Slashdot Mirror
Spyware in Audio Galaxy
LintMan and a zillion other people wrote in about the story on Portal of Evil discussing spyware bundled with Audio Galaxy that seems to be even more nasty than usual. Others have written about it as well - there's Counterexploitation and Wired stories. Frankly, we're kind of bored by all these spyware/shareware stories (don't people learn?) so we let it sit around in the submissions bin for a few days, until, say, a slow Saturday night.
I'm using the Linux version of the AGSattelite and have no spyware whatsoever. Sheesh. When will people learn?
Make even shorter URLs - 8LN.org
Does AudioGalaxy's EULA have anything interesting to say about this? Like the license in Windows Media Player that says Microsoft has the right to erase your hard drive if they want?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
It isn't really a surprise to me about the spyware in Audio Galaxy, I've heard people talk about how it should be classified as a trojan rather than a piece of software. MusicCity's Morpheus is by far the best spyware free program, but unfortunately there is no linux version. The best part is that it runs on the same network as Kazaa, without the spyware (which doesn't matter since Kazaa has halted downloads of their software anyway). You can find any file you want on it, and I think it is even better than Audio Galaxy.
The future isn't what it used to be.
AudioGalaxy's [audiogalaxy.com] software unfortunately now installs VX2 by default. We didn't know this when we installed AG, and were subject to a pop-up ad so frequently, it was unbelievable. At first, I suspected the sites we were visiting, but they were even coming up on Google!
The big throw was that the ads that were being served up always seemed to come from different places. One day, I decided to look into it, and discovered that all the ads were being downloaded from VX2 [vx2.cc].
VX2 is a very devious piece of sofwtare, logging every one of the sites you visit, and then popping an ad every once in a while. If you surf quickly, throttles itself; surf slowly, and it pops for every site. Quite devious, really.
I have AudioGalaxy 0.608W installed [Windows 2000] and don't have any of the files listed [vx2.dll, iehelper.dll, domlst.cch] on my hard drive, nor any of the related registry entries.
Hopefully Ad Aware (http://www.lsfileserv.com/index.html) will include it in their list soon, but until then it is an easy remove (http://www.vx2.cc/uninstall.html)
The VX2 software is a single program file in the system directory called VX2.dll.
To remove VX2:
1) From the Control Panel select ADD/REMOVE programs. Select "VX2 RespondMiter" and "Remove".
If VX2 RespondMiter is not present:
2) Close all internet explorer browsers.
3) Search your "C" drive for VX2.dll
4) Delete VX2.dll
If the system does not permit the file to be deleted proceed as follows.
5) Select "Start" and then "Run" and type "regedit"
6) Find the and delete the entry named "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}".
7) delete the {00000000-5eb9-11d5-9d45-009027c14662}entry.
8) Reboot computer.
9) Search your "C" drive for VX2.dll
10) Delete VX2.dll
It seems to just plug itself in IE, so as usualy Netscapers are pretty safe from this one....for now.
Cave, wreck, and deep diver.
... that if J. Random Hax0r writes and distributes a piece of software that collects information clandestinely from computers on which it's installed, he gets his door kicked down and everything with a byte of RAM or potential for magnetic storage confiscated, his life ruined, and possibly sent to prison
but
when a barely legitimate distributor of file sharing apps produces a "product" with these same attributes, there doesn't seem to be a great presence of Federal law enforcement at its place of business?
Another proud carrier of the $rtbl flag
This story is not very timely, as the entire issue has been resolved for at least a week now. Audiogalaxy did include the VX2 spyware in their application, was thoroughly lambasted for it, and finally gave in to user complaints and removed it. The current version of audiogalaxy available on their website has no spyware in it (or at least no VX2 spyware, and no mandatory-install spyware; it might still include Gator or something as an optional install, I haven't checked).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
OK,
- B
http://www.bradheintz.com/
- updated
A system based on software libre (free speech software), on the other hand, is much less likely to have spyware. First of all, since there are "more eyeballs" looking at the source code, people who make libre software are less likely to add features to the software which the end user may not like. Second of all, the mindset behind making libre software is different than the mindset behind gratis software; there is more desire to give people features they want and less desire to make software which has undesirable features to increase one's bottom line.
