Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy

Spy v. Spy 398

Posted by michael from the shaken-not-stirred dept.
An anonymous reader writes "MSNBC is reporting on a brewing battle between makers of spy software and anti-spy software. According to this article the makers of Spector and WinWhatWhere have added a feature to their new software that disables the popular anti-spy software Who's Watching Me."
This discussion has been archived. No new comments can be posted.

Spy v. Spy More

Spy v. Spy

Comments Filter:

  • Grey Spy (Score:2, Funny)

    by azaroth42 ( 458293 )
    What we really need is the Grey Spy as she always wins. Now, who is that Grey Spy [gnu.org]?

    -- Azaroth

  • with things like this happening (Score:3, Insightful)

    by Afrosheen ( 42464 ) on Tuesday March 26, 2002 @01:54PM (#3229333)
    ...there's little wonder why lots of people are trying linux these days.

    • Re:with things like this happening (Score:4, Interesting)

      by ichimunki ( 194887 ) on Tuesday March 26, 2002 @02:07PM (#3229455)
      And as soon as more and more average users start using Linux, we'll see all sorts of fun stuff getting thrown into RPMs and .deb files and this problem will just follow. The only thing that will prevent it is the fairly high sense of ethics that most free software developers bring to their work (which is part of why I like free software so much myself).
      • As long as you only install official debs you will *never* see this. That is one of the many reasons Debian rules plain and simple.
        • Or any decent developer really. Go to the site of your distro and get your packages from there. Check the .sigs if you can (luser not likely to...). If you can't get something, then get somebody who really knows how shit works to make a package for you.
        • Agreed, it's one of the reasons I use Debian and avoid 3rd party software for which I don't get the source code. What I'm talking about is when people download the CodeWeaver CrossOver plugin, and the Flash plugin, and the RealPlayer, and stuff from the Kompany, and whatever other proprietary stuff gets written on or ported to Linux. And it all gets installed by root, even if it never gets run as root. Which means that at a user-level, the software has the potential for the problems we're seeing with Windows software.
      • That is why you should go with a source-based distro such as Sorcerer GNU/Linux [sorcerylinux.org]. Absolutely nothing will be "thrown on" your system without you knowing about it (as long as you're l33t enough to look), and you'll get better performance, also.

    • This reminds me of the old computer program "Core Wars." My ancient history is horribly rusty, but this whole concept goes back to one of the East Coast heavyweights (MIT? Harvard?) where the programmers would write self-replicating code fragments and set them loose overnight. The code was designed to multiply itself and destroy any other code it found. The winner was the one with the most code at the end of the run.

      I'm sure someone who knows the real history will provide it.

      Same concept here... only now the vendors are using our computers for their fights...

      Too bad I don't have one of Gibson's Hosaka decks yet... I'd love to jack in and watch the fights.


      • This reminds me of the old computer program "Core Wars." My ancient history is horribly rusty, but this whole concept goes back to one of the East Coast heavyweights (MIT? Harvard?) where the programmers would write self-replicating code fragments and set them loose overnight. The code was designed to multiply itself and destroy any other code it found. The winner was the one with the most code at the end of the run.

        It lives. [koth.org]

  • Vicious circle. (Score:4, Insightful)

    by b0r0din ( 304712 ) on Tuesday March 26, 2002 @01:55PM (#3229335)
    "It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame."

    Whatever works for them, you can't blame a company for pulling this kind of tactic if it's the easiest way to do it.

    Personally, I hate spyware almost as much as I hate popups. Almost. Of course it's all a vicious circle, just like Trillian vs. AOL. One side will do one thing, the other counter it. Rarely does anyone win in the long run, short of taking it to court.

    • This is a trojan horse, plain and simple. (Score:5, Insightful)

      by realgone ( 147744 ) on Tuesday March 26, 2002 @02:14PM (#3229517)
      you can't blame a company for pulling this kind of tactic if it's the easiest way to do it.

      Sure you can. Watch. I'll do it right now. =)

      Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. That's like IE deleting Netscape if it detects it on your system. That's like your trusty Chevy switching to Battlebots mode every time it detects a Honda in the highway.

      It's destruction of property. (Or, since we're talking about software here, illegally depriving someone of their licensed usage of a product.)

      • "Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. That's like IE deleting Netscape if it detects it on your system. That's like your trusty Chevy switching to Battlebots mode every time it detects a Honda in the highway."

        No way they do it without a warning. I would stake what little fortune I have that they explicitly demand permission to do the altering in the EULA. No one reads them anyway, and even fewer would recognize what the legal-speak meant when they say that you grant them the right to alter "certain incompatible software modules installed herewith and therefore, etc". Once you click through the installer, they'd be free and clear.

        This is kind of a stretch, but does anyone actually have a copy of their Licensing Agreement? I bet it's a good read.

        • anyone actually have a copy of their Licensing Agreement?

          Yup, here [winwhatwhere.com] it is.

