Slashdot Mirror
Zone Alarm Vs 180 Solutions: Zango hooks?
Sub-Seven writes "Found at Vitalsecurity.org, they detail how a Microsoft MVP pulled the Zango file to pieces, and discovered some interesting facts about exactly what a "simple" fun and games application does to a machine that its running on. Hooking into Windows OneCare and Microsoft Antispyware? What's that all about? "
You must be new here.
Is it just me, or is the friggin slashdot summary got more information than the linked article?
Thats gotta be a first...
Ohhhh... it's saying 180Solutions is Spyware.
One word: Duh.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Zango dango bo-bango, banana fana fo-fango fe-fi mo-mango, Zaaaango.
Zango is not the same as ZoneAlarm. ZoneAlarm is prosperous and protects against spyware and firewalls. However, because ZoneAlarm contains hooks, the phishers go wild for vulnerabilities. It's vulnerabilities, folks, that I'm talking about. And if you don't believe it, call me a goatse spammer or something.
A poem about microsoft goes like this.
His name is Bill Gates
His os makes for long waits
So does his ISP
But you
are through
The linked-to blog article is clear as mud
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Um...not sure what's going on here...but I think software firewalls have to be one of the silliest 'security products' out there. I still can't believe cable companies don't distribute modem/routers to users and remotely configure them to block the commonly exploited ports and protocols.
My conspiracy theory is that they have big investments in the software firewall companies...and in existing non-router cablemodems.
SO we suffer.
Blar.
It wouldn't surprise me if 30% of my IT company's income came from user stupidity combined with software such as the XCP, spywared games, and other fun entertainment products. Yet this is just the market at work. Loopholes are found, usually because of click-through-licensing. Companies will always attempt to build their markets and consumers will always find the bad seeds.
It is very important to realize that as long as end users continue to install these programs, marketing companies will feed their needs. You could ague for laws against these backdoor programs, but it wouldn't solve anything and in fact might make the problem worse as companies find sneakier ways to get into your desktop.
The only way to make a smart consumer is to inform them of the bad things. This means getting the word out, telling others to be careful, and even offering training for groups. My company makes a good profit on spyware, but we offer completely free training days for companies that want to save money by training their employees in safe web browsing. I don't think the answer is "Install Linux and Firefox and the problem will go away!" If Linux/Firefox occupied 90% of desktops, the marketing companies would find a way to take advantage of that platform.
Smart users are informed users are users who won't continue making the same mistakes. Finding band-aids through legislation or discrete installation of anti-spyware software isn't going to solve the problem.
As a sidenote -- the reason for training my customers in smart browsing techniques is a selfish one. As we reduce a company's cost of doing business, our referral rate skyrockets. The less we work/bill, the more work we have to bill. If you're a consultant and you're not seeing a decent increase in your customer base every year, you're not doing a good enough job. There is more work in the U.S. than is being tapped, and it is usually because companies aren't seeing things getting better.
180 is angry about their program being flagged as spyware. So what? Isn't that true? I do know for sure that 180 Solutions is a company that installs a LOOOOT of tracking cookies...Besides...who needs a "search assitant" when you have Google?
Hey! Those poor saps out there who don't have your fancy-shmancy high-speed internet connections need software firewalls - unless you can figure out a way to block ports on my modem.
Basically after RTFA seems to me that 180 and friends are trying to deny what the app actually does, It was interesting to see the M$ explaination of the Procedure call.
TBH 180 and all those other search / tool bar(ish) things are spyware to improve your popups and help slow your PC to a crawl.
--
Put a link to the article on the same page as itself, thereby upping your Google ranking.
Blogs are awesome.
It doesn't mean much now, it's built for the future.
180Solutions was complaining that "ZoneAlarm was advising that our 180search Assistant "is trying to monitor your mouse movements and keyboard strokes" well let's see after reading the above ... that description looks right to me.
This is worse than spyware. This could be used to transmit your account codes and PINs, passwords, etc.
