The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/june30,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

This is definitely one of those stories that will make your jaw drop. According to The New York Times, negotiations are under way for Microsoft to buy Claria. Claria is the company responsible for Gator adware.

This is how the deal would work if this purchase happens. Microsoft would have the information collected from forty million people who happen to have Claria software on their computers. Microsoft then would use that information to serve personalized advertisements based on the surfing habits of those people.

Now wait just a second. Is that not the exact behavior that made Steve Gibson coin the term "spyware" as it relates to advertising software? Microsoft wants to become an actual spyware company?

Few things Microsoft does make any sense to me but this one really takes the cake. Last year, Bill Gates announced that his own computer had become infected with spyware and decided on the spot that Microsoft was going to do something about the problem. Shortly thereafter, Microsoft acquired an antispyware company and then re-released their product under Microsoft's label. I actually know a guy who recently was hired to work on that product.

Now, suddenly, Microsoft's chiefs want to become part of the problem their founder claims they are trying to fix? I'm lost. I'm honestly lost.

Apparently there is significant opposition to the idea from inside Microsoft. Those opposed to the plan fear, correctly, that Microsoft would be denounced as trying to become a Big Brother, tracking everyone's computer habits and profiting from it. Whoever you are at Microsoft that thinks that, trust me when I tell you that you are correct.

Even without a deal like this with a company such as Claria, people already believe Microsoft collects intrusive amounts of information about them. This latest crackpot idea is going to do nothing for Microsoft's image except to hurt it. Let's list just a few of the things that have set off privacy alarm bells.

In the past, Microsoft's MSN web site was caught using redirection and session ID tracking to track visitors across a range of Microsoft owned web sites, even if all sites involved had their cookies blocked by the user.

The Windows Media Player program was caught red handed sending the name of movies viewed to a Microsoft server, along with a unique tracking number. After Microsoft initially denied doing it, packet logs were produced proving that it was happening. Shortly thereafter, this behavior was stopped.

In Windows XP, if you open up the built-in help system and search for something, contact is made with a Microsoft server. That is probably just the program checking for updated help files, but there is no notice that this is going to happen. It makes people suspicious when their firewall displays an alert like that.

I can't imagine what they are thinking at Microsoft. I would be hard pressed to think of a better way for Microsoft to alienate their users. I certainly hope that the opposition from within Microsoft prevails and that this deal dies on the negotiating table.

Permalink | Top

Program: X-Cleaner
Author: X-Block
Platform: Windows 9x, ME, NT 4.0, 2K, XP
License: $39.95 [25% off for SpywareInfo readers]
Coupon code: XBLK-GCOH-SPYW (Expires July 8, 2005)
More Information: http://www.spywareinfo.com/downloads/x/

X-Cleaner Spyware Remover is an award winning spyware detector that finds and removes commercial spyware programs. X-Cleaner also features a unique mobile active-x spy scanning utility so you can login through your member's center and use it from public terminals.

A new feature of the program even allows you to bypass hardware keyloggers which use no software that can be detected.

No installation required - simply download and use or you may install if you choose. X-Cleaner provides courteous support via e-mail for registered users. Software is delivered instantly via digital download and you can download new versions as often as you like the first year.

You can even put this on a floppy disk and carry it to work in an envelope or in your shirt pocket. Insert floppy, scan and zap the keylogger or delete your surfing traces.

X-Cleaner was recommended by Kim Komando in her article for MSN, Danger, danger: 5 tips for using a public PC.

Features

1) New expanded detection and removal database.

2) General Interface Improvement- Users can now resize the program window to fit into their screen anyway they like, especially useful for the encyclopedia where they had to scroll right.

3) Bypass *hardware* keyloggers using onscreen keyboard for input- This is under the Expert tab for Deluxe Users only and makes use of the built-in based keyboard in Windows so that users can key in information without using physical keystrokes. This is very useful for sending sensitive material since hardware keyloggers (a growing threat X-Block is working on) evade anti-spyware which normally targets software loggers only. Given X-Cleaner's mobility in terms of file size, this is a useful little addition to have since you can go to an Internet Cafe- sweep for keyloggers (or use the full active-x scanner in the members area) and then use the software based keypad to evade hardware logging.

4) Direct link to online assistance integrated into software- as always X-Cleaner technicians are dedicated to providing prompt and professional e-mail support for even hard to remove cases of the spyware plague.

If you have any problems with the ordering page or with the coupon code (XBLK-GCOH-SPYW), please email Catherine http://www.spywareinfo.com/email2.php.

Permalink | Top

SpywareInfo's message board has been down for most of June. Technicians at the data center failed to report a steady warning beep to my web hosting company and something finally broke. At roughly the same time, I came down with a terrible virus and was too ill to work with my web host right away to put the site back online.

The message board is up and running again on a temporary server. It is slower than normal because the current server is not as powerful as the previous server but it is, at least, online again. I have taken steps to make sure someone has the authority to work with my web host if this should happen again.

If you are one of the hundreds of people who signed up for our training program after the last newsletters, just to see the site disappear, please try it again.

I want to give a big thanks to the guys at CastleCops, my administrators, moderators, experts, advisors, helpers and to everyone else for their patience and offers of support while the site was down.

