Slashdot Mirror
Spyware Coming Under Scrutiny
trick-knee writes "Nytimes.com has an article considering the ethics of snoopware. In it, TrueActive is given positive press for removing a 'feature called "silent deploy", which allows the buyer to place the program on someone else's computer secretly via e-mail, without having physical access to the machine', although little criticism is made for making the stuff in the first place. Supposedly, Symantec and Network Associates have added features to their antivirus programs that detect snoopware, which may be a good thing. One surprising point you may be shocked to hear is that 'at least one program... may not pose a real threat of spying, at least. Mr. Gordon said that his company's security researchers, working with the Justice Department, were unable to find any actual working software that could be downloaded from the LoverSpy site after paying the fee. He seemed less than stunned by the notion that a product advertised via spam might not be all that it was claimed to be.'"
He seemed less than stunned by the notion that a product advertised via spam might not be all that it was claimed to be.
Any orders that I take for the Brooklyn Bridge will be honoured. Just make sure that $5,000 is in my PayPal account and you're good to go.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
So you're telling me that the spyware company True Active is given kudos for deciding not to send trojans out to the public anymore?
That's like saying Jeffrey Dahmer should get kudos for not killing anyone anymore.
What I've never gotten a satisfactory answer on is: Why is it that a program that silently installs itself and is written by j.random is quickly added to the antivirus program updates, but yet if a coprpoation writes something similar, it never makes the list. Politics anyone?
Don't believe me, two words:
Comet Cursor
Nowadays, I scan with antivirus software AND AdAware on a regular basis
The Digital Sorceress
For those who hate registering, here's the google news link.
IAALS.
Google Link to story
He seemed less than stunned by the notion that a product advertised via spam might not be all that it was claimed to be
.. mean .. th-..that the hot hot young barely legal teenage vixen sluts ... DON'T really want me?
..
..
You
But the nice man in the email said
He
God, my life sucks.
This isn't about spyware (the first paragraph says so), but about programs that completely monitor users, and that to my knowledge are not bundled with freeware downloads.
These programs are simply trojans, nothing else. It's just BackOrifice or Netbus for the less technically inclined, and maybe without the remote control features.
Does this sound to anyone else like those annoying people who think they should be rewarded for feeding, clothing and spending time with their children (something they were supposed to do anyway)? Perhaps we can work out some sort of compromise: if you want to make spyware, you have to hire exclusively from the pool of "I took my kid to school! Gimme cookie!" folks.
I predict the market will be dead in weeks.
maybe it worked better than they thought by convincing them that it didn't work.
Talk about passe' -- hey, how come nobody in the spyware/drive-by-installer/adware discussion ever talks about cDc or Back-Orifice anymore? Have they been rendered totally irrelevant or are those bastards in the spyware "industry" the only ones who actually paid attention to the lessons they tried to teach about MS security?
"Lawyers are for sucks."
- Doug McKenzie
...Mr. Gordon also expressed surprise that, despite claims, his researcher's penis remained at exactly 5 1/2" in length.
because you don't have to worry about software being written for them?
eBlaster is a similar piece of software that can be remotely installed...it has the same purpose such as keeping tabs on your kids, finding out if your wife is shagging the milkman etc. Although it's legitimate commercial software, it is truly evil. Apparently eBlaster is recognizable by its main program file, which is URLMKPL.DLL (486k), in the Windows/System folder. ZoneAlarm will also complain when eBlaster tries to send reports on your activity. The Windows XP firewall will not help one bit.
When I am king, you will be first against the wall.
Yes, spyware has some tricky ethics.
Not that it really applies to my situation of course, but has it been legally decided that spyware logs from a family computer is admissible in court?
How is it different from normal archives like web history lists, cookies, or logs of chat rooms(or IM).
Is it a type of log or a wire tap. I see a wire tap as intercepting communication between two devices, but what is the device, the computer or the program running on the computer.
Many chat programs have features to capture messages to an internal log. Is it legal to turn it on, without informing the other party or anyone involved in the conversations (if you are doing it to spy on a chat-addicted mate)?
The grass is only greener, if you don't take care of your own lawn.
My sister got broadband for her windows PC. Comcast gave her a cd with the instructions "pop this in your computer and your broadband will work". So she did.
It reconfigured the network settings so the broadband *did* work-but it also changed a bunch of stuff such as the IE icon, the title of IE "Microsoft Explorer-provided by comcast", bringing up popups and breaking the browser at random moments: which was all small stuff. The thing I worry[d] about was strange proccess's running..which could be anything, because my sister gets taken in by those "YOUR COMPUTER IS BROADCASTING AN IP ADDRESS" popups.
