.google.com HTTP/1.1" 404 276 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012"
127.0.0.1 - - [06/Jan/2002:10:58:08 +0000] "GET /data?cli=17&dat=nsacdt=t%3D0%26pane%3Dnswr6%26wid %3D4832&url=http://www.google.com/search HTTP/1.1" 404 276 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012"

Re:Spyware in Mozilla

[sconest]

Just remove the "What's Related" sidebar and disable the feature in the prefs.

Re:Spyware in Mozilla

[rsd1s1g]

From Alexa's website:

Alexa is gathering Web information and learning from content and paths to create the Alexa Service.

As an Alexa user navigates to a web site or web page, the Alexa service retrieves data about the page the user is requesting. We gather information from a number of sources, then organize it to be presented by the Alexa Service, helping the user to be better informed about the site he/she is viewing.

Sounds lika good idea...

Re:morpheus aggressive anti-ads

[EboMike]

While a great application, it has a VERY aggressive advertisement scheme.

Now what. I have a VERY aggressive anti-ad scheme.

I've installed Naviscope (which is free) - no more pop-ups. I haven't had any more trouble with Morpheus, and those ads in the main Morpheus window don't bother me. (Besides, there's always this neat HOSTS trick which has been mentioned in here).

Good argument for OS

[mnordstr]

This is yet a great example of the trustworthy, reliable and functional software open source provides. This kind of hiding in the source wouldn't work in an open source program.

bargain.exe

[rewtbeer]

after you install limewire, delete this program from limewire's directory.

Didn't Prodigy try something similar?

[JThaddeus]

Hey, recall the old days--before GUIs and WWW? Back in the DOS 2 and 3 days, I recall many of my friends accusing Prodigy of trying a similar stunt. The assertion was that when you ran the Prodigy software, it made a listing of all files on your local drives and forwarded that to the Prodigy server. Prodigy denied it but more than one claim running around FidoNet was that users would make a clean copy of the Prodigy floopy, and, after connecting for a brief session, found that floopy now contained new hidden files with the directory trees of both their A and B drive on it.

Re:Didn't Prodigy try something similar?

[netringer]

No. What Prodigy did was allocate a new, empty file of considerable size to use as a local data cache. That file could contain zombie data from the disk.

In DOS deleting a file just makes an entry in the FAT marking the file's sectors as being available. It doesn't really erase the data. Often the sectors in the empty file Prodigy created contained remnants from a deleted file on the same disk. Prodigy didn't write zero-bytes to the entire new file they just allocated on the disk. Somebody curious would TYPE the file or look at it with a hex editor and see various bits of their real data. That started the spyware rumors. Each supposed victim saw something different in the Prodigy file, because each saw data from (a) different deleted file(s).

You have to be running a Proxy Server to do this

IE doesn't allow you to add those sites as exceptions to a proxy server unless there is an address configured for the proxy server.

Adding another PC to be a proxy server is as much trouble as reading ads that usually have lines like "You may have a credit card growing out of your ass...click here for details".

Re:Believe it if you wish-Click heels three times.

If only the problem was confined to such tools. I just found out that Opera has spyware. I'm quite certain there's more out there. We'res the outrage their? No respect for users and their property by big business. No wonder no one respects them & their property.

telnet

You can telnet to that site and tell them what you think of their software. Good luck.

Re:You have to be running a Proxy Server to do thi

[rudy_wayne]

"IE doesn't allow you to add those sites as exceptions to a proxy server unless there is an address configured for the proxy server. "

Only idiots use IE.

webHancer

Well I was a little concerned after the post about webHancer stealing users passwords if they are in the URL so I ran a little test of my own. I don't know how deeply you looked into it but on my machine I sniffed the packets that the webHancer software was sending back and most of the URL was stripped off and in every instance everything after a ? was stripped. Looks like they are more interested in the domain then in getting into your accounts.

ads

[PMan88]

what is up with everyone trying to target ads at us???

no one clicks ads, especially because they are really annoying

targeting ads doesn't make me want to click either. if i was looking for something on the internet, i would have found it already

easy to fix.

[g0mi]

with kazaa, you just need to go into the registry and take out the appropriate lines, change some numbers to 0. PopDonDay 0 PopMaxDay 0 should tell it not to pop up ads. Also, I took out a bunch of lines under Cydoor Services as well... like the URL lines... now when i run kazaa I get no pop ups and NO banner ads... don't know if that stop it all, but at least there are no ads.

Switch to secure file sharing software

Just switch to CryptoHeaven and don't worry about Trojans or other viruses. Those guys make the source code available so you can check for trojan bugs.

