The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/apr30,2004.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

Permalink | Top

Howard Beales, director of the Federal Trade Commission's bureau of consumer protection, and FTC Commissioner Mozelle Thompson went before the House of Representatives Thursday to say that no legislation should be created to curb spyware. The FTC also criticized existing legislation currently under consideration. "I do not believe legislation is the answer at this time," Thompson said. "Self-regulation combined with enforcement of existing laws might be the best way to go."

To put it very simply, I am astonished. Self-regulation, from the people causing the problem? Self-regulation, from people whose business model is described as distasteful at best and illegal at worst? What can Beales and Thompson possibly be thinking?

On an encouraging note, the congressmen reacted rather harshly to the FTC's position. Clearly, congress is burning to do something about spyware even if the FTC is not.

I've read the SPYBLOCK Act which currently is making the rounds in the Senate. It is not a perfect solution, especially the exemptions outlined in section five. Section three, however, looks like something I could have written. It outlaws installing software without a clear disclosure to the PC owner. It requires that an uninstaller be provided. It requires that any information gathering be disclosed. It requires disclosure that the software will display ads and how those ads will be displayed.

Not everyone likes the SPYBLOCK Act. I have been arguing about it with another person the past couple of days. His fear is that passage of the SPYBLOCK Act inadvertently would sabotage efforts to stop companies such as WhenU and Gator/Claria from selling ads based on other companies' trademarks. That is a very valid point and I certainly sympathize with web sites having to deal with unethical companies selling ads on their trademarks. However, I feel the benefits of the SPYBLOCK Act for consumers outweighs the risk that it would make it harder for companies to stop WhenU from making money from their work.

To be perfectly honest, I view that as entirely separate issue. Those companies who profit from the work of other companies by selling ads on their trademarks do tend to be adware and spyware. Beyond that however, I see no other relation to the spyware problem and believe it should be dealt with separately.

Utah was very lucky to pass a law that covered both issues so well. If we could have congress pass Utah's Spyware Control Act as federal law, that would be beautiful. Unfortunately I just don't see that happening.

It needs a little tweaking before it passes but, overall, I like the SPYBLOCK Act. Consider this to be my official endorsement of it. If you agree with me, contact your US Senators today and ask them to support the SPYBLOCK Act, S. 2145.

Permlink | Top

Program: Spy Sweeper
Author: Webroot Software
Platform: Windows 95, 98, ME, NT, 2000, XP
License: $29.95*
*Webroot is tossing in an extra year of updates for SpywareInfo readers. (Valid for purchases until May 11, 2004)
Purchase: Click here to purchase

Spy Sweeper is an antispyware program from Webroot, the company that makes Window Washer (another program that I really like). It has received some very favorable reviews and awards. Spy Sweeper was named PC Magazine's Editors' Choice in March 2004.

Spy Sweeper absolutely rocks. On my computer (Athlon XP 2400, 512MB RAM), Spy Sweeper scans in less than twenty seconds. You also can set it to do a much more extensive scan of the entire hard drive. This takes much longer (about 7 minutes on my machine), so I would advise doing this when the computer is not being used. Spy Sweeper will let you schedule an automatic scan, so this is no problem.

The slick interface is very user-friendly and intuitive. You can install this on your grandmother's PC and she will have no trouble using it. If you don't know what a particular button does, just hover the mouse over it for a description.

Spy Sweeper will detect and eradicate virtually every known adware, spyware, browser hijacker and porn dialer out there and it is updated soon after new ones are discovered. It also seeks out surveillance spyware and keylogging trojans.

Spy Sweeper provides active protection against home page hijackers and cookies belonging to web sites known to invade your privacy. It also monitors your PCs memory to watch for targets being loaded in the background.

The results list, showing the targets found after a scan, is the best of any antispyware program. If 20 components are found that all belong to Gator, Spy Sweeper will collapse those results to a single line. Most other antispyware displays an enormous list of individual items and that makes it hard to read. Expand the listing and it will show you each component it found along with its location.

At the bottom, Spy Sweeper shows detailed information about each component, including location, and to which category it belongs. If you want more information about a particular item that has been detected, highlight that item in the list and click the "More Details" button to be taken to Webroot's online database to read more about it. Not everything has a description yet, but they are adding more to it all the time.

Spy Sweeper is careful to point out when removing a particular piece of adware will cause the program that installed it to stop working. Some free programs such as KaZaA will stop working if you remove the obnoxious adware bundled with it, so this is a nice feature.

Permalink | Top

Your home - In the near future

You are awakened in the middle of the night by the sound of the radio. You roll over and slap the alarm but the sound continues. You realize that it is coming from across the room and, instead of music, it is actually an advertisement for an enlargement pill. You stagger across the room and find a tape recorder glued to your wall.

As you turn off the tape recorder, you notice that a poster has been hung on the wall advertising a low-interest credit card. While staring in amazement at this poster, you hear another tape recorder blare to life out in the hallway.

