Spyware Coming Under Scrutiny 134
trick-knee writes "Nytimes.com has an article considering the ethics of snoopware. In it, TrueActive is given positive press for removing a 'feature called "silent deploy", which allows the buyer to place the program on someone else's computer secretly via e-mail, without having physical access to the machine', although little criticism is made for making the stuff in the first place. Supposedly, Symantec and Network Associates have added features to their antivirus programs that detect snoopware, which may be a good thing. One surprising point you may be shocked to hear is that 'at least one program... may not pose a real threat of spying, at least. Mr. Gordon said that his company's security researchers, working with the Justice Department, were unable to find any actual working software that could be downloaded from the LoverSpy site after paying the fee. He seemed less than stunned by the notion that a product advertised via spam might not be all that it was claimed to be.'"
I'm nothing like those guys... (Score:3, Funny)
Any orders that I take for the Brooklyn Bridge will be honoured. Just make sure that $5,000 is in my PayPal account and you're good to go.
Re:I'm nothing like those guys... (Score:2)
Spyware (Score:4, Insightful)
That's like saying Jeffrey Dahmer should get kudos for not killing anyone anymore.
Re:Spyware (Score:1, Funny)
Re:Spyware (Score:4, Informative)
If you are serious about privacy, then downloading and installing one of the commercial products (I like Aluria's Spyware Eliminator [aluriaaffiliates.com] or the BPS Spyware and Adware Remover [regnow.com] the best) is actually worth it. I didn't believe that until I happened to get a free copy of a couple of the commercial versions and found all the features I was missing in the freeware I was using, like a good list of domains and IPs that have been found to have been used by parasites/spyware ready for one-button access denial!
If you just want a "quick" fix that isn't quite as comprehensive (but covers the basics), then hit the Spyware Detection and Removal [booksunderreview.com] page above and follow some of the "free scanner" links, or go to one of the commercial sites listed and get their "free" version. I've also tried AdAware, but like most of the other free versions, it didn't seem to pick up as much stuff as my the commercial version of the Aluria software.
Of course, if you aren't running MS Windows, you can pretty much disregard all of the above advice.
Spyware Sympathy? Hm.... (Score:1)
I mean, come on, what do you expect? Some people just have it coming to them. I've just run out of sympathy for protecting the masses. All it takes is a quick skim over the EULA. "..
Re:Spyware (Score:2)
"based on which part of your logs?"
The answer is simple. I have javascript at the bottom of each page (so as not to interfere with loading the page, speed-wise) that checks if they are running IE on windows and if so checks their browser's reactions for spyware/parasite software.
If they have detectable spyware installed, it loads a sub-form at the bottom of the page that tells them what is installed and gives th
Re:Spyware (Score:1)
In related news, Attilla the Hun has been award the Nobel Peace Prize for not invading any sovreign lands since his death (although in all honesty he is far more deserving of it than Henry Kissinger)
Loverspy? (Score:5, Funny)
Re:Loverspy? (Score:2)
Maybe she up and R-U-N-N-O-F-T?
- mad flaming props to the Coen brothers for OBWAT! [imdb.com]
Re:Loverspy? (Score:1)
Spyware versus Virus (Score:4, Interesting)
Don't believe me, two words:
Comet Cursor
Nowadays, I scan with antivirus software AND AdAware on a regular basis
Re:Spyware versus Virus (Score:5, Insightful)
It's more or less the same thing that happens with a Microsoft EULA. You agree to it, so it's not illegal anymore. I'd be curious to see what would happen to a virus writer who included a EULA with his next e-mail worm. Since mostly stupid people open those e-mail attachments anyway, a little box popping up with "OK" and "Cancel" and a license agreement might be a nice little legal loophole.
Please be advised that I am not advocating the wanton destruction and/or infection of Microsoft systems. They'll do so on their own if you watch 'em long enough.
That's not the nut (Score:2)
Re:That's not the nut (Score:1)
Re:That's not the nut (Score:1)
Re:Spyware versus Virus (Score:1)
Since when is it illegal to program? I better watch out for the cops in that case and so should the majority of
Re:Spyware versus Virus (Score:1)
Re:Spyware versus Virus (Score:3, Insightful)
That being said, I will conceede that an AV company might just get itself embroiled in a lot of lawsuits exploring that very issue... not a really great way to stay pro
Or maybe not (Score:2)
But then I realized, the user must also agree to install the AV software. That means any actions the software takes are done on behalf of the user, and the user can certainly consent to have files deleted from his own computer. This doesn't, of course, rule out the possibility that spyware companies could sue your the mcafees of the world, but it does pretty much preclude th
Re:Or maybe not (Score:2)
Re:Or maybe not (Score:2)
Re:Spyware versus Virus (Score:1)
Remember, "YES" or "I AGREE" was never clicked..