Get your free account at
http://www.cryptoheaven.com

Clean LimeWire

[PMan88]

Since LimeWire is open source, someone made a nice clone of it without spyware or ads. It is called Clean LimeWire and is available at http://us.geocities.com/burk017/index.html.

Re:Clean LimeWire

Is there a mirror for this Clean Limewire compile? Geocities has shut him down for over-downloads....

Re:Kazaa has it big time even when you un-install

[netringer]

I deleted all of the CyDoor stuff and decided to just go ahead and uninstall KaZaA. Guess what?

Here's the error message pop-up window from the un-install:

--------
(X) Error loading C:\WINDOWS\SYSTEM\cd_clint.dll

The system cannot find the file specifed.

-----

So the UN-INSTALL script RUNS CyDoor!
Do it sends a message like, "FYI: This victim has uninstalled KaZaA. I'm still alive."

Re:You have to be running a Proxy Server to do thi

Like I'm going to use Opera or some shit like that.

Re:Gaining access to blocked ports for Kazaa etc??

[emkman]

HTTHost I Haven't tried it, but I just saw it last night and it claims to do exactly what you are looking for. Good luck with it.

Re:Believe it if you wish-Click heels three times.

Is there evidence for this? Opera Software is generally well thought of (at least as well as a proprietary vendor can be).