          Nowhere do they seek permission to alter other software... but I did get a good laugh out of this last line (emphasis mine):

          "Any use of this software in conjunction with any hardware, device or apparatus to surreptitiously intercept wire, oral, or electronic communications may violate state and federal laws, so there."

        • Re:This is a trojan horse, plain and simple. (Score:4, Funny)

          by Arker ( 91948 ) on Tuesday March 26, 2002 @03:30PM (#3230109) Homepage

          So what?

          If you think EULAs are agreements I have a nice big stretch of seaside property in Oklahoma for you.

          EULAs are just stray scritti that superstitious publishers make you click through. No one reads them. No one agrees to them. They are no more contractually binding than my next two sentences are.

          By clicking reply you agree to transfer to me your firstborn daughter, along with the sum of $50,000, at whatever point in the future I request. If your firstborn daughter is over the age of majority at that time, I may, at my option, take a younger daughter, a son, or an automobile, in place of her. You agree that I may, if I feel it necessary, take those items you have agreed to provide me without informing you until afterwards. You agree to hold me harmless and without blame for any incidental property damage or criminal charges that may result from such action on my part.

          There, I even bolded it to make sure you read it, unlike those silly little EULAs.

      • Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. ... It's destruction of property.

        I think the producer of WinWhatWhere has a better case than the end user: copyright violation, unfair business practices, possibly DMCA.

      • If my employer installs this on every PC in the company, then I install Who's Watching Me, and Spector disables it, I don't think any crime has been committed, especially not by the makers of the software. This should no more be illegal than DeCSS should be, IMO.
    • If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.

      I don't see how these companies expect not to get sued. By technical definition, spyware is a virus. Not only is "unauthorized alteration of a computer system" illegal, but if I had copyrighted material on my machine, the spyware could be considered an unlawful circumvention device under the DMCA.

      The folks who write spyware are no better than hackers and virus writers - for that is what they are, and they should be treated accordingly. How long will it be until these tools are used for corporate espionage, and the companies that make them be raided by the FBI?

      Kind of makes you want to install spyware on the computers at the MPAA... or Adobe, for that matter.

      • I think you have a case in the first issue (the guy who installed the spyware) but probably not the second (the spyware itself). At least, that's the way I hope it works. The spyware is simply software meant to perform a task. If someone uses a video camera to spy on someone, is the video camera manufacturer liable?

        Note for those who didn't read the article: the spyware in question is actual spyware applications that are purposely installed (like something the FBI or a suspicious spouse/employer might use). It is not referring to the third-party marketing spyware crap that gets attached to downloads.

      • By technical definition, spyware is a virus.

        Uh, no. Spyware are just applications that do what they are designed to do, and are loaded on just like any other application. A virus breaks into your computer in unauthorized ways. A virus can be spyware, but spyware is not a virus.

        If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.

        And would you also sue a binocular manufacturer if someone spys on your wife in your backyard?

        • If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.

          And would you also sue a binocular manufacturer if someone spys on your wife in your backyard?

          In this country, based on the lawyer-fication (and simultaneous puss-ification) of the United States, intent often has a lot to do with whether you win or lose in court.

          To win a lawsuit against somebody who built a product that was used to commit a crime, you have to prove the manufacturer intended the product to be used to commit a crime. While it would be hard to argue that the binocular manufacturer intended the product to be used illegally, it might not be so tough with the Spyware. Consider that Spyware has only one function, to collect data without the knowledge of the person under surveillance.

          Further, if you check out the web-site, you'll see that the Spyware referred to in the article has a "remote stealth install" method, rather similar to an Outlook/VB Script virus.

          You send the victim (er, your husband) an email with the "stealth installer" executable attached. If your target is an average Outlook user who double-clicks on every attachment he gets, all he'll see is...Well, nothing. According to their web-site when the target clicks on the stealth installer [winwhatwhere.com] the software is up and running in a few seconds without alerting the target to its presence.

          No, it's not "technically" a virus, it's a trojan horse. As far as I know, there's no special legal protection given to authors of Trojan Horses who sell them for profit.
      • If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.
        Then you're just as bad as the MPAA for wanting DeCSS to be illegal. If I want to install this on all my company's PCs to keep an eye on my employees, or even on my laptop to spy on anyone that steals it, then provided this is not illegal (maybe I'm a government agency where this is acceptable) then I should be able to buy software that does it.
        • ...If I want to install this on all my company's PCs...

          At which point we are no longer talking about his PC. He's merely asking for control of his own personal property. The company is asking for control of its own property. There is no conflict here.

          I would hope, however, that if you did see the need to install this software on your company's machines, you would be decent enough to let the employees know that they were being monitored.

  • Fair fight (Score:3, Insightful)

    by dachshund ( 300733 ) on Tuesday March 26, 2002 @01:55PM (#3229337)
    With all of the money to be made in spy software, and the severely limited resources (and interest) of those who want to stop it, it's unlikely that this will be much of a fair fight.

