Spyware authors are already using various tricks that are usually only seen in the virus writing scene. With programs like ad-aware coming out, the anti-virus equivalent for 'legitimate' software, it wont be long before they adopt other tricks for hiding their software, in particular polymorphism. The trouble is, detecting polymorphic viruses (or spyware) is a very difficult task, not something a shareware author could ever tackle alone, it is also something quite difficult to detect through heuristics as well, more so than viruses.
Combatting spyware is going to take more than a technological solution, legislation too is unlikely to have much affect. Unfortuantly, the software industry is likely to degrade into a state where the only software you can trust to run on your machine is boxed software from the shelf from a trusted company. Even then you would need to be careful.
I have a bit of experience with polymorphism and writing undetectable code, although Id object to helping a spyware author, I'm sure there are people who wouldn't.
I think the cd_clint.dll file may actually be in the \Progra~1\Kazaa\ directory, if it is, replace it as stated above. There are also a couple registry hacks to allow you to search for audio files with quality above 128kb, as well as allowing you to raise the limit for search results up to 400, above the usual limit of 100.
HKEY_CURRENT_USER\software\kazza change the "LimitBitrate" to 0.
HKEY_CURRENT_USER\software\kazza\advanced chang e "MaxSearchResult" to 190h
In the case of Kazaa, its actually quite easy to make your own 'lite' version, there are plenty of sites with instructions on how to do this. Taken from a post to usenet:
/* Install KaZaa 1.6 */
1) Install the new KaZaa, then close the application when all finished.
/* Begin Brilliant Digital Uninstall */
2) In Control Panel, click Add/Remove Programs and find "b3d Projector". Uninstall this application (make sure all browsers are closed or it won't work)
3) Find a folder called "b3duninstall" located usually directly in your Windows folder. Delete this folder.
They are usually located in your Windows/System, Windows/System32 folder. Rename each file adding a ".bak" to the end. (or Delete them if you don't care about backing them up)
-->Note to Borland users: Borland software creates files that start with "BDE" as well, so be careful.
/* Brilliant Digital Uninstall done, proceed to Cydoor crippling */
5) Download the dummy cd_clint.dll package at http://www.cexx.org/cd_clint.zip
6) Go to your Windows/System32 folder. Find "CD_Clint.dll" and rename it to "CD_Clint.dll.bak"
7) Extract the "CD_Clint.dll" file from the package you got in step 5 into the Windows/System32 folder (thus replacing the old CD_Clint you backed up in step 6).
And of course if the physical CD version of the music is somehow better, its not difficult to rip yourself an audio CD using your own CD burner for a fraction of the cost. This isn't the case with books, because the cost of printing it (into a state which is as readable as the book version) would outweigh the cost of actually buying the book.
I've always wanted this feature in IE, as its the main web browser I use, does anyone know of a plugin that can do this? or if its possible to write one I'll write my own.
I've often wondered whether it would be possible to get around this with a meta-refresh with a 'target' of '_new' (or whatever it is), to create a pop-up instead of using script. If it is, and this pop-up prevention mechanism starts becoming commonplace, I imagine the scum/advertisers will latch on pretty quick.
At the very least, it relies on some form of code-signing. What this means is clients which connect to this site to download updates, will only install them if they have been signed with the appropriate keys (the complementry one of which is included with the OS). So even if the site were hacked, it would still be neccessary to sign any rogue updates with a key which is apparently kept very secure.
I can only hope Brilliant is doing something similar. But I wouldn't trust even their code, given that they've already 'snuck' this onto my system and plan on using my computer for their benefit. I am currently contemplating doing some auditing / reverse engineering on their system, and am quite confident I (and others) will uncover some quite unpleasant surprises.
I think there is a big difference between what Brilliant is doing and the root DNS servers. With the DNS servers, we are making use of a service they are offering, at our will, ie were asking them a question, and relying on their answer. If we become unhappy with this service, we can theoretically choose not to use it. But with Brilliant, they have control of our systems and could potentially do whatever they like, and it wouldn't be initiated by us, but by them.
If this 'Brilliant' software presents a serious threat to the security of your system, (ie a trojan), AV vendors will add a signature to their database which should detect and remove the trojan. They do afterall detect and remove rogue distributed.net clients which are distributed maliciously, so why not this?
The only difference - this is being spread by a known company, and is likely to retaliate with lawsuits etc if the AV vendors do add it to their database. I personally have had some of my programs marked and detected as trojans by AV vendors (password revelation software, and clearly marked and distributed as such), but I can see these guys getting away with it though.