more ad sites for hosts file

127.0.0.1 ad.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 ads3.zdnet.com
127.0.0.1 view.avenuea.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 www.associmg.com
127.0.0.1 ads.focalink.com
127.0.0.1 maximumpc.usads.futurenet.com
127.0.0.1 www.speedyclick.com
127.0.0.1 ads10.focalink.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.cimedia.com
127.0.0.1 ads.realcities.com
127.0.0.1 ad3.cool.ne.jp
127.0.0.1 adserver.thisislondon.co.uk
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 www.flycast.com
127.0.0.1 www.alert-ads.com
127.0.0.1 ad.uk.doubleclick.net-click
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 www.burstnet.com
127.0.0.1 207-87-18-203.wsmg.digex.net ##
127.0.0.1 a.r.tv.com #a.r.tv.com#2000-12-29 02:41:06:330
127.0.0.1 a1428.g.akamai.net
127.0.0.1 a1444.g.akamai.net
127.0.0.1 a1544.g.akamai.net
127.0.0.1 a1896.g.akamaitech.net
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 a332.g.akamai.net
127.0.0.1 absoluteagency.com
127.0.0.1 ad.adsmart.net ##
127.0.0.1 ad.adtraq.com #ad.adtraq.com#2001-02-08 01:24:59:000
127.0.0.1 ad.ca.doubleclick.net ##
127.0.0.1 ad.de.doubleclick.net ##
127.0.0.1 ad.doubleclick.net ##
127.0.0.1 ad.doubleclick.net #ad.doubleclick.net#2000-12-30 05:57:05:940
127.0.0.1 ad.fr.doubleclick.net ##
127.0.0.1 ad.jp.doubleclick.net ##
127.0.0.1 ad.linkexchange.com ##
127.0.0.1 ad.linksynergy.com ##
127.0.0.1 ad.nl.doubleclick.net ##
127.0.0.1 ad.no.doubleclick.net ##
127.0.0.1 ad.preferences.com ##
127.0.0.1 ad.sma.punto.net ##
127.0.0.1 ad.uk.doubleclick.net ##
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com ##
127.0.0.1 ad08.focalink.com ##
127.0.0.1 ad-adex3.flycast.com ##
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 adclick.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 adcontroller.unicast.com ##
127.0.0.1 adcreatives.imaginemedia.com ##
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 adex3.flycast.com ##
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 adforce.ads.imgis.com ##
127.0.0.1 adforce.imgis.com ##
127.0.0.1 adfu.blockstackers.com ##
127.0.0.1 adimage.blm.net ##
127.0.0.1 adimages.earthweb.com ##
127.0.0.1 adimg.egroups.com ##
127.0.0.1 admedia.xoom.com ##
127.0.0.1 adpick.switchboard.com ##
127.0.0.1 adremote.pathfinder.com ##
127.0.0.1 ads.adflight.com #ads.adflight.com#2001-01-01 23:22:40:460
127.0.0.1 ads.admaximize.com ##
127.0.0.1 ads.admonitor.net #ads.admonitor.net#2001-01-01 17:47:22:850
127.0.0.1 ads.bfast.com ##
127.0.0.1 ads.clickhouse.com ##
127.0.0.1 ads.dennisnet.co.uk #ads.dennisnet.co.uk#2001-04-16 00:39:42:390
127.0.0.1 ads.enliven.com ##
127.0.0.1 ads.fairfax.com.au ##
127.0.0.1 ads.fool.com ##
127.0.0.1 ads.fortunecity.com #ads.fortunecity.com#2001-04-25 20:13:30:000
127.0.0.1 ads.freshmeat.net ##
127.0.0.1 ads.gamespy.com #ads.gamespy.com#2000-12-27 01:51:54:360
127.0.0.1 ads.hollywood.com ##
127.0.0.1 ads.i33.com ##
127.0.0.1 ads.infi.net ##
127.0.0.1 ads.jwtt3.com ##
127.0.0.1 ads.link4ads.com ##
127.0.0.1 ads.link4ads.com #ads.link4ads.com#2000-12-29 03:00:00:930
127.0.0.1 ads.lycos.com ##
127.0.0.1 ads.madison.com ##
127.0.0.1 ads.mediaodyssey.com ##
127.0.0.1 ads.msn.com ##
127.0.0.1 ads.ninemsn.com.au ##
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.seattletimes.com ##
127.0.0.1 ads.smartclicks.com ##
127.0.0.1 ads.smartclicks.net ##
127.0.0.1 ads.sptimes.com ##
127.0.0.1 ads.tripod.com ##
127.0.0.1 ads.tucows.com #ads.tucows.com#2000-12-27 03:55:54:290
127.0.0.1 ads.uniquemedia.net #ads.uniquemedia.net#2001-04-27 20:58:13:000
127.0.0.1 ads.web.aol.com ##
127.0.0.1 ads.x10.com ##
127.0.0.1 ads.xtra.co.nz ##
127.0.0.1 ads.zdnet.com ##
127.0.0.1 ads01.focalink.com ##
127.0.0.1 ads02.focalink.com ##
127.0.0.1 ads03.focalink.com ##
127.0.0.1 ads04.focalink.com ##
127.0.0.1 ads05.focalink.com ##
127.0.0.1 ads06.focalink.com ##
127.0.0.1 ads08.focalink.com ##
127.0.0.1 ads09.focalink.com ##
127.0.0.1 ads1.activeagent.at ##
127.0.0.1 ads10.focalink.com ##
127.0.0.1 ads11.focalink.com ##
127.0.0.1 ads12.focalink.com ##
127.0.0.1 ads14.focalink.com ##
127.0.0.1 ads16.focalink.com ##
127.0.0.1 ads17.focalink.com ##
127.0.0.1 ads18.focalink.com ##
127.0.0.1 ads19.focalink.com ##
127.0.0.1 ads2.gamecity.net #ads2.gamecity.net#2000-12-27 03:19:32:820
127.0.0.1 ads2.zdnet.com ##
127.0.0.1 ads20.focalink.com ##
127.0.0.1 ads21.focalink.com ##
127.0.0.1 ads22.focalink.com ##
127.0.0.1 ads23.focalink.com ##
127.0.0.1 ads24.focalink.com ##
127.0.0.1 ads25.focalink.com ##
127.0.0.1 ads3.zdnet.com ##
127.0.0.1 ads3.zdnet.com ##
127.0.0.1 ads5.gamecity.net ##
127.0.0.1 adserv.iafrica.com ##
127.0.0.1 adserv.internetfuel.com ##
127.0.0.1 adserv.quality-channel.de ##
127.0.0.1 adserver.dbusiness.com ##
127.0.0.1 adserver.garden.com ##
127.0.0.1 adserver.ign.com #adserver.ign.com#2000-12-29 02:36:41:320
127.0.0.1 adserver.janes.com ##
127.0.0.1 adserver.merc.com ##
127.0.0.1 adserver.monster.com ##
127.0.0.1 adserver.track-star.com ##
127.0.0.1 adserver.ugo.com #adserver.ugo.com#2000-12-27 03:35:28:250
