The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/feb3,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

1. Keyloggers In The News
2. Feature - Registry Mechanic
3. SPY ACT To Exclude Tracking Cookies
4. How To Block Third Party Tracking Cookies
5. Kazaa CTO: Sharman Employees Hate Kazaa
6. Google Blocks Viruses From Search Engine
7. Stupid Administrators and Their Stupid Filters
8. Headlines

Permalink | Top

Two stories caught my interest this week that really highlight the dangers of professional surveillance spyware.

In the first story, a Kentucky sheriff decided to run an antispyware program on the office computers, purely out of curiosity. To his shock, he discovered that surveillance spyware was installed on 4 computers at the police station. The software in question was Spector Pro.

That really is frightening. People could die if the information on a sheriff's computer ended up in the wrong hands. So far, there is no word on who might have installed the software. The FBI has joined the investigation, as there exists the possibility that Homeland Security documents might have been accessed. The sheriff's department computers have been cut off from the county network for the time being.

The second story is a bit less dangerous. A high school student in Fort Bend, Texas attached a keylogging device to his teacher's computer. When he retrieved the device, he discovered the answers to a test had been recorded. The student then tried to sell the answers to other students. Someone ratted him out and he admitted to the police what he had done.

In this case, the student used a small piece of hardware which can be attached between the keyboard and the computer. One device of this type goes by the name of Keycatcher. This type of spyware is undetectable by any spyware scanner. To discover one of these devices, you actually have to look at the back of the computer where they keyboard connects to the computer.

The high school student is expected to be charged with a misdemeanor and to be suspended from school for a period of time.

In both of these cases, the way the spyware was used was clearly illegal. The spyware tools themselves are both legal. The US Congress lately has developed a bad habit of trying to outlaw tools because they can be used for illegal purposes rather than concentrating on the illegal activity itself. That is a very bad habit, one that I hope they can break before it causes too much damage.

Permalink | Top

Program: Registry Mechanic
Author: PCTools
Platform: Windows 9x/ME, NT, 2K, XP
License: Registry Mechanic $29.95 [ http://www.spywareinfo.net/rd/regmech2305 ]($10 off for SpywareInfo readers until Feb 9, 2005)
Coupon Code: SPYWAREINFO (Expires Feb 9, 2005)

If it has been some time since you last installed Windows, then your computer's registry is probably a horrible mess. Everything you do on your computer leaves traces in the registry, from picking through the start menu, opening program, installing programs and surfing the web. These traces build up over time and fill your registry with unneeded junk.

Even after uninstalling them, many programs leave invalid entries throughout the registry and it is nearly impossible to remove them all. If you ever have had a problem with Windows telling you a file is missing after you restart it, this probably is because of an invalid registry entry.

Registry Mechanic scans your entire registry to find these junk entries. It also checks your shortcuts to find those pointing to non-existent programs. Once it has scanned, it lists every invalid registry entry and every shortcut pointing to a missing file and lets you delete them with the click of a button. Every entry that is removed is backed up, in case you need to restore something. Depending on how long it has been since you installed Windows, you might see a small difference to a dramatic increase in performance and stability.

PCTools has provided a $10.00 discount for Registry Mechanic to all SpywareInfo readers for this week. Be sure you use the coupon code SPYWAREINFO at the checkout page. If you have any problems with the ordering page or with the coupon code (SPYWAREINFO), please email Catherine http://www.spywareinfo.com/email2.php.

Permalink | Top

We were soooooo close. Last year's House Resolution (HR) 2929 and this year's HR 29, the SPY ACT, could have been interpreted to regulate or even to ban third party tracking cookies. These third party cookies usually are used to track a particular web surfer across several different web sites, enabling the company serving the advertisements to build a profile of that person. SPY ACT would have exempted cookies served from the actual site being visited by the user. However, third party cookies would not have been exempted.

That all changed this week. The advertising lobby went to work on Congress over the last few months. Their efforts seem to have paid off. HR 29 was rewritten just this week to clarify that none of its provisions will apply to cookies - any cookies.