    • Re:Fair fight (Score:2, Informative)

      by SocialWorm ( 316263 )
      I have to disagree. First off, the "spy software" being talked about is not of the marketing-data variety, but more of the Trojan Horse variety. In my opinion, Spectorsoft's actions constitute an initiation of force against anti-spy software and the people who use it.

      As for limited resources and interest, I don't believe either is true. The wide variety of resources listed at EPIC [epic.org]'s site, and the variety of anti-spy products [google.com], seem to contradict that idea.

  • How long until... (Score:2, Interesting)

    by xtermz ( 234073 )
    ...somebody tries to sue while claiming a violation of the DMCA? This seems like something a corporation would pull out from it's sleave if it sees it's efforts to stop the anti-spy software is going nowhere...

    • Re:How long until... (Score:2, Interesting)

      by Anonymous Coward
      I don't think this would quantify a DMCA complaint, as blocking other programs doesn't really require any sort of decryption or reverse engineering. What I do find interesting is the intentional disabling of specific _commercial_ software, though.

      Who's Watching Me comes with a 90 day trial, but you have to pay if you want to keep the program. If I downloaded and paid for Who's Watching Me, then someone surreptitiously installed WinWhatWhere which disabled the software I'd _paid for_ I believe I would be pissed. It's like a worm disabling the antivirus/firewall programs you've paid for.

  • Updates (Score:2, Informative)

    by kontos ( 560271 )
    It's just one more reason to remind everybody: Make sure your software is Patched, and up-to-date
    That goes for all sides of the fence.

  • Trespassing? (Score:4, Insightful)

    by rhizome ( 115711 ) on Tuesday March 26, 2002 @01:56PM (#3229363) Homepage Journal
    Certainly a court case can be made for one company modifying the files of the other's software. Leaving alone the obviously bad programming practice of having critical files able to be overwritten or appended to, it sucks that the courts would be the only recourse for something like this.
    • It's a slippery slope you're walking into. Depending on how they argue it, updating system files (that other programs haven't been compiled against) and _inadvertently_ breaking them (as opposed to intentionally doing so as in this case) would be cause for a lawsuit.
      Plenty of Windows programmers (and those of us bit in the ass by Gnome/KDE version fuckups) have mused at one point or another that DLL Hell should be a crime, but I doubt anyone ever took it seriously.
      • Well if you read the article, it's apparent that it isn't "system files" but configuration or log files for the other program. I'm wondering if the spyware actually goes into the counterspy directory and modifies stuff there, which seems like what's happening. What if you install Mutt or Emacs, and as part of the install process they break PINE or vi (respectively, and intentionally)?

  • AntiSpy Tech (Score:2, Funny)

    by Anonymous Coward
    In other news, CTRL+ALT+DEL is said to circumvent WinWhatWhere security measures...

  • Mmmm.. FUN! And a legal nightmare.. (Score:5, Interesting)

    by Fixer ( 35500 ) on Tuesday March 26, 2002 @01:58PM (#3229385) Homepage Journal
    IANAL, BIAAIL (But I Am An Interested Layman)..

    Okay, this is my computer. I purchase a piece of software that is supposed to detect snooping software hiding out on my machine. Said snooping software destroys my anti-snooper, interfering with it's proper operation and generally depriving me of it's service that I have paid for.

    Shouldn't I be able to sue the snooper software, as I did not ask for it and did not give any kind of authorization for it's installation into my system? To say nothing of the trespassing charges I'm going to bring against the snooper developer..

    • If its a computer at work, then IT will have your ass for installing software they didnt approve :)

      But at home, you might have a case if the spyware was installed by someone who doesnt own the computer and cnat prove you gave them permission to install software. But you = $$, spyware = $$$$$$$$$$$, guess who wins in our financially independant court system? >:)

      • Re:Mmmm.. FUN! And a legal nightmare.. (Score:5, Insightful)

        by donutello ( 88309 ) on Tuesday March 26, 2002 @02:39PM (#3229724) Homepage
        if the spyware was installed by someone who doesnt own the computer

        In that case, shouldn't you sue the person who installed it rather than the company who makes the software? Didn't we all agree that there was nothing wrong with writing DeCSS or Napster or other software - it was only the person using it for illegal purposes who was at fault?
        • In that case, shouldn't you sue the person who installed it rather than the company who makes the software? Didn't we all agree that there was nothing wrong with writing DeCSS or Napster or other software - it was only the person using it for illegal purposes who was at fault?

          IANAL, but you're comparing apples & oranges. DeCSS did not embed some alternate functionality into its software. It did exactly what it advertised itself to do. A better comparison is to that of a virus or a worm. When I download an email, my intention is to read my email. But when that email exploits my machine in a way that I hadn't intended, the author of the virus or worm is held accountable. This is the current law.

          It doesn't matter who installed the software. What matters is that a clandestine operation took place in direct subversion of the user's intention. This software is a virus, and I suspect that if you read the current crop of computer crimes, you'd probably be able to classify this software as such.

    • Okay, this is your employer's computer. You purchase a piece of software that is supposed to detect snooping software hiding out on their machine. Said snooping software destroys your anti-snooper, interfering with its proper operation and generally depriving you of its service that you have paid for.