127.0.0.1 adserver1.ogilvy-interactive.de ##
127.0.0.1 adtegrity.spinbox.net ##
127.0.0.1 antfarm-ad.flycast.com ##
127.0.0.1 apply2.capitalone.com
127.0.0.1 au.ads.link4ads.com ##
127.0.0.1 banner.media-system.de ##
127.0.0.1 banner.orb.net ##
127.0.0.1 banner.relcom.ru ##
127.0.0.1 banners.easydns.com ##
127.0.0.1 banners.looksmart.com ##
127.0.0.1 banners.wunderground.com ##
127.0.0.1 barnesandnoble.bfast.com ##
127.0.0.1 beseenad.looksmart.com ##
127.0.0.1 bizad.nikkeibp.co.jp ##
127.0.0.1 bn.bfast.com ##
127.0.0.1 bulkclicks.com #bulkclicks.com#2001-04-27 02:37:28:220
127.0.0.1 c3.xxxcounter.com ##
127.0.0.1 califia.imaginemedia.com ##
127.0.0.1 cds.mediaplex.com ##
127.0.0.1 click.avenuea.com ##
127.0.0.1 click.go2net.com ##
127.0.0.1 click.linksynergy.com ##
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 cookies.cmpnet.com ##
127.0.0.1 coolsavings.com
127.0.0.1 cornflakes.pathfinder.com ##
127.0.0.1 counter.hitbox.com ##
127.0.0.1 crux.songline.com ##
127.0.0.1 cs.wwf.com
127.0.0.1 erie.smartage.com ##
127.0.0.1 etad.telegraph.co.uk ##
127.0.0.1 p.valueclick.com ##
127.0.0.1 gadgeteer.pdamart.com ##
127.0.0.1 Garden.ngadcenter.net ##
127.0.0.1 gm.preferences.com ##
127.0.0.1 gp.dejanews.com ##
127.0.0.1 hg1.hitbox.com ##
127.0.0.1 image.aveauk.b1.avenuea.com
127.0.0.1 image.click2net.com ##
127.0.0.1 image.eimg.com ##
127.0.0.1 images.storerunner.com
127.0.0.1 images2.nytimes.com ##
127.0.0.1 jeeves.flycast.com
127.0.0.1 jobkeys.ngadcenter.net ##
127.0.0.1 kansas.valueclick.com ##
127.0.0.1 leader.linkexchange.com ##
127.0.0.1 liquidad.narrowcastmedia.com ##
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com ##
127.0.0.1 media.fastclick.net
127.0.0.1 media.preferences.com ##
127.0.0.1 mercury.rmuk.co.uk ##
127.0.0.1 mojofarm.sjc.mediaplex.com ##
127.0.0.1 nbc.adbureau.net ##
127.0.0.1 newads.cmpnet.com ##
127.0.0.1 ng3.ads.warnerbros.com ##
127.0.0.1 ngads.smartage.com ##
127.0.0.1 nitrous.internetfuel.com ##
127.0.0.1 nsads.hotwired.com ##
127.0.0.1 ntbanner.digitalriver.com ##
127.0.0.1 Ogilvy.ngadcenter.net ##
127.0.0.1 ph-ad05.focalink.com ##
127.0.0.1 ph-ad07.focalink.com ##
127.0.0.1 ph-ad16.focalink.com ##
127.0.0.1 ph-ad17.focalink.com ##
127.0.0.1 ph-ad18.focalink.com ##
127.0.0.1 popup.zmedia.com #popup.zmedia.com#2001-04-20 16:45:13:900
127.0.0.1 rd.yahoo.com
127.0.0.1 realads.realmedia.com ##
127.0.0.1 redherring.ngadcenter.net ##
127.0.0.1 redirect.click2net.com ##
127.0.0.1 regio.adlink.de ##
127.0.0.1 ResponseMedia-ad.flycast.com ##
127.0.0.1 retaildirect.realmedia.com ##
127.0.0.1 s2.focalink.com ##
127.0.0.1 servedby.advertising.com
127.0.0.1 server01.popupmoney.com ##
127.0.0.1 server4.affiliatetarget.com
127.0.0.1 sh4sure-images.adbureau.net ##
127.0.0.1 spin.spinbox.net ##
127.0.0.1 static.admaximize.com ##
127.0.0.1 stats.superstats.com ##
127.0.0.1 Suissa-ad.flycast.com ##
127.0.0.1 sview.avenuea.com ##
127.0.0.1 thinknyc.eu-adcenter.net ##
127.0.0.1 tracker.clicktrade.com ##
127.0.0.1 tsms-ad.tsms.com ##
127.0.0.1 UGO.eu-adcenter.net ##
127.0.0.1 v0.extreme-dm.com ##
127.0.0.1 v1.extreme-dm.com ##
127.0.0.1 van.ads.link4ads.com ##
127.0.0.1 view.accendo.com ##
127.0.0.1 view.avenuea.com ##
127.0.0.1 view.avenuea.com #view.avenuea.com#2000-12-30 05:58:40:020
127.0.0.1 VNU.eu-adcenter.net ##
127.0.0.1 w113.hitbox.com ##
127.0.0.1 w25.hitbox.com ##
127.0.0.1 web2.deja.com ##
127.0.0.1 webads.bizservers.com ##
127.0.0.1 www.ace-quote.com #www.ace-quote.com#2000-12-27 01:36:48:090
127.0.0.1 www.ad.tomshardware.com #www.ad.tomshardware.com
127.0.0.1 www.admex.com ##
127.0.0.1 www.ad-up.com ##
127.0.0.1 www.alladvantage.com ##
127.0.0.1 www.bulkclicks.com #www.bulkclicks.com#2001-04-19 00:34:30:740
127.0.0.1 www.burstnet.com ##
127.0.0.1 www.burstnet.com #www.burstnet.com#2001-01-08 00:06:17:330
127.0.0.1 www.cj.com #www.cj.com#2001-04-19 00:45:57:690
127.0.0.1 www.commission-junction.com ##
127.0.0.1 www.doubleclick.net #www.doubleclick.net#2000-12-27 00:48:45:000
127.0.0.1 www.eads.com ##
127.0.0.1 www.exitpopup.tv #www.exitpopup.tv#2001-04-14 19:05:03:160
127.0.0.1 www.flowgo.com #www.flowgo.com#2000-12-27 03:13:52:060
127.0.0.1 www.flycast.com #www.flycast.com#2000-12-29 02:30:18:270
127.0.0.1 www.freestats.com ##
127.0.0.1 www.goclick.com #www.goclick.com#2001-04-22 22:08:04:030
127.0.0.1 www.hightrafficads.com
127.0.0.1 www.imaginemedia.com ##
127.0.0.1 www.look4mp3.com #www.look4mp3.com#2001-04-14 19:09:17:520
127.0.0.1 www.netbroadcaster.com
127.0.0.1 www.netdirect.nl ##
127.0.0.1 www.netflip.com ##
127.0.0.1 www.netstyle.nl #www.netstyle.nl#2001-05-02 21:41:26:140
127.0.0.1 www.oneandonlynetwork.com ##
127.0.0.1 www.planetrecruit.com
127.0.0.1 www.PostMasterBannerNet.com
127.0.0.1 www.targetshop.com ##
127.0.0.1 www.teknosurf2.com ##
127.0.0.1 www.teknosurf3.com ##
127.0.0.1 www.valueclick.com ##
127.0.0.1 www.valupage.com #www.valupage.com#2001-04-14 19:22:54:600
127.0.0.1 www.websitefinancing.com ##
127.0.0.1 www.winhourly.com #www.winhourly.com#2001-04-14 23:04:27:830
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com

