Slashdot Mirror
Spy v. Spy
An anonymous reader writes "MSNBC is reporting on a brewing battle between makers of spy software and anti-spy software. According to this article the makers of Spector and WinWhatWhere have added a feature to their new software that disables the popular anti-spy software Who's Watching Me."
unplug from the internet.
http://cryptome.org/dirty-hope.htmm e.org/dirt-feedback.htm- author.htm
http://crypto
http://cryptome.org/dirt
http://cryptome.org/dirt-safrica.htm
it just means that anti-spy has to do the same back at them
What we really need is the Grey Spy as she always wins. Now, who is that Grey Spy?
-- Azaroth
I thought you meant this.
Darn.
If I weren't nailed to the penis, I'd be pushing up the daisies!
Which side is decked in all white and which side is decked in all black? This is maddening...
Diable Black Helicopter? Altough if you can replace the B-Heli's OS with Windows then it could just disable itself.
...there's little wonder why lots of people are trying linux these days.
"It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame."
Whatever works for them, you can't blame a company for pulling this kind of tactic if it's the easiest way to do it.
Personally, I hate spyware almost as much as I hate popups. Almost. Of course it's all a vicious circle, just like Trillian vs. AOL. One side will do one thing, the other counter it. Rarely does anyone win in the long run, short of taking it to court.
With all of the money to be made in spy software, and the severely limited resources (and interest) of those who want to stop it, it's unlikely that this will be much of a fair fight.
Maybe off topic, but does the author really need to make it plainly obvious that this is a Geek story? It seems he is being condescending in the opening paragraph when he mentions it is a "geeky James Bond plot" or a "geeky duel". Who cares if its geeky? And for us geeks that read it, we already know we're geeks.
The developers link is broken.
just thought you might want to know.
-Jon
(posting anon, due to lame offtopicness)
-... -.--.--. .-.--- .... .. .- ...
A feeling of having made the same mistake before: Deja Foobar
...somebody tries to sue while claiming a violation of the DMCA? This seems like something a corporation would pull out from it's sleave if it sees it's efforts to stop the anti-spy software is going nowhere...
I lost my concept of community when my community lost all concept of me.
SpectorSoft says its software is for monitoring, not spying. Uh huh, so are my proxy logs and packet sniffers. While they certainly have a legitimate use, what's the fun in that?
I was not touched there by an angel.
It's just one more reason to remind everybody: Make sure your software is Patched, and up-to-date
That goes for all sides of the fence.
SM MBL-VIR looking 4 SIG 4 LTR. must be DDF, no 420, SD ok.
Certainly a court case can be made for one company modifying the files of the other's software. Leaving alone the obviously bad programming practice of having critical files able to be overwritten or appended to, it sucks that the courts would be the only recourse for something like this.
When I was a kid, we only had one Darth.
doubleclick.net and other mega advertising and tracking dont get this stuff, we're okay :)
luser - I feel im being watched, but i check my cubicle 5 times a day and theres nothing there.
HellDesk - oh yes, thats doubleclick.net's new watching you everywhere integrated into IE.
This
In other news, CTRL+ALT+DEL is said to circumvent WinWhatWhere security measures...
For a moment, I thought my favorite duo finally made it big-time on Slashdot...
Okay, this is my computer. I purchase a piece of software that is supposed to detect snooping software hiding out on my machine. Said snooping software destroys my anti-snooper, interfering with it's proper operation and generally depriving me of it's service that I have paid for.
Shouldn't I be able to sue the snooper software, as I did not ask for it and did not give any kind of authorization for it's installation into my system? To say nothing of the trespassing charges I'm going to bring against the snooper developer..
"Avast! Prepare for the rodgering!" THWACK! "Arrr.. me nards.."
If you install anti-spy software, and then that program crashes/does weird stuff, this could be your indicator that there _is_ spyware on your system. Time for a low-level format.
I've yet to hear of any spyware for the various unices. Do marketting companies not care about us? Or do they get enough information from the millions of victims they already have installed their virus^H^H^H^H^Hspyware on? My other question is, if no unix spyware programs exist, how long will it be? With more and more people heading to mandrake, RH, and suse, is it only a matter of time before these people start checking client info, and trying to install RPM spyware packages?
Can all fish swim?
sPh
Dang, I didn't even know that stuff existed :o( That's taking software development to a new low. What is love/loyalty/etc if you don't trust it and must periodically monitor the person's lifestyle to make *yourself* feel better? That's just sleezy.
At some point a company will probably (if it hasn't happened already) offer the fact that they do not run such software as an benefit. Some day, that may be a decision you make ranking right up their with stock options/benefits/work location/pay rate.
And heck, maybe we'll pick our spouses the same way. As in, "Do you promise to love and obey your husband and never use spyware on him?"
I'm not married, but if I were, and I found my partner using WinWhatWhere or equivalent, I would walk out the same day. Such things are just not cool.
sulli
RTFJ.
It's a slippery slope you're walking into. Depending on how they argue it, updating system files (that other programs haven't been compiled against) and _inadvertently_ breaking them (as opposed to intentionally doing so as in this case) would be cause for a lawsuit.
Plenty of Windows programmers (and those of us bit in the ass by Gnome/KDE version fuckups) have mused at one point or another that DLL Hell should be a crime, but I doubt anyone ever took it seriously.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
I can see it now - pop up appears telling you to get the hourly new release of this software that counters the other companies latest release (sigh). After awhile people are going to start to feel like hockey pucks getting passed back and forth. I'd agree that simply stealthing the "spy" program better would be the way to go but so long as you can get your hands on your competitors products...