Permalink | Top

Some time ago, a small group of antispyware advocates discussed an idea over a private mailing list. What's the best way to hurt a maker of spyware or adware? Telling the world about the adware hasn't worked. Web sites have been doing that for years without making much of a dent in the problem. These companies either don't care about criticism or they start throwing their lawyers at the sites.

Adware peddlers like to claim that they help software developers publish their software for free. They claim that users of the software make a choice to view the occasional advertisement in exchange for not having to pay for the software. If that is all that was involved, there would be no problem.

But you see, there is a problem. Adware often is installed using less than ethical methods. You may recall my marathon spyware testing session recently. By pressing "OK" to one security alert, one adware installed three others, then those three each installed three others. This went on until my test computer became unusable. Removing this sort of software is next to impossible for anyone other than a computer expert who is trained specially to deal with it. This is the sort of thing people have to deal with, not the amicable exchange of free software for viewing advertisements that the adware makers claim. Whatever label you give it, whether adware or spyware, people are fed up with it.

A better method to fight the adware companies was hit upon; embarrassing their customers, the people who advertise their product or service through adware. A couple of pages went online detailing which big name products or services were being promoted through adware. The tactic seems to be having an effect.

Most people know how frustratingly annoying it is to have adware installed on their computer. When these lists of advertisers were published, the victims of the adware companies had fresh targets upon which to vent their rage. Unlike the adware companies, their advertisers worry about their public image. When a large number of people start writing letters denouncing their use of adware to promote their company and its product, they are likely to cancel the deal with the adware company. Their usual excuse is that they didn't realize adware was being used to push their product. This probably is not true but that's what they claim.

Eliot Spitzer, New York's Attorney General, now is threatening to start suing big name companies who advertise through the use of adware. And Spitzer doesn't care to hear the companies' excuses about not knowing adware was being used. It is glaringly obvious that these companies simply could require their advertising contractors to sign an agreement to not use any adware network.

If this trend keeps developing as it is, well known companies might consider adware to be too large a risk. Not only do they alienate their potential customers, they also risk legal action from the State of New York. What will the adware companies do then? Fold up shop and go into honest programming I hope.

Permalink | Top

DoubleClick's privacy chief is warning that the trend of web browsers blocking advertisements by default could lead to the end of the free internet. If every web browser begins to block advertisements by default, more web sites may be forced to charge for their content. As an analogy, he conjures the image of a newspaper full of holes, where the ads used be, and costing five dollars instead of fifty cents.

He may have a point. Even if an advertisement is not clicked, just showing it to a visitor usually means a few pennies for the web site owner. That's why I personally don't go to the effort of blocking banner ads, unless they happen to be blinking or seeming to jump around. In those cases, that ad server is blackholed.

Companies such as DoubleClick really have no one but themselves to blame for the fact that thousands of tools have been created to block web site advertising. Relatively few people mind seeing banner ads. However, it was when those advertisers started making ads that blink, vibrate, pop up, slide across the page and even track a person's browsing history through the use of cookies and web bugs that ad blocking software hit it big.

Honestly, what did they expect? When the ads become intrusive and annoying, people are going to block them. It is as simple as that. I refuse to view pop-up ads, so I have my browser block them for me. If one manages to pop up anyway, I'll go out of my way to figure out how and find a way to block it. If that means disabling javascript long enough to load a particular page, I'll do it. I also tend to turn off images and then reload the page several times, just to spite the web site owner. I figure I've managed to cost him the same tiny amount of money he made by popping up that ad. I've always had a vindictive streak....

Permalink | Top

I've spotted yet another article talking about the confusion about the "definition" of spyware, adware, malware and all the other labels. Some companies object to their software being labeled as adware. All of them object to being called spyware or malware. Threats of lawsuits and letters to "cease and desist" are thrown at antispyware makers and web sites on a daily basis.

Adware makers want to define these terms one way. Antispyware makers want to define it another way. Various consumer groups want to sit everyone down to hammer out a definition. Some people even make up new terms, such at unwantedware and pestware. The only thing everyone agrees upon is that no one agrees upon a definition for spyware.

I say, "who cares?". You have to love Steve Gibson for coming up with a catchy phrase when he exposed the first internet spyware. Still, I wish he had chosen another term. "Spyware" accurately described the first such software, which literally spied upon anyone with it installed. Today, very few of the unwanted parasites people find themselves infected with do any actual spying.

I have a phrase that works. How about "unwanted software"? That just about covers it, I think. It doesn't give an arbitrary and possibly libelous label to the software in question. Everyone can agree that something popping up ads every few seconds and continuing to install similar software is "unwanted". I do believe that most of the antispyware industry is going to start gravitating towards variations of the phrase "Potentially Unwanted Software".

People need to get it into their heads that definitions are not the problem. The problem is behavior. When I have five programs all trying to download three other programs, popping up ads every 30 seconds, crashing my computer, hijacking my home page and refusing to be removed, I could care less what it's called. I just want it gone!

The recently passed SPY ACT does a good job of covering most of the objectionable behavior. Those are:

• Changing browser settings
• Changing security settings
• Installing without notice
• Refusing to uninstall

That is a grossly oversimplified list but it covers most of the problem. It doesn't matter what that sort of software is called. People simply do not want it installed on their computers.

Permalink | Top

The headlines section on the as-yet-unfinished beta site has really taken off. It may well become one of the most popular sections once the beta site becomes the main site. Go and check it out. Now.