You walk into the hallway to find this new racket. Switching on the light you discover posters hung every few feet on the walls, all advertising different products or services. In between each poster is a tape recorder. You turn off the tape recorder making the noise and another springs to life in the kitchen.

Swearing, you storm into the kitchen to find the same pattern of posters and tape recorders and even a flashing neon light attached to your window. As you turn off the tape recorder in the kitchen (and another starts up on the opposite side of the room), you notice that someone has pried open your back door.

Frightened now, you rush to the telephone to call the police. You pick up the telephone and dial 911. You put the receiver to your ear to speak to an officer, but instead you hear "Thank you for calling the all-night adult intimate chat line. Your phone bill will be charged at a rate of $500 per minute". You try again with the same results. You try 0 for the operator and 411 for information and its the same thing no matter who you call.

Horrified, you rush into the garage past a tape recorder asking if you are fat and a blinking neon sign declaring you to be today's winner. As you approach your car, you see that it has been spray painted with the address of a child porn web site.

You drive to the police station listening to an actor on the radio explain how you too can become a millionaire is just three weeks. You can't turn off the radio and the same thing is on every station.

You explain the situation to the police and they follow you to your home. You show them the crowbar used to bust open your back door. You show them the posters super glued to your wall. You point to the tape recorders scattered across the house.

The policemen take a few notes, then begin to leave. Confused, you ask them where they are going and they say "Sorry buddy, but there's nothing we can do here."

"What do you mean?" you ask. "Look at my house! Someone broke in and glued advertisements all over my walls."

"I see that. Unfortunately sir, no crime has been committed here."

"What do you mean no crime has been committed!? Look at this mess!"

"Yes sir, I see that. Unfortunately our government has decided not to make this sort of thing illegal. Instead, they have asked the advertising industry to regulate themselves and to follow 'Best Practices'".

"Best Practices?? What the hell does that mean? How can this possibly be legal??"

---

Internet advertising companies are out of control. The story above is fiction, but only in that I substituted a home in the place of a computer. What happened to the unfortunate individual in that story is exactly what is happening to countless millions of people every day when they turn on their home computers.

The Federal Trade Commission wants the industry to regulate itself. Will the people who distribute the coolwebsearch trojan voluntarily regulate themselves? I think not. To do what I described above to your home is illegal. Why should it be legal to do the exact same thing to your computer?

Permalink | Top

Reason, a monthly libertarian magazine, soon will send out its June issue to 40,000 readers. Using a number of consumer databases and GPS technology, each issue will be customized to the individual reader. By this I mean that the cover of each magazine will have a satellite photo of the subscriber's home and advertisements customized for their interests.

The issue is a publicity stunt to illustrate the power and pervasiveness of consumer databases. The more information that is given away in surveys or stolen by advertising spyware, the closer we come to a world where anyone with enough money can pull up dossiers on us that would rival the old KGB for the amount of information collected.

Once your personal information is given up or stolen, it never can be removed from the millions of corporate and government databases around the world. Remember this the next time you are signing up at some web site and it wants personal information unrelated to providing its services.

There is an article about this at the New York Times but, unfortunately, they require registration to read their articles. I make it a policy to not link to their site because of it.

Permalink | Top

WhenU has filed a lawsuit against the state of Utah, claiming that the Utah Spyware Control Act violates their constitutional right to advertise (???).

WhenU is asking the court to prevent the law from taking effect next month.

According to the lawsuit: "WhenU's software, one of the apparent targets of the act, is installed only with user consent, and does not invade the privacy of computer users."

Consider that sentence very carefully. Countless numbers of people discover WhenU's software on their machines and have no idea how it got there. We see this all the time at the message boards. I once found their software on my own mother's PC and I know for a fact she didn't install it herself. Second, as I mentioned last week in this newsletter, Ben Edelman has evidence showing that WhenU's software transmits web site addresses to company servers, in violation of their own privacy policy. A recent PC Pitstop study found that 87% of WhenU's "users" had no idea the software was even installed.

Isn't it a crime to make false statements in court?

WhenU hopefully will lose this lawsuit. First, advertising is not protected by the Constitution. Second, if they are claiming First Amendment violations, commercial speech is not protected as closely as personal speech. Third, the law doesn't bother their right to any sort of speech in the first place. What it prohibits is transmitting information about the user (which it does according to Edelman) and using the content of someone else's web site to generate ads.

Permalink | Top

Several months ago, the popular CarTalk radio show (National Public Radio) decided to stop providing audio recordings of their shows in Real format. This was due to many, many complaints from listeners about the obnoxious behavior of Real's software.

Stung by the move, Real Networks claims to have cleaned up their act and has persuaded CarTalk to change their minds.

Many people are disgusted by Real's media player. It used to hijack file associations and make it nearly impossible to change them back. The web site deliberately made it hard to find the free version and provided misleading links to the pro version to trick people into downloading it. It would cause pop-up ads constantly and a past version even installed spyware.

After reading about how Real responded to being dumped by CarTalk, I decided to check it out to see if they had indeed cleaned up their software. While they have made a few changes, I'm afraid that it is still an obnoxious piece of software.