I believe this is a mistake. Third party cookies should be regulated. At the very least, the companies using them should be required to obtain informed consent from the web surfer before using them. Once given, that consent could be recorded, ironically enough, inside of a cookie.

Let's get the facts straight on this. Cookies are not spyware. However, they commonly are misused as a tool for spying. Think of a piece of brightly colored tape. By itself, the tape is not a surveillance device. But if you put that piece of tape on the rear end of a car, you can use it to identify that particular car in traffic. A tracking cookie is the exact same thing, an innocuous object used for less-than-innocuous purposes.

The advertising industry goes on about how they need cookies to measure the performance of their ads. They don't need to do that, they simply desire to do it. If I see an advertisement on TV, then switch channels and see the exact same ad, they can't track the fact that I saw the ad in two different places. That doesn't make the advertisement any less valuable or useful. The same goes for billboards. If I see a billboard on I-95, exit onto I-16 and see the same billboard there, the advertiser has no way of knowing that I saw both billboards. That doesn't take any value away from either billboard.

Having the ability to do something does not make it necessary to do that thing. Online advertisers have the ability to track a person across every single web site they visit if they serve ads on all of those sites. Just because the ability exists doesn't mean they should do it.

Permalink | Top

This information is taken mainly from my old cookie article (which apparently needs to be updated).

It is a simple matter to disallow cookies from servers not located on the site that you currently are viewing.

Firefox

In FireFox, go to Tools > Options. In the dialog, go to Privacy > Cookies and select "Enable cookies for the originating web site only". (example)

I forget how Mozilla and Netscape handle this. The option to "Enable cookies for the originating web site only" will be somewhere in the options dialog.

Internet Explorer

In Internet Explorer 6, go to Tools > Internet Options. Click the privacy tab and press the "Advanced" button. Check "Override automatic cookie handling" and "Block" under Third-party cookies. Your setting for First-party cookies is up to you, but I suggest selecting "Prompt" as well as "Always allow session cookies". Be warned, the prompts quickly will drive you nuts. See the next item. (example)

Internet Explorer 5 and lower do not have the ability to block third party cookies. An excellent tool for controlling cookies that is compatible with IE 5 and IE 6 is AnalogX's CookieWall. CookieWall will ask you just once what to do with a particular cookie. It will apply that decision every time it encounters that cookie in the future. (example)

If you use CookieWall, my suggestion is that you set Internet Explorer to allow all first party cookies. It is easier to use CookieWall than it is to deal with Internet Explorer's cookie prompts.

Many people say that Internet Explorer 6's cookie handling makes the use of CookieWall unnecessary. I disagree with that opinion. There are many sites run by arrogant webmasters who will refuse to allow you access until you agree to accept their cookies. Internet Explorer (and indeed, all browsers) will reject a cookie immediately if it is set to do that and will report that to the web site. Until you change the settings, you will not be able to access these sites. That is why I prefer CookieWall, because your browser accepts the cookie and the web site is satisfied. What the site doesn't realize is that CookieWall has deleted their precious cookie the instant it is detected.

Opera

In the Opera browser, these settings are located in Tools > Preferences > Privacy. Next to the second drop box labeled "Third Party Cookies", set it to "Refuse all cookies". (example)

Permalink | Top

Some embarrassing internal Sharman Networks documents have come to light in a law suit. Among other things is an admission from Sharman's Chief Technical Officer (CTO) that Sharman employees hate installing Kazaa on their own computers. It seems that all the garbage bundled with Kazaa is too much for Sharman employees to put up with.

Well, at least they realize how annoying it is for everyone else. In case you are curious to see what is installed alongside Kazaa, take a look at this installation log. This log shows what happens even after you deselect all of the "optional" sponsoring adware.

Here are the statements made by Sharman's CTO:

"Open source development efforts from GIFT and MLDonkey have made it possible for developers to connect to FastTrack without the permission of the licensors. Morpheus 4, eDonkey and Shareaza is creating a windows (sic) connection to FastTrack as we speak. If we don’t nip this in the bud then we may have to create out own connections to G2 and eDonkey, creating additional legal risk. In addition to that consumer threat – if consumers can connect to FT (as well as Gnutella 2, eDonkey and Bittorrent) and it has no ads or adware then it would seem a good choice."

