The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/jan27,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

This contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

Microsoft soon will block pirated copies of Windows from being able to install security and bug updates. Initially, people with illegitimate copies of Windows still will be able to use the automatic update function built into Windows. Eventually, I predict, that also will end.

I don't believe that this is a very good idea. In most cases, I would agree that a company has every right to cut off support for people who use their products without paying for them. However, Microsoft is not most companies.

Microsoft Windows runs on most home computers. When a new security flaw is discovered in Windows, it effects nearly all home computers. Quite often, that causes pain for the entire internet, even for people who do not use Windows. Linux and Macintosh users have to put up with a neverending barrage of spam and virus-laden emails. That spam usually is relayed by a trojan, which is exploiting a Windows flaw.

Microsoft has a monopoly on home computers. They built that monopoly with legal and illegal means. Nearly every computer in the world, whether running Microsoft's software or not, is effected by problems with Windows. Microsoft cannot be allowed to deny security patches to people even if they are pirating their software. These people are not going to buy Windows just so that they can fix security problems. They simply will continue running the buggy software and end up creating problems worldwide.

I think Mark Rasch summed it up best in his article entitled "Anti-Spyware as Anti-Piracy":

This can be the electronic equivalent of automatically disengaging the brakes on stolen cars -- sure it will reduce automobile theft (and the sale of stolen vehicles), but at the cost of making everyone less safe.

I hope Microsoft comes to its senses on this issue. If they do not, I hope someone imposes common sense on them and forces them to continue providing updates to all users. They built their monopoly; now they have to deal with the consequences of having it.

Permalink | Top

Program: Spycop
Author: Spycop
Discount: 20% discount for SpywareInfo readers. (Valid for purchases until Feb 2, 2005)
Purchase Spycop: Purchase Spycop (http://www.spywareinfo.com/downloads/spycop0127)

There is the sort of spyware that comes from installing programs like Kazaa and Imesh. This kind of spyware will track your web usage to produce more relevant pop-up ads. This is an annoying and unfair invasion of privacy. However, other than the aggravation of dealing with pop-up ads and spam, this kind of spyware usually is not dangerous. These can be cleaned up relatively easily with Ad-aware and Spybot.

More dangerous are the surveillance and monitoring programs. These programs are used to steal passwords to bank and credit card accounts. A business rival can bribe an employee to install spyware on the company network. Further, the company itself might install spyware to watch you while you work. These commercial spyware programs cost money to buy for testing and not all antispyware companies can afford to keep up with each new version.

SpyCop is the leading solution for finding computer monitoring spy programs, keyloggers and commercially available software designed specifically to record your screen, email and passwords. SpyCop will detect the spy, tell you when it was installed and disable it. SpyCop claims to have the largest database of surveillance spyware, over 400 targets in all.

Spycop is discounted 20% for SpywareInfo readers for this week.

If you have any problems with the purchase page or with the coupon code (SPYC-YB5E-SCAN), please email my partner Catherine.

Permalink | Top

There has been a bizarre turn in the spam wars. An Ohio man is being sued after his complaints to several Internet Service Providers (ISP) caused them to terminate service to a spammer. Brian Haberstroh aka Atriks aka Sendmails Corporation aka Distributed Mail Corporation of New Hampshire (Haberstroh from here on out) has filed a lawsuit against Jay Stuler of Ohio claiming tortious interference with contracts and two counts of defamation.

Haberstroh is claiming that, under the USA CAN-SPAM law, his emails are not spam. Others disagree with Haberstroh on this point. A software product distributed by one of Haberstroh's companies, VirtualMDA, is designed specifically to hide the IP address of the machine sending out a mass of email. People are paid five dollars to install the software and then one dollar per computer CPU hour that the software uses in relaying spam for Haberstroh. That sort of behavior is specifically outlawed under CAN-SPAM.

The lawsuit has come about after Jay Stuler began receiving spam from Haberstroh's companies in April 2003. Like any good internet citizen should do, Stuler forwarded the spam to the ISPs from which it originated. Acting on Stuler's complaints, several ISPs terminated service to Haberstroh's internet service. In retaliation, Haberstroh has filed this lawsuit.