      Shouldn't you be fired?

    • Okay, this is my computer. I purchase a piece of software that is supposed to detect snooping software hiding out on my machine. Said snooping software destroys my anti-snooper, interfering with it's proper operation and generally depriving me of it's service that I have paid for.

      Shouldn't I be able to sue the snooper software, as I did not ask for it and did not give any kind of authorization for it's installation into my system? To say nothing of the trespassing charges I'm going to bring against the snooper developer..

      Consider this situation: You are at work, and you'd like to know if someone's snooping on you (a valid concern). You install your anti-snooper, and the snooping software disables it. Since the computers are owned by the company, you really have no legal recourse (take your software elsewhere?).

      Alternative situation: You are married (this may be a stretch...), and your wife thinks that your time spent reading slashdot is really time being spent talking to hideous women in yahoo chat rooms. She gets suspicious enough to buy, and install, activate the snooping software on your home computer. It disables anti-snooping software you installed long before. Now, assuming you believe in the concept of marriage, the computer is as much hers as it is yours: why should your software be any more important than hers?

      • IT ISN (Score:3, Insightful)

        by DunbarTheInept ( 764 )
        Everyone seems to be ignoring one very important point here - this isn't a balanced situation. People are acting as if Software A makes Software B fail and Software B makes Software A fail so it's a two-way street. It ISN'T! Software A does NOT make B fail, it merely exposes the existence of B. For this, B retaliates by making A fail altogether.
  • If WinWhatWhere is actually corrupting the DLL's of other applications on install, it would seem that the developers of those applications would have cause for action against the seller for WhWhWh for interference with contract, DMCA violations, and possibly racketeering as well. Sounds like a field day for the tort lawyers.

    sPh

  • Yikes (Score:3, Funny)

    by gregfortune ( 313889 ) on Tuesday March 26, 2002 @01:59PM (#3229400)
    Dang, I didn't even know that stuff existed :o( That's taking software development to a new low. What is love/loyalty/etc if you don't trust it and must periodically monitor the person's lifestyle to make *yourself* feel better? That's just sleezy.

    At some point a company will probably (if it hasn't happened already) offer the fact that they do not run such software as an benefit. Some day, that may be a decision you make ranking right up their with stock options/benefits/work location/pay rate.

    And heck, maybe we'll pick our spouses the same way. As in, "Do you promise to love and obey your husband and never use spyware on him?"

    • Grounds for divorce. (Score:5, Insightful)

      by sulli ( 195030 ) on Tuesday March 26, 2002 @02:05PM (#3229437) Journal
      I'm not married, but if I were, and I found my partner using WinWhatWhere or equivalent, I would walk out the same day. Such things are just not cool.

      • Re:Grounds for divorce. (Score:4, Funny)

        by bigmouth_strikes ( 224629 ) on Tuesday March 26, 2002 @02:31PM (#3229651) Journal
        That's A+ in Geek; walking out of a marriage over a piece of software.

        Maybe that's why you are unmarried ? :)
      • And if you where married with children, and you walked out, you would be "WinWhatWhere"ed by the child support enforcement agency. They track you all the time.

        But anyways...

        I run a squid proxy server for the family, it makes it easy to filter stuff from the kids, and speed up browsing. I ran a statistic program on it to see what stats would pop up. Little johnny likes to surf disney, Little Suzie likes warner brothers, etc.. But just looking I noticed there was alot of "Apartment" pages in cache. Not wanting to be paraniod I asked why she was surfing all the apartment websites. She could of gotten mad, but she understood I was working on the proxy. (Love them geek-chicks)

        Also, I dont feel bad about monitoring my kids use on the Internet. They are all young, and I dont want them seeing goatse.cx....
      • perhaps you should have a discussion and find out why your spouse felt the need to do that?
        Maybe there's something else going on? Maybe they where traking your usage to see whta site you went to to get an idea of what to get you for christmas? The fact that you don't trust your spouse enough to trust that they had a reason besides watching what you do n case your cheating?

        see, not so cut and dry, like most of life. If you go off every time you suppose something, you are in for a very short marriage.
      • Funny... at one point I would have agreed.

        I think it is different with regards to love. Things become complicated.

        Case in point. I was dating this girl, we were both in love (or so I thought). We talked a lot about getting married.

        I come home from they gym one day. She had been using my computer to check her mail on yahoo.

        No problem - "Hey babe! You done with my computer?!"

        She responds "Yes, honey"

        I sit down on the couch (laptop), and she left her mail open.

        Right there in front of me are about 20 emails from her ex-boyfriend. One of which had pictures from the last weekend.

        Evidentally she REALLY, REALLY, REALLY, had to get married and was doing everything in her power to make it happen.

        Lie, cheat, whatever.

        I totally trusted this person.

        Now would I use WinWhatWhere? Probably not... but I guess that situation taught me something. I guess I would be more open to the situation this time around.

