Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spy v. Spy

Posted by michael on from the shaken-not-stirred dept.

An anonymous reader writes "MSNBC is reporting on a brewing battle between makers of spy software and anti-spy software. According to this article the makers of Spector and WinWhatWhere have added a feature to their new software that disables the popular anti-spy software Who's Watching Me."

17 of 356 comments (clear)

  1. Vicious circle. by b0r0din · · Score: 4, Insightful

    "It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame."

    Whatever works for them, you can't blame a company for pulling this kind of tactic if it's the easiest way to do it.

    Personally, I hate spyware almost as much as I hate popups. Almost. Of course it's all a vicious circle, just like Trillian vs. AOL. One side will do one thing, the other counter it. Rarely does anyone win in the long run, short of taking it to court.

  2. Trespassing? by rhizome · · Score: 4, Insightful

    Certainly a court case can be made for one company modifying the files of the other's software. Leaving alone the obviously bad programming practice of having critical files able to be overwritten or appended to, it sucks that the courts would be the only recourse for something like this.

    --
    When I was a kid, we only had one Darth.
  3. Mmmm.. FUN! And a legal nightmare.. by Fixer · · Score: 5, Interesting
    IANAL, BIAAIL (But I Am An Interested Layman)..

    Okay, this is my computer. I purchase a piece of software that is supposed to detect snooping software hiding out on my machine. Said snooping software destroys my anti-snooper, interfering with it's proper operation and generally depriving me of it's service that I have paid for.

    Shouldn't I be able to sue the snooper software, as I did not ask for it and did not give any kind of authorization for it's installation into my system? To say nothing of the trespassing charges I'm going to bring against the snooper developer..

    --
    "Avast! Prepare for the rodgering!" THWACK! "Arrr.. me nards.."
    1. Re:Mmmm.. FUN! And a legal nightmare.. by donutello · · Score: 5, Insightful

      if the spyware was installed by someone who doesnt own the computer

      In that case, shouldn't you sue the person who installed it rather than the company who makes the software? Didn't we all agree that there was nothing wrong with writing DeCSS or Napster or other software - it was only the person using it for illegal purposes who was at fault?

      --
      Mmmm.. Donuts
  4. Grounds for divorce. by sulli · · Score: 5, Insightful

    I'm not married, but if I were, and I found my partner using WinWhatWhere or equivalent, I would walk out the same day. Such things are just not cool.

    --

    sulli
    RTFJ.
    1. Re:Grounds for divorce. by bigmouth_strikes · · Score: 4, Funny

      That's A+ in Geek; walking out of a marriage over a piece of software.

      Maybe that's why you are unmarried ? :)

      --
      Oh, I can't help quoting you because everything that you said rings true
    2. Re:Grounds for divorce. by Zeinfeld · · Score: 4, Interesting
      oh PUHLEEAASSSEEE. If you are married, you shouldn't have anything to hide from your spouse.

      I have confidential information concerning many of my clients and former clients on my machines. I do not share that info with my spouse. Nor do I want my doctor, lawyer or accountant sharing my confidential information with their spouses.

      The spyware folk appear to me to have got off very likely in the article. It appears likely to me that the overwhelming use of their wares in the long term is likely to be outright criminal, capturing passwords, credit card numbers etc. This was the modus operandi in the crimes Mitnick was sent to jail for the first time.

      The law enforcement issue sounds to me to be bogus, if law enforcement really needs such tools they would be best advised to develop them internally and use them sparingly. Genuine vendors of law enforcement tools will typically only sell to law enforcement and verify who they are selling to.

      Using the tools without a court order is very likely to be illegal in many jurisdictions. It would appear to be unauthorised modification of a computer system. If it isn't illegal already it is an oversight and it is likely to be made so.

      This story strikes me as being very similar in tone to the early stories we would hears from the hacker community. 'We never do damage' they would say, 'we only go after child pornographers and terorists', having (legally) reviewed intercepts of the activities of certain widely reported hacker's activities I can assure people that they misrepresent their actions and motives.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  5. Re:with things like this happening by ichimunki · · Score: 4, Interesting

    And as soon as more and more average users start using Linux, we'll see all sorts of fun stuff getting thrown into RPMs and .deb files and this problem will just follow. The only thing that will prevent it is the fairly high sense of ethics that most free software developers bring to their work (which is part of why I like free software so much myself).

    --
    I do not have a signature
  6. That reminds me of an entry from the Jargon File by drewish_princess · · Score: 5, Informative

    OS and JEDGAR

    This story says a lot about the ITS ethos.

    On the ITS system there was a program that allowed you to see what was being printed on someone else's terminal. It spied on the other guy's output by examining the insides of the monitor system. The output spy program was called OS. Throughout the rest of the computer science world (and at IBM too) OS means `operating system', but among old-time ITS hackers it almost always meant `output spy'.

