Slashdot Mirror
Spy v. Spy
An anonymous reader writes "MSNBC is reporting on a brewing battle between makers of spy software and anti-spy software. According to this article the makers of Spector and WinWhatWhere have added a feature to their new software that disables the popular anti-spy software Who's Watching Me."
...there's little wonder why lots of people are trying linux these days.
"It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame."
Whatever works for them, you can't blame a company for pulling this kind of tactic if it's the easiest way to do it.
Personally, I hate spyware almost as much as I hate popups. Almost. Of course it's all a vicious circle, just like Trillian vs. AOL. One side will do one thing, the other counter it. Rarely does anyone win in the long run, short of taking it to court.
With all of the money to be made in spy software, and the severely limited resources (and interest) of those who want to stop it, it's unlikely that this will be much of a fair fight.
Certainly a court case can be made for one company modifying the files of the other's software. Leaving alone the obviously bad programming practice of having critical files able to be overwritten or appended to, it sucks that the courts would be the only recourse for something like this.
When I was a kid, we only had one Darth.
This isn't about AdAware and the advertising spyware that tracks your websurfing. This is keyboard and screen monitoring spyware used by law enforcement, corporate IS depts, and, as the article points out, suspicious spouses. Internet connectivity does give some remote monitoring features but the software probably logs locally too.
Okay, this is my computer. I purchase a piece of software that is supposed to detect snooping software hiding out on my machine. Said snooping software destroys my anti-snooper, interfering with it's proper operation and generally depriving me of it's service that I have paid for.
Shouldn't I be able to sue the snooper software, as I did not ask for it and did not give any kind of authorization for it's installation into my system? To say nothing of the trespassing charges I'm going to bring against the snooper developer..
"Avast! Prepare for the rodgering!" THWACK! "Arrr.. me nards.."
Dang, I didn't even know that stuff existed :o( That's taking software development to a new low. What is love/loyalty/etc if you don't trust it and must periodically monitor the person's lifestyle to make *yourself* feel better? That's just sleezy.
At some point a company will probably (if it hasn't happened already) offer the fact that they do not run such software as an benefit. Some day, that may be a decision you make ranking right up their with stock options/benefits/work location/pay rate.
And heck, maybe we'll pick our spouses the same way. As in, "Do you promise to love and obey your husband and never use spyware on him?"
I'm not married, but if I were, and I found my partner using WinWhatWhere or equivalent, I would walk out the same day. Such things are just not cool.
sulli
RTFJ.
I can see it now - pop up appears telling you to get the hourly new release of this software that counters the other companies latest release (sigh). After awhile people are going to start to feel like hockey pucks getting passed back and forth. I'd agree that simply stealthing the "spy" program better would be the way to go but so long as you can get your hands on your competitors products...
I know - write an iron clad EULA to prevent reverse engineering, encrypt everything, and then just sue one another under the DMCA or somesuch until both companies are broke. Yeah, that's the ticket! There's not going to be any winners here...
Heh, and I've now met a few people that have caught spouses "cheating" using software like this. People are spying on their kids like crazy too. Maybe this new bill Hollingsworth has proposed will make our computers "pure? Maybe it'll cure world hunger too (ahem). What a mess!
Build it, Drive it, Improve it! Hybridz.org
OS and JEDGAR
/jed'gr/), in honor of the former head of the FBI.
This story says a lot about the ITS ethos.
On the ITS system there was a program that allowed you to see what was being printed on someone else's terminal. It spied on the other guy's output by examining the insides of the monitor system. The output spy program was called OS. Throughout the rest of the computer science world (and at IBM too) OS means `operating system', but among old-time ITS hackers it almost always meant `output spy'.
OS could work because ITS purposely had very little in the way of `protection' that prevented one user from trespassing on another's areas. Fair is fair, however. There was another program that would automatically notify you if anyone started to spy on your output. It worked in exactly the same way, by looking at the insides of the operating system to see if anyone else was looking at the insides that had to do with your output. This `counterspy' program was called JEDGAR (a six-letterism pronounced as two syllables:
But there's more. JEDGAR would ask the user for `license to kill'. If the user said yes, then JEDGAR would actually gun the job of the luser who was spying. Unfortunately, people found that this made life too violent, especially when tourists learned about it. One of the systems hackers solved the problem by replacing JEDGAR with another program that only pretended to do its job. It took a long time to do this, because every copy of JEDGAR had to be patched. To this day no one knows how many people never figured out that JEDGAR had been defanged.