        BTW... she is now married to a founder of a big tech company we all know and level. (sucker!)

    • Re: Corporate use of spyware (Score:5, Insightful)

      by Raetsel ( 34442 ) on Tuesday March 26, 2002 @02:41PM (#3229748)

      I've read about the use of spyware in the past... some very large companies make use of it. I seem to remember that Deloitte & Touche uses some spyware that's rather... comprehensive. I want to say some of the features included (among other things)...
      • Logging every keystroke you make
      • Logging the title of every window you open
      • Recording screenshots of windows
      • E-Mailing all of this to a designated person...
      Not only is it something they use internally, it's also something they use in their consulting activities, on their clients' computers! You hire them, and you're under a microscope... very Big Brother. It goes way beyond the spying that's possible with the last version of Microsoft SMS that I used. (I admit, it's been a while!) Also, I've noticed that some people really don't pay attention to the fact that SMS has 'remote viewing' capabilities -- your sysadmin can watch you browse just like he/she watches the evening news. Then again, SMS's installation is rather obvious -- at least to the technically inclined.

      I have to consider the other hand as well... If you're hiring a consulting company, they have an obligation to do their job to the best of their ability. That means using all the resources legally available to them -- no matter how distasteful. If you've got someone who's supposed to be doing data entry, and they're actually running their own little eBay store out of the supply room... well, you're going to need all the ammo you can get to convince the boss to fire his brother!

      With the sentiment of "It's OUR computer, OUR time, and OUR money!", I don't think you're going to be seeing spyware-free companies advertising the fact anytime soon.

      In fact, with the precedent that computers have been and continue to be monitored; a company could incur severe liability for deliberately not monitoring! Consider the potential liability burden when you don't catch sexual harrasment or some particularly nasty criminal activity... What happens to the company when it's shown that 'standard industry practices' would have given advance warning of, or even prevented [some illegal event]?

      What happens? A check with LOTS of zeros to the left of the decimal... at the best, your lawyer gets it. At worst, THEIR lawyer gets one, THEY get one, etc...

  • Double-edged DMCA to the (cough) rescue? (Score:3, Interesting)

    by Outland Traveller ( 12138 ) on Tuesday March 26, 2002 @01:59PM (#3229402)
    I wonder if they could claim WinWhatWhere is circumventing their protection mechanisms :P

  • I was worried until (Score:3, Informative)

    by Glorat ( 414139 ) on Tuesday March 26, 2002 @02:01PM (#3229412)
    I visited the Spector website that sells Spector Pro, the software alleged to disable anti-spyware software. When I read the Slashdot intro, I was worried the likes of Cydoor and other spy-adware that get serepticiously (sp?) installed without the user's knowledge/consent. If they started putting in anti-spyware measures like this, I *would* be worried

    But for now, I am not too concerned although I thank /. for raising awareness level. Spector is spy software. Full stop, not ads or anything. It's purpose in memory is to log what your spouse/children do without their knowledge. Having a feature to disable software, that spouse/child is using, *might* be considered useful to the buying customer of the software. Is it ethical? Well, that is up to whoever is buying the software so yes it is. The buyer is using the software to log activity *without the user's knowledge* (i.e spy) and since I'm sure the buyer wants to stay undetected no matter what, I'd say in that case it is a valid feature. I hope it is an option in preferences

    But woe be the day when Cydoor and the like start doing the same

    • Isn't the fact that WinWhatWhere is crashing its competitors' software just as much evidence of its existence, though, as if the other programs came out and said, "Hey, you have WinWhatWhere on your computer!"

      I wonder how undetectable can you make a process if someone's running Windows 2k on their home box? If I pull up a list of services, or hit CTRL-ALT-DEL to see what processes are running, I'm going to see it right there.

  • It's funny how (Score:2, Insightful)

    by Anonymous Coward
    the person from the spyware company seems to think that his software is categorized as security software.
  • Unplug your network cable

  • Why has my computer turned into a battleground? (Score:3, Interesting)

    by Sunken Kursk ( 518450 ) on Tuesday March 26, 2002 @02:06PM (#3229449) Homepage
    Although this article seems to pertain to spyware that one has to pay to use, how long is it until other spyware clients start doing the same thing?

    I remember the days when you had to be worried about downloading a virus in the newest internet app. Today, those worries are a thing of the past. Viruses don't spread in zip files anymore, they arrive in my inbox. Now I have to be worried that any app I download has spyware in it. I want to download RealPlayer? Ha, I better enjoy giving Real plenty of information about everything I do. I want to download Bearshare? Ha, I better enjoy sending my every move to probably dozens of companies.

    However, I don't enjoy doing this, so I download something to prevent this. Mind you, it's rather unethical that Bearshare, Real, Morpheus, etc, don't give me the opportunity to even prevent the spyware from being installed, but I'll let it slide. I download something to shut these things down, only to find my download either is knocked out when the spyware overwrites part of the executable, or my download contains spyware itself...

    Give me a break, it's enough to make a person unplug his computer and never go online again. At least I'm confident in one thing...