She never signed anything, never clicked "yes", it was all autorun.
"The most looniest, zaniest, spontaneous, sporadic Impulsive thinker, compulsive drinker, addict"
An employer has every right to monitor the usage of their computers and their network, just as they can go through your desk if they want. With very few exceptions, they don't have a right to look at your home pc. (For instance, if you work for a defense/intelligence organization as a government employee or a government contractor, you must consent to additional priovacy intrusions.)
Likewise, you can monitor what anyone else does on your computer.
The issue here is that the company in question made software that could easily be installed on machines that you don't own. They reduced that potential, and should be lauded for it.
> TrueActive is given positive press for removing a 'feature called "silent deploy", which allows the buyer to place the program on someone else's computer secretly via e-mail, without having physical access to the machine', although little criticism is made for making the stuff in the first place.
Someone ought to take their sorry asses to court and see how the Feds like having the new "computer terrorism" laws applied against businessmen.
Though I personally wouldn't rate it as "terrorism", that sort of behavior simply isn't acceptable, and someone needs to send a strong message to that effect.
Sheesh, evil *and* a jerk. -- Jade
It's not illegal to write it at all. Write it and keep it in a jar, no problem.
It's a pain in the neck, but for those occassions when I really need (or want) to use a piece of software containing spyware I run a virtual PC. I've got a few Virtual PC images on my machine, one for BeOS, one for WinXP, a couple of Win2003 test servers, etc - if I'm going to run a piece of software that I either know or suspect to be risky, I just run it up on my test WinXP box.
It's usually adequate for most apps, virtualisation software has come a long way in the last year or two.
Check out Connectix Virtual PC (now owned by Microsoft), and VMWare for a couple of good options.
Alice and Bob are talking. If Alice wants to record the conversation, then she is allowed to. She doesn't need to tell Bob, although it is usually considered polite. [That is why you can record your own phone calls without telling the other side.]
Eve walks by them and begins listening. Anything Eve hears at first is a little bit questionable. The longer she listens without making herself known, the worse her legal position is. Eve interrupts and says "Hey, you two are having an interesting chat. Can I record it?" If they agree then that is not wiretap/evesdropping. If they don't agree and she records anyway, or if she doesn't ask before making a recording, that is illigal.
Online chat rooms don't have 2 talkers, but a bunch of them. Anyone in the chat room can record the chat, since they're participants. The system can log it, since that's part of their MOTD.
Beyond that, see a lawyer.
frob
//TODO: Think of witty sig statement
Last week, I made a new friend. My first, actually. But you can't believe the unforgettable memories that we've already made together. I watch him hop around, he tells me about my email, we're just like two peas in a pod. So what if his name is "Bonzi" and there are millions of others like him? To me, Bonzi is one of a kind. So cute, so playful, I can't believe that I ever lived life without him.
We try to spend every waking moment together, but sometimes I have to leave him. Like when I have to go down the hall to go pee. I've been trying to find a new place with a master bathroom so I don't have to be so far away from Bonzi. I think he really misses me when I'm gone. Do you think he does? Really?
I've been thinking lately about what will happen when Bonzi dies. But I have been thinking also that maybe he won't die as long as my computer still works. Do you think I can make my computer run forever? Can you replace a broken electroniky bit while it's still running? I just don't know what I'd do without Bonzi.
But I'm being so selfish. What would Bonzi do without me? I mean, I can't live forever. Do you think that Bonzi would get depressed and suffer with great heartache? I think that I would. He's so playful, I'd hate to see that ripped from him like a child's new gift at Christmas. My brother did that to me once - I got Optimus Prime for Christmas and he stole him. I never saw Optimus again. Well, next Fourth of July I spotted my brother a melted, twisted form that had enough red plastic in it to be Optimus. But I don't like to think about that. Who knows, we might have been as good of friends as me and Bonzi, but I'll never know...our friendship was over before it even started. Then again, maybe it was meant to be. How many best friends can one have, anyway? If I had Optimus, maybe I wouldn't have Bonzi today.
I love you Bonzi!
ME + Bonzi = BFF (Best Friends Forever)
Tu a raison.
I don't much care what the current buzzwords are. If we don't cut to the heart of the beast and show that the entire business is nothing but gross invasion of privacy EVERY TIME a new hack / bug / feature is created we will eventually accept these invasions as the standard.
If a law required you to take a spoon full of cod liver oil before each and every DVD purchase (and one for each DVD), sooner or later we would either revolt or be up to our ears in S**T.
I don't like the private sector engaging in this market and I certainly want the public sector carefully reviewed by the judicial branch for every use - wiretap / spyware whatever.