I know - write an iron clad EULA to prevent reverse engineering, encrypt everything, and then just sue one another under the DMCA or somesuch until both companies are broke. Yeah, that's the ticket! There's not going to be any winners here...
Heh, and I've now met a few people that have caught spouses "cheating" using software like this. People are spying on their kids like crazy too. Maybe this new bill Hollingsworth has proposed will make our computers "pure? Maybe it'll cure world hunger too (ahem). What a mess!
Build it, Drive it, Improve it! Hybridz.org
OS and JEDGAR
/jed'gr/), in honor of the former head of the FBI.
This story says a lot about the ITS ethos.
On the ITS system there was a program that allowed you to see what was being printed on someone else's terminal. It spied on the other guy's output by examining the insides of the monitor system. The output spy program was called OS. Throughout the rest of the computer science world (and at IBM too) OS means `operating system', but among old-time ITS hackers it almost always meant `output spy'.
OS could work because ITS purposely had very little in the way of `protection' that prevented one user from trespassing on another's areas. Fair is fair, however. There was another program that would automatically notify you if anyone started to spy on your output. It worked in exactly the same way, by looking at the insides of the operating system to see if anyone else was looking at the insides that had to do with your output. This `counterspy' program was called JEDGAR (a six-letterism pronounced as two syllables:
But there's more. JEDGAR would ask the user for `license to kill'. If the user said yes, then JEDGAR would actually gun the job of the luser who was spying. Unfortunately, people found that this made life too violent, especially when tourists learned about it. One of the systems hackers solved the problem by replacing JEDGAR with another program that only pretended to do its job. It took a long time to do this, because every copy of JEDGAR had to be patched. To this day no one knows how many people never figured out that JEDGAR had been defanged.
Interestingly, there is still a security module named JEDGAR alive as of late 1994 -- in the Unisys MCP for large systems. It is unknown to us whether the name is tribute or independent invention.
...too bad I don't have that problem...
and the other smart %5.
Just a thought, but this spy software intergrated in computers is installed sometimes unknowingly by the user. This definately falls under privacy and stalking laws in most places. Heck, even police in most states aren't allowed to use surveilance equipment on a person without a warrant, and these companies are doing it with this software. So can action be taken legally against Cydoor and so forth?
Or am I just confused as always.
-Recovery1
That's just wrong man! You should see a doctoral
Sure you can. Watch. I'll do it right now. =)
Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. That's like IE deleting Netscape if it detects it on your system. That's like your trusty Chevy switching to Battlebots mode every time it detects a Honda in the highway.
It's destruction of property. (Or, since we're talking about software here, illegally depriving someone of their licensed usage of a product.)
IANAL, but it seems that WinWhatWhere is circumventing ...
that the spectorsoft web site has a privacy policy?
I mean... what's the point?
He looked at me and said, "Kid, we don't like your kind, and we're gonna send your fingerprints off to Washington."
"I know - write an iron clad EULA to prevent reverse engineering, encrypt everything, and then just sue one another under the DMCA or somesuch until both companies are broke. Yeah, that's the ticket! There's not going to be any winners here..."
And, as usual, the lawyers are laughing all the way to the bank.
Price, Quality, Time. Pick none. What, you thought you had a choice?
/me brings out the aluminum foil hat...
"theyre watching me, i know it"
This
I'm not trying to pat Linux or *BSD on the back here -- the Unix security model is far from ideal, actually -- but it's a good argument for open systems in general, even if they're not "free" as such.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
One word:
Children
Once you have kids *everything*. EVERYTHING changes.
Every day there is more and more news detailing the dirty underhanded tricks people, i.e. - corporations, play to maintain profits/power/popularity.
It really makes me sick. I think I'm going to go into another field of work. Screw this shit!
Oh wait... that's SpectorSoft. I guess we're safe then, right double-oh-seven?
"Free beer tends to lead to free speech"
If you don't trust your spouse/partner, divorce/leave them.
Of course, the anti-spy people could treat these countermeasures as an engineering problem.
A couple possible (partial) solutions:
1) Check for beligerant spyware during the install process (the install program would presumably be running from a CD, so it couldn't be corrupted). Later, if it detects that spyware is being installed, fire off warnings, send e-mails, make logs, etc. to make sure that the spyware can't cover it's tracks.
2) In the documentation, note that failure for the program to run or a crash could indicate the presence of spyware (and that you should run an "emergeny check" from the install disk).
3) Put a check on the integrity of the software in the MBR (using CRCs and such). If a spyware messes with that, it should trip off the BIOS virus checking. That would also have to be documented of course so the user understands what the heck is going on.
4) Have the anti-spyware run entirely from a separate disk (maybe a boot disk to be sure the spyware isn't running waiting to thwart the anti-spyware). When you come in to work, or sit down at your computer, throw in the disk to be sure nobody installed spyware when you weren't there.
5) Make the anti-spyware as stealthy as the spyware. If the spyware or the person installing isn't aware of the presence of anti-spyware, the anti-spyware is much more likely to be successful. Using polymorphic code, constantly changing file names, etc. could probably be pretty effective.