    With me, the advertisers are wasting their time, as I will NEVER buy anything online ever again. I don't know where they get their marketing info, and as such, I will always expect them to have received it fradulently.

    • I installed BearShare the other day. If you ONLY select the checkbox for BearShare it will NOT install the other crap. It will even whine about this fact since they get no monies from your install but it DOES install clean. I ran AdAware right afterwards and it was reporting a clean bill of health. I was a little nervous having heard about the junk that comes with it but in the end they came out allright.

      Unfortunatrly on that box ANY Gnutella Win32 code I run crashes WIN2K within about 5mins with errors in either the NDIS driver or the HAL (eek!). No Gnutella for me I'm afraid. Maybe on another machine later on...

      Real is on my list of software to avoid and not only for the intrusive amount of information they request. They change all sorts of extension associations too - drives me nutz! The "Gator" crap that comes with some programs is also pretty nasty. Yeah, I want a program on my machine that "trickles" in new code. Uh huh, sure. NOT! My thanks to the folks making AdAware, they really saved me some time and research! Much recommended for you Win32 users. They are even smart enough to skip over the "opt-out" cookie from Double-Click :-) Wonder if we could get them to up the "time to live" for that cookie while they were at it? ;-)

      Don't get me started on E-mail viruses. Between myself and my accounts plus all of my friends and relatives this is a constant headache! :-(

    • Seriously, it's that simple.

      What do you expect from people using an operating system that has secret APIs [theregister.co.uk], made by a company that has a history of letting a vendor in [winntmag.com] on those secret APIs. The whole "Windows Experience" is shoddy and filled with "magic" crap like The Registry, low 64K of memory, undocumented and ever-changing Native APIs and other rubbish.

      Microsoft and its favored vendors will always possess more and better knowledge of the system than you or I. What's to prevent MSFT from giving one of these two competing vendors access to a undocumented "native API" call that would let the favored vendor slip past the non-favored vendor? Nothing.

      Contrast this to a computer running Linux or one of the BSDs - the APIs are all there for the viewing. No spyware vendor can count on undocumented APIs, or grotesque complexity to conceal their spyware. This is real security, derived from properties of open source, in contrast to Dare Obasanjo's strawman a argument [slashdot.org] about the security of open source.

  • Doh!! (Score:4, Funny)

    by Jaguar777 ( 189036 ) on Tuesday March 26, 2002 @02:09PM (#3229468) Journal
    I saw the title for the article and got excited hoping someone was making a new version of the game "Spy vs. Spy" only to have my hopes and dreams broken again :(
  • I can see it now - pop up appears telling you to get the hourly new release of this software that counters the other companies latest release (sigh). After awhile people are going to start to feel like hockey pucks getting passed back and forth. I'd agree that simply stealthing the "spy" program better would be the way to go but so long as you can get your hands on your competitors products...

    I know - write an iron clad EULA to prevent reverse engineering, encrypt everything, and then just sue one another under the DMCA or somesuch until both companies are broke. Yeah, that's the ticket! There's not going to be any winners here...

    Heh, and I've now met a few people that have caught spouses "cheating" using software like this. People are spying on their kids like crazy too. Maybe this new bill Hollingsworth has proposed will make our computers "pure? Maybe it'll cure world hunger too (ahem). What a mess!
    • "I know - write an iron clad EULA to prevent reverse engineering, encrypt everything, and then just sue one another under the DMCA or somesuch until both companies are broke. Yeah, that's the ticket! There's not going to be any winners here..."

      And, as usual, the lawyers are laughing all the way to the bank.
  • OS and JEDGAR [tuxedo.org]

    This story says a lot about the ITS ethos.

    On the ITS system there was a program that allowed you to see what was being printed on someone else's terminal. It spied on the other guy's output by examining the insides of the monitor system. The output spy program was called OS. Throughout the rest of the computer science world (and at IBM too) OS means `operating system', but among old-time ITS hackers it almost always meant `output spy'.

    OS could work because ITS purposely had very little in the way of `protection' that prevented one user from trespassing on another's areas. Fair is fair, however. There was another program that would automatically notify you if anyone started to spy on your output. It worked in exactly the same way, by looking at the insides of the operating system to see if anyone else was looking at the insides that had to do with your output. This `counterspy' program was called JEDGAR (a six-letterism pronounced as two syllables: /jed'gr/), in honor of the former head of the FBI.

    But there's more. JEDGAR would ask the user for `license to kill'. If the user said yes, then JEDGAR would actually gun the job of the luser who was spying. Unfortunately, people found that this made life too violent, especially when tourists learned about it. One of the systems hackers solved the problem by replacing JEDGAR with another program that only pretended to do its job. It took a long time to do this, because every copy of JEDGAR had to be patched. To this day no one knows how many people never figured out that JEDGAR had been defanged.

    Interestingly, there is still a security module named JEDGAR alive as of late 1994 -- in the Unisys MCP for large systems. It is unknown to us whether the name is tribute or independent invention.

