The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/dec14,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

• Boldly Going Where No Employer Should Go
• Feature - PCTools
• Houston, We Have A Problem
• Biometric Security Devices Fooled By Toys
• Adware Companies Profiting By Accident
• Certified Downloads. Is That A Good Idea?
• Request - How Do I Prevent Volume Tampering?

Permalink | Top

A German company called Laserline has just fired one of its workers for smoking. Private detectives were hired to take pictures of the guy lighting up in his back garden...

Anyone else feeling a chill right now? I wish I could say that I made up that quote for dramatic effect. Unfortunately, that it is a direct quote from an article reporting on the incident. Similar incidents are happening in the US as well.

This is a growing trend, one that I feel is far more dangerous to our way of life than terrorists and the Patriot Act combined. If employers are permitted to dictate how workers are to behave in the privacy of their own homes...

Do you hear that? It is Benjamin Franklin rolling over in his grave. I think old Ben was a smoker too.

This company in Germany hired private detectives to spy on employees, then fired a man for smoking in his backyard. A distributor of Miller beer in Racine, Wisconsin was caught on camera drinking a Budweiser, during some local city event. His picture was published in the local newspaper and he was fired that very day. A Budweiser distributor in Colorado fired one of its employees because he was seen drinking a Coors in a bar.

I understand that private employers can do things forbidden to the government. If you go on television and say bad things about your company, do not be surprised to see the contents of your office packed into a cardboard box the next day. However, a line must be drawn somewhere. Companies and corporations are not totalitarian governments, nor should they be allowed to behave as such.

We are not discussing spyware, installed on the company computer, catching someone surfing for porn during work hours. These people, while off duty and miles away from company property, were fired for doing things that were entirely legal.

Why is this being permitted? Why are the labor unions not on Capitol Hill raining down fire and brimstone upon the Congress? What's next; NBC firing employees for watching ABC while they are at home?

I meant what I said earlier: this trend, if allowed to continue, threatens to destroy our liberties. Companies cannot and should not be allowed to dictate what people do in their own homes. The owners of those beer distributors and the owner of Germany's Laserline should be thrown in prison for what they did.

If you are a union worker, you need to speak to your rep about this. The next company that decides to suspend the Constitution in our homes might be your's. The labor unions, all of them, need to march straight up the steps of the Capitol building and demand that companies be ordered out of our homes.

We need to do something about this. Today, it is private detectives snapping photos of you in the back yard. Tomorrow, they will be planting microphones and cameras in your bedroom. Is that the world in which you want to live?

Permalink | Top

Program: Spyware Doctor
Author: PC Tools
Platform: Windows XP, Me, 98, 95 and 2000

Purchase Spyware Doctor: $19.95 (Normally $29.95. Discount applied automatically until Dec 29, 2005.) http://www.pctools.com/spyware-doctor/purchase/?ref=afl_spywareinfo

Purchase Privacy Guardian: $19.95 (Normally $29.95. Discount applied automatically until Dec 29, 2005.) http://www.pctools.com/privacy-guardian/purchase/?ref=afl_spywareinfo

Purchase Registry Mechanic: $19.95 (Normally $29.95. Discount applied automatically until Dec 29, 2005.) http://www.pctools.com/registry-mechanic/purchase/?ref=afl_spywareinfo

Read my review of Privacy Guardian or Registry Mechanic for more information about those programs.

I gave Spyware Doctor a test drive on my computer a couple of months ago. After playing with it for awhile, I consider Spyware Doctor to be one of the top antispyware programs. On a scale from 1 to 10, I would give this program a 9 1/2.

PCMag evidently agrees with my opinion. PCMag editors included Spyware Doctor in their "Best of the Year" awards for 2005. Spyware Doctor also is a PCMag's Editors Choice for this year.

Spyware Doctor is a very nice and very polished antispyware protection program. The interface is uncluttered and easy to navigate. A system scan is initiated with the click of a single button. The same goes for updating the program. You could give a copy of this program to your grandmother for her first computer and she would have no trouble running it, with the default settings.