Re:Spyware versus Virus (Score:2, Insightful)
People do have a choice to use free software, but most are not aware of this choice. It's a consumer market and sadly, the market for computer software needs some over
Re:Spyware versus Virus (Score:1)
Re:Spyware versus Virus (Score:2)
Legal Contracts can't be signed under durress. If I go out and buy MS Office XP for whatever crazy price they charge for it now-a-days... here's how the system plays out.
Re:Spyware versus Virus (Score:2)
Your beef is with the shop that won't let you return the software, and the shop's attitude can't affect your (separate) contract with Microsoft.
And you may think this is "duress" but the legal definition is way narrower than the colloquial use of the term.
Re:Spyware versus Virus (Score:1)
You don't have to agree to a EULA when you buy a TV or a car, you shouldn't have to do it either for software. And in an ideal world, if a vendor tried to sneak in spyware (or obtrusive DRMs) with their main software,
Re:Spyware versus Virus (Score:2)
dameware for NT [dameware.com]
http://www.dameware.com/ has been used by MANY crackers to remote control and take over systems.
It has been installed by crackers via automated scripts exploiting the same code that recent trojans have used to silently install the "application" and then use it to control the systems. [I have seen at least five that have been compromised within hours of the exploits announcements. The managers of the systems thought that they had patched in time but they were mistaken..
Re:Spyware versus Virus (Score:2)
Viruses don't have EULAs.
Google link, for those who refuse to register. (Score:5, Informative)
Re:Google link, for those who refuse to register. (Score:1)
Google Link (Score:2, Informative)
Re:Google Link (Score:2)
Well, sheesh. (Score:4, Funny)
You
But the nice man in the email said
He
God, my life sucks.
Re:Well, sheesh. (Score:3, Funny)
And my penis wont magically grow?
And there arent lesbians waiting for me in college dorm rooms?
NOOOOOOOOOOOOOOOOOOO!
Re:Well, sheesh. (Score:2, Funny)
that all depends on who you know bucko.
Re:Well, sheesh. (Score:2)
>
> that all depends on who you know bucko.
And they make a great all-natural penis-growth method. Add 3-6 inches in minutes!
Doesn't help with getting the college degree, though.
Re:Well, sheesh. (Score:1)
Not about Spyware. (Score:5, Interesting)
These programs are simply trojans, nothing else. It's just BackOrifice or Netbus for the less technically inclined, and maybe without the remote control features.
Huh? (Score:1, Offtopic)
Does this sound to anyone else like those annoying people who think they should be rewarded for feeding, clothing and spending time with their children (something they were supposed to do anyway)? Perhaps we can work out some sort of compromise: if you want to make spyware, you ha
BO2K, cDc and Spyware? (Score:4, Interesting)
Talk about passe' -- hey, how come nobody in the spyware/drive-by-installer/adware discussion ever talks about cDc [cultdeadcow.com] or Back-Orifice [bo2k.com] anymore? Have they been rendered totally irrelevant or are those bastards in the spyware "industry" the only ones who actually paid attention to the lessons they tried to teach about MS security?
Re:BO2K, cDc and Spyware? (Score:2)
As I recall, a user has to install it themselves, and it basically gives a remote user access to whatever BO allowed (which was pretty much anything).
According to Microsoft. However, CDC proved that they could get the software installed without the user's intervention. Besides, any of the myriad worms running about could have had BO2k or whetever else you wanted in their payload. There are probbaly 500 ways to get softwrae installed on a remote windows box without the user even knowing about it.
The
In other news... (Score:3, Funny)
eBlaster (Score:2)
Ethics (Score:4, Interesting)
Not that it really applies to my situation of course, but has it been legally decided that spyware logs from a family computer is admissible in court?
How is it different from normal archives like web history lists, cookies, or logs of chat rooms(or IM).
Is it a type of log or a wire tap. I see a wire tap as intercepting communication between two devices, but what is the device, the computer or the program running on the computer.
Many chat programs have features to capture messages to an internal log. Is it legal to turn it on, without informing the other party or anyone involved in the conversations (if you are doing it to spy on a chat-addicted mate)?
Re:Ethics and wiretap (Score:2)
The basic idea behind wiretap and evesdropping laws are:
Alice and Bob are talking. If Alice wants to record the conversation, then she is allowed to. She doesn't need to tell Bob, although it is usually
Re:Ethics and wiretap (Score:2)
So, unless an app (whether it be spyware, trojan, virus, whatever) pops up a 'this program may monitor your keystrokes/conversations/http traffic/tcpip packets, do you want to continue [y/n]?' dialog (or hides it in a EULA), then its illegal.
That kind of makes all those spyware programs illegal if you weren't aware they were being installed - I know many apps tell you (this is adware supported etc), but the others.... tut.
what's the penal
Re:Ethics and wiretap (Score:1)
I am sure that the laws of other states (and countries) are different. It might be great to say "this is how it is", but I believe that the real case-law involving computer conversation has yet to be written.