None of these solutions are perfect of course, but a bit of a battle is probably inevitable, as the two types of software both have legitimate and illegitimate uses, and the only way one of the two can succeed is by defeating the other.
... "Give me a woman who loves beer and I will conquer the w
althought IANAL... The legal ramifications go on and on...In Spector's license agreement says that you have to notify anyone who uses the computer that the spyware is installed.. (doesnt that negate the point) then they go on to list all types of magazine and news paper articles about how people have used the software to catch cheating spouses and such... either the spouse is stupid, or the were never told.. so the license agreement is not being upheld by the installer. It seems that if the person installing the software violates the eula and installs the software in secret.. they could be liable for invasion of privacy. Whats more concerning is that Spector seems only to pay lip service to their own license agreement..
Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
So, just being curious...how many people here actually found Spyware using "WHO'S WATCHING ME?"?
Not me.
-- Making computers see, hear, and think... http://www.componica.com/
I don't see how these companies expect not to get sued. By technical definition, spyware is a virus. Not only is "unauthorized alteration of a computer system" illegal, but if I had copyrighted material on my machine, the spyware could be considered an unlawful circumvention device under the DMCA.
The folks who write spyware are no better than hackers and virus writers - for that is what they are, and they should be treated accordingly. How long will it be until these tools are used for corporate espionage, and the companies that make them be raided by the FBI?
Kind of makes you want to install spyware on the computers at the MPAA... or Adobe, for that matter.
The society for a thought-free internet welcomes you.
This would be brilliant if both pieces of software were written by the same company. Sort of like the company that makes radar detectors and radar guns. Or the tracer, trace buster, and trace buster buster (did anybody else see that movie?)
So if Who's Watching Me? starts inexplicably crashing I should investigate a little further?
"Who's Watching Me" now has a moral obligation to attempt to use the DMCA 'reverse engineering' rubbish for good instead of evil. This will further our anti-DMCA agenda, since if anything has a chance of getting the DMCA struck down, it's people trying to do reasonable things and defend existing freedoms with it. Using the DMCA to stop spy software would be like using free speech to criticize the government - you better believe the 'powers that be' aren't gonna like it, but it's the right thing to do.
is competition good, or is duplication of effort bad?
1. have the anti-spyware regularly check its files for integrity. If the files have changed, download a replacement.
2. Incorporate some of the latest virus technology (e.g., piggyback on spyware, change names, locations, and dll file names and locations, etc).
This might not necessarily solve the entire problem, but it could certainly up the ante.
What is your Slash Rating?
Seriously people, it's civil law. The spyware programs are on seriously shaky ground to begin with. Not to mention the Fourth amendment issues. see http://caselaw.lp.findlaw.com/data/constitution/am endment04/ If you find spyware on your system, track them down and take them to court. Remember to include the programmers and software vendors in the suit. I recommend a aggressive response to this. Who knows, we may see you here on slashdot.....
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
I've read about the use of spyware in the past... some very large companies make use of it. I seem to remember that Deloitte & Touche uses some spyware that's rather... comprehensive. I want to say some of the features included (among other things)...
- Logging every keystroke you make
- Logging the title of every window you open
- Recording screenshots of windows
- E-Mailing all of this to a designated person...
Not only is it something they use internally, it's also something they use in their consulting activities, on their clients' computers! You hire them, and you're under a microscope... very Big Brother. It goes way beyond the spying that's possible with the last version of Microsoft SMS that I used. (I admit, it's been a while!) Also, I've noticed that some people really don't pay attention to the fact that SMS has 'remote viewing' capabilities -- your sysadmin can watch you browse just like he/she watches the evening news. Then again, SMS's installation is rather obvious -- at least to the technically inclined.I have to consider the other hand as well... If you're hiring a consulting company, they have an obligation to do their job to the best of their ability. That means using all the resources legally available to them -- no matter how distasteful. If you've got someone who's supposed to be doing data entry, and they're actually running their own little eBay store out of the supply room... well, you're going to need all the ammo you can get to convince the boss to fire his brother!
With the sentiment of "It's OUR computer, OUR time, and OUR money!", I don't think you're going to be seeing spyware-free companies advertising the fact anytime soon.
In fact, with the precedent that computers have been and continue to be monitored; a company could incur severe liability for deliberately not monitoring! Consider the potential liability burden when you don't catch sexual harrasment or some particularly nasty criminal activity... What happens to the company when it's shown that 'standard industry practices' would have given advance warning of, or even prevented [some illegal event]?
What happens? A check with LOTS of zeros to the left of the decimal... at the best, your lawyer gets it. At worst, THEIR lawyer gets one, THEY get one, etc...
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
I mean, come on, people! Checking all contingencies is something you're supposed to learn in your first programming course. Especially in a hostile computing environment (spy vs. counterspy) you have to write airtight code or you'll get got.
Who would actually be a customer of BOTH of these companies. It sounds to me like the point of WinWhatWhere is to hide and watch you while the point if Who's Watching Me is to find a program like WinWhatWhere that you don't exists on your computer.
It seems to me that once you find out about the spying software you'd take steps to remove it. I can understand that it the spy software could break Who's Watching Me if WWM was previously installed but if WWM is installed after the spy software I wouldn't think it would be a problem.
I could be wrong since I haven't run into the situation myself.
Youre totally right of course :)
This
I like thinking that this is the very reason we have courts, as an impartial arbitrator. IMHO modifying something I have on my system without my approval is destruction of property, not simply trespassing. If it's property lent to me by license then it's destruction of the owners property.