While I do feel that propritary software works better than libre software for many things, such as video games, I am glad that I have a system that is over 90% libre software; this minimizes the chances that there is undesirable spyware on my system.
This may be why the editors are reluctant to post spyware stories; people using software libre instead of proprietary software do not need to worry about this kind of thing.
- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
I prefer Open Source because of this sort of trojan/spyware apps on closed source. I admit I don't examine every line of the source code before I compile it but I tend to trust it more just because everything is out in the open. I'm sure there has been cases where even open source app had some questionable hidden code but I bet it's exposed fairly quickly. I just think it's one more positive aspect of Open Source.
I'm almost sick of hearing about all the "spyware", "policeware" and other [insert bad connotation here]-wares making their ways into consumer products. This can only lead to one thing, in my view, and that's eventually having all of our own belongings spy on us and rat us out. Why?
I strongly believe that the stronger "they" push for more control over our lives, the worst things will get in terms of "their" profits or whatever, because people will want to work around. It's like the parent telling their kid what not to do, so the kid does it just to be a rebel.
This is interesting.... For a site dedicated to "news for nerds" and" stuff that matters" they hold a story back untill a slow newsday(night) to post it. Now as a Windows/linux/Beos user the Windows third of me wants to know when some program is installing what amounts to a data harvester on my machine, whether or not a story which followes the same path as this one has already been posted, I still would like to know what new programs are out there taking my info.
perhaps Slashdot should put up a bi-weekly "security update" in order to address these issues which do not warrent a full post.
Scott Cassaday
Agreed, this is a huge advantage that the linux desktop has that no one seems to mention.
...No one gives a shit about linux on the desktop.
If linux on the desktop held as many users as say, Windows, I can guarantee there would be just as many spyware and generally rude apps.
The only thing linux is relatively immune from (assuming you're not a dumbass that always runs as root) is viruses.
Linux is just as vulnerable to spies and trojans, it's just there are so few desktop linux users that it's not even worth it for someone to write them.
You're only immune because no one has targeted you.
C-X C-S
spyware/shareware
Spyware has nothing to do with shareware. You may not like the shareware business model but please do not associate it with spyware. Spyware can be distributed under all business models. Yes. Spyware could even be distributed as Open Source on a mass-market Linux distro since many users never recompile. If Linux is ever mass-marketed on the desktop by AOL, I expect to see such things happen. It will work because most users don't read security journals and won't bother to recompile.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Michael, in your "editorializing" on this submission, you managed to sum up pretty much everything that bugs me about Slashdot. Thanks for that.
Did you even read the Portal of Evil post? Apparently not. If you had, you'd realize this particular brand of spyware is installed without the users' consent. "When will people learn?"?!? When will Slashdot editors learn to read articles first, and cast their pompus, overbearing comments later? Like a lot later. Like maybe never.
This software affects Windows users, and therefore, not the sort of user that goes around compiling his or her own kernels on a daily basis. I believe this, and this alone, is the reason it upsets you so much. You're the kind of guy that will scoff at an everyday Windows user who accidentally opens a virus attachment, then goes on to pay his mechanic $500 dollars for what should have been a routine $50 repair without batting an eyelid. In short, you're a dick.
Comments like yours are typical of the smug, unbearable technodweeb -- the kind doomed to spend the rest of his life relegated to the back room with his precious computers, far away from those people who actually use them.
Do me a favor from now on. Post the damn story, and shut up.
Regards;
DaC
If you're unfortunate enough to be running Windows. You will need to protect yourself.
Lavasoft is helping you wage your war against the marketing droids. Support them! Let them, and the rest of the world, know that you won't stand for these kinds of privacy intrusions.
Support lavasoft in their mission, buy their stuff!!
[Disclaimer: I do not work for them, I just like my rights granted by being human.]
This thing was really nasty with how much it spies on a user's everyday activities, and I was surprised that slashdot didn't report it sooner. There's the word of a very dubious company's word that they'll purge any bank account numbers that they accidently collect from keylogging your online forms to get them before you submit over an SSL connection, but they might as well be storing and mining all of the email you write to people.
Spyware aside, shouldn't it be illegal to infect^H^H^H^H^H^H install software on someone's computer without their knowledge? My computer is MY private property, and sneaking little programs onto it is tantamount to trespassing.