This lawsuit seems to be little more than harassment. Haberstroh seriously cannot expect to win this case. If he was serious about his "I am CAN-SPAM compliant" argument, he would be suing his ISPs, not Stuler. Haberstroh is even asking that the court force Stuler to pay his legal fees.

Stuler has vowed to fight the lawsuit. He is asking for donations to help cover his legal expenses. For information about that and about the case, visit his web site: http://spamlawsuit.spamshield.org/ .

It is very important that Haberstroh lose this lawsuit, for a number of reasons. First and foremost, we cannot allow a situation where spammers simply can scare people away from reporting them as spammers. Every single case where a spammer tries this must be fought and won to keep them from doing this on a regular basis. Second, a spammer cannot be allowed to win a lawsuit where CAN-SPAM is used to justify his parasitic business practices. That would set a horrible precedent.

If you have a few dollars to spare, please consider sending them to Jay Stuler to help him win this lawsuit. This is a case that *must* be won by the good guy.

Permalink | Top

Techies at Google have hit upon an idea that should block the efforts of pagerank spammers. Pagerank spam has become the bane of nearly all bloggers. If you run a blog or any other sort of software on your web site that allows visitors to post comments, then you know exactly what I am talking about.

Pagerank spam, also known as comment spam, is where someone (or their automated bot) posts a link to some web site in your blog's comment section. They do this not in the hope that someone will click the link to their site. They do it so that when Google or another search engine crawls your web site, the fact that a link to their site exists on your site will increase their own site's page rank.

The writers of most blogging software have agreed to update the code in their programs based on this idea. Once a user updates his blogging software, all links submitted by visitors will have a piece of HTML code attached to them. This HTML code will tell participating search engines to ignore that link.

For those who create web sites that strictly follows approved W3C standards, don't worry. This tag is perfectly valid and will not cause your pages to fail validation.

The following is Google's explanation of how this works to block spammers:

Q: How does a link change?

A: Any link that a user can create on your site automatically gets a new "nofollow" attribute. So if a blog spammer previously added a comment like

Visit my <a href="http://www.example.com/">discount pharmaceuticals</a> site.

That comment would be transformed to

Visit my <a href="http://www.example.com/" rel="nofollow">discount pharmaceuticals</a> site.

The search engines which agree to honor this HTML tag will never index that particular link. At this point, Google, MSN and Yahoo all are planning to update their web crawling robots so that they will ignore links that include the "nofollow" tag. If this plan works out, then hopefully this will be the end of pagerank spam.

Permalink | Top

CASPIAN, Consumers Against Supermarket Privacy Invasion and Numbering, has called for a boycott of Tesco. For my fellow Americans who do not recognize the name, Tesco is the European version of Wal-Mart. Tesco is the largest retailer in many European and Asian countries and is the third largest retailer in the world.

Tesco caused a firestorm of protest in 2003 when they were caught red handed snapping photographs of shoppers, without their knowledge. When shoppers picked up packages of Gillette brand razors, an RFID signal was sent which caused a hidden surveillance camera to snap a picture of the person holding the package. This led directly to a boycott of Gillette products by the same group now boycotting Tesco.

The current ruckus is over Tesco's expanded use of RFID tracking chips on individual items of merchandise in their stores. These chips are not being disabled or removed at the point of purchase. That means that people will have tracking chips embedded in everything that they take home from Tesco. This is cause for serious concern for many people.

Considering the number of people concerned by the chips and the fact that Tesco has been threatened with this boycott for years, one would assume they would choose to avoid the controversy simply by removing the chips during purchase. Tesco claims that they will have no use for the chips once they are taken home. This begs the question of why Tesco doesn't simply remove the chip once the item is purchased. Why is it so important to Tesco that customers leave with these tracking chips enabled?

I tend to be a little wary of boycotts. There often is a lot of rhetoric and hot air and very little logic coming from the groups calling for boycotts. Still, after a little thought, I have decided to endorse this boycott of Tesco. It is simply irresponsible to embed tracking chips on merchandise and then send people home with them. Most people will not know that the tags are there and it is wrong to slip tracking chips into their shopping bags without the customers' informed consent.