It would be a good thing to get this into court and settled. Set some nice precedence by way of awarding damages and the problem goes away, at least, for those companies with visibility. As far as crackers, well, I say put 'em in irons.
A feeling of having made the same mistake before: Deja Foobar
I'm not a programmer, and I've never used either of these programs, but if "WinWhatWhere" causes "Who's Watching Me" to crash, wouldn't a simple fix be for "Who's Watching Me" be to just check itself to make sure it's still running?
I think this is a better solution then to get in a coding war with "WinWhatWhere" which could go on forever.
The problem is that a program is causing your program to crash. How they are crashing it should be secondary. The first thing on your mind as a developer should be to detect that it has crashed and alert the user.
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
SpectorSoft makes a product called Spector and SpectorPro, from what I can tell, it takes a bunch of screenshots.
WinWhatWhere Investigator is a different program and should have had the URL as http://www.winwhatwhere.com. Although it seems to do generally the same thing.
My Slashdot account is old enough to drink...
Wow, I made it to Slashdot!
:)
I am a programmer for one of the companies listed in the article, which disables "Anti Spy-ware." In fact, I'm the person who came up with this "crashing" system.
Say what you will about Spy software (it pays my bills), the fact of the matter is the ANTI-Spyware is trying to crash OUR program! Because of this, no company should be upset when we use the same tactics to try and prevent this from happening. They were crashing us, so we crashed them. Sounds like fair play to me.
Although the whole "spy vs. spy" thing is getting a little bit out of hand, I personally think that the makers of anti-spyware should try coming up with some original way to make money instead of cashing in on our success. If you don't think that all those anti-spyware programs are just out to make a quick buck, you are surely mistaken.
Again, I am HIGHLY excited that my code (one way or another!) made it on Slashdot's front page!
(BTW, WinWhatWhere's crash system is a lot less sophisticated than mine, which wasn't highlighted as much in the article
I've never used anti-spy software, but what exactly does it do? Is it like an eye candy version of tcpdump or ethereal (http://www.ethereal.com/)?
btw- an easy solution would be to run an eavesdropper on your router/masquerade machine (if you're using one). It would be extremely difficult for spyware to find that you're running tcpdump or ethereal on a remote machine.
IANAL, but I seriously doubt you as an end user can sue the spyware company. When you download their free software and click on the "I agree to your licensing terms" thing, you are almost certainly giving away your rights to claim damages due to anything their software does. The anti-spyware company may have a case, since their software is being damaged and they didn't sign any agreement. But if you look at it from that perspective, then the spyware company could also sue, since the anti-spyware company's sofware is also being damaged (disabled). The fact that one is voluntary by the user and the other apparently isn't is most likely irelevent, since when you download the package which contained the spyware and click on the user agreement you are undoubtably 'voluntarily' installing the spyware.
If BlackIce lived up to its name, it'd detect stuff like this and then go kill the person using it on you.
:)
I can't wait until we have plugs in our heads to log on with.
Viruses, Spy Software, Trojans, etc.
Every operating system should have a sandbox that looks like the rest of your computer where you run programs you don't trust. When the program tries to install itself perminately or hook itself into a DLL, it will only do it to that particular sandbox.
This sort of protection has been supported by Intel since the 286, why is it we still don't use virtual machines for security purposes?
"Communism is like having one [local] phone company " - Lenny Bruce
Compare these quotes: Haight said. "It's just the way the security of our software works. It won't allow (anti-spy) software to run." And a few words later: . SpectorSoft says its software is for monitoring, not spying, and tells purchasers to always advise computer users they are being monitored. Well, if that is the case, why is he bothering to disable WhosWatchingMe? Grrrr. People who lie so blithely piss me off.
...does anyone remember, "It ain't done till Lotus won't run."?
You are in a maze of twisty little passages, all alike.
I think the producer of WinWhatWhere has a better case than the end user: copyright violation, unfair business practices, possibly DMCA.
If you are using FreeBSD, netstat, sockstat, tcpdump, and ipfilter are your friends. I'm sure there must be some similar Windows utilities out there that can do the job.
I was one of the original authors and an original founder back in '98. We sold our shares in '99 and got out because of the way it was being marketed. The product was never intended to be a "Catch your cheating husband" type of product. It was intended to monitor your child's Internet experiences and protect them from pedophiles. Doug Fowler (dfowler@spectorsoft.com) was the guy that pushed this tactic of spying on your partner and your employees. We felt that monitoring another adult, without their knowledge, clearly violated their civil rights! They avoid lawsuits now by placing a disclaimer that you agree to inform the individual that you monitor. In reality, no one ever does.
It's a classic case of the marketing weenies convoluting a product to fit a malformed business model. There's MORE MONEY selling a product to catch your "cheating husband" than to protect your kids. It feed on paranoia.
The good news is most developers could spot this product on their machine. Keystrokes slow down, mystery files appear, etc. It leaves a small footprint, but it's still a footprint. Don't look for it (Spector) in Task Manager. It's hiding in another application.
Just skimming the headline, I read the article and was sorely disappointed.
I was hoping for news of a remake of Spy vs Spy, damn I'm showing my age.
Anyoneout there remember the classic Spy vs Spy computer game, It was based on the old MAD Spy vs Spy cartoons. One of THE classic 2 player arcade games.