The error received while slashdot/doubleclick was changing over to Apache 2.0. Also while there seemed to be a problem logging in and posting comments. Did anyone else notice this?
As proposed, the submarine would constitute the single largest private undersea vehicle ever built
Does that include all the submarines built by the drug dealers that people don't know about? I remember there was once an article about a bust of a drug ring building their own submarine, I think it may have been in Russia. Several have also been sold to drug dealers around the world. $78mil could be a worthwhile investment if I can manage to shift enough 'goods' without being picked up by the coast guard.
Correct, it is already available on the fast track network (Kazaa et al.). As most people get their pirated music from global P2P networks rather than from friends ripping CDs for them, the fact that even ONE copy gets onto a file sharing system, all their efforts at copy-protection are wasted. It just becomes a pain for people who want to listen to their CDs through their computer, or rip it to MP3s for their own personal use, eg. to transfer it to their portable MP3 player etc.
I'm curious as to how those newer CD players which can play MP3s from a CD as well as normal CDs handle this, because surely they would need to read a CD in the same way as a CD drive in order to read the MP3s?
with the boards spread out among the coat's inner surface, maybe a bit of kit in a fanny pack (batteries likely), and a very small vision/camera system -- mostly "invisible".
In light of recent events, I think most airport personal would still consider this very suspicious, especially when you consider what can be concealed in the heel of a boot for example. For one, cameras are rarely allowed in airport terminals, for security reasons. Something such as this is a much more serious breach of security protocols than just taking a photo. I can fully understand their concern, and don't blame them for the measures they took. I'm not sure how pleased I would be about getting on a plane with someone with a boatload of custom electronic equipment intentionally desidned to be concealed on the body.
If it really was an opt-in list, I wonder if the people on it intended to 'opt-in' for Virtumundo products and services. Probably not.
Which begs the question, is it really possible to share/borrow opt-in lists? Surely the people that opt-in, do so only for one particular servce/product.
Slashdot Mirror
Spyware authors are already using various tricks that are usually only seen in the virus writing scene. With programs like ad-aware coming out, the anti-virus equivalent for 'legitimate' software, it wont be long before they adopt other tricks for hiding their software, in particular polymorphism. The trouble is, detecting polymorphic viruses (or spyware) is a very difficult task, not something a shareware author could ever tackle alone, it is also something quite difficult to detect through heuristics as well, more so than viruses.
Combatting spyware is going to take more than a technological solution, legislation too is unlikely to have much affect. Unfortuantly, the software industry is likely to degrade into a state where the only software you can trust to run on your machine is boxed software from the shelf from a trusted company. Even then you would need to be careful.
I have a bit of experience with polymorphism and writing undetectable code, although Id object to helping a spyware author, I'm sure there are people who wouldn't.
I think the cd_clint.dll file may actually be in the \Progra~1\Kazaa\ directory, if it is, replace it as stated above. There are also a couple registry hacks to allow you to search for audio files with quality above 128kb, as well as allowing you to raise the limit for search results up to 400, above the usual limit of 100.
g e "MaxSearchResult" to 190h
HKEY_CURRENT_USER\software\kazza
change the "LimitBitrate" to 0.
HKEY_CURRENT_USER\software\kazza\advanced
chan
In the case of Kazaa, its actually quite easy to make your own 'lite' version, there are plenty of sites with instructions on how to do this. Taken from a post to usenet:
/* Install KaZaa 1.6 */
1) Install the new KaZaa, then close the application when all finished.
/* Begin Brilliant Digital Uninstall */
2) In Control Panel, click Add/Remove Programs and find "b3d Projector".
Uninstall this application (make sure all browsers are closed or it won't
work)
3) Find a folder called "b3duninstall" located usually directly in your
Windows folder. Delete this folder.
4) Locate the following files:
> bdedownloader.dll
> bdedata2.dll
> bdefdi.dll
> bdeinsta2.dll
> bdeinstall.exe
> bdesecureinstall.cab
> bdesecureinstall.exe
> bdeverify.exe
> bdeverify.dll
They are usually located in your Windows/System, Windows/System32 folder.
Rename each file adding a ".bak" to the end. (or Delete them if you don't
care about backing them up)
-->Note to Borland users: Borland software creates files that start with
"BDE" as well, so be careful.
/* Brilliant Digital Uninstall done, proceed to Cydoor crippling */
5) Download the dummy cd_clint.dll package at
http://www.cexx.org/cd_clint.zip
6) Go to your Windows/System32 folder. Find "CD_Clint.dll" and rename it to
"CD_Clint.dll.bak"
7) Extract the "CD_Clint.dll" file from the package you got in step 5 into
the Windows/System32 folder (thus replacing the old CD_Clint you backed up
in step 6).