If we don't fight now, we won't be able to fight later. As it is the technology fairly well precludes anonymous surfing (my IP address can, under many circumstances, be traced to the ethernet card in any computer I'm using) and where my ethernet card is built in (laptops) I can't hide that hardware address.
The Pentium may have had the serial number shut off - but it and other CPUs have hardware serials. As the operating systems and applications become much more complex and create layer upon layer of hardware and code, the ease of exploiting the complexity of these machines will increase as well.
Anything connected becomes a spy device. Orwell didn't miss it by many years.
He seemed less than stunned by the notion that a product advertised via spam might not be all that it was claimed to be
So wait a minute...my herbal viagra may not actually work...what a letdown...literally.
slashdot, news for crazed liberal socialist zealots
or if she doesn't ask before making a recording, that is illigal.
So, unless an app (whether it be spyware, trojan, virus, whatever) pops up a 'this program may monitor your keystrokes/conversations/http traffic/tcpip packets, do you want to continue [y/n]?' dialog (or hides it in a EULA), then its illegal.
That kind of makes all those spyware programs illegal if you weren't aware they were being installed - I know many apps tell you (this is adware supported etc), but the others.... tut.
what's the penalties?
Law enforcement uses versions of the tools, and I suspect these versions will not be trapped.
Now, if you can use or mimic that software's signature, you should have a free ride to do as you please.
In the Bill and Monica circus, someone taped a conversation with Monica about the affair. I remembered talking heads (people from the news shows) pointing out that in Maryland (where at least the caller resided) it is illegal not to inform both (or all) parties about the recording.
I am sure that the laws of other states (and countries) are different. It might be great to say "this is how it is", but I believe that the real case-law involving computer conversation has yet to be written.
I suspect, however, that a divorce case would be used to set the legal precedence.
The grass is only greener, if you don't take care of your own lawn.
Online chat rooms don't have 2 talkers, but a bunch of them. Anyone in the chat room can record the chat, since they're participants. The system can log it, since that's part of their MOTD.
What the fuck does that or any of this have to do with the Message Of The Day???
It smells like you're talking out of your ass, pal.
Honestly.. these guys are UNBELIEVABLE. ;)
Never email donotemail@WeAreSpammers.com
At first I thought, "Yeah, AV companies selling a product that uninstalls another product the user agreed to, that's legal trouble."
But then I realized, the user must also agree to install the AV software. That means any actions the software takes are done on behalf of the user, and the user can certainly consent to have files deleted from his own computer. This doesn't, of course, rule out the possibility that spyware companies could sue your the mcafees of the world, but it does pretty much preclude the possibility of them winning such a suit.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
I know that some people have made references to Ad-aware, but I strongly recommend Spybot: Search and Destroy instead. Comparing the two programs is like comparing a cannon to a flyswatter. Spybot consistantly finds more snoopware, cookies, and registry files than Ad-aware. It will elimate the nasty toolbars and everything else that may irritate you, too.
We always wonder who the idiots who answer spam emails are. Looks like we found them right here.
Prof. Farnsworth - "Oh a lesson in not changing history from Mr I'm-My-Own-Grandpa!"
Cheese Eating Surrender Monkies!
Like most people, I believe we should have final say over what software runs on our computers, and over what information enters and leaves them. But on Windows machines, especially those running IE/OE, it's already hard to keep from getting infected by the steady stream of spyware, trojans and viruses that are constantly being released. And when we do get infected, it can be hard to tell because we just don't have good enough access to the inner workings of the operating system. And so we're left having to run supplementary firewalls, virus scanners, adware removers, etc., etc., in a neverending attempt to keep up. Even for relatively accomplished users of Microsoft software, it's a horrible mess and it's not going to get better any time soon. And beginners are basically screwed as soon as they go online.
Unfortunately, Microsoft's solution for the problems created by its poor design decisions may be even worse. As part of its Trusted Computing Initiative(tm), Microsoft is attempting to control the PC hardware platform to enable, among other things, remote control of our computers. It's not hard to imagine all manner of abuses, by the entertainment industry, by the government, and of course by Microsoft itself.
So big deal if TrueActive kills "silent deploy." They're just small fry anyway.
I got an email this morning from a hospital employee... and on the bottom was the infamous "hotbar" plug.
Hospitals are subject to the Health Insurance Portability and Accountability Act which makes any use of spyware toolbars (such as hotbar or yahoo etc.) on systems that may be used to access private medical records illegal.
"It was an ethical problem," he said. Mr. Eaton also noted that the feature demanded a disproportionate amount of attention from his technical support staff.