It was released for amongst others the NES, C64, Spectrum, Atari and Amiga and probably many more.
The "spy guys" say in this article that they recommend that their customers advise the people that are being monitored that monitoring is going on.
Taking them at their word *they wouldn't lie, right* all they need to do is to put a splash screen into their spy software that says, "Access monitored by XYZ Monitoring software". This splash screen shows up on each boot and hangs around for five seconds, and takes the need for the anti-spy software away.
Hey, they did say that the persons being monitored should be advised, so they should take the step of advising them.
I wonder if we'll see a splash screen in v2.0.
And while we're waiting, could I interestt you in a nice bridge that I just happen to have available for sale?
If you're a zombie and you know it, bite your friend!
I'd have to go with WhoWhatWhereWhenWhyWHAM!
Sidenote: For obvious reasons (starting with marketshare) most of this spyware affects Windows users. Are there any insidious spyware programs to watch out for under any of the usual *nix contenders? What about OS X?
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Okay here's a honest question. I don't claim to be an expert in understanding the intricacies of Windows but I do muck around in the Registry quite a bit so I'd count myself as an above average computer user. In my experience the only way to get a program to run at startup is to put it in the Startup Folder of the Start Menu, or to insert a registry entry in one of the following places:
r re ntVersion\Run*s oft\Windows\Curr entVersion\Run*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
HKEY_LOCAL_MACHINE\Software\Micro
where Run* can be Run, RunOnce, RunServices, etc.
Is checking these locations and deleting anything you don't recognize as belonging there sufficient to guarantee there is no spy-ware running on your machine? Or are there other ways to get a program to start that I'm not aware of? Certainly this wouldn't take care of corporate spyware that checks where you surf. That can be done at the firewall or by routing all network traffic through a computer with spyware. But keyboard monitors, etc. would have to run on your computer right?
Thanks for taking the time to reply.
--Atlantix
But just like most American cars, by the time it has reached the Honda, it will break down.
in accounts payable and I have the passwords to initiate EFTs to our vendors. I run anti-spyware software for obvious security reasons.
Now some rogue spyware installed by a very soon to be former employee has disabled my anti-spyware and this cretin captures my passwords and proceeds to use them to transfer their "instant retirement package" to their Cayman Isalnd bank account.
I see a bigger problem with spyware than with anti-spyware, and any employer who has employees handling any sort of sensituve informationshould too. (I know, that credits most bosses with WAY too many smarts...)
You either believe in rational thought or you don't
This is from http://www.trapware.com/companyLinking.html (terms and condition violation here).
Yeah right...So here's another TrapWare terms and conditions violation! YAY!
If he really wanted to prevent linking, he'd set it up in apache so it only accepts incoming connections for legally authorised URLs, but judging by their website, they're quite oblivious to the nature of the Internet.
I encourage everyone to post links to their website in the blogs, just like what happened to KPMG a few months ago.
My Slashdot account is old enough to drink...
I think that I just missed it. Damn.
Spector sells a criminal tool without any legitimate need and should be investigated and brought to justice. You can't sell burglar tools either.
f.
It's called "university networks." I know for sure our engineering network had very strict policies on downloading/storing porn/warez/etc. Basically anything illegal (or porn related) got your network acess revoked. I wouldn't be surprised if this were the case at other universities. Ours didn't have any spyware AFAIK, but I can see where there would be a commercial application. (I should add, btw, that ours at Auburn was a mostly Sun network in engineering...as opposed to the win98 boxen for the regular campus labs)
Actually, I'm pretty sure we didn't have any spyware running. Case in point: one day this guy calls up the network admin office and asks to have his "important files" restored to his account after the quarterly purge (1 count of being stupid: he forgot to back things up). The very nice woman who handles such things went to the tape archive and started looking to see what files needed to be restored. Turns out there were files there with names like "man_and_woman_on_roof_...ing.jpg" (counts 2 & 3 for stupidity: downloading porn to your engineering account and giving the admin department a reason to find this out). His access was revoked very quickly...and he didn't get his "important" files back (count 4 for stupidity: go back and download the files again if they are that important).
Anyway...point is, I see a reason to do it. I'm not sure if such a thing exists, but there is a market there.
What is your Slash Rating?
the masses!!!
The "Trace-busta-busta-busta" !!
---- The price of freedom is eternal vigilance. -Thomas Jefferson
I agree. An an original author of this product, it was never intended to "spy" on others. It was developed so parents would know what "junior" is up to on the 'Net. Whether to do something about the sites a kid visits is up to the (perhaps less techno savy) parent.
Fourth ammendment... that EXACTLY why I sold my shares & got out of this company...
...can't defeat my Volvo...so there :)
What is your Slash Rating?
If black holes don't exist, where does stuff I send to /dev/null go? ;-)
Why do people feel the need to feed their little monkey egos spying, cracking, and infecting me and everyone else. If humans didn't have the urge to fuck over their neighbor any chance they get, I guess we'd all be dogs. BTW. Senator Hollings sucks Walts ass.
Tiny Personal Firewall ICSA Certified
summary
Free for personal use, originally built for the navy. Tiny footprint. yum.