I mean, would anyone put up with someone putting little "Buy Hood(tm) milk" ads in their refrigerator all the time? Or how about little spycams hidden away on your bookshelf? This case isn't much different.
[PowerPoint] is a tool for capitalist presentation
Looking up "Maurice O'Bannon" in Google, we find that name associated with a major Internet fraud case in Nevada and California involving $37 million of phony credit card charges which resulted in jail time for some of the participants.
Uh oh. Spyware from people involved with credit card fraud is big trouble. This needs to be followed up with law enforcement.
The whiny bitching about when will people learn is ludicrous. Wah wah Windows users ought to use Linux because it is a million times more better than everything. Fuck that. Alot of these shareware/spyware schemes are complete asshole tactics and could affect Linux users too if anyone gave a shit about them.
I recently rant into a nice little spyware program called winad (wnad.exe) which somehow ended up on the machine (nothing has been installed on the system in eight months) and would hook into IE and launch pop under windows at random when IE was sitting idle viewing a web page. My only guess is some ActiveX program loaded it onto the system from a website somewhere. This program disturbed me a bit because it got onto the system and though didn't do any damage it had the potential to. For elitist Linux users who think they're hot shit, the same thing can be done (though limited to a user's access privileges). It would annoy the piss out of alot of people to have $HOME rm -rf'ed. The whole invasion of privacy in the name of advertising crap is a blow to the whole freedom to roam thing the web is all about. Thinking you're a badass because you can compile a kernel doesn't mean you're somehow better than somebody else who doesn't compile their kernel. It gets real old real fast.
I'm a loner Dottie, a Rebel.
Well according to the Wired story given above, AudioGalaxy stopped including it due to unpaid bills of Onflow Corporation, who were including it in their third party add-in to AG Satellite. It wasn't removed because of any complaints, although perhaps there wasn't much opportunity to react to complaints anyway.
If this is true then I guess it could mean that AudioGalaxy didn't know what they were including at the time, which I don't personally think is an acceptable excuse but it might explain why the installation opt-out screen allowed opting out of other third party spyware but didn't even mention this one.
Luckily the story's not completely past its use-by date, since there are lots of people out there who still have vx2.dll installed. I found it on my windows partition the other day when I saw the story on k5.
Comment removed based on user account deletion
Comment removed based on user account deletion
I got much more info back than him. Just have to use the correct whois server.
Registrant:
vx2 (VX52-DOM)
po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
Administrative Contact, Technical Contact, Billing Contact:
vx2 (D25000-OR) vx2org@hotmail.com
vx2
po box 27103
Las Vegas, NV 89126
US
212 255 1008 fax: 123 123 1234
Record last updated on 05-Oct-2001.
Record expires on 31-Jul-2003.
Record created on 31-Jul-2001.
Database last updated on 26-Jan-2002 12:04:00 EST.
Domain servers in listed order:
NS1.VX2.CC207.246.124.6
NS2.VX2.CC207.246.124.7
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
And this time, it isn't "Let's get him!"
Okay, I was just chatting with my teenage cousin on Kazaa, and that got me thinking. Her father is a lawyer (a defense attorney). She doesn't have Audio Galaxy, but I bet some lawyer, somewhere, has a kid who installed Audio Galaxy on their home machine; and I bet they sent work related web-based E-mail.
If I'm right and if this person can be found, surely you can subpoena Mindset to get logs of what they did with the information. IANAL myself, could you do anything else to them? The guy at www.cexx.org evidently spraypainted Blackstone's entire server pink - is that evidence that your legal communications could have been compromised? Is this stuff that cexx found utterly inadmissable?
Failing that, there are lawyers here. Set up a scheme to make Mindset/whoever they actually are defend themselves in court - if 100,000+ people really installed this software, they have to have something they're not remotely supposed to have.
Anyway - read the last bottom of the cexx story - it has the missing pieces of the story on HellPortal.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
We know nothing about VX2," Merhej said. The VX2 program file (called vx2.dll) was part of an advertising graphics enhancer made by the Onflow Corporation, he said. Audio Galaxy offered the Onflow program as part of its software package from Oct. 1 through Nov. 4, 2001, Merhej said. The partnership was cancelled due to unpaid bills.
Onflow is the worst company I have ever dealt with.
