Slashdot Mirror
Zone Alarm Vs 180 Solutions: Zango hooks?
Sub-Seven writes "Found at Vitalsecurity.org, they detail how a Microsoft MVP pulled the Zango file to pieces, and discovered some interesting facts about exactly what a "simple" fun and games application does to a machine that its running on. Hooking into Windows OneCare and Microsoft Antispyware? What's that all about? "
Is it just me, or is the friggin slashdot summary got more information than the linked article?
Thats gotta be a first...
Zango dango bo-bango, banana fana fo-fango fe-fi mo-mango, Zaaaango.
Um...not sure what's going on here...but I think software firewalls have to be one of the silliest 'security products' out there. I still can't believe cable companies don't distribute modem/routers to users and remotely configure them to block the commonly exploited ports and protocols.
My conspiracy theory is that they have big investments in the software firewall companies...and in existing non-router cablemodems.
SO we suffer.
Blar.
It wouldn't surprise me if 30% of my IT company's income came from user stupidity combined with software such as the XCP, spywared games, and other fun entertainment products. Yet this is just the market at work. Loopholes are found, usually because of click-through-licensing. Companies will always attempt to build their markets and consumers will always find the bad seeds.
It is very important to realize that as long as end users continue to install these programs, marketing companies will feed their needs. You could ague for laws against these backdoor programs, but it wouldn't solve anything and in fact might make the problem worse as companies find sneakier ways to get into your desktop.
The only way to make a smart consumer is to inform them of the bad things. This means getting the word out, telling others to be careful, and even offering training for groups. My company makes a good profit on spyware, but we offer completely free training days for companies that want to save money by training their employees in safe web browsing. I don't think the answer is "Install Linux and Firefox and the problem will go away!" If Linux/Firefox occupied 90% of desktops, the marketing companies would find a way to take advantage of that platform.
Smart users are informed users are users who won't continue making the same mistakes. Finding band-aids through legislation or discrete installation of anti-spyware software isn't going to solve the problem.
As a sidenote -- the reason for training my customers in smart browsing techniques is a selfish one. As we reduce a company's cost of doing business, our referral rate skyrockets. The less we work/bill, the more work we have to bill. If you're a consultant and you're not seeing a decent increase in your customer base every year, you're not doing a good enough job. There is more work in the U.S. than is being tapped, and it is usually because companies aren't seeing things getting better.
No, that's not muddy. That's the New Journalism. It's supposed to be nonsensical and unreadable.
Put a link to the article on the same page as itself, thereby upping your Google ranking.
Blogs are awesome.
It doesn't mean much now, it's built for the future.
180Solutions was complaining that "ZoneAlarm was advising that our 180search Assistant "is trying to monitor your mouse movements and keyboard strokes" well let's see after reading the above ... that description looks right to me.
This is worse than spyware. This could be used to transmit your account codes and PINs, passwords, etc.
Sounds like stealware(TM) to me!
HexaByte - he's a square and a half!
searching arroung I was able to find, and http://www.spywareguide.com/product_show.php?id=50 7
http://www.benedelman.org/spyware/180-affiliates/
The linked-to blog article is clear as mud
No kidding. The blog article has ZERO content, apart from linking to two other sites about some program that purportedly is being flagged as spyware.
If slashdot is accepting lame "my blog entry" submissions like this (and what's with the "Microsoft MVP" comment in the submission? That's like trying to give credibility to a blog entry by purporting it to come from a "high school graduate"), then I'm going to start submitting every entry I make. Maybe I'll blog about this blog entry that blogs about a blog entry and submit that.
Ah well, like I - esteemed high school graduate and Blockbuster cardholder - said - most blogging is bloggers talking about blogging. (Yes, hypocrisy runs deep with this)
The whole reason for the lawsuit wasn't because 180 was pissed with misleading statements, it was because a potential business partner of 180solutions had concerns about associating their company which Zone Labs had tagged as a high security risk.
Well, if legitimate companies are afraid to associate with spyware companies, then I'd call that a good side-effect of the Sony malware mess.
For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards, providing them with a lot of free labour.
What about all those people providing support on Linux/MySQL/Apache mailing lists/forums etc - what
are they? Unemployed losers or OSS champions?
Why link to some guys blog with inane comments, when you can link to the page he refers to? Lots more information there.