1.4megs, Win 9x, ME, 2000 , NT & XP
Yeah man CRobots was that game. I used to play it all the time. I made like 10 different bots. You can download a copy from here: http://www.nyx.net/~tpoindex/crob.html
In any case, it's actually rather easy to fix. Put a memory-resident util that monitors the files on disk, checking the checksum every x number of minutes, and display a popup on the screen if it's modified. Have the memory-resident program put an icon in the systray. Copyright the icon in the systray. Put in the manual "If you don't see the icon in the systray, then you have spyware installed.". If the spyware companies disable the resident program and put the icon back on anyway, you can definitely nail them for copyright violation. :)
Just my $0.02, IANAL, void where prohibited.
-steve
psxndc
The emacs religion: to be saved, control excess.
I know the program disabled other applications that were hostile to it
The scenario sounds familiar, but the names do not. On the old Sun terminals, you could do a screenshot of another user's terminal. It was always interesting to do that to someone, just for the fun of it. That was before the net really existed though, so not much of a chance of catching someone looking at pr0n. What was really cruel was to dump the passwd file (or a binary) to all of their terminal windows. he he. You could hear the cursing across the cubicles. I always found it more fun to just send a CRLF to them, because it wouldn't be so obvious that they got nailed. Oh, and you could display background images on their terminals too. THAT was always a sure-fire way to cross the line, especially if you did it just before their boss walked up. We even had a script called "pissoff" and when you ran it, it would prompt you "Which user would you like to piss off?". Pick from the list, give it a message, or a file to dump, and watch the ensuing hilarity.
My beliefs do not require that you agree with them.
Once again, this is not referring to the marketing spyware that is bundled with free downloads. It is referring to application/web monitoring type spyware that you purchase.
And in related news, SeeWhatWhere, makers of binoculars favored by people who like to watch their neighbors through 'Windows', is attacking the venetian blind company for manufacturing a product specifically designed to block their product. "If someone's trying to make money trying to ruin my spytools, I have to take appropriate action," said Richard Eater, president of SeeWhatWhere.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
The Computer Misuse Act makes it a criminal offence to alter the behaviour of a computer system without the permission of the owner.
The difficulty here is in getting it to court...
Haven't you all received the opportunity to be FREED in your mailboxes?
"You need EVIDENCE ELIMINATOR (tm)!!"
WTF are you talking about? It reproduces and spreads itself? Where on earth did you get that from?
It looks like a pretty reprehensible piece of spy-ware, but I saw nothing about it reproducing and spreading autonomously.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
which is why windows had to be modified - to take out the logging features. You do realise that every time you open an application or file or view a web page, windows takes a note of it? That crap takes up megabytes of your hard drive.
In this country, based on the lawyer-fication (and simultaneous puss-ification) of the United States, intent often has a lot to do with whether you win or lose in court.
To win a lawsuit against somebody who built a product that was used to commit a crime, you have to prove the manufacturer intended the product to be used to commit a crime. While it would be hard to argue that the binocular manufacturer intended the product to be used illegally, it might not be so tough with the Spyware. Consider that Spyware has only one function, to collect data without the knowledge of the person under surveillance.
Further, if you check out the web-site, you'll see that the Spyware referred to in the article has a "remote stealth install" method, rather similar to an Outlook/VB Script virus.
You send the victim (er, your husband) an email with the "stealth installer" executable attached. If your target is an average Outlook user who double-clicks on every attachment he gets, all he'll see is...Well, nothing. According to their web-site when the target clicks on the stealth installer the software is up and running in a few seconds without alerting the target to its presence.
No, it's not "technically" a virus, it's a trojan horse. As far as I know, there's no special legal protection given to authors of Trojan Horses who sell them for profit.
Who did what now?
Everyone seems to be ignoring one very important point here - this isn't a balanced situation. People are acting as if Software A makes Software B fail and Software B makes Software A fail so it's a two-way street. It ISN'T! Software A does NOT make B fail, it merely exposes the existence of B. For this, B retaliates by making A fail altogether.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
The problem is that the software LIES about what it does. This software package is arrogant enough to assume it has the right to destroy part of another program just because that other program has the audacity to tell me about the existence of it.
Napster and DeCSS do exactly what they claim to do. This snoopware contains hidden functionality that is not advertised. The person who installed it might not even know about the hidden functionality.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Did anyone else get a kick out the fact that the two prinicpals in this story are named Spector and Austin?
Obviously the Spector name was intentional, but that their arch enemy would be named Austin is pretty funny.
Work for Change & GET PAID!
Just stop using closed source software.
I was under the impression that it was illegal to purposefuly and knowingly disable software on someones computer without express permission. Espesialy true in this case where the spy ware's original intent is not to spy (at least one can reasonably assume no one is purposefuly going to install a program who's sole or primary intent is to spy on them) there fore by installing the Anti Spyware, you are effectively elliminating a secondary purpose or feature, but not rendering the spy-ware useless. But by purposefuly disabling the anti-spy-ware software, you are eliminating the software's sole purpose and effectively rendering the software useless. That's like sabotage.
T Money
World Domination with a plastic spoon since 1984
It's destruction of property.
It's also vandalism and trespass, if done against the wishes of the computer's owner.
Tinfoil Hat Linux
Corewar (Core Wars, CoreWar, whatever)
lives on, though it's rather difficult
to track down. I suggest www.koth.org.
Does anyone know how personal firewalls affect this spyware? Can they be set to prevent the spyware reporting back to Big Brother, or do the programs have some way of tunneling through them?
Everything you've said could be said about most virus programs. Spyware is a virus, and should be treated as such.
When in danger or in doubt, run in circles, scream and shout!