Sounds like stealware(TM) to me!
HexaByte - he's a square and a half!
searching arroung I was able to find, and http://www.spywareguide.com/product_show.php?id=50 7
http://www.benedelman.org/spyware/180-affiliates/
The whole reason for the lawsuit wasn't because 180 was pissed with misleading statements, it was because a potential business partner of 180solutions had concerns about associating their company which Zone Labs had tagged as a high security risk.
Well, if legitimate companies are afraid to associate with spyware companies, then I'd call that a good side-effect of the Sony malware mess.
For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards, providing them with a lot of free labour.
What about all those people providing support on Linux/MySQL/Apache mailing lists/forums etc - what
are they? Unemployed losers or OSS champions?
Why link to some guys blog with inane comments, when you can link to the page he refers to? Lots more information there.
What is it with blog pages that link to another blog, which links to another blog, and so on? If this is how things are done in the blogosphere, then my already low opinion of bloggers just slipped a little. Just provide a link to the original f**king information!</rant>
Hi I think this text shed some lights: http://blog.180solutions.com/PermaLink,guid,5795b8 5d-feea-4656-93e1-d788a01f760a.aspx
Poor people @180solutions that suddenly found their spy-ware being detected by Zone-lab's Zonealarm. Zonealarm is obviously a great piece of software. So when 180Solutions became aware of this, they saw their business-model go the way of the dinosaurs.
180 is suing ZoneLabs for a very specific and narrow statement as far as I can tell. ZoneLabs says 180 is monitoring key and mouse info, 180 says it is not.
The analysis linked from TFA explains that he found evidence of setting a windows hook. The question is, does Zango use that hook to collect mouse and key info, even for a short time, or are they using the hook for other purposes? What would those purposes be?
This is IMO becoming a problem in a lot of games. Counterstrike, World of Warcraft, Valve with its Steam engine, crap like punkbuster that scans your entire drive, registry and who knows what else, just to make sure you aren't cheating. And we are not talking about minor game companies here.
Don't get me wrong, cheating is a major (if not: the worst) problem in online games, but the lengths to which game providers go to assure (a) that you are using a legally bought version of the game (most important) and (b) that you are not using modified drivers, game libraries etc. in order to cheat (game company couldn't care less, but it costs them customers so they have to care..), could certainly make some of them be rated as 'spyware'. Then again, so can Windows XP itself. After users accepted that activation crap from Microsoft, where else could you expect this thing to go? If Microsoft is allowed to do it, then why not $small_corp_with_questionable_ethics?
(obviously, the answer is that Microsoft should not be allowed to do it in the first place, either. But as it is, this company might actually have a point - if Sony can do it and not be detected for over half a year, why can't they? The idea is ridiculous ofcourse, but hey...)
Every expression is true, for a given value of 'true'
I think they are OSS Champions as long as they are still classified as college students. After they graduate, they are unemployed losers.
Those active in other communities (ie Linux) are not told that they are unemployed losers for helping people out. So what if a bunch of us want to actually help people by making use of our expertise?
Not every MVP is an expert in every area, but they are an expert in the area that they were awarded in. For example, my award is in Mobile Devices, but I'm far from being an expert in FoxPro.
[...] unless you can figure out a way to block ports on my modem.
Done and done. Other types of "dial-up routers" exist, but this is the one I re-found first. Again, nothing wrong with software firewalls, as I like knowing when programs try to use the network, but they aren't a magic bullet.
...with a name like 'Zango' that offers free games.
It will only lead to great suffering.
He who knows best knows how little he knows. - Thomas Jefferson
Employed losers.
free with windows.. I forgot who owns it now though.
Welcome to Zango com - at Zango com you can monitor everything. Hmmm - rings a bell!?
AT&ROFLMAO
Um, you certainly don't need to give pro-Microsoft answers to become an MVP. I've given plenty of answers berating .NET or Visual Studio in comparison with Java or Eclipse (where appropriate) but have still been awarded as a C# MVP three times.