    OS could work because ITS purposely had very little in the way of `protection' that prevented one user from trespassing on another's areas. Fair is fair, however. There was another program that would automatically notify you if anyone started to spy on your output. It worked in exactly the same way, by looking at the insides of the operating system to see if anyone else was looking at the insides that had to do with your output. This `counterspy' program was called JEDGAR (a six-letterism pronounced as two syllables: /jed'gr/), in honor of the former head of the FBI.

    But there's more. JEDGAR would ask the user for `license to kill'. If the user said yes, then JEDGAR would actually gun the job of the luser who was spying. Unfortunately, people found that this made life too violent, especially when tourists learned about it. One of the systems hackers solved the problem by replacing JEDGAR with another program that only pretended to do its job. It took a long time to do this, because every copy of JEDGAR had to be patched. To this day no one knows how many people never figured out that JEDGAR had been defanged.

    Interestingly, there is still a security module named JEDGAR alive as of late 1994 -- in the Unisys MCP for large systems. It is unknown to us whether the name is tribute or independent invention.

  7. This is a trojan horse, plain and simple. by realgone · · Score: 5, Insightful
    you can't blame a company for pulling this kind of tactic if it's the easiest way to do it.

    Sure you can. Watch. I'll do it right now. =)

    Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. That's like IE deleting Netscape if it detects it on your system. That's like your trusty Chevy switching to Battlebots mode every time it detects a Honda in the highway.

    It's destruction of property. (Or, since we're talking about software here, illegally depriving someone of their licensed usage of a product.)

    1. Re:This is a trojan horse, plain and simple. by Arker · · Score: 4, Funny

      So what?

      If you think EULAs are agreements I have a nice big stretch of seaside property in Oklahoma for you.

      EULAs are just stray scritti that superstitious publishers make you click through. No one reads them. No one agrees to them. They are no more contractually binding than my next two sentences are.

      By clicking reply you agree to transfer to me your firstborn daughter, along with the sum of $50,000, at whatever point in the future I request. If your firstborn daughter is over the age of majority at that time, I may, at my option, take a younger daughter, a son, or an automobile, in place of her. You agree that I may, if I feel it necessary, take those items you have agreed to provide me without informing you until afterwards. You agree to hold me harmless and without blame for any incidental property damage or criminal charges that may result from such action on my part.

      There, I even bolded it to make sure you read it, unlike those silly little EULAs.

      --
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-
      Friends don't let friends enable ecmascript.
  8. Counter-countermeasure engineering problem... by CaptainPhong · · Score: 4, Interesting
    It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame.

    Of course, the anti-spy people could treat these countermeasures as an engineering problem.

    A couple possible (partial) solutions:

    1) Check for beligerant spyware during the install process (the install program would presumably be running from a CD, so it couldn't be corrupted). Later, if it detects that spyware is being installed, fire off warnings, send e-mails, make logs, etc. to make sure that the spyware can't cover it's tracks.

    2) In the documentation, note that failure for the program to run or a crash could indicate the presence of spyware (and that you should run an "emergeny check" from the install disk).

    3) Put a check on the integrity of the software in the MBR (using CRCs and such). If a spyware messes with that, it should trip off the BIOS virus checking. That would also have to be documented of course so the user understands what the heck is going on.

    4) Have the anti-spyware run entirely from a separate disk (maybe a boot disk to be sure the spyware isn't running waiting to thwart the anti-spyware). When you come in to work, or sit down at your computer, throw in the disk to be sure nobody installed spyware when you weren't there.

    5) Make the anti-spyware as stealthy as the spyware. If the spyware or the person installing isn't aware of the presence of anti-spyware, the anti-spyware is much more likely to be successful. Using polymorphic code, constantly changing file names, etc. could probably be pretty effective.

    None of these solutions are perfect of course, but a bit of a battle is probably inevitable, as the two types of software both have legitimate and illegitimate uses, and the only way one of the two can succeed is by defeating the other.

    --
    ... "Give me a woman who loves beer and I will conquer the w
  9. Re: Corporate use of spyware by Raetsel · · Score: 5, Insightful

    I've read about the use of spyware in the past... some very large companies make use of it. I seem to remember that Deloitte & Touche uses some spyware that's rather... comprehensive. I want to say some of the features included (among other things)...
    • Logging every keystroke you make
    • Logging the title of every window you open
    • Recording screenshots of windows
    • E-Mailing all of this to a designated person...
    Not only is it something they use internally, it's also something they use in their consulting activities, on their clients' computers! You hire them, and you're under a microscope... very Big Brother. It goes way beyond the spying that's possible with the last version of Microsoft SMS that I used. (I admit, it's been a while!) Also, I've noticed that some people really don't pay attention to the fact that SMS has 'remote viewing' capabilities -- your sysadmin can watch you browse just like he/she watches the evening news. Then again, SMS's installation is rather obvious -- at least to the technically inclined.

