Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware or Researchware?

Posted by CowboyNeal on from the big-brother-is-logging dept.

prostoalex writes "When the story of Firefox Web site visitors being predominantly male was published, many questioned the methodology used to acquire such research data. This MSNBC article talks about another research company, ComScore Networks, using a free antivirus utility to lure the Web users into downloading a small utility to their hard drives. The catch? The software watches not only sites visited, but even locations of the mouse clicks. ComScore swears the final data does not contain any personal information, but, as the article states, anti-spyware utility manufacturers are still thinking whether to include it on their list."

9 of 244 comments (clear)

  1. MarketScore is included on the Black Hole DNS List by csk_1975 · · Score: 3, Informative

    anti-spyware utility manufacturers are still thinking whether to include it on their list

    If you use the blackhole dns list of spyware domains from bleedingsnort.com its already included based on this submission from doxdesk. Squid ACLs are a great way to stop these parasites and you don't have to wait for anti-spyware manufacturers to decide whether its spyware or not. Also ClamAV lets you create your own signatures so you can setup rules to detect anything you consider to be spyware.

  2. Free anit-virus? by W8TVI · · Score: 4, Informative

    Why not just download AVG Anti-virus?
    Its free, and has no spyware attached.

    1. Re:Free anit-virus? by Kevinv · · Score: 2, Informative

      It's still available:

      http://free.grisoft.com/doc/1

    2. Re:Free anit-virus? by Mishura · · Score: 2, Informative

      AVG is still Free/beer. (See other guy's post below mine or beside it for link) You just have to look for it on their website.

      ClamWin (based on ClamAV for Linux) is Free/libre Opensource and GPL'd if you prefer that. I haven't used it (Still using AVG) but I am considering trying it out myself.

  3. Re:Depends... by rjelks · · Score: 4, Informative

    Remember, Gator(or whatevertheyswitchedtheirnameto) isn't spyware either...they said so.

    --


    Tech News, Reviews and Tutorials
  4. It is still spyware by aggles · · Score: 2, Informative

    Just because you know it a piece of code is spying on you doesn't stop it from being spyware. James Bond was still a spy, even when Goldfinger knew who he was. The threat comes to others who may use the machine without knowing the spyware is running. Companies buy Comscore information and actually believe it represents normal people. No wonder so many Web sites suck -aggles

  5. Hostile code - forges SSL certs by Animats · · Score: 5, Informative
    It's more than spyware. This thing reroutes all your browser traffic through their proxy. That's how they see what you're doing. It includes rogue SSL certificates so it can capture encrypted connections. Yes, they get to see all your credit card numbers. Major universities, including UCIC, UCLA, UC Riverside, UCSD, Texas Tech, Windsor, UNC, Old Dominion, Michigan, Iowa, McGill, Carlton, Cornell, American University, Stanford, and Columbia are blocking conections to Marketscore for this reason. If you have Marketscore installed at one of those schools, you get a warning page like this.

    Some banks also block online banking sessions coming in via Marketscore's proxies.

    This is the same spyware previously known as "netsetter". There's no question about this being spyware.

    Here's Stanford's Information Security Office's statement on Marketscore.

    • Security Alert: MarketScore Spyware
      11 Jan 2005

      MarketScore (also called NetSetter) is a spyware-like application that compromises the security of all data sent or received by your web browser, even on "secure" encrypted web sites. All external browser communications are re-routed through MarketScore's proxy servers, so they have access to any "secure" traffic/passwords/accounts that otherwise would be encrypted.

      If you have MarketScore installed on your computer and have used your browser for any services that require WebLogin, your password should be considered compromised. After you have removed MarketScore from your computer, we strongly recommend that you change your SUNet password. This advice also applies to any other secure web sites you may have visited with your browser.

      The Information Security Office is directly contacting owners of machines that appear to behave as if MarketScore is present.

      Technical Detail

      MarketScore reconfigures the browser to use a "proxy server" for all non-local connections, including HTTPS connections. A proxy server is a machine that acts as a middle-man, brokering web page requests intended for other sites. So if the browser on machine A wants to visit web sites C, D, and E it makes all those requests through the proxy server B. B then contacts C, D, and E and passes the results back to A. This is usually transparent to the user on machine A after the browser has been configured to use the proxy.

      Web proxies are typically used in a corporate environment where all web traffic must be controlled or inspected centrally, although in the case of secure HTTPS traffic there is ordinarily nothing the proxy can do except forward the connection or refuse it. In this case, the proxy servers belong to a company called ComScore where they collect and analyze the intercepted data.

      While ordinarily an HTTPS connection would simply pass through a proxy securely, in this case MarketScore also installs a new root certificate in your browser so that it can decrypt all intercepted SSL connections (a "man-in-the-middle" attack) without triggering a security warning from the browser. In normal operation, browsers would complain if a site certificate doesn't match the domain of the URL, but the new root certificate tells the browser to trust ComScore's site certificate for any URL.

    This goes well beyond what Marketscore claims their program does.

    That seems to settle the issue.

  6. Re:Depends... by Tim+C · · Score: 2, Informative

    But that's true of *any* software, no matter what its intended purpose is. Hell, I know people who avoid using Firefox, because the update mechanism (used to) leaves multiple entries in the Add/Remove Programs control on Windows.

    --
    It's official. Most of you are morons.
  7. Re:Depends... by muzzmac · · Score: 2, Informative

    They USED to (2 weeks ago) collect ALL data. Even SSL traffic (Internet banking passwords and all). Now they don't do that any more. They state they throw away personal information but do state they look at Credit Card numbers. Do a five minute Marketscore Google search. They've stopped doing that recently. I'm guessing because banks have started blocking their proxy servers. Now they let the users go straight there and send the info back. (Who knows what SSL info they send. They do use some SSL)