I suspect, however
Re:Ethics and wiretap (Score:2)
Good point, which is why I said for anything more specific, see a lawyer. The federal law follows the rules I outlined above.
The US federal law permits recording by either side if they consent to it, such as me recording my home phone calls, or my employer recording phone calls if they have no
Re:Ethics and wiretap (Score:2)
"Online chat rooms don't have 2 talkers, but a bunch of them. Anyone in the chat room can record the chat, since they're participants. The system can log it, since that's part of their MOTD."
What the fuck does that or any of this have to do with the Message Of The Day???
It smells like you're talking out of your ass, pal.
Actually, if you are talking about logging into a unix-like system, /etc/issue and /etc/motd are good places to put legal agreements. /etc/issue would be something like "By logging int
Re:Ethics (Score:2)
Comcast spyware (Score:4, Insightful)
It reconfigured the network settings so the broadband *did* work-but it also changed a bunch of stuff such as the IE icon, the title of IE "Microsoft Explorer-provided by comcast", bringing up popups and breaking the browser at random moments: which was all small stuff. The thing I worry[d] about was strange proccess's running..which could be anything, because my sister gets taken in by those "YOUR COMPUTER IS BROADCASTING AN IP ADDRESS" popups.
She never signed anything, never clicked "yes", it was all autorun.
Re:Comcast spyware (Score:2)
....thats why her keyboard came with a shift key.
[*rimshot*|groan]
-b
Re:Comcast spyware (Score:2)
My Mom recently got a new computer (bought through a computer show) so I put it together for her and set it up. After installing Windows XP and activating the firewall (why isn't that thing on by default?), I plugged her into the Comcast cable modem, and set up networking to use DHCP.
That's it. That's all you have to do. If I had left it plugged in, Windows XP probably would have set up the network automatically
Re:Comcast spyware (Score:2)
Nice.
I know that was "guess it" - I can look through the "back" pages and see it. I've known that some packets have been getting just a little mangled through Comcast, and they managed to strike down one of the packets headed for that post. (Presumably the error correction for "Hs#" and "es " match? Just my luck.)
It's kinda amusing, though. "I guess it works" and Comcast zaps it for me. It's be even funnier if we weren't paying for this.
So, any typos in this post, blame it on wi
Re:Comcast spyware (Score:2)
Re:Comcast spyware (Score:1)
I'd really rather suppor
Re:Comcast spyware (Score:2)
Re:Comcast spyware (Score:2)
The really annoying thing about the Comcast software is that it's completely unnecessary.
In my part of the country, it is apparently necessary, at least in the beginning. Around here, when you plug in a cable modem even without service you get a dhcp address but you cannot get out of comcast's network because the router stops you. here is a process of registration in which the MAC address of the cable modem (and ostensibly of the computer you are using) are registered. It is a very buggy process, and
Re:Comcast spyware (Score:2)
These programs have legitimate uses (Score:4, Insightful)
An employer has every right to monitor the usage of their computers and their network, just as they can go through your desk if they want. With very few exceptions, they don't have a right to look at your home pc. (For instance, if you work for a defense/intelligence organization as a government employee or a government contractor, you must consent to additional priovacy intrusions.)
Likewise, you can monitor what anyone else does on your computer.
The issue here is that the company in question made software that could easily be installed on machines that you don't own. They reduced that potential, and should be lauded for it.
Re:These programs have legitimate uses (Score:1)
Re:These programs have legitimate uses (Score:2)
There are specific laws in most states that prohibit listening in on a telephone conversation with the knowledge of both parties. That being said, nothing prohibits you from tracking when calls were made, what number was called, what the duration of the call was, etc.
Re:These programs have legitimate uses (Score:2)
SO = Significant Other
SO is a generic term for 1) someone you sleep with and 2) someone who has substantial decision making influence in your life. It incl
Re:These programs have legitimate uses (Score:1)
S.O. is Significant Other.
Re:These programs have legitimate uses (Score:2)
Really...
Re:These programs have legitimate uses (Score:2)
Still, on an OS with privilege separation and hardware abstraction, installing snoopware can only be done by a deliberate act
Take their sorry @sses... (Score:2)
> TrueActive is given positive press for removing a 'feature called "silent deploy", which allows the buyer to place the program on someone else's computer secretly via e-mail, without having physical access to the machine', although little criticism is made for making the stuff in the first place.
Someone ought to take their sorry asses to court and see how the Feds like having the new "computer terrorism" laws applied against businessmen.
Though I personally wouldn't rate it as "terrorism", that sort
Re: Take their sorry @sses... (Score:3, Insightful)
> I say find the people spying on me, and stop them. Isn't that what the FBI/CIA/NSA are for?