You may remember my marathon spyware killing experiment. I still have a copy of that infected virtual machine. On my "infected" test system, Spyware Doctor found a staggering 2,400+ infection items, kicked several processes out of memory and blocked 19 malicious start up entries.

Every item found was organized by the name of the malware and included a short description, as well as a detailed listing of every file and registry entry that it believed to be associated with it. Every item is labeled with a "threat level", showing how serious PC Tools considers that particular piece of malware to be.

OnGuard, the real-time protection module, protects against several methods used by browser hijackers and other malware. All of these components optionally will pop up an alert if something is detected. If a piece of malware exploits a browser flaw and tries to install itself, you will know about it immediately.

This is an excellent program. I consider it to be my favorite spyware scanner. Spyware Doctor has my recommendation - it is that good.

PCTools is offering a $10.00 discount on each of their top three programs, for the next two weeks: Spyware Doctor, Registry Mechanic and Privacy Guardian. The discounts should be applied automatically when using the links above. You will see the discount applied when you click the green purchase button.

If you have any problems with the ordering page, please email Catherine: http://www.spywareinfo.com/email2.php. Anyone buying as a corporate customer and needing many copies of this program, please contact Catherine.

Permalink | Top

An unfortunate problem may be on the way. As adware, spyware and browser hijackers have become more sophisticated, antispyware programs have had to use more sophisticated means to catch them. Unfortunately, this may cause conflicts with antivirus programs using the same methods.

Antivirus programs historically have done a poor job of cleaning or even detecting spyware, although that has improved recently. Antispyware programs generally do not bother to detect viruses and trojans, since that is not in their mandate. For this reason, most people (sensible people anyway) have both antispyware and antivirus programs on their computer.

A very sophisticated, if low-level, technique used by antivirus software to catch viruses is to scan at the kernel level. The kernel is the lowest level of an operating system. By scanning at this low level, it leaves very little room for a virus to hide.

A number of antispyware companies are planning to introduce kernel-level scanning in their products. There really is no way to avoid it. The line between adware, spyware, viruses and trojans has virtually disappeared.

All of these types of parasites have poached each other's methods to replicate and to hide. Only the purpose of this unwanted software determines what it is called these days. The antispyware programs have to keep up, if they are to be of any use.

This is causing some concern in the antivirus industry. Two programs, both scanning at the kernel level at the same time, can crash a computer. Every antivirus company warns customers against using two different antivirus programs at the same time. People may end up having to make a hard decision: antispyware or antivirus?

The best way to avoid this potential problem may be cooperation between the antispyware and antivirus industries. An industry standard may have to be hammered out for kernel-level scanner drivers.

The kernel-level drivers can be written in such a way that, if more than one program is trying to access them, the drivers will juggle the requests to avoid a conflict. Two scanners would not be using the same resources at the same time and a system crash would be avoided.

The only other option would be for the antispyware and antivirus industries to encroach directly onto each other's territory. They would become direct competitors, with each side detecting both viruses and spyware.

As it stands now, antispyware programs do a poor job of detecting viruses and worms, while antivirus programs do only a fair job of detecting spyware. I don't see it as being in the best interests of the end users for each side to try and do the other's job. I hope the companies in both industries also see it that way and decide to work together.

Permalink | Top

We've all seen it in one movie or another. The hero is standing in front of a sleek, steel blast door. He places his hand on a pad, which begins to glows red. He puts his eye against a face plate and a laser scans his retina. Satisfied that our hero is someone who is allowed to enter, the door opens with a hiss of air.

It is called biometrics, technology that creates a unique digital signature based on certain parts of the human body. The lines on our fingers, the pattern of blood vessels in our eye balls, alignment of the bones in our faces and even the sound of our voices are all unique to us. It is impossible for another person to share any of those features, statistically speaking.

So it would seem that biometrics could produce a perfect, foolproof security device, right? Don't be so sure.