    • Re:That reminds me of an entry from the Jargon Fil (Score:4, Funny)

      by gosand ( 234100 ) on Tuesday March 26, 2002 @04:22PM (#3230461)
      The scenario sounds familiar, but the names do not. On the old Sun terminals, you could do a screenshot of another user's terminal. It was always interesting to do that to someone, just for the fun of it. That was before the net really existed though, so not much of a chance of catching someone looking at pr0n. What was really cruel was to dump the passwd file (or a binary) to all of their terminal windows. he he. You could hear the cursing across the cubicles. I always found it more fun to just send a CRLF to them, because it wouldn't be so obvious that they got nailed. Oh, and you could display background images on their terminals too. THAT was always a sure-fire way to cross the line, especially if you did it just before their boss walked up. We even had a script called "pissoff" and when you ran it, it would prompt you "Which user would you like to piss off?". Pick from the list, give it a message, or a file to dump, and watch the ensuing hilarity.
  • Just a thought, but this spy software intergrated in computers is installed sometimes unknowingly by the user. This definately falls under privacy and stalking laws in most places. Heck, even police in most states aren't allowed to use surveilance equipment on a person without a warrant, and these companies are doing it with this software. So can action be taken legally against Cydoor and so forth?

    Or am I just confused as always.
    -Recovery1
  • Theoretically speaking, the best anti-spy software would be an operating system with a good security model (to make life hard for spyware that runs on it) and publicly available source code (to assure that it is actually secure and not spyware itself).

    I'm not trying to pat Linux or *BSD on the back here -- the Unix security model is far from ideal, actually -- but it's a good argument for open systems in general, even if they're not "free" as such.

    • I always thought it was a agreed that the best anti-spy/secure system would be one that is unplugged from everything and locked in a closet to which no one has the key? =]
    • Mayhaps not, but the best parts of various BSD's together would make it one heck of a challenge.

      I speak of course about OpenBSDs CryptFS, and Crypted Swap. FreeBSDs (up and coming) ACLs and MAC/LOMAC support, then NetBSDs ability to run on a DreamCast (or equally rare general use hardware) would ensure that a rogue program would have a hell of a time running.

      That said, it'll only take a lousy admin to counter all of the enhancements.

  • Counter-countermeasure engineering problem... (Score:4, Interesting)

    by CaptainPhong ( 83963 ) on Tuesday March 26, 2002 @02:29PM (#3229631) Homepage
    It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame.

    Of course, the anti-spy people could treat these countermeasures as an engineering problem.

    A couple possible (partial) solutions:

    1) Check for beligerant spyware during the install process (the install program would presumably be running from a CD, so it couldn't be corrupted). Later, if it detects that spyware is being installed, fire off warnings, send e-mails, make logs, etc. to make sure that the spyware can't cover it's tracks.

    2) In the documentation, note that failure for the program to run or a crash could indicate the presence of spyware (and that you should run an "emergeny check" from the install disk).

    3) Put a check on the integrity of the software in the MBR (using CRCs and such). If a spyware messes with that, it should trip off the BIOS virus checking. That would also have to be documented of course so the user understands what the heck is going on.

    4) Have the anti-spyware run entirely from a separate disk (maybe a boot disk to be sure the spyware isn't running waiting to thwart the anti-spyware). When you come in to work, or sit down at your computer, throw in the disk to be sure nobody installed spyware when you weren't there.

    5) Make the anti-spyware as stealthy as the spyware. If the spyware or the person installing isn't aware of the presence of anti-spyware, the anti-spyware is much more likely to be successful. Using polymorphic code, constantly changing file names, etc. could probably be pretty effective.

    None of these solutions are perfect of course, but a bit of a battle is probably inevitable, as the two types of software both have legitimate and illegitimate uses, and the only way one of the two can succeed is by defeating the other.

    • Additional measures... (Score:2, Interesting)

      by shaldannon ( 752 )
      1. have the anti-spyware regularly check its files for integrity. If the files have changed, download a replacement.
      2. Incorporate some of the latest virus technology (e.g., piggyback on spyware, change names, locations, and dll file names and locations, etc).

      This might not necessarily solve the entire problem, but it could certainly up the ante.
    • Can't you just install the anti-spyware as another user, run it as that user and set it so that you do not have write access to the anti-spyware's files?

      I know you can't do that with Win9x, but you can in NT/2K/XP. It would be a bit of hassle, but there's no way the spyware can access the anti-spyware's files.
  • Any software that will dump core, just from having a screwed-up config file, is crappy software. Especially software that's designed to look for malware on your system. Didn't these guys ever play Core Wars?

    I mean, come on, people! Checking all contingencies is something you're supposed to learn in your first programming course. Especially in a hostile computing environment (spy vs. counterspy) you have to write airtight code or you'll get got.

  • SpectorSoft [spectorsoft.com] makes a product called Spector and SpectorPro, from what I can tell, it takes a bunch of screenshots.