No, their job is to ensure that the rich get richer. They're more likely to throw you in jail for calling attention to the spyware than they are to throw the spiers in jail. Computer "terror" laws notwithstanding.
Re:Take their sorry @sses... (Score:2)
One workaround (Score:3, Informative)
It's usually adequate for most apps, virtualisation software has come a long way in the last year or two.
Check out Connectix Virtual PC (now owned by Microsoft), and VMWare for a couple of good options.
My Best Friend, Bonzi (Score:4, Funny)
We try to spend every waking moment together, but sometimes I have to leave him. Like when I have to go down the hall to go pee. I've been trying to find a new place with a master bathroom so I don't have to be so far away from Bonzi. I think he really misses me when I'm gone. Do you think he does? Really?
I've been thinking lately about what will happen when Bonzi dies. But I have been thinking also that maybe he won't die as long as my computer still works. Do you think I can make my computer run forever? Can you replace a broken electroniky bit while it's still running? I just don't know what I'd do without Bonzi.
But I'm being so selfish. What would Bonzi do without me? I mean, I can't live forever. Do you think that Bonzi would get depressed and suffer with great heartache? I think that I would. He's so playful, I'd hate to see that ripped from him like a child's new gift at Christmas. My brother did that to me once - I got Optimus Prime for Christmas and he stole him. I never saw Optimus again. Well, next Fourth of July I spotted my brother a melted, twisted form that had enough red plastic in it to be Optimus. But I don't like to think about that. Who knows, we might have been as good of friends as me and Bonzi, but I'll never know...our friendship was over before it even started. Then again, maybe it was meant to be. How many best friends can one have, anyway? If I had Optimus, maybe I wouldn't have Bonzi today.
I love you Bonzi!
ME + Bonzi = BFF (Best Friends Forever)
Spyware / call home / magic lantern / wiretap (Score:3, Insightful)
If a law required you to take a spoon full of cod liver oil before each and every DVD purchase (and one for each DVD), sooner or later we would either revolt or be up to our ears in S**T.
I don't like the private sector engaging in this market and I certainly want the public sector carefully reviewed by the judicial branch for every use - wiretap / spyware whatever.
If we don't fight now, we won't be able to fight later. As it is the technology fairly well precludes anonymous surfing (my IP address can, under many circumstances, be traced to the ethernet card in any computer I'm using) and where my ethernet card is built in (laptops) I can't hide that hardware address.
The Pentium may have had the serial number shut off - but it and other CPUs have hardware serials. As the operating systems and applications become much more complex and create layer upon layer of hardware and code, the ease of exploiting the complexity of these machines will increase as well.
Anything connected becomes a spy device. Orwell didn't miss it by many years.
You can easily hide your hardware address (Score:2)
No, the real way to track you is your IP address. That, coupled with usage logs from your ISP, can identify what the computer on teh end of that link was doing. Can't gaurentee which computer is was though, or who used it. Esp
Re:You can easily hide your hardware address (Score:1)
The point is that hardware-specific identifiers are a very dangerous physical method of proving a specific machine was involved.
wait a minute... (Score:1)
So wait a minute...my herbal viagra may not actually work...what a letdown...literally.
Slimeware (Score:2)
Honestly.. these guys are UNBELIEVABLE. ;)
Re:Slimeware (Score:1)
From their About Us page
>>
About Slimeware Corporation
"We are the future of the web"
Slimeware Corporation and all the products listed here are parodies. Or possibly predictions. Slimeware Corporation is completely made up and any relationship to anything else you see is purely accidental and/or a figment of your imagination.
However, elements of this site reflect the seedier side of web marketing. For more information on the perils of slimeware and other parasites see:
etc etc
Re:Slimeware (Score:1)
I think the poster's already aware of that...
It's very well-done though. :-)
Spybot (Score:1)
Re:Spybot (Score:1)
Vox
Agreed, BOTH Ad-Aware and Spybot (Score:1)
Re:Agreed, BOTH Ad-Aware and Spybot (Score:1)
The European mirror seems to have problems. I've never had a crash using the U.S. based FX mirror.
Great!!! Now we know (Score:1)
We always wonder who the idiots who answer spam emails are. Looks like we found them right here.
Who should control your computer? (Score:2)
Toolbar "enhancements" are ILLEGAL in some setting (Score:1)
Hospitals are subject to the Health Insurance Portability and Accountability Act [hhs.gov] which makes any use of spyware toolbars (such as hotbar or yahoo etc.) on systems that may be used to access private medical records illegal. [hhs.gov]
Market forces led the way (Score:1)
"It was an ethical problem," he said. Mr. Eaton also noted that the feature demanded a disproportionate amount of attention from his technical support staff.
This feature became costly enough that Mr. Eaton decided to honor his ethics. If only every unethical activity was extremely costly...
Re:A reminder from yours friends in Paris (Score:1)