You're right that it's a participation award, however - it's definitely people who are helpful to the community rather than *necessarily* the brightest stars. You don't necessarily have to be a genius to help a lot of people. That doesn't mean there aren't plenty of extremely bright people in the programme though.
may be in vain but, I don't think the article provided any proof that the software recorded mouse and keyboard input... it calls home but to do what? may be I'm getting used to Mark Russinovich'ish (http://www.sysinternals.com/blog/2005/10/sony-roo tkits-and-digital-rights.html) scrutiny style?
The Slashdot summary has more info than the linked article, but the impressive thing is that the Slashdot summary still is only barely written in complete sentences. I mean, I'm a sysadmin with about ten years of experience, I've been reading Slashdot for years, and not only can I not understand what the article says, I'm not even sure what it's supposed to be about. Someone not flagging spyware when they should? Or tagging it as spyware when it shouldn't? Or... christ, I give up. Not worth it.
Do I bring it up in everyday conversation? No. Just like I don't bring up any of my other certifications or educational qualifications either (like my MCP, or even my BSc).
What about all those people providing support on Linux/MySQL/Apache mailing lists/forums etc - what are they?
Bored, since their platform of choice tends to Just Work*.
* - after 1500 hours of nonstop configuration.
Software Firewalls are useless! I can configure my cheap-ass 5 year old netgear router/hub to deny outgoing connections on specific ports just as I can control incomming.
If your PC is compromised enough that you have un-wanted programs sending data to third parties...you've got much bigger problems. If that malicious code is already running on your machine, your 'software firewall' is just as vulnerable as any other program.
Blar.
You really need applications to not require Admin access to install (e.g. OS X) and than you can feel secure about your firewall. Don't install any dodgy apps that require admin access.
For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards ...
/. are admittedly funny at times, but this is as unfunny as it is unfair. First, only web weenies would refer to news groups as message boards. Second, those groups are an invaluable resource, being freely available, active, and representing a wide cross section of experience, they're one fo the few places where you can find honest and up-to-date information. And third, while Microsoft does offer a pseudo subscription-based pricing for "guaranteed responses" (from the MVPs, among others), most posts are the result of volunteer efforts.
/. is annoying enough without being forced to justify the efforts of those trying to help others, irrespective of the venue or their individual capacity.
The MCSE jokes on
Perhaps the next time you send a question off to debian-users, for example, hoping for an answer from one of the "regulars", you avoid suggesting that any of them must be an unemployed loser for bothering to respond. Unless playing the part of a troll is somehow more rewarding.
If it sounds like I'm pissed off, yeah, I am. Having to defend something Microsoft related on
As for anyone else using Windows and is unfamiliar with usenet, I'd suggest exploring the ms.public hierarchy with whatever news client you have available, and get into the habit of reading a few of them before applying the latest patch or service pack, or are otherwise trying to resolve an issue or trying to learn something. The top posting is murder, but the information is free and unlikely to be available to the same extent anywhere else.
Now he says that clicking on the popup in question installs an Apropos spyware.
Probably a mix of both. I'm gainfully employed as a software developer, and manage to provide support for a few applications which the company and I use on a regular basis. However, I could also agree that some of them also do it from their mother's basements.
BeauHD. Worst editor since kdawson.
I think that's the most simple way to put it. These companies and companies like these simply value their own interests over that of their users in way that breaches respect for their users/customers. In addition to any legal action that is going on or should be going on, there are other actions that I think should be going on as well. Such actions should include protests and any other way that can be used to raise public awareness.
Sony has displayed for all to see that they do not respect their users or their computer systems. 180 Solutions, as much as they have tried to deny their intent, have been shown to write code that does things that... well, it "shouldn't." Again, more than a casual or accidental display of disrespect or even contempt for the user.
"Tarred and feathered" would be the treatment they'd recieve not too many decades ago -- their leaders would be grabbed by anonymous people, put on public display and humiliated. Now that we are somehow beyond this horrible behavior in today's more civilized society, I guess these fraudsters have a lot less to fear from the anonymous public at large.