Tesco, where is your common sense? Why is it so important to you that your customers leave your store with live tracking devices? You are being boycotted for doing something that is entirely avoidable. REMOVE THE DAMN CHIPS WHEN THE ITEM IS SOLD! Do that and *poof*, the boycott likely would end.

Permalink | Top

Some time ago, I published a list of file sharing programs. If they bundled spyware, they were listed as "infected". If they did not bundle spyware, they were listed as "clean". So many file sharing programs bundled some sort of spyware that I simply assumed that all of them did it, unless I had tested them personally and found them to be clean. With the popularity of file sharing programs, I felt it was necessary to point out which programs were clean.

The list has grown old and has gotten a bit dusty. It hasn't been updated in over thirteen months. Also, it never did include all file sharing programs. It only listed the programs I had heard of.

I would like some help from all of you so that I can update it.

Take a look at the list as it is now: http://www.spywareinfo.com/articles/p2p/

What I would like help with is this. If a file sharing program is not listed, please send me the name and web site where I can download it. I'll test the program to see if it bundles any parasites and then list it on that page.

If a program is listed already but should be moved from the "clean" to "infected" list (or vice versa), let me know. For instance, I have heard that Limewire now is completely spyware-free again. I haven't tested it yet but I plan to do so in the next couple of days. If it is true, then I will update the page to show that newer versions of Limewire are clean.

With your help, I hope to have this page up-to-date by next week. You can email me at mike@spywareinfo.com if you want to help out with this.

Permalink | Top

Did you know that spywareinfo.com was a reputable news source? Well, actually it is not. Unfortunately, some people mistakenly believe that it is.

In order to make this newsletter more interesting, a long time ago I started writing each individual piece as if it were a news story. Unfortunately, I've noticed a few sites quoting from these stories or referencing them as if they were actual new stories, like you'd find on cnn.com.

Just to clear up any confusion, everything in this newsletter is always commentary. I may be reporting actual news but it is still my commentary on the news, not a news report in itself. I don't pretend to be unbiased or objective, which is what you would want from a news article. I am not a journalist. I am more of a blogger, even if I don't use blogging software or call it a blog.

I try to be careful to make sure that opinions are labeled as opinions. If I state something as a fact, I try to be sure it is accurate. I never deliberately write anything that is untrue. If I find out something that I wrote is not true, I'll correct it in a future newsletter. You might recall my near flub with SBC several weeks ago.

I have updated the "disclaimer" gibberish at the top of each newsletter to point out that this is all commentary. Actually, I am considering taking some journalism courses. Until I do that however, I do not pretend to be a journalist and anything I write here should not be treated as anything but what it is: commentary.

Permalink | Top

Every copy of this newsletter that is mailed out should have a link at the very bottom. Clicking that link will unsubscribe your address and remove it from the database. Someone sent an email last week saying that the unsubscribe link was not clickable. I don't know what the problem was. Maybe the email program mangled the link somehow.

Another problem that I hear about frequently is that the link is clickable but simply does not work. That is caused by the email program wrapping the link to an extra line and breaking it. The link is so long that this happens in some email programs. Whenever I click the link myself, it always works fine (using Thunderbird).

If you have problems with the unsubscribe link, you always can reply to the newsletter and explain what you are trying to do. I will take care of it manually. If you are trying to change your subscribed address, the quickest way to do that is to unsubscribe and then sign up again with the new address. I can do that manually also, if you have trouble with the link in the newsletter.

I don't like putting the instructions for all of that in the actual newsletter very often. For some mindboggling reason, most spam filtering software consider instructions on how to unsubscribe as evidence that the email is spam. It actually counts as 4.2 "points" in SpamAssassin. By default, SpamAssassin will consider an email to be spam at 5 points. This is confusing, ironic and more than a little sad. If I didn't allow anyone to unsubscribe, the newsletter would be less likely to trigger a spam filter. Of course, that would make me a spammer, the very thing these filters are supposed to guard against.