Spyware performs two basic tasks:
1. Gather information
2. Notify snooper
Spyware would have to tell the snooper what it found sooner or later, and this is its weak point. Suppose it e-mailed its logs off to someone periodically. If you could write software that searched for spyware config files and changed them so it emailed you instead, then the spyware would be defanged.
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Amen to that. I run RedHat, and keep my pr0n in a .pr0n directory right there in my home directory. I couldn't possibly imagine her finding it. All she knows how to do is connect to the internet and browse the web.
Cheers, Joshua
When in danger or in doubt, run in circles, scream and shout!
until these insidious programs start disabling AdAware?
"Politicians and diapers must be changed often, and for the same reason."
he did.
it is.
jus wait.
Can winwhatwhere disable windows media player and IE spyware?
and it was mandatory for all users. there wouldnt be any secrets. everyone knows what you surf, how much you have in the bank, the loathsome disease you need regular treatment, your likes and dislikes, spending patterns, and you had no privacy at all (like now)......
Nobody really cares. Take a walk in the countryside.
IANAL but...
Anyone can write software at anytime that disables/deletes/harms any other piece of software if they want as long as they notify the End User who purchaes said software of the function in the EULA.
The End User has total liability for their action.
Examples:
1. Company installs spying software on their employees company owned computers.
Liabity: None
Companies own computers so they can do what they like to any piece of software on machine.
2. Spouse installs spying software on their mates computer.
Liability: Probably none
Due to community property laws.
3. Private citizen installs spying software on their Roomates machine.
Liability: Substantial (hacking/destruction of property etc...)
Liabity extends only to End User who installs.
The EULA is most likey going to state that the Software Company is assuming you the End User have full rights to install software on said machine. Those who install said software on machines they don't have authorization to do so are violating the Law and subject to harsh penalties REGARDLESS of wether said software disables ant-spying software.
In the end the Software companies incur no Liability.
- A Frog in a pond utters an azure cry. -
See, in a corp, spyware does NOT have to be invisible. Rather employees not do illegal stuff than catch them later.
The only place where it should be invisible is in private homes and the like where the installer prolly doesn't have 100% right to spy on the other users.
Nahhhhh, these companies only want you to use the tools for 'monitoring and protecting your kids'
Bastards
rather apropos that I received this the other day:
Return-Path:
Received: from www.chibanet.or.jp (www.chibanet.or.jp [210.226.24.1]) by EDIT.jaguNET.com (X.Y.Z/jag-2.6) with SMTP id SAA16209 for ; Sun, 24 Mar 2002 18:02:48 -0500 (EST)
Received: from mx10.hotmail.com (ppp-216-143-217-101.mclass.broadwing.net [216.143.217.101]) by www.chibanet.or.jp (8.6.10/8.6.10) with ESMTP id HAA07385; Mon, 25 Mar 2002 07:52:58 +0900
Message-ID:
To: [EDIT]
Cc: [EDIT]
From: "Kimberly"
Subject: Secretly Record all internet activity on any computer... HW
Date: Sun, 24 Mar 2002 15:09:20 -2000
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Reply-To: mi9kigc5t7@hotmail.com
X-UIDL: \m?"!7AL"!:BD"!0L@"!
Status: U
FIND OUT WHO THEY ARE CHATTING/E-MAILING WITH ALL THOSE HOURS!
Is your spouse cheating online?
Are your kids talking to dangerous people on instant messenger?
Find out NOW! - with Big Brother instant software download.
Click on this link NOW to see actual screenshots and to order!
http://www2.coveragedirect.com/bigbro/M30/
To be excluded from future contacts send to: xo4bezp0m0@hotmail.com
johnch
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
A virus is a chunk of machine code that reproduces. Period. Whether it does any damage or not, whether it interferes with normal usage or not, if it reproduces, it's a virus.
For instance, here is a dissassembly of the "Tiny Virus" aka 163 Com.
Well, I meant to post the dissassembly but unfortunately slashdots bloody stupid lameness filter won't let me. I'll put it on my homepage if some nanny code doesn't stop me there. Anyway, the point was...
Does it do anything destructive? Well, no, not really. It's 163 bytes of executable code which prepends itself to .com files and reproduces indefinately, without any payload, without interfering in any way other than taking a miniscule amount of disk space and a few processor cycles each time it executes. This is one of the smallest viruses ever found, it satisfies the minimal requirements to be a virus and does nothing else.
A program which does NOT reproduce, but does as you say prohibit "the normal functions of applications the computer" would not be a virus. It would, assuming it's inserted under false pretenses (and who would place it on their system otherwise?), be a trojan horse program, but not a virus.
A worm, on the other hand, is a much larger viral program or collection of programs which work together, specifically to reproduce across a network.
Now, of these three types of programs, the only one this spyware could possibly be is a trojan horse. Viruses *by definition* reproduce themselves, and I've not seen any evidence that this thing does that.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
If you decided to go with steganographic methods, just remember not to encrypt your pr0n images into other pr0n images. Next time I'm going to use cute pictures of puppies or those damned Anne Geddes pictures or something...
They that would sacrifice their
My parents bought an '83 240 sedan of the same color blue that's still running for their kids to use. They have a black 760 turbo wagon from the early 90's. When I got out of college they gave me a dark silver '91 240 sedan (also built like a tank). I walked away from a 55 mph crash in it (hit the side of the other guy's car with my nose). Built like a tank. Now I have a white '91 turbo wagon.