    WinWhatWhere Investigator [winwhatwhere.com] is a different program and should have had the URL as http://www.winwhatwhere.com [winwhatwhere.com]. Although it seems to do generally the same thing.

  • I've never used anti-spy software, but what exactly does it do? Is it like an eye candy version of tcpdump or ethereal (http://www.ethereal.com/)?

    btw- an easy solution would be to run an eavesdropper on your router/masquerade machine (if you're using one). It would be extremely difficult for spyware to find that you're running tcpdump or ethereal on a remote machine.

  • Virtual Machines are the Answer (Score:3, Insightful)

    by JohnDenver ( 246743 ) on Tuesday March 26, 2002 @02:57PM (#3229856) Homepage
    Viruses, Spy Software, Trojans, etc.

    Every operating system should have a sandbox that looks like the rest of your computer where you run programs you don't trust. When the program tries to install itself perminately or hook itself into a DLL, it will only do it to that particular sandbox.

    This sort of protection has been supported by Intel since the 286, why is it we still don't use virtual machines for security purposes?

  • Now waitadoggoneminuteheah! (Score:3, Insightful)

    by Apuleius ( 6901 ) on Tuesday March 26, 2002 @02:58PM (#3229862) Journal
    Compare these quotes: Haight said. "It's just the way the security of our software works. It won't allow (anti-spy) software to run." And a few words later: . SpectorSoft says its software is for monitoring, not spying, and tells purchasers to always advise computer users they are being monitored. Well, if that is the case, why is he bothering to disable WhosWatchingMe? Grrrr. People who lie so blithely piss me off.
  • ...does anyone remember, "It ain't done till Lotus won't run."?

  • If you are using FreeBSD, netstat, sockstat, tcpdump, and ipfilter are your friends. I'm sure there must be some similar Windows utilities out there that can do the job.

  • From a Ex-Spector developer... (Score:5, Informative)

    by chedrick ( 196352 ) on Tuesday March 26, 2002 @03:08PM (#3229943)
    I was one of the original authors and an original founder back in '98. We sold our shares in '99 and got out because of the way it was being marketed. The product was never intended to be a "Catch your cheating husband" type of product. It was intended to monitor your child's Internet experiences and protect them from pedophiles. Doug Fowler (dfowler@spectorsoft.com) was the guy that pushed this tactic of spying on your partner and your employees. We felt that monitoring another adult, without their knowledge, clearly violated their civil rights! They avoid lawsuits now by placing a disclaimer that you agree to inform the individual that you monitor. In reality, no one ever does.
    It's a classic case of the marketing weenies convoluting a product to fit a malformed business model. There's MORE MONEY selling a product to catch your "cheating husband" than to protect your kids. It feed on paranoia.

    The good news is most developers could spot this product on their machine. Keystrokes slow down, mystery files appear, etc. It leaves a small footprint, but it's still a footprint. Don't look for it (Spector) in Task Manager. It's hiding in another application.
  • Some of us might remember when KPMG had the big hullaballo about people linking to them, apparently TrapWare (the guys that make the anti-spyware) have a similar thing on their website [trapware.com]:
    As stated in the Terms and Conditions for Use of Trapware's web site, to obtain permission to link to this web site or any other web site owned and operated by Trapware, please contact the Legal Department of Trapware. No trademark or logo of Trapware may be used as a "hot" link to any Trapware or other web site without the prior written approval of Trapware. The following guidelines are given to assist you and expedite your request for linking to Trapware. Please do not link to Trapware's web site until you have received written authorization to do so.

    This is from http://www.trapware.com/companyLinking.html [trapware.com] (terms and condition violation here).

    Yeah right...So here's another TrapWare terms and conditions violation! [trapware.com] YAY!

    If he really wanted to prevent linking, he'd set it up in apache so it only accepts incoming connections for legally authorised URLs, but judging by their website, they're quite oblivious to the nature of the Internet.

    I encourage everyone to post links to their website in the blogs, just like what happened to KPMG [kpmg.com] a few months ago.

  • Duh, the easiest solution... (Score:5, Funny)

    by psxndc ( 105904 ) on Tuesday March 26, 2002 @04:13PM (#3230399) Journal
    Is hide your pr0n on a separate computer. OpenBSD's learning curve is so high, my girlfriend will never find it.

    psxndc

    • pr0n (Score:3, Funny)

      by joshuaos ( 243047 )
      OpenBSD's learning curve is so high, my girlfriend will never find it.

      Amen to that. I run RedHat, and keep my pr0n in a .pr0n directory right there in my home directory. I couldn't possibly imagine her finding it. All she knows how to do is connect to the internet and browse the web.

      Cheers, Joshua

  • Illegal in UK (Score:3, Informative)

    by pjc50 ( 161200 ) on Tuesday March 26, 2002 @04:36PM (#3230573)
    The Computer Misuse Act makes it a criminal offence to alter the behaviour of a computer system without the permission of the owner.

    The difficulty here is in getting it to court...

Slashdot Top Deals

No man is an island if he's on at least one mailing list.

Close