The Electrical and Computer Engineering Department at Clarkson University put fingerprint scanners to the test. Using dental molds, they made casts of fingers from volunteers, then made replicas using Play-Doh.

They found that fingerprint scanners could be fooled by these fakes in 90% of their tests. If Play-Doh can fool these scanners, it runs the risk that someone can cut off a person's finger and use that to bypass security devices.

The Clarkson researchers suggested that this could fixed by adding perspiration detectors. The sweat on a living finger would produce another unique signature, which likely could not be faked. When they tested this arrangement, they still beat the detectors 10% of the time.

The point of all this is that biometrics technology is not quite ready for prime time just yet. Don't let a company tell you that you can replace your security guards with biometric scanners. The simple expedient of putting an armed guard next to the fingerprint scanner would prevent an intruder from gaining access with a severed finger.

* Play-Doh is a registered trademark of Hasbro

Permalink | Top

My friend Tom Wilson refers to all spyware, adware and other malware as "slyware". The term certainly fits.

Among other sly, sneaky behaviors, adware makers sometimes make a profit from companies that never intended to advertise through their software. The problem has caused embarrassment to a number of companies over the last few years.

A company decides to start a new promotion for their service or product. Their marketing department starts making calls to people who arrange for internet advertising. Those people make calls of their own. Eventually, the advertisements percolate out until it reaches the people who will publish them.

Unaware - or not caring - that it is unacceptable to the company paying the bill, someone in the complex web of advertising companies arranges to have the ads appear on your desktop, by way of adware.

The company paying for the advertisements could be totally innocent. The ads have filtered through so many hands that they may not realize that their ads are spamming people through an unwanted adware program. Their first knowledge of the situation comes when the complaints begin to arrive.

The company takes the public relations black eye, while the adware makers take their money.

McAfee was caught flat footed last week, when it happened to them. It was even more embarrassing in this case, because the advertisements were for their antispyware program.

Obviously, McAfee did not authorize anyone intentionally to deliver their advertisements through an adware program. They were as much a victim as were the people who saw the ads popping up on their desktops. The Director of Operations for McAfee AVERT Labs, Joe Telafici, reportedly became enraged when he found out about it.

This sort of thing has happened several times over the last few years. When some unwitting company discovers that it has happened to them, usually they move quickly to pull the ads. Sometimes they publish a press release to apologize to the public.

In a few cases, pink slips have been delivered to the marketing department. Mercedes-Benz fired their whole advertising agency in 2004, when they discovered that their ads were appearing in software from Gator/Claria.

Last year, PCPitstop published a list showing the top 20 advertisers using Claria's services. It caused such an embarrassment for the companies involved that one of them, Date.com, terminated their arrangements with Claria. Another company, RateMyMortgage.com, threatened PCPitstop with a lawsuit. RateMyMortgage.com has stopped advertising through Claria.

So, there are two lessons to be learned here. First, companies that run advertisements on the internet need to spell out specifically that their ads are not to appear in spyware or adware, if that is not what they want. Otherwise, someone down the chain of advertising agencies will do it, then plead ignorance when the complaints arrive.

The second lesson is that companies listen to complaints and take them seriously. If your computer becomes infested with some sort of adware, you should write down the names of the companies whose products or services are being advertised, before you clean off the parasite.

After you have sterilized your computer, look up those companies and write to them. Be polite, but make it clear how annoying and frustrating your recent experience with adware was. Point out that they helped to finance that unpleasant experience and that you refuse ever to buy from them, as long as they continue to pay to have other people go through the same thing.

If the company knew that their products were being advertised through adware, your complaint may make them realize how the activity is hurting their image with potential customers. If they did not know, they may be shocked and demand that the advertisements be removed.

Remember, we will never be rid of adware, spyware, spam or pop-ups as long as companies use them to advertise. The people responsible for them do not care what regular people think of them. The companies who fund them do.

Permalink | Top

Yet another project is in the works to certify software as "spyware free". This has been tried in the past, mostly by small outfits that no one has heard of. In at least two cases, people were selling certificates to anyone willing to write a check.