Preventing Comet Cursor installs

In IE change security settings to
Download signed activex controls = prompt
Installation of desktop items = prompt

A search on Google using prevent comet cursor will yield several articles dealing with the Comet Cursor curse.

Re: Deceptive installation in RealPlayer also

[qubezz]

It's just like the RealPlayer. During their setup, they have lots of questions about which 'important notices' (ads) you want to receive. It's in a scrollbox showing about 4 unchecked options, but if you scroll down, you'll see the others ARE checked (they obviously are hoping you'll assume they aren't checked and press OK).

I don't want a media, news and ad portal, I just want to play those stupid files. What bloat.

Why DON'T we all use Freenet?

[raindog2]

Why, I'm running it right now, have been running it for 3 or 4 days in fact. Let's do a real basic search.

lynx http://localhost:8888/KSK@gpl.txt

Couldn't retrieve key: KSK@gpl.txt
Hops To Live: 25
Error: Route not Found

Attempts were made to contact 8 nodes.
* 8 were totally unreachable.

The request couldn't even make it off of
your node. Try again, perhaps with gpl.txt
to help your node learn about others.

It isn't my net connection because the various Gnutella clients work fine. I really like the idea of Freenet, but for people who just want to share files, there's a reason why they run stuff like Limewire and Kazaa. They're ready for prime time.

A better question might be "why aren't we using the GPL version of Limewire" but in that case the answer is "because limewire.com offers a shiny setup.exe". And the same kind of thing will undoubtedly happen with Freenet if it ever gets as far as someone packaging a pretty Windows client.

KaZaA remedy?

[cyoung1035]

I know this story's old by now, but the home page for KaZaA users now includes an apology from KaZaA for the spyware (which it says has been unfairly classified as a Trojan) along with a downloadable executable that supposedly erases the spyware. Whether it remains erased, or pops up once again, is yet to be seen ... but at least it's a step in the right direction.

Re:Kazaa has it big time...Another curious Kazaa..

[SacredNaCl]

If you know the IP of someone running Kazaa, or Morpheus for that matter, you can connect to them without using the service by http://ipaddress:1214 and it will give you a list of what they are sharing all nicely presented for you.

Question

Is the actual spyware contain in the main program (Kazaa and Kazaa Ad Support) or in one of those extra programs