What is it with blog pages that link to another blog, which links to another blog, and so on? If this is how things are done in the blogosphere, then my already low opinion of bloggers just slipped a little. Just provide a link to the original f**king information!</rant>
Hi I think this text shed some lights: http://blog.180solutions.com/PermaLink,guid,5795b8 5d-feea-4656-93e1-d788a01f760a.aspx
Poor people @180solutions that suddenly found their spy-ware being detected by Zone-lab's Zonealarm. Zonealarm is obviously a great piece of software. So when 180Solutions became aware of this, they saw their business-model go the way of the dinosaurs.
180 is suing ZoneLabs for a very specific and narrow statement as far as I can tell. ZoneLabs says 180 is monitoring key and mouse info, 180 says it is not.
The analysis linked from TFA explains that he found evidence of setting a windows hook. The question is, does Zango use that hook to collect mouse and key info, even for a short time, or are they using the hook for other purposes? What would those purposes be?
This is IMO becoming a problem in a lot of games. Counterstrike, World of Warcraft, Valve with its Steam engine, crap like punkbuster that scans your entire drive, registry and who knows what else, just to make sure you aren't cheating. And we are not talking about minor game companies here.
Don't get me wrong, cheating is a major (if not: the worst) problem in online games, but the lengths to which game providers go to assure (a) that you are using a legally bought version of the game (most important) and (b) that you are not using modified drivers, game libraries etc. in order to cheat (game company couldn't care less, but it costs them customers so they have to care..), could certainly make some of them be rated as 'spyware'. Then again, so can Windows XP itself. After users accepted that activation crap from Microsoft, where else could you expect this thing to go? If Microsoft is allowed to do it, then why not $small_corp_with_questionable_ethics?
(obviously, the answer is that Microsoft should not be allowed to do it in the first place, either. But as it is, this company might actually have a point - if Sony can do it and not be detected for over half a year, why can't they? The idea is ridiculous ofcourse, but hey...)
Every expression is true, for a given value of 'true'
Those active in other communities (ie Linux) are not told that they are unemployed losers for helping people out. So what if a bunch of us want to actually help people by making use of our expertise?
Not every MVP is an expert in every area, but they are an expert in the area that they were awarded in. For example, my award is in Mobile Devices, but I'm far from being an expert in FoxPro.
[...] unless you can figure out a way to block ports on my modem.
Done and done. Other types of "dial-up routers" exist, but this is the one I re-found first. Again, nothing wrong with software firewalls, as I like knowing when programs try to use the network, but they aren't a magic bullet.
...with a name like 'Zango' that offers free games.
It will only lead to great suffering.
He who knows best knows how little he knows. - Thomas Jefferson
The Slashdot summary has more info than the linked article, but the impressive thing is that the Slashdot summary still is only barely written in complete sentences. I mean, I'm a sysadmin with about ten years of experience, I've been reading Slashdot for years, and not only can I not understand what the article says, I'm not even sure what it's supposed to be about. Someone not flagging spyware when they should? Or tagging it as spyware when it shouldn't? Or... christ, I give up. Not worth it.
For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards ...
/. are admittedly funny at times, but this is as unfunny as it is unfair. First, only web weenies would refer to news groups as message boards. Second, those groups are an invaluable resource, being freely available, active, and representing a wide cross section of experience, they're one fo the few places where you can find honest and up-to-date information. And third, while Microsoft does offer a pseudo subscription-based pricing for "guaranteed responses" (from the MVPs, among others), most posts are the result of volunteer efforts.
/. is annoying enough without being forced to justify the efforts of those trying to help others, irrespective of the venue or their individual capacity.
The MCSE jokes on
Perhaps the next time you send a question off to debian-users, for example, hoping for an answer from one of the "regulars", you avoid suggesting that any of them must be an unemployed loser for bothering to respond. Unless playing the part of a troll is somehow more rewarding.
If it sounds like I'm pissed off, yeah, I am. Having to defend something Microsoft related on
As for anyone else using Windows and is unfamiliar with usenet, I'd suggest exploring the ms.public hierarchy with whatever news client you have available, and get into the habit of reading a few of them before applying the latest patch or service pack, or are otherwise trying to resolve an issue or trying to learn something. The top posting is murder, but the information is free and unlikely to be available to the same extent anywhere else.
Reduce, reuse, cycle
Ed Foster's Gripe Log is following the Zone Alarm v. 180 story, and he has a much more readable summary at his site: http://www.gripe2ed.com/scoop/story/2005/12/5/8255 5/7508
I am not a crackpot.