The free and paid versions now are on the same page (one click inside the site) and side by side. So the claim that they have stopped misleading people away from the free and toward the pro version is true. After clicking the download link, it went to a download page which somehow snuck a pop-up ad past FireFox. Ironically, that ad was for the very program I was downloading.

The program has stopped hijacking media associations. It asks if you want to associate music and video files with Real Player and it does honor your choice. It even asks you where to put program icons rather than just dumping them all over the desktop and quicklaunch bar.

Sadly, these are the only good things I'll have to say about it. For one thing, by default, there are 4 different "contact me about stuff" options checked. Immediately after it finished installation, my firewall popped up four different times to tell me it was accessing the internet. I decided to log every firewall access to see what would happen. After an hour of playing music, the firewall logged an astounding 2,500 distinct internet accesses, and this was after I had gone through the options and disabled all of the "phone home" options.

After installation, but before I could use it in any way, it demanded I fill out a survey! The questions asked my name, email address, home address, age, sex and zip code among other things. There was no way to use the program at all without filling out this unnecessary survey, which of course I filled out with false answers.

The software has a "message center", which I assume is for displaying ads. It does allow you to disable the "message center" but it pops up an obnoxious warning box when you do so. It also has an updater that runs by default and installs updated software by default. You can disable this in options also.

The EULA contains 6,854 words, all of which must be read in a small box that forces you to scroll down every couple of paragraphs. Buried far down in that license are the following tidbits:

...

e) Secure Content Consumption: The RealPlayer client may be required to send statistical data to servers regarding the consumption by an end user of content secured using the digital rights management technology contained in this Software to protect the integrity of the content ("Secure Content"). This communication serves to enable the content provider to calculate usage-based royalty amounts needing to be paid to owners of such Secure Content ("Secure Content Owners"). . DIGITAL RIGHTS MANAGEMENT SYSTEMS ("DRMs").

...

a) The Software includes a DRM called the RealSystem Media Commerce Update Software ("Media Commerce Software") and may include third party DRMs as Plug-in components, which are subject to their own license agreements.

...

RN is not responsible for the operation of third party DRM in any way, including revocation of your content. RN is not responsible for any communications to or from any third party DRM provider, or for the collection or use of information by third party DRMs. You consent to the communications enabled and/or performed by the DRM, including automatic updating of the DRM without further notice, despite the provisions of AutoUpdate defined in Section 6(c). You agree to indemnify and hold harmless RN for any claim relating to your use of a third party DRM.

Secure Content Owners may, from time to time, request RN or its suppliers to provide security related updates to the DRM components of the Software ("Security Updates") that may affect your ability to copy, display and/or utilize the Software. You therefore agree that, if you elect to download a license from the Internet which enables your use of Secure Content, RN or its suppliers may, in conjunction with such license, also download onto your computer such Security Updates that a Secure Content Owner has requested that RN or its suppliers distribute. Unless notification is provided to you, RN and its suppliers will not retrieve any personally identifiable information, or other information, from your computer by downloading such Security Updates.

...

c) The Media Commerce Software allows you to receive and playback content that has been digitally secured by a content provider. The Media Commerce Software interacts with your computer in the following ways: 1. Hardware information: In order to download the appropriate software, RealPlayer must send certain anonymous information about the hardware on your computer to the RealNetworks download server. Once the software is installed, information about your hardware will not be stored on any server. Hardware information will also be sent for content passes, as described below.

...

Basically, it will install copy protection software which limits the way you can use content that you download or even content that you have purchased. This copy protection software will make internet connections without your knowledge and install other software, also without your knowledge. That by itself guaranteed its removal from my PC after this little experiment.

Decide for yourself if you want to install software such as this on your property. Winamp will play every known type of music or video file except for QuickTime and Real and does it without being so obnoxious. QuickTime is perfectly acceptable for playing its file types and Cowan's Jet Audio will play Real file types without having to install Real itself.

Permalink | Top

I received a lot of email when I asked for opinions on a radar detector last month. Obviously I created the mistaken impression that I intended to fly up the entire length of I-95 at 100 MPH. Rest assured that this is not what I did. I just wanted to be sure I didn't add to some county mounty's ticket quota while rolling down some hill or bridge.

I want to thank everyone that gave their suggestions for a detector, especially the guy who said his truck has two speeds, dead still and wide open (had a good laugh at that). Several people wanted to know which one I decided to buy, so I thought I'd mention it.

Opinion was split about 60/40 in favor of the Valentine One over the Escort Passport 8500. After reading dozens of reviews of both, I decided to buy the Escort Passport. Experts seem to agree that it's better at ignoring false hits and better at detecting the newer Ka band radar. It's also a hundred bucks cheaper and the Valentine's directional arrows aren't worth that extra $100.

I also want to say thanks to everyone who warned me about detectors being illegal in Virginia (which I knew already) and in Washington D.C. (which I didn't know). I locked it up in the trunk before leaving North Carolina. The trip was a lot of fun and, no, I didn't receive any tickets.