    I have to consider the other hand as well... If you're hiring a consulting company, they have an obligation to do their job to the best of their ability. That means using all the resources legally available to them -- no matter how distasteful. If you've got someone who's supposed to be doing data entry, and they're actually running their own little eBay store out of the supply room... well, you're going to need all the ammo you can get to convince the boss to fire his brother!

    With the sentiment of "It's OUR computer, OUR time, and OUR money!", I don't think you're going to be seeing spyware-free companies advertising the fact anytime soon.

    In fact, with the precedent that computers have been and continue to be monitored; a company could incur severe liability for deliberately not monitoring! Consider the potential liability burden when you don't catch sexual harrasment or some particularly nasty criminal activity... What happens to the company when it's shown that 'standard industry practices' would have given advance warning of, or even prevented [some illegal event]?

    What happens? A check with LOTS of zeros to the left of the decimal... at the best, your lawyer gets it. At worst, THEIR lawyer gets one, THEY get one, etc...

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
  10. From a Ex-Spector developer... by chedrick · · Score: 5, Informative

    I was one of the original authors and an original founder back in '98. We sold our shares in '99 and got out because of the way it was being marketed. The product was never intended to be a "Catch your cheating husband" type of product. It was intended to monitor your child's Internet experiences and protect them from pedophiles. Doug Fowler (dfowler@spectorsoft.com) was the guy that pushed this tactic of spying on your partner and your employees. We felt that monitoring another adult, without their knowledge, clearly violated their civil rights! They avoid lawsuits now by placing a disclaimer that you agree to inform the individual that you monitor. In reality, no one ever does.
    It's a classic case of the marketing weenies convoluting a product to fit a malformed business model. There's MORE MONEY selling a product to catch your "cheating husband" than to protect your kids. It feed on paranoia.

    The good news is most developers could spot this product on their machine. Keystrokes slow down, mystery files appear, etc. It leaves a small footprint, but it's still a footprint. Don't look for it (Spector) in Task Manager. It's hiding in another application.

  11. Duh, the easiest solution... by psxndc · · Score: 5, Funny
    Is hide your pr0n on a separate computer. OpenBSD's learning curve is so high, my girlfriend will never find it.

    psxndc

    --

    The emacs religion: to be saved, control excess.

  12. Re:That reminds me of an entry from the Jargon Fil by gosand · · Score: 4, Funny

    The scenario sounds familiar, but the names do not. On the old Sun terminals, you could do a screenshot of another user's terminal. It was always interesting to do that to someone, just for the fun of it. That was before the net really existed though, so not much of a chance of catching someone looking at pr0n. What was really cruel was to dump the passwd file (or a binary) to all of their terminal windows. he he. You could hear the cursing across the cubicles. I always found it more fun to just send a CRLF to them, because it wouldn't be so obvious that they got nailed. Oh, and you could display background images on their terminals too. THAT was always a sure-fire way to cross the line, especially if you did it just before their boss walked up. We even had a script called "pissoff" and when you ran it, it would prompt you "Which user would you like to piss off?". Pick from the list, give it a message, or a file to dump, and watch the ensuing hilarity.

    --

    My beliefs do not require that you agree with them.

  13. More virus-like that the company might admit by Karl+Cocknozzle · · Score: 4, Insightful
    If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.

    And would you also sue a binocular manufacturer if someone spys on your wife in your backyard?

    In this country, based on the lawyer-fication (and simultaneous puss-ification) of the United States, intent often has a lot to do with whether you win or lose in court.

    To win a lawsuit against somebody who built a product that was used to commit a crime, you have to prove the manufacturer intended the product to be used to commit a crime. While it would be hard to argue that the binocular manufacturer intended the product to be used illegally, it might not be so tough with the Spyware. Consider that Spyware has only one function, to collect data without the knowledge of the person under surveillance.

    Further, if you check out the web-site, you'll see that the Spyware referred to in the article has a "remote stealth install" method, rather similar to an Outlook/VB Script virus.

    You send the victim (er, your husband) an email with the "stealth installer" executable attached. If your target is an average Outlook user who double-clicks on every attachment he gets, all he'll see is...Well, nothing. According to their web-site when the target clicks on the stealth installer the software is up and running in a few seconds without alerting the target to its presence.

    No, it's not "technically" a virus, it's a trojan horse. As far as I know, there's no special legal protection given to authors of Trojan Horses who sell them for profit.
    --
    Who did what now?