:)
Volvos are truly the best cars...as a matter of fact, Volvo has been running ads for a giveaway of a new sedan during the NCAA tournament. You should sign up...or go find another late 80's-early 90's Volvo
What is your Slash Rating?
You are right, a corporation that uses blatant spyware will probably deter unwanted activity. If that happens, then (one way or another) the software has done its' job. On the other hand, simple deterrance means the root of the problem is still in place.
However, corporate IS doesn't have any requirement to install visible spyware, either! Take the situation of a consultant, for example:
- The employees (at the client company) aren't expecting spyware -- their company hasn't used it, so they feel free to do [whatever].
- If [$consultant] installs SMS, some people would notice, and realize there's monitoring potential.
- So, they install invisible spyware instead -- and watch the bad apples to reveal themselves.
- Client received a rather large bill -- "Consider how much more you would have lost if we hadn't caught [$wasteful_or_illegal_activity]..."
Invisibility has benefits -- "good" and bad. "Good" if the (police | FBI) use it with an appropriate warrrant, bad if the rest of us start spying on each other as a matter of course.This feels very much like the RADAR vs. RADAR-detector wars -- an endless cycle of 'mine is better than yours'.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
And as soon as she reads your slashdot posts, your method is somewhat, er, compromised. :-)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Wow ... as someone who was just about to send the above mentioned company my resume for an internship job they advertised at my school, I am in your debt. Thanks for the heads up.
If I found spyware on my PC, put there by my partner I would throw her out immediately.
And what's this nonsense of guys always being the one who has to go elsewhere. To hell with that, she can move out and find a new home.
See, in a corp, spyware does NOT have to be invisible. Rather employees not do illegal stuff than catch them later.
If the only surveilence systems are visible ones then malicious people may attempt to work around them. If some of the systems are covert they may not be able to.
The detector software (Ad-Aware, WHo's watcthing me.., etc.) will have to provide a "boot disk" option, like many virus scanners do, if they want to keep up... all you have to do then is create the disk on another computer, write protect it, and start up to scan for spyware.
If BackOrifice and Sub7 are considered malicious, I think we can make a pretty good case to the AV companies that spyware/adware should be detected and cleaned by their anti-virus engines.
I'm proud of my Northern Tibetian Heritage
Be serious
A fuly trained Linux professionnal won't give root access to anyone.
Or would they ?
I know that on my linux box, even I have problems loging to root ( I thought it would be fun and I put a 128 characters password. Now it takes me up to 10 minutes and 20 retries to get logged 8| but then, last time my computer has been tried from the outside, I had ample time to lauch counter measure. I mean, brute force checking a 128 char pass...thats a 4096 bits key, if I'm right no ? 8)
I work at a university where we have open-access computer labs. We were having problems with our student workers sitting at the help desk doing things like playing games, downloading goat-porn, etc. In moderation this was not a significant problem although we didn't like it. The thing was, it wasn't being done in moderation. It was interfering with them doing their job.
The solution was to modify VNCserver so that they could not tell where it was installed or when it was running. I modified it every which way I could think of to obscure its presence and operation. It worked. We have plenty of CS and CSE majors here working for us and I challenged them to try and find it, no one ever could.
After this software was installed we told everyone up front that it was there, and reminded them in case they forgot. I wasn't interested in spying on people and neither was anyone else. We were only interested in creating a deterrent whereby the student workers would KNOW that we COULD be watching, and therefore curb their inappropriate use of the systems on university time.
The fun thing about VNC is that you can remotely control the computer as the person is using it. So if the student was doing something they shouldn't, we could start moving the mouse around on the screen so they would know we were "watching" them. None of the students liked it of course, but neither were we being dishonest with them by spying on them in secret.
These products that are clearly designed to be installed in secret and used without the person being aware that they are there are, to me at least, just plain evil.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
/me winces in sympathy as the clue-by-four goes up the side of your head, again.
Ok, let's look at your definitions.
Your difficulty, perhaps, has to do with realizing that what the jargon file here refers to as "infection" is in fact the same process that I referred to as "reproduction"? The difference in usage probably has something to do with the fact that the writer of that particular node appears to have gotten the term from sci-fi, whereas I first heard of the concept from computer science/ai people, who had a slightly more direct link. But if you actually read the definition, he's clearly talking about viral reproduction. As for instance the Virus whose dissassembly slashdot won't allow in comments. It's on a journal entry, feel free to go take a look. http://slashdot.org/~Arker/journal/
It reproduces by copying itself, all 163 bytes, into existing com files. That's the "infection" he's talking about. And he doesn't say that some viruses don't infect, which is the way you would say, using his language, what you're trying to say.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Whenever starting at a new job or contract, I *always* cripple the monitoring aspects of SMS first. It's a bitch to do, too. If they don't trust me they shouldn't hire me.
Funny, after first getting rude, then getting upset, now you squirm around and try to claim a new, but faulty definition.
Your lack of clarity is notewourthy, but still, some small substance has been found in your utterence. You are claiming that a program that placed a newline at the end of object files would therefore be a virus, since it "embeds" a portion of itself in those files.
But this would not be a virus at all. Viruses, as your first definition clearly says, must "infect" other files. Placing LF at the end of a binary file could count as random vandalism, but hardly infection. To infect a program requires introducing the code that does the infection into the program itself.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.