Our company (which shall remain nameless) used onflow technologies in our product for about 2 years. They paid us for the first few months of operation, but when they owed us a total of about $30,000, we received a letter claiming they had lost overseas investments, and they couldn't pay us.
Funny enough, it look like they are still in business.......
What controls 90% of the desktop market?
I don't mean what do you think should control 90% of the market but what actually controls it? Like it or not Windows is out there. The average Windows user doesn't understand what is running on their machine.
Also, following the purchase of a MS product (!!!), it is far easier to develop for Windows than other platforms like Linux and Beos. If you disagree then build a full Visual Basic program from scratch on Windows and the same program on Beos/Linux etc... If you think it's easier on other platforms then you have never built a reliable and properly bugtested program using VB. I'm not trolling - it's very much the truth - Microsoft have done some great things with their API and in my opinion its very very sharp HOWEVER I am not ofcourse dismissing the shortcomings that are inherent in an MS operating system.
MS have very useful features available for Spyware programs. Every part of the PC, be it data, configuration or otherwise is easily accessable (which would be forbidden in the case Linux's more stringent - and more mature - permissions system - this is a GOOD thing!!).
You have to think like a competitor - if you aim to target the majority of your user base who are you going to develop your spyware for? Linux users? Beos? MacOS? Be realisitic. You are trying to MAKE money. I'm not saying that money can't be made out of the others but Windows HAS a large established user base - which ofcourse is why they are scared of any alternatives. If you are a major contender in the OS business then sure - Linux support is important - but if you are a services provider etc.. where is YOUR market?
This is some food for thought - think about why Windows has more spyware... think about operating as a true commercial entity. Again - I'm not trolling - I'm being realisitic. If I direct my company to make software for large distribution my choices are clear and simple - PostgreSQL/MySQL Linux backend OR comparable other product/OS and VB Client frontend - there is no way my frontend at this moment will be written in anything else (except maybe Java - but that depends on the user base).
User base is virtually EVERYTHING if you are trying to EAT.
I run the audiogalaxy satellite inside a chroot jail.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
If you want to find out where this users is, why not
compose an html email containing an image on a
server whose logs you can read. You'll be able
grab the client IP address from his browser when
the image is displayed.
b
What f*ing box!?!?
A Las Vegas address with a Manhattan phone number? Weird...
There is a reference to joshua@abram.com on the ;-)
"contact" page at vx2.cc. This is the whois
from vx2.org. coincidence? I think not.
go get him
Registrant:
Abram, Joshua (VX54-DOM)
444 east 57th street
New York, NY 10022
US
Domain Name: VX2.ORG
Administrative Contact, Billing Contact:
Abram, Joshua (FSQYHRRZLI) joshua@abram.com
444 east 57th street
New York, NY 10022
US
212 255 1008
What f*ing box!?!?
Spyware that transmits anything you put into a form (web-based e-mail, credit card information, address information) back to its parent company, as well as the usual tricks of recording every webpage you visit and adding banner ads to webpages you visit bores you?
I would've thought that a program attached to a major P2P program that records your credit card data and sends it to a shady company that no one knows anything about would be sort of important. If it were a group of self-described crackers that did this, it would probably be really big news. But because it's a corporation, just like all the others, it gets passed over?
Every small Microsoft security hole that no one has even exploited yet is big news, but corporations stealing credit card numbers and reading every bit of a person's e-mail apparently does not mean much. It wasn't even mentioned in the /. blurb.
Man, at least with Audio Galaxy you can remove the spyware with Ad Aware (From Lavasoft). Grokster and Kaaza have taken it to a new level and now require that the spyware exists on your system to run their client. Take out the spyware (like anyone with half a brain would do) and the client ceases to run.
What worries me is that this is the beginning of new trend where all this adware will start this. I'm sure all the rest of the marketing departments in these scum factories will start to do this now.
Ya know, I really wouldn't mind PAYING money for some of these clients (if it was reasonable), but to force someone to run sketchy software reporting back to god knows who with god knows what information is complete bullshit. As far as I'm concerned, all these companies that put spyware in their software are even worse than the RIAA/MPAA/etc. This revenue model is fucked, and I hope that if their is even the slightest hope for humanity that these companies go out of business with the quickness.
