Slashdot Mirror
AOL Hacks Subscribers' Computers
ctwxman writes "If you're running a recent vintage version of Windows, and connecting to the Internet with an IP address reachable from the outside world, you've probably seen them. They're rectangular boxes that pop-up out of the blue with advertising. These aren't pop-up (or pop-under) browser ads but actually a weird misuse of Windows Messenger Service, a mostly useless tool which Microsoft has left on by default! Though similarly named, this isn't at all related to Microsoft's IM product. You can't block these pop-ups by shutting down ports, because Windows Messenger Service shares some ports with other useful services. The best way to stop the pop-ups requires the user to readjust some internal Windows settings. As you might imagine, many users are reticent to do that. Now, AOL has come up with another solution. They're going into subscribers' machines, without asking and making the adjustments themselves! Though the short term result will probably be good, there are all sorts of implications when your ISP just reaches out and decides how your PC should be configured without your knowledge." The Computer Fraud and Abuse Act makes this clearly illegal; if this were a 17-year-old instead of AOL, the FBI would be investigating.
I hope this helps.
--- Ban humanity.
Turn off Messenger
Yeah, but the idea of your ISP fuX0ring your computer isn't so cool. But at the point where you use an OS that *lets* your ISP do that shit, AOL isn't the greater evil.
-Looking for a job as a materials chemist or multivariat
I think even non-slashdotters colud manage:
. shtml)
Disabling the Messenger Service
You can disable the Messenger service if you want to although doing so may result in Windows not being able to alert you to some conditions. A list of circumstances when Windows will use the Messenger service to pop up informative windows isn't available right now but may include things like "print job complete", anti-virus, and event logger status messages. Also, "new mail" notifications may not be available in an Exchange/Outlook environment.
Windows 2000
1. Click Start->Programs->Administrative Tools->Services
2. Scroll down and highlight "Messenger"
3. Right-click the highlighted line and choose Properties.
4. Click the STOP button.
5. Select Disable in the Startup Type scroll bar
6. Click OK
Windows XP
1. Click Start->Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Services
5. Scroll down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties.
7. Click the STOP button.
8. Select Disable in the Startup Type scroll bar
9. Click OK
You can verify the service is disabled by typing the following at a command prompt. If no message appears, the Messenger service has been disabled.
* net send 127.0.0.1 "test"
(blatantly ripped from http://www.jmu.edu/computing/security/info/winmsg
No. Vintage just references a year. There is no reason to infer anythong about relative age from the word "vintage".
Why *doesn't* AOL start putting MS patches on their CD's?
Because Microsoft told everybody not to, I guess (I know this is about cover-mounted CDs, but thats typically how people get infected with AOL).
"internal Windows settings?" That's like calling daemons internal Unix settings. They are separate programs. Turning them on and off isn't even HARD.
Exactly. Changing from disabled to manual or automatic for the startup type is very easy. Easier than starting and stopping unix daemons. Just because the author wasn't immediately familiar with the process doesn't mean it's hard.
Uninstalling software is hard for people that don't know how to use their computers.
Ummm, no it doesn't. Should AOL be doing this? HELL NO. If AOL did it to MY system, I can guarantee I would be filing a lawswuit. But it would be a CIVIL suit, not a criminal action.
Why you ask? Because criminal statutes are drafted very carefully and interpreted narrowly. The reason for that is that it is a basic legal principle that people should have adequate notice of what is a crime and what is not.
Now before I get flamed by everyone who has heard the saying, "Ignorance of the law is not an excuse," let me tell you that "notice" of the law is provided by publishing the law so it is publically available.
Without going into gory detail, I can tell you that the statute cited in the post, 18 U.S.C. 1030, is not violated if all AOL is doing is shutting off Windows Messenger. Is it right? No. Is it a crime? No, because all the requirements for it to be a crime ("elements" of the crime) are not met. At least I don't see any evidence that would support it. Specifically, on first glance, I don't see any of the following that would be necessary to sustain a conviction under some subsection of the act:
- Obtaining information from the computer that the United States has determined needs to be protected (or some other information that can be broadly categorized as potentially harmful to the interests of the country);
- Obtaining financial information or credit reports;
- Obtains anything of value...
The list goes on, but you get the point. What you SHOULD be asking is why the FBI is not prosecuting SPAMMERS under this act. There are sections that would cover some types of spamming activities.One last rant -- if you aren't a lawyer, don't give opinions about what is and is not a crime. You can be sued for defamation (libel, slander) for accusing someone of a crime. You wouldn't get advice on how to code from someone who knows nothing about computers. Don't take legal advice from non-lawyers.
Laws affecting technology will always be bad until enough techies become lawyers.