This new project involves TRUSTe, AOL and Yahoo. People actually might pay attention this time.

It certainly sounds like a logical idea. These companies will examine the software, determine if it meets certain criteria and then decide whether or not to issue a certificate. If it has the seal, you can trust it; or so goes the idea.

Mark my words. In fact, print this out and stick it in a drawer for future reference. This project will not work and it may cause more harm than good.

Allow me to predict what is going to happen. Some people will sit around a table or have a conference call. The first thing they will do is decide what criteria would prompt them to reject a piece of software. This already may have happened.

This will be where the whole project fails. They will make the criteria too loose. Either unintentionally, or through the lobbying efforts of adware companies, they will create a large enough loophole that companies such as Claria, WhenU and, possibly even 180Solutions, will qualify for certification.

When this happens, what will be the point of the certificate? That is exactly the sort of software people would want to be warned about.

Do you remember what happened to COAST, earlier this year? COAST was a group of antispyware vendors who tried to work on standards for software makers. Anyone could join, as long as they met certain criteria.

180Solutions applied for membership. Surprisingly, 180 managed - just barely - to squeak past the criteria set by COAST. They backed themselves into a corner with their own guidelines and saw no choice but to admit 180Solutions into COAST.

A few weeks later, every single founding member pulled out of the consortium. The surviving COAST membership, after all of the founders withdrew, consisted of NoAdware.net, NewDotNet, Weatherbug and 180solutions. Hardly a group you'd want creating standards for spyware and antispyware.

I can point to another example of why this effort will fail. Just look at what is happening in the antispyware software market. You would expect antispyware programs to be the last place where spyware or adware would be given any sort of a break. Sadly, not even antispyware programs always give you the whole picture these days.

Lavasoft backed itself into a similar corner earlier this year, when their threat guidelines briefly caused them to delist Claria. Some other antispyware companies placed all or some adware programs on the ignore list by default. If you can't even trust antispyware programs to tell you about the software you expect to be informed of, what chance is there that this certification effort can be trusted?

Now I warn you, not long after you read this, certain adware companies will ask you to dismiss it as the ramblings of a "zealot". This seems to be the new weapon of choice in the public relations war between spyware and antispyware, to call people like me zealots.

It is laughable when you think about it. When an unethical, amoral company pays people for installing their unwanted software through security holes and alongside trojans, viruses, rootkits and software bots, you really cannot take what they have to say seriously.

I could be wrong in my predictions about this certification effort. In fact, I hope that I am wrong and I hope that I will be eating my words about this, a year from now. Judging by recent history, I believe that I will be right. I believe that the standards for this "certificate" will be set too low. The very software you want to avoid will end up being certified and the entire process will end up doing more harm than good. A year from now, we will see if I am right.

Permalink | Top

I need to ask for help with an annoying Windows problem. Certain media players, especially Windows Media Player, tamper with the WAVE volume setting. When I am done with the program, the level is not put back to where it was before it was tampered with.

This is one of those small, minor little Windows annoyances that drives people nuts. I am tired of my volume settings being changed. Does anyone know of a program that will put an ironclad lock on my volume settings? Or perhaps a group policy setting that prevents the sound settings from being altered? I have XP Pro, so I can use GPedit, if that will do any good.

Permalink | Top

SpywareInfo has a new(ish) feature, listing news headlines relevant to spyware, privacy and safely using the computer. There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

This Spywareinfo News Section is updated every day - and several times during the day. It is a section of Spywareinfo that we hope will keep you informed on a daily basis - and keep your internet time a bit safer. Go have a look.

Permalink | Top

Running SpywareInfo has become an expensive thing to do. We are using three separate servers to display the site and to protect it from denial of service attacks. This is not a cheap web site to host.

If you would like to help with the costs, there are three options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 71
Vidalia, GA USA 30475

Thank you very much for your contributions.

You can also purchase t-shirts, hats, bumper stickers and other items from our CafePress storefront. We'll have more designs to offer soon.