BTW, I found out somebody put out a "crack" for Kazza to allow it to run without spyware. That makes me giggle. These companies get what they deserve.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
Having worked at Audiogalaxy this past summer, I can assure you its not the case that they meant to bundle this, it had to have happened by accident.
Its bundling goes against their views of making all bundled software opt-in, meaning the user must check a little box to opt-in otherwise the default setting is to not install bundled stuff.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy. The spyware mentioned is just one little file vx2.dll. Since it came with onflows advertising software, To the guys at AG it must of looked like it was a dll that onflow dynamically linked their code to. It just goes to show you how sneaky companies like vx2 are. I bet spyware companys just try and sumberse themselves further like the parasite they are, and just go tag their BS onto legit dll's.
Knowing how the folks at AG are they'll be taking a fine comb thorough their bundleware to maintain that opt-in philosophy.
You are right; I think this is a confusion of vulnerability to viruses as opposed to vulnerability to hackers... Even being based (mostly) on FreeBSD and having the dangerous services off by default, you have to admit that the OS is more vulnerable to hackers than classic, which had virtually no services in the first place and was less well-known, and it introduces the need to update all the open source components of the OS as new vulnerabilities are found. But when it comes to viruses, OS X should be more secure thanks to the real users/permissions in BSD. Some might be concerned about having a larger base of script kiddies on the OS now, but as long as Apple keeps security as a priority, I think they'll stick to their VBScripts; only one unscriptable, local exploit and no viruses so far...
"Reality is just a convenient measure of complexity" -Alvy Ray Smith
So how is that relevant? If I drive my car into someone and kill them, but I was asleep at the wheel, does that mean that I am therefor innocent of any wrongdoing? Nope.
After reading the wired article, I think its pretty understandable how this slipped past the guys at Audiogalaxy.
I say judge them by their deeds not thier intensions - Audiogalaxy is in the business of distibuting software. How the crap can they not know what they are distributing? And if that is truly the case, it is thier problem.
My Karma: ran over your Dogma
StrawberryFrog
*Whistle* Pretty bad...
The only way the typical /.er can pick up a chick is with a forklift. -- AC
It's not so much the fraud possibility that concerns me, since I think it's at least reasonable to assume that most companies won't go out of their way to break the law so obviously.
I'm more worried about the fact that they might be storing it at all. Whenever another company stores personal information about me, it means that I'm required to trust someone else to look after it properly. For every other entity who has personal information about someone, there's another entity that it can be stolen from.
VX2 has been trying hard to go unnoticed but even if they hadn't, why should anyone have to assume that the security on their system won't be cracked? Even if it does seem that they're taking reasonable precautions, nobody should feel obligated to trust them.
All it takes is for one wrong person to get bulk personal information and do a little data mining, and five years from now your name, address and estimated income could be on a regionally sorted list being sold on the black market.
I've just run Ad-aware on my Windows configuration,
and I'm just glad that I don't seem to have caught
anything.
This kind of spyware is at least as dangerous as
any worm or virus I've heard about. I think Norton
and McAffe will have to extend their products /
product lines.
It may be bad popping up ads when you're surfing the web, but what about just whenever. That's what happened on my system.
I, like Chet & Eric of the linked article do support programs having internal ads to support themselves as free software. However, monitoring users behavoirs is another story -- that's your computer and most contracts (as I have heard from a lawyer friend) cannot "sign" that away; for example your landlord cannot include a clause stating he has the right to monitor your mail, who you talk to, etc. and by living in the property he owns, you forfeit those rights, and if you do not agree with them you cannot live there. Well, folks, this is exactly what most of these programs are having you agree to. The fact is, they're illegal contracts. You cannot gather personally identifiable information (it's identifiable because they are able to deliver targeted advertisement thus they must have a system to know who you are) if you signed the rights away or not.
I have accepted that companies do this and there really isn't a way of getting around it (heck, I don't really care what they do with the info, I'm not going to buy something from any ads they use and that'll be my contribution). So I have tolerated these commercial bombardments. That is until something strange happened.
All of a sudden while I would be at my desk in the same room (this is at work mind you), I would notice activity on the monitor. Going over to look at it, I would notice an ad window had mysteriously popped up, when no programs were running and I hadn't been using the computer for hours. In the morning I typically had several windows to close after the nights ad-popping fun.