/* Cydoor crippled. */
And of course if the physical CD version of the music is somehow better, its not difficult to rip yourself an audio CD using your own CD burner for a fraction of the cost. This isn't the case with books, because the cost of printing it (into a state which is as readable as the book version) would outweigh the cost of actually buying the book.
I've always wanted this feature in IE, as its the main web browser I use, does anyone know of a plugin that can do this? or if its possible to write one I'll write my own.
I've often wondered whether it would be possible to get around this with a meta-refresh with a 'target' of '_new' (or whatever it is), to create a pop-up instead of using script. If it is, and this pop-up prevention mechanism starts becoming commonplace, I imagine the scum/advertisers will latch on pretty quick.
At the very least, it relies on some form of code-signing. What this means is clients which connect to this site to download updates, will only install them if they have been signed with the appropriate keys (the complementry one of which is included with the OS). So even if the site were hacked, it would still be neccessary to sign any rogue updates with a key which is apparently kept very secure.
I can only hope Brilliant is doing something similar. But I wouldn't trust even their code, given that they've already 'snuck' this onto my system and plan on using my computer for their benefit. I am currently contemplating doing some auditing / reverse engineering on their system, and am quite confident I (and others) will uncover some quite unpleasant surprises.
I think there is a big difference between what Brilliant is doing and the root DNS servers. With the DNS servers, we are making use of a service they are offering, at our will, ie were asking them a question, and relying on their answer. If we become unhappy with this service, we can theoretically choose not to use it. But with Brilliant, they have control of our systems and could potentially do whatever they like, and it wouldn't be initiated by us, but by them.
If this 'Brilliant' software presents a serious threat to the security of your system, (ie a trojan), AV vendors will add a signature to their database which should detect and remove the trojan. They do afterall detect and remove rogue distributed.net clients which are distributed maliciously, so why not this?
The only difference - this is being spread by a known company, and is likely to retaliate with lawsuits etc if the AV vendors do add it to their database. I personally have had some of my programs marked and detected as trojans by AV vendors (password revelation software, and clearly marked and distributed as such), but I can see these guys getting away with it though.
This reminds me of a recent story on slashdot on the guy who built his own roller coaster. Also seems to have been slashdotted just as quickly.
The error received while slashdot/doubleclick was changing over to Apache 2.0. Also while there seemed to be a problem logging in and posting comments. Did anyone else notice this?
As proposed, the submarine would constitute the single largest private undersea vehicle ever built
Does that include all the submarines built by the drug dealers that people don't know about? I remember there was once an article about a bust of a drug ring building their own submarine, I think it may have been in Russia. Several have also been sold to drug dealers around the world. $78mil could be a worthwhile investment if I can manage to shift enough 'goods' without being picked up by the coast guard.
I had a look at that page, but didn't see any java applet. There was a flash animation however.
Correct, it is already available on the fast track network (Kazaa et al.). As most people get their pirated music from global P2P networks rather than from friends ripping CDs for them, the fact that even ONE copy gets onto a file sharing system, all their efforts at copy-protection are wasted. It just becomes a pain for people who want to listen to their CDs through their computer, or rip it to MP3s for their own personal use, eg. to transfer it to their portable MP3 player etc.
I'm curious as to how those newer CD players which can play MP3s from a CD as well as normal CDs handle this, because surely they would need to read a CD in the same way as a CD drive in order to read the MP3s?
with the boards spread out among the coat's inner surface, maybe a bit of kit in a fanny pack (batteries likely), and a very small vision/camera system -- mostly "invisible".
In light of recent events, I think most airport personal would still consider this very suspicious, especially when you consider what can be concealed in the heel of a boot for example. For one, cameras are rarely allowed in airport terminals, for security reasons. Something such as this is a much more serious breach of security protocols than just taking a photo. I can fully understand their concern, and don't blame them for the measures they took. I'm not sure how pleased I would be about getting on a plane with someone with a boatload of custom electronic equipment intentionally desidned to be concealed on the body.
If it really was an opt-in list, I wonder if the people on it intended to 'opt-in' for Virtumundo products and services. Probably not. Which begs the question, is it really possible to share/borrow opt-in lists? Surely the people that opt-in, do so only for one particular servce/product.
This would end up costing you a lot more than its worth, and being a toner company, I'm sure they have plenty of toner to cope with such an attack.