Interestingly, there is still a security module named JEDGAR alive as of late 1994 -- in the Unisys MCP for large systems. It is unknown to us whether the name is tribute or independent invention.
The point is that what we're seeing now, with the spyware vs anti-spyware, is the same as Code Wars, but now moving to real systems instead of that virtual block of memory. And these are no longer games, but programs that may or may not affect both those that write them and those whose system the battle takes place on. So I certainly think there's a geek side to this, no only in the YRO aspect, but also in light of what used to be considered a harmless game years ago.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Sure you can. Watch. I'll do it right now. =)
Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. That's like IE deleting Netscape if it detects it on your system. That's like your trusty Chevy switching to Battlebots mode every time it detects a Honda in the highway.
It's destruction of property. (Or, since we're talking about software here, illegally depriving someone of their licensed usage of a product.)
Of course, the anti-spy people could treat these countermeasures as an engineering problem.
A couple possible (partial) solutions:
1) Check for beligerant spyware during the install process (the install program would presumably be running from a CD, so it couldn't be corrupted). Later, if it detects that spyware is being installed, fire off warnings, send e-mails, make logs, etc. to make sure that the spyware can't cover it's tracks.
2) In the documentation, note that failure for the program to run or a crash could indicate the presence of spyware (and that you should run an "emergeny check" from the install disk).
3) Put a check on the integrity of the software in the MBR (using CRCs and such). If a spyware messes with that, it should trip off the BIOS virus checking. That would also have to be documented of course so the user understands what the heck is going on.
4) Have the anti-spyware run entirely from a separate disk (maybe a boot disk to be sure the spyware isn't running waiting to thwart the anti-spyware). When you come in to work, or sit down at your computer, throw in the disk to be sure nobody installed spyware when you weren't there.
5) Make the anti-spyware as stealthy as the spyware. If the spyware or the person installing isn't aware of the presence of anti-spyware, the anti-spyware is much more likely to be successful. Using polymorphic code, constantly changing file names, etc. could probably be pretty effective.
None of these solutions are perfect of course, but a bit of a battle is probably inevitable, as the two types of software both have legitimate and illegitimate uses, and the only way one of the two can succeed is by defeating the other.
... "Give me a woman who loves beer and I will conquer the w
I've read about the use of spyware in the past... some very large companies make use of it. I seem to remember that Deloitte & Touche uses some spyware that's rather... comprehensive. I want to say some of the features included (among other things)...
- Logging every keystroke you make
- Logging the title of every window you open
- Recording screenshots of windows
- E-Mailing all of this to a designated person...
Not only is it something they use internally, it's also something they use in their consulting activities, on their clients' computers! You hire them, and you're under a microscope... very Big Brother. It goes way beyond the spying that's possible with the last version of Microsoft SMS that I used. (I admit, it's been a while!) Also, I've noticed that some people really don't pay attention to the fact that SMS has 'remote viewing' capabilities -- your sysadmin can watch you browse just like he/she watches the evening news. Then again, SMS's installation is rather obvious -- at least to the technically inclined.I have to consider the other hand as well... If you're hiring a consulting company, they have an obligation to do their job to the best of their ability. That means using all the resources legally available to them -- no matter how distasteful. If you've got someone who's supposed to be doing data entry, and they're actually running their own little eBay store out of the supply room... well, you're going to need all the ammo you can get to convince the boss to fire his brother!
With the sentiment of "It's OUR computer, OUR time, and OUR money!", I don't think you're going to be seeing spyware-free companies advertising the fact anytime soon.
In fact, with the precedent that computers have been and continue to be monitored; a company could incur severe liability for deliberately not monitoring! Consider the potential liability burden when you don't catch sexual harrasment or some particularly nasty criminal activity... What happens to the company when it's shown that 'standard industry practices' would have given advance warning of, or even prevented [some illegal event]?
What happens? A check with LOTS of zeros to the left of the decimal... at the best, your lawyer gets it. At worst, THEIR lawyer gets one, THEY get one, etc...
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
By technical definition, spyware is a virus.
Uh, no. Spyware are just applications that do what they are designed to do, and are loaded on just like any other application. A virus breaks into your computer in unauthorized ways. A virus can be spyware, but spyware is not a virus.
If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.
And would you also sue a binocular manufacturer if someone spys on your wife in your backyard?
Sometimes it's best to just let stupid people be stupid.
Viruses, Spy Software, Trojans, etc.