Thinking it was a web site which some how introduced a popup delay, I dismised it at first. But it got worse. It was impossible to work on a Word document without having an ad popup and steal focus from my document. I also came to the realization when you close a browser window, its process ends and thus a delay javascript wouldn't work.
I finally decided that it must be some program launching these ad windows. Searching the running process list, I noticed an interesting program happily running. Savenow was the culprit. This program was actually popping up windows on my personal desktop, on my computer (yes, I do own it) and collecting web browsing data in the background, even when its associated product wasn't running! Deleting the savenow executable, I was free of the ads yet outraged of how this company violated my privacy and my computer, and also comprimised the security of my employer. What if they could learn something about our project based upon my web browsing habits and sell that to another company?
After that incident, I went in with a resource editor on every single ad-supported program on my computer and removed the ad resources. I also installed ad-blocking software. Still though, I do occassionaly get ads and various brandings. I have since persuaded my boss to let me put my Linux box on the network, but still, how long until we see these ads and tactics on Linux? How long until these ad programs start embedding ads in your paid for software, or interfacing with your printer driver to print a banner ad out on every page?
The point I'm trying to make is I am all for advertising and realize it does support free products quite nicely, but when it invades my privacy and makes me sign illegal contracts, I get angry. Anyone would. And something should be done about it. I don't have the resources, I can only not buy the products they force on me and put a dent in their success rate thus no ads. But someone with the resources and time should go after these bastards.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Someone PLEASE sue these jerks for wiretapping.
It's defined as someone who:
Knowingly intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire communication
Since the information they are aquiring is information which is sent out over the web, (I.E. a URL, albeit represented in a slightly different form) this kind of suit should stick.
This kind of behaviour sticks of wiretapping to me. Please sue.
-me
Any volunteers? By the look of it, I don't think I'll personally be filling in that form anytime soon. :)
Why not fill it out many times? As John J. Smith, George Bush, etc. That database might taste a bit better with some salt after all.
i submitted this story to /. last sat (1/19)...no story, ended up rejected. no loss to me. karma caps are there for a reason.
i checked my machine, but wasn't infected. i figured as much since i run ad-aware occasionally.
i forwarded the info to my buddies (mostly non-tech guys, music lovers, etc.): guess what - 3 out of 5 of them were infected and had no clue what "spyware" was.
"Stuff that matters" can be interpreted many ways, not so narrowly to "matter" only to people who understand root and have a linux box.
the elitism on this site sometimes gets real, real old. thanks Palaptine for your post. you are correct and the rest of these people are trolls.
kinda sad, huh?
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
The installer asks you if you wanna install that spyware proggie. Well, just say no. I agree that many people may not know this and always press the 'Yes-Ok-I Agree-I don't care' button. My advice: 'Read the dialogs'
OS X with it's standard Unix system would be much more difficult for a Virus to infect, as opposed to OS9, and prior, which let any app spawn all over anything in memory...
autopr0n is like, down and stuff.
Actually, I remember seeing someone port Melissa to Linux as a shellscript (rather then a VBscript) on k5 a while back. Sure, the user would have to manually save it and run it, since most Linux mail apps wouldn't do it for you, but the code was still there.
Also, there have been a few viruses on Linux, to say otherwise is the height of idiocy. Just do a damn google search.
As far as spyware goes? Yeh, there is none (that we know off...) But that doesn't mean that there won't be in the future. There's no technical reason why it couldn't be there.
autopr0n is like, down and stuff.
I wonder, since they admit that it is possible to send private data to them, is the stream to their server encrypted (SSL or something)? I mean, even if I DID trust them, I am not sure I trust EVERYONE along the way to their server.
Good thing the AG/Linux does not spyware, I hope....
But. A policy of including stuff in your product when you Don't know what it does is just wrong and exposes you to liability.
My Karma: ran over your Dogma
StrawberryFrog
Now THAT'S quality journalism.
Speak truth to power.
I've been using it for several years, and it does pretty good job filling out forms and remembering passwords. All personal data is stored locally, encrypted and easily exported or imoprted. After each install I go through little procedure to "pull Gator's teeth"
1 Uninstall "Offer Companion" from Control panel
2 Open Regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn
3 Change servers URLs to 127.0.0.1
After this I never see a banner.