In my view, there will probably always be these types of people. I truly fail to understand where these people come from, what they are thinking and why they think it's okay. These types of people are truly troubling to me and to my conscience somehow -- perhaps I don't feel as if I am personally doing enough... perhaps my own vigilante drive not being acted upon has something to do with it -- I suspect so. I wish and hope and dream all of the worst for these types of people since it seems these types never quite reap what they sew.
Just out of curiousity, can anyone see any possible legimate/non-fraudulant use at all for a 3rd-party company to have keyloggers installed in their software?
Personally, I'd be happy to lay down cash for a device which works as both. Having a device which has a secure (keyed or passworded) connection to the host machine and could be updated with incoming/outgoing block rules would be wicked. I have a 'nix box with iptables that does this to some extent, but it can't specifically block a piece of software running on the NAT'ed boxes (mainly because it doesn't know what is running).
Now one way would be to have a piece of software running on the client boxes which updates the router as to what software is running which ports, and which is authorized etc. At that point you'd still be running the overhead of software on the machine, but possibly less than if it were doing all the actual firewalling, etc etc.
The Sony-BMG copy prevention threads should teach modern-day /. readers that asking the proprietor what they do with the information they gather is not enough freedom for the user. According to freedom-to-tinker.com, Sony lied about their software saying they didn't track information on the user's usage, then they admitted they did and said this was okay because they didn't do anything with the information that they collected. Sony-BMG and First4Internet's uninstaller doesn't actually uninstall the software that people don't want to run when they put certain music CDs into their Microsoft Windows computers.
It doesn't really matter what the proprietor says the software does because you have no permission to verify their statement, change the software to suit your needs, or distribute the improved software. There are technological and legal restrictions to prohibit all of this. Better to realize that all computer users deserve software freedom, and that all proprietary software, regardless of ostensible purpose, is untrustworthy.
Digital Citizen
What about all those people providing support on Linux/MySQL/Apache mailing lists/forums etc - what are they? Unemployed losers or OSS champions?
Yes.
I submitted this story last night, and it didn't get posted.
That should, of course, read 'banananana', and the whole thing is intended to be sung as per the middle section of Bohemian Rhapsody.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Reduce, reuse, cycle
Ed Foster's Gripe Log is following the Zone Alarm v. 180 story, and he has a much more readable summary at his site: http://www.gripe2ed.com/scoop/story/2005/12/5/8255 5/7508
I am not a crackpot.
The answer - it can't.
Your handy http/ssl proxy will just merrily forward that traffic on to the companies CGI webserver and they've got through again.
Your comments about "service level attacks" that break the protocol specification are out of place here too. The malware can post totally legitimate http/ssl to a parent company server and communicate all the information it needs to.
The easy solution for those big name companies is to be very up-front about it. Give the user the option to install the anti-cheat software or not and explain to them clearly what it's for. Then design your software so that users without the anti-cheat cannot participate on the same servers as those with the anti-cheat. Explain this to the user as well. In the end they make an informed choice on what gets installed and if they choose to do so, they have no right to bitch about it.
That's a false dichotomy. The all-important difference is that one group is working for free for some rape-ass giant corporation, while the other does it for a cause that IMHO is best described as being for the general good.
The difference is pretty obvious, no?
We just discovered (last Friday, at 4:00pm of course) that "SpySweeper" is labelling one of our components (a general-purpose image processing library) as spyware. After a little digging, it turns out that a program called TrueActive Activity Monitor installs a file with the same name as our component.
But, we can't tell if it actually *is* our component or if they just have a file with the same name (not very likely) - because our anti-virus and anti-spyware apps freak out when we open the TrueActive installer to see what their version of the file actually is. Either way, SpySweeper says our component is an "activity monitor" and this is freaking out both our customers and our customers' customers.