Every operating system should have a sandbox that looks like the rest of your computer where you run programs you don't trust. When the program tries to install itself perminately or hook itself into a DLL, it will only do it to that particular sandbox.
This sort of protection has been supported by Intel since the 286, why is it we still don't use virtual machines for security purposes?
"Communism is like having one [local] phone company " - Lenny Bruce
Compare these quotes: Haight said. "It's just the way the security of our software works. It won't allow (anti-spy) software to run." And a few words later: . SpectorSoft says its software is for monitoring, not spying, and tells purchasers to always advise computer users they are being monitored. Well, if that is the case, why is he bothering to disable WhosWatchingMe? Grrrr. People who lie so blithely piss me off.
I was one of the original authors and an original founder back in '98. We sold our shares in '99 and got out because of the way it was being marketed. The product was never intended to be a "Catch your cheating husband" type of product. It was intended to monitor your child's Internet experiences and protect them from pedophiles. Doug Fowler (dfowler@spectorsoft.com) was the guy that pushed this tactic of spying on your partner and your employees. We felt that monitoring another adult, without their knowledge, clearly violated their civil rights! They avoid lawsuits now by placing a disclaimer that you agree to inform the individual that you monitor. In reality, no one ever does.
It's a classic case of the marketing weenies convoluting a product to fit a malformed business model. There's MORE MONEY selling a product to catch your "cheating husband" than to protect your kids. It feed on paranoia.
The good news is most developers could spot this product on their machine. Keystrokes slow down, mystery files appear, etc. It leaves a small footprint, but it's still a footprint. Don't look for it (Spector) in Task Manager. It's hiding in another application.
psxndc
The emacs religion: to be saved, control excess.
The scenario sounds familiar, but the names do not. On the old Sun terminals, you could do a screenshot of another user's terminal. It was always interesting to do that to someone, just for the fun of it. That was before the net really existed though, so not much of a chance of catching someone looking at pr0n. What was really cruel was to dump the passwd file (or a binary) to all of their terminal windows. he he. You could hear the cursing across the cubicles. I always found it more fun to just send a CRLF to them, because it wouldn't be so obvious that they got nailed. Oh, and you could display background images on their terminals too. THAT was always a sure-fire way to cross the line, especially if you did it just before their boss walked up. We even had a script called "pissoff" and when you ran it, it would prompt you "Which user would you like to piss off?". Pick from the list, give it a message, or a file to dump, and watch the ensuing hilarity.
My beliefs do not require that you agree with them.
The Computer Misuse Act makes it a criminal offence to alter the behaviour of a computer system without the permission of the owner.
The difficulty here is in getting it to court...
At which point we are no longer talking about his PC. He's merely asking for control of his own personal property. The company is asking for control of its own property. There is no conflict here.
I would hope, however, that if you did see the need to install this software on your company's machines, you would be decent enough to let the employees know that they were being monitored.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
In this country, based on the lawyer-fication (and simultaneous puss-ification) of the United States, intent often has a lot to do with whether you win or lose in court.
To win a lawsuit against somebody who built a product that was used to commit a crime, you have to prove the manufacturer intended the product to be used to commit a crime. While it would be hard to argue that the binocular manufacturer intended the product to be used illegally, it might not be so tough with the Spyware. Consider that Spyware has only one function, to collect data without the knowledge of the person under surveillance.
Further, if you check out the web-site, you'll see that the Spyware referred to in the article has a "remote stealth install" method, rather similar to an Outlook/VB Script virus.
You send the victim (er, your husband) an email with the "stealth installer" executable attached. If your target is an average Outlook user who double-clicks on every attachment he gets, all he'll see is...Well, nothing. According to their web-site when the target clicks on the stealth installer the software is up and running in a few seconds without alerting the target to its presence.
No, it's not "technically" a virus, it's a trojan horse. As far as I know, there's no special legal protection given to authors of Trojan Horses who sell them for profit.
Who did what now?
Everyone seems to be ignoring one very important point here - this isn't a balanced situation. People are acting as if Software A makes Software B fail and Software B makes Software A fail so it's a two-way street. It ISN'T! Software A does NOT make B fail, it merely exposes the existence of B. For this, B retaliates by making A fail altogether.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Amen to that. I run RedHat, and keep my pr0n in a .pr0n directory right there in my home directory. I couldn't possibly imagine her finding it. All she knows how to do is connect to the internet and browse the web.
Cheers, Joshua
When in danger or in doubt, run in circles, scream and shout!
That's it. I'm no longer part of Team Sanity.