Downside:
1 Gator runs two memory-hungry processes
2 I don't know if their encryption for my data is any good
You can start throwing rocks at me now.
I tend not to install much shareware for precisely this reason - so I've tried Ad-aware a number of times over the past year. Crashes on Win2K like clockwork. Differnet machines, installs, etc - Always crashes - not sure if its Mozilla, or what. But the only computer I ever got it to run on was a Win98 box (my kids machine) and it found little. Anyone else seem to have torubles like this?
Top Most Bizarre/Disturbing Error Messages
Pay attention people! You there, in the back, is that gum in your mouth?
I mean, any program I run will have right to do pretty much *everything* (Since I'm lazy I usually run as admin too, shoot me). The problem is there's an all-or-nothing mentality in Windows that creeps me out. I wish Windows had some kind of "learning mode" just like my firewall, not just a run/don't run program. I know I could create a unique user for that program, with mostly the rights I want, but it's not nearly enough.
I want to control what directories it can act on (I.e. limit them to C:\Program Files\, limit their registry options (deny takeover of extensions, allow changing other programs' editions) etc etc., if it can steal focus, talk to other programs, go fullscreen, how it can talk to other machines on the net (ok the winxp firewall might be a start). And I mean in real-time, not having to set up all in advance and have the program crash on me if it's not enough. And this doesn't have to be default or anything, I just wish that us powerusers could assist windows in not getting fucked up.
Kjella
Live today, because you never know what tomorrow brings
My wife installed AudioGalaxy last summer, and we just went looking for any signs of this vx2 software on her machine and found nothing. I wonder if there's any data on what the window was that it was being bundled with AG?
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
-Legion
KazAa is even worse as it installs a lot of ad-ware and stuff in the registry. As explained on this site, it installs multiple things that are very nasty to remove afterwards, including the onflow thing discussed in other posts.
The worst part is the newdotnet thing.
Just do a "kazaa spyware" search on google and read.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
<form METHOD="post" ACTION="mailto:vx2org@hotmail.com? subject=delete page" ENCTYPE="text/plain">
Somehow sending all these requests through a Hotmail account, of all places, isn't very reassuring.
~/AGSatellite0520> ./AGSatellite &
[4] 19664
~/AGSatellite0520> Files scanned: 2663 NewFiles: 1
http://www.audiogalaxy.com/betatest to login
So sorry, what's all the fuss about again?
Editor Emeritus and Senior Writer, TeleRead.org
Your correct. It does not send back information to a centralized server. Apparently it has an automated silent update procedure like Onflow. I was incorrect in classifying it as spyware.
The Nevada Secretary of State Corporation Search gives us.
- President:MAURICE O'BANNON
Checking "vx2.cc" with Network Solutions WHOIS:Address: PO BOX 27103
LAS VEGAS NV 89126
- vx2 (VX52-DOM)
The post office box addresses match, so the Nevada VX2 Corporation is the correct business.po box 27103
Las Vegas, NV 89126
US
Domain Name: VX2.CC
212 255 1008 fax: 123 123 1234
"Maurice O'Bannon" is mentioned in several legal documents related to the J.K. Publications scam. In that case, O'Bannon was on paper an officer or director of several dummy Nevada corporations which were fronting for a multimillion dollar phony credit card billing scam operated by Kenneth Taves of Malibu, CA. (Mr. Taves is currently Inmate #12289-112 at the Los Angeles Metropolitan Detention Center). O'Bannon, though, appears to be some guy in Nevada who just signed whatever was put in front of him. In the judge's words [large .PDF] "Maurice O'Bannon had an informal agreement with Nevada Corporate Headquarters, Inc., an incorporator, to act as a nominee for their client-corporations and sign whatever documents Nevada Corp wanted him to sign."
The judge was bothered by O'Bannon's actions, but the FTC didn't have enough evidence that he had control of or profited from the scam to put him away.
The J.K. publications scam involved obtaining a database of 3.6 million valid credit card numbers and charging them small amounts each, supposedly for use of a porno site. The mess involved offshore bank accounts in the Cayman Islands and Vanatu, but much of the money has been recovered. Company names involved were JK Publications, Inc., MJD Service Corp., Netfill, N-Bill, Webtel, Billing On Line, Fun On Line, and Discreet Bill.