We're talking with the people who write SpySweeper, to get this fixed, and they've been helpful so far. So hopefully, this will be resolved soon.
I have discovered a truly remarkable proof which this margin is too small to contain.
Interesting. I had a call come in this morning, and ZangoToolbar was something recognized by Trend OfficeScan Anti-virus as a ADW Virus. Open /. and here is the story. Well orchestrated. I'm buying Zango a pizza.
First, of course, they'll want to see all of 180 Solutions' source code, so the objective validity of the "trade libel" claim can be tested. (Truth is an absolute defense to libel under US law.) Then, they'll want to depose key programmers under oath. 180 Solutions has some unpleasant disclosures coming up.
Zone Labs is owned by Check Point Software, which had income of $280 millon on revenues of $500 million last year. They can afford litigation.
I'll second this. An even more valuable resource is http://groups.google.com/ . That's a favorite place for me to search when looking up technical, troubleshooting, or user opinion on my favorite topic of the minute.
Thanks,
Leabre
Subscribe to Ed Foster's Griplog for good stories about computer industry abuses. For example:
Case Against Zone Labs (ZoneAlarm) is 180 Degrees Off
I read that m$ antispyware doesn't tell what zango is. I also noticed that it tells firefox is a spyware because it replaces the default browser. Hey M$! It replaced the default browser with my consent, what's more, I initiated the replacement by downloading & installing Firefox. So I wonder why msantispyware can't tell what zango really is. Will they tell when they'll directly compete on the adware market???
Patents Drive Free Software as Hurricanes Drive Construction Industry
180Solutions claims that ZoneLabs is scaring off their clients. Oddly enough, most companies don't want to associated with "High risk" spyware.
Personally, I would like to see an option in ZoneAlarm where I can have the offending spyware company's officers hunted down and shot while their building is burned to the foundation. I would pay extra for that.
In the USA, we like stuff watered down, like beer, television, and freedom.
Of course, you can always read this and find out more, too :) IMHO, it's much clearer than either the article or the summary.
:)
Basically, ZoneAlarm pops up an alert because it uses some windows hook that can be used to snoop on keystrokes, and 180 disputes that claiming that they do not actually keylog you.
Of course, the software still looks like a dodgy piece of crap, but that's one person's uninformed opinion about whether it feels dodgy, not a statement of material fact
I'm starting to wonder how it's physically possible that an OS would allow ANY app to install a hook into something as important as a keyboard driver or monitor without catching it and asking the user (at least).
Perhaps we could, hmm, motivate MS by publishing this ability as a vulnerability in the OS.
In fact, maybe we should stop allowing the OS Manufacturers to specify what a vulnerability is and come out with a list of requirements/standards that we can validate consistently against all OSes to qualify and rate their security against each other.
Not that everyone wants to be bothered with every little app, but we should be able to turn off the ability to install dangerous hooks just like we can turn off the ability to set cookies.
Either that or just make M$ financially responsible for every time a keylogger steals a bank password.
Notably, attempts to connect to 180Solutions' servers were made while performing a sign-on to the blogger's hotmail account.
It seems that it might be valuable research to take the logging to the next level. Speficically, he should setup a packet sniffer, either on the host itself or on the host's subnet and monitor the payload of the spyware packets as it calls home.
Not only would it prove interesting information to write about on his blog, but couldn't this, then, be definate proof that malevolent monitoring is actually taking place? It also seems to me that he should be called as a technical witness in the civil case against ZA.
In addition, armed with with this information it might be fun if someone in the community wrote a distributed application that would poison 180Solutions (non existant) databases with bogus data.
*grumblecakes*
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
I mean, how else? I have used BBS, then Internet since 1984. I've never gotten stung. It's simple really. Perhaps I miss out on some 'cool' screensaver or app but I like my system.
Blar.
Dude, you "are" a loser, if you beleive so highly in free enterprise ideas like donating your time, you should recognize the M$ message as being completely contradictory. Open Source Software, Medicine and Science. Community.