There's a few subtle differences here... a: Microsoft's auto updates automatically update MICROSOFT Products, not go in and turn off a service that is not their own, and (while most say it is worthless and just a big security hole) actually may be in use by some people. 2: Microsoft Auto Updates while enabled by default still CAN be disabled, before they even do anything, as the default setting is set to prompt you before it even downloads. While I have no sympathy for any sap using AOL and getting their computer fussed with by their ISP run by shaved apes, I also disagree strongly with said shaved apes thinking it's ok to just go in and fix things their way. I also agree that the Messenger service SHOULD be disabled... but not by an ISP.
If you can't beat your computer at chess, try kick-boxing.
Um, no. Business licenses in the US are mostly local (city) government things to gather some tax revenue.
Anyone can set up shop as an ISP tomorrow.
I just installed v. 9.0 of AOL just to get their agreement. Below you will find the agreement in its entirety. One thing to note..... I do not see anywhere they inform the user they have the ability to modify their os settings other than the base install. Happy Reading.
Welcome and thank you for joining America Online ("AOL"). By registering for AOL membership or using AOL services and products, you agree to be bound by this Member Agreement and the rules and policies published on AOL (including AOL's Community Guidelines and Privacy Policy). You also agree to transact electronically with AOL.
1. ABOUT THE AOL TERMS OF SERVICE
This Member Agreement, the Community Guidelines and the Privacy Policy collectively make up the AOL Terms of Service. The AOL Terms of Service govern your AOL membership and your use of the AOL Online Service and any of the AOL Services (as defined below). Certain features and services offered by AOL and its Suppliers (such as AOL Call Alert, AOL Instant Messenger, Broadband for AOL, and MusicNet on AOL) contain additional terms or guidelines that supplement this Member Agreement and will govern the use of those services. You will have an opportunity to review the additional terms before you sign up or use those services.
2. DEFINITIONS
AOL will use the following terms in this Member Agreement:
a. Account - The original account you open when you register for AOL membership through which you obtain access to the AOL Online Service and other AOL Services, and all sub-accounts or other accounts opened under your original account.
b. AOL Online Service - The primary U.S. subscription online information, entertainment, communications and transactions service, including all Software for accessing and using the service.
c. AOL Services - The AOL Online Service and all other websites, services and products offered by AOL.
d. Content - Information, software, games, communications, photos, video, graphics, music, sound and other materials provided by or through the AOL Services.
e. Software - Any software made available from AOL or a Supplier, whether preinstalled, given on a medium, provided by download or upgrade, or made available online that enable you to access and use AOL Services.
f. Supplier - Any third-party distributor of AOL Services, any third-party provider of Software for AOL Services, and any third-party provider of Content for AOL Services and any third-party telecommunications provider.
3. QUALIFICATIONS FOR MEMBERSHIP
You must be a U.S. resident, at least 18 years of age and legally able to enter into contracts to qualify for AOL membership. If you are not yet 18 years old, you may use AOL Services only if the account was created and registered by your parent or guardian. AOL reserves the right to limit you to one free trial or promotion that cannot be combined with other offers.
4. REGISTRATION FOR MEMBERSHIP
You must register in your own name and provide true and current information. AOL will open an Account for you when you complete your registration. You will select (or AOL will assign you) a primary screen name that will be identified with your Account for the life of your account. You can use this primary screen name to log on to AOL Services and to send e-mail. You will not be able to change your primary screen name; however, depending on your plan, you will have the opportunity to open sub-accounts by creating additional screen names. Screen names may not be vulgar, used by someone else, or impersonate someone else. AOL in its sole discretion may reject the use or assignment of a screen name. All AOL screen names affiliated with your Account are the property of AOL and, at AOL's sole discretion, expire upon the cancellation or termination of your Account. Please visit Keyword: Screen Names to review all guidelines regarding screen names. If you open a sub-account for a child under the age of 13, you certify that you are the child's
alias dir='rm -rf
I found this on the microsoft page linked in the article above:
WORKAROUND
To work around this issue, turn off the Messenger service. To do so, follow these steps:
1. Click Start, and then click Control Panel (or point to Settings, and then click Control Panel).
2. Double-click Administrative Tools.
3. Double-click Services.
4. Double-click Messenger.
5. In the Startup type list, click Disabled.
6. Click Stop, and then click OK.
HTH
--
Long-term effects of Bush deficits
It isn't difficult. It is as easy as typing
sc stop messenger
sc config messenger start= disabled
on the command line.
If typing things on a DOS style prompt scares you, you can go into control panel and disable the messenger service.
For anyone who wants to remove Windows Meesenger from their computer but doesnt know how, click here [grc.com] for the download page of a program written by William Gibson