We're not at the bottom of this yet, but it looks very suspicious.
The Audiogalaxy windows client installs a piece of software called "Bonzi Buddy" without telling you, certainly not giving you the chance to opt out. How does this jive with their opt-in philosophy?
People known to have been affiliated with Dash include Dan Kaufman, CEO, and Rob Goldman, "Executive Vice President of Customer Experience".
What did Dash do? "Dash.com is a mobile shopping and advertising portal that surfs the Web with consumers, bringing them real-time offers from merchants." Sounds a lot like VX2.
More later.
Here's a plug for AGstreme, which I switched to after I heard about this latest round of spyware nonsense. It's a GPL AudioGalaxy client replacement, which a boatload more features. My favorite: it can read CDDB entries and then request download of one or more tracks from a given CD. Pretty darn cool:
http://www.ractive.ch/gpl/AGStreme.html
Can your IM do this?
VX2 Corporation
PO Box 27103
Las Vegas, NV 89126
US
Another report indicates that the Blackstone Transponder is connected with Mindset Interactive. And, sure enough, there's a press release from Mindset boasting about it:
-
IRVINE, Calif.--(BUSINESS WIRE)--July 20, 2001--Mindset Interactive Corp. (OTCBB:MSIA - news) has just completed development of a new software application which provides advertisers with the ability to deliver an ``instant message'' to a consumer as they are purchasing a product or service from another site.
Mindset Interactive currently offers a full suite of ad units that include:
That's the VX2 feature set, all right. Note that Mindset admits it snoops on what you type into forms, so it can monitor your search engine usage. Of course, there's no guarantee that that's all they do with the information.Keyword targeting: Whenever a consumer types in a keyword search on any search engine, Mindset's software can deliver an instant message to that consumer (i.e. if a consumer types ``cheap airfares'' into any search engine, the software reacts with an ad for low fares from an airline.)
URL Targeting: When consumers visit a Web site Mindset has the ability to deliver a targeted ``pop up'' instant message. In this manner, an advertiser such as any automobile manufacturer can select to run instant response advertisements to consumers visiting car buying or leasing sites.
Multiple message units (MMU): Imagine being able to serve pop up ads anywhere on the Web to consumers who are shopping in your product category. Mindset MMU's give you multiple impressions and allow you to control the order in which consumers view your messages.
And, for confirmation, we check Mindset's latest 10QSB filing with the Securities and Exchange Commission. They're not doing too well; they lost $247,000 in the last quarter, on sales of $252,000, and just had a layoff. They mention the "transponder", but call it "Net Pal":
-
"Net Pal" - The "transponder" Net Pal software is a proprietary software
application Mindset Interactive has acquired that will be downloaded onto a
user's browser. The software will launch advertisements based on the contextual
content of the website the user is currently visiting. The various features of
the Net Pal software allow corporations the ability to market "on-line" directly
to their client and prospect base.
So Mindset Interactive is the company behind VX2.-
This software product enables Mindset Interactive, Inc. ("MINDSET") to collect user information ("INFORMATION") directly from the user's computer.
By installing the software, the user understands and agrees that information is collected and disclosed to MINDSET automatically via the software and without user's completion of forms,
questionnaries, etc. The range of information collected by the software will depend on the configuration of the user's computer at the time of installation. The information includes, but is ont limited to, previous web pages visited by the user, search engine query terms and other personal information stored on the user's computer.
PLEASE REVIEW THE SOFTWARE LICENSE SECTION ENTITLED "THE BLACKSTONE SOFTWARE" FOR MORE DETAILS REGARDING THE TYPES OF INFORMATION COLLECTED BY THE SOFTWARE.
(Actually, the original is all in upper case, but Slashdot considers that too lame to post.)Of course, if you inadvertently installed this spyware as part of someone else's product, that "license" doesn't apply. If, for example, you agreed to AudioGalaxy's EULA, that doesn't release Mindset from any liability. Releases don't pass through to "affiliates", even if they say they do. (This is called "privity of contract" in law; if A contracts with B and B contracts with C, A has no contract with C as a result.) So you can probably sue Mindset.
Yes. I stand corrected. Believe me, this makes me happy. I quite prefer audiogalaxy to other music-sharing tools.