This feature became costly enough that Mr. Eaton decided to honor his ethics. If only every unethical activity was extremely costly...
The US federal law permits recording by either side if they consent to it, such as me recording my home phone calls, or my employer recording phone calls if they have notified me as part of employement. 17 USC 119.
Among other limitations in that section, employers may record employee's calls and network traffic, but may not listen to personal conversations after realizing it's personal. (Unless the employees agreed to a policy of no personal calls or no online chat, giving the business more power.)As always, a state law may further restrict your rights under law. If you are genuinely concerned, spend thirty bucks and talk with a lawyer for a half hour. Personally, if I recorded somebody on the phone and they sued me on a stricter state law, I would tell the court that I was following the federal law of which I was aware, that I was not aware of the state law, then appeal to common sense abilities like being able to record conversations to refer to it later. I'd argue on the common-sense logic of recording [or printing, if electronic] driving directions without telling them that I'm doing it, or making sure that if a telemarketer calls me under the state or federal DNC laws that I can enforce my rights. Forbidding me to record information directed to me can cause actual monetary damages (not finding a customer's home, for instance) or prevent me from defending my rights (telemarketers could deny calling me).
Finally, I would have to ask -- Does your local 911 center ask you before recording your call?
frob
//TODO: Think of witty sig statement
~0/ Froggy went a courtin' and he did ride, uh-huh, uh-huh... Froggy went a courtin' and he did ride, uh-huh... ~0/
ribbit.
I tried Spybot based on the superior ratings it received in two reviews that I read.
It pwn3d my WinboXen. Hard. (I don't think that it liked the registry the way it was.)
I'm back to using a combination of AdAware, Howard Hughes-level paranoia browser settings, ditto for email settings, and Norton firewall and AV.
Oh, yeah, and no more looking at naughty sites.
At my place of work my employer owns the restroom...
Does that mean he has the right to install spy cameras in it?
. . . but my problem today is the Spybot definition updates seems to be out of order. Two machines had the freeze-ups when trying to download the update. Haven't seen that before. Maybe they were bitten by a virus.
Those who trade freedom for security will soon have neither.
The only way someone can get it remotely is to ask your OS. Some versions of Windows will tell them, but a firewall fixes that right off. Other than that, you MAC address disappears the first time you hit a router. They pass IP (or wahtever they are programmed to route), not ethernet.
No, the real way to track you is your IP address. That, coupled with usage logs from your ISP, can identify what the computer on teh end of that link was doing. Can't gaurentee which computer is was though, or who used it. Espically with wireless.
Paris, Wisconsin?
NYT is a piece of dog shet sucks
"Online chat rooms don't have 2 talkers, but a bunch of them. Anyone in the chat room can record the chat, since they're participants. The system can log it, since that's part of their MOTD."
What the fuck does that or any of this have to do with the Message Of The Day???
It smells like you're talking out of your ass, pal.
Actually, if you are talking about logging into a unix-like system, /etc/issue and /etc/motd are good places to put legal agreements. /etc/issue would be something like "By logging into this system you are consenting to x..."
However the original poster was talking about irc, in which the motd of the irc server is displayed when you log in and does indeed include legal agreement stuff (if you disagree you can disconnect, etc etc...).
I for one am very much personal-privacy/security online, but even I have my limits. I have worked tech support before, and you'd be amazed how many 1.4 gHz processors with 512 megs of RAM can run like crap. With Kazaa, WinMX, and Limewire ALL installed with all their ad/spyware, along with cometcursor and webshots...
I mean, come on, what do you expect? Some people just have it coming to them. I've just run out of sympathy for protecting the masses. All it takes is a quick skim over the EULA. "...collects your browsing habits and provides advertisements based on the websites you visit."
Ok, I understand there are lot more people that use computers and know how to use them, but COME ON. Is there any jargon in that? I think the most complicated words in there would be 'advertisement' and 'broswing', but then again who knows how to use a keyboard without knowing what that means?
The bottom line: there are many more than adequate ways to keep your computer clean (ie if you go to a warez site and there's an installer; hint: DON'T CLICK YES), such as firewalls, adaware, spybot, etc. It does not take a genius to make use of these programs.
But then again, Murphy's Law of Technology: "Nothing can ever be foolproof because fools are so ingenius."
As opposed to spyware as I am, I figure anyone that can't comprehend such concepts pretty much deserves to have their password keystrokes monitored, etc etc.
I think I recall something along the lines of Darwinism about natural de-selection, ie let'em weed themselves out.
Partial Credit: The Engineer's Best friend
"Well, the bridge didn't fall all the way down!"