"We need to be careful with user resources. Most obvious is in the adware we add to their machine upon installation. This software slows down users’ machines and can affect other activity such as browsing the Internet (as we have seen with PerfectNav). It is reasonable that we show ads in order to create our free software, but I do not believe it is reasonable to place a user in a position where this free software will also make their machine sluggish. Consider how many people that work for Sharman Networks and its partners that hate installing Kazaa on their machines."

Permalink | Top

Search engine giant Google appears to have taken some steps to reduce the effectiveness of certain viruses. There are several viruses which, after infecting a new web server or personal computer, will do an automated search of Google for certain files on other web sites. Using particular queries, you can find files on web sites with specific file type extensions. After analyzing the results of these searches, the viruses will try to exploit security flaws in various web based software to spread itself to the servers running those sites

Attempting to run such a search on Google now often returns the following results:

We're sorry...... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.

Good job there. I hope other search engines follow suit.

Permalink | Top

GGAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!!

*ahem*

Sorry. I needed that.

I have just deleted the five millionth email from some ignorant email postmaster who has bounced a virus-infected email with one of my addresses spoofed in the FROM: field. One of these days I am going to look at my inbox, go berserk, stage a raid on the local Dairy Queen and take hostages.

No idea what I'm going on about? I'm talking about the five or six hundred bounced emails that fill up my inbox every day. These are emails that were not sent by me or anyone else with a spywareinfo.com email address. These are emails which are generated and mailed by a virus which randomly inserted one of my working email addresses into the FROM: field of the email. The reason these emails end up in my inbox is because some idiot has their mail server antivirus software set up to bounce any email with a virus attached.

I am completely, utterly and totally astonished that people are stupid enough to be doing this still. Every single email worm written in the last two years has spoofed the FROM address in the emails they send out. They rifle through the infected computer's address book and use those addresses randomly. Everyone who runs a mail server knows this. Everyone who writes antivirus software for those servers knows this. And yet, they still bounce the damn emails back to the FROM address! Why?!?

There must be nearly as many virus emails flooding the internet as there are spam emails. There are three groups of people that I blame for this. The virus writers are most at fault, of course. I also blame the server administrators who do not disable the option to bounce virus-infected emails. And I particularly blame the antivirus companies for making "bounce email" the default option in the first place.

It shouldn't be an option at all to bounce a virus-infected email. There is no point to it. The FROM address will *never* be the person who sent the thing in the first place. Many of these stupid programs actually attach the virus when they bounce it. They are spreading the virus to people who are not infected in the first place!

I swear, if this doesn't stop soon, I am going to pick someone at random and sue them for bouncing these emails to me - for wasting my bandwidth or for sending me malicious software or SOMETHING. I'm sick of it. SICK. OF. IT.

Permalink | Top

I do not intentionally link to web sites that require registration before allowing visitors to read the article. At the time I read these articles, I was not required to register. If one of these sites requires that you register before allowing you to read the article, please let me know and I will blacklist that site.

http://seattlepi.nwsource.com/local/aplocal_story.asp?category=6420&slug=WA%20XGR%20Parental%20Snooping :: Bill would allow parental exemption to state's privacy laws

http://www.zdnet.com.au/news/software/0,2000061733,39179293,00.htm :: Employees to be billed for personal Internet use?

http://news.com.com/Law+barring+spam+allows+a+flood+instead/2100-7348_3-5558528.html :: Law barring spam allows a flood instead

http://www.prweb.com/releases/2005/1/prweb202055.htm :: McAfee Finds SpywareNuker is not Adware, Agrees to Cease Listing SpywareNuker

http://www.missoulian.com/articles/2005/01/25/opinion/opinion2.txt :: Don't take your privacy for granted

http://www.ecommercetimes.com/story/Webroot-Milestone-Highlights-Spyware-Burden-for-Enterprise-39979.html :: Webroot Milestone Highlights Spyware Burden for Enterprise