The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/nov23,2005.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

• Yet Another Sony Article
• Registry Mechanic
• More Ways To Surf Safely
• How Can Big Companies Reduce Spyware?
• Black Friday Wallet Vote

Permalink | Top

The Sony rootkit saga continues. This has turned into such a fiasco that you can't visit any news web site without reading a new article about it. I'll try to stick to the high points here.

First, in case you haven't heard about any of this already, Sony-BMG sold millions of CDs that install a sloppily-written rootkit to hide a copy-protection program. Not only did they fail to disclose this, the rootkit can be exploited to hide trojans, viruses and other malware. Try to remove it and you could disable your CD-ROM drive.

When it became clear that the public was growing more and more outraged, Sony offered a removal tool. Unfortunately, their removal tool was written as poorly as their rootkit. It is an ActiveX program which installs into Internet Explorer. Anyone with that ActiveX program installed is at risk of any web page using it to install their own software. The uninstaller tool is more dangerous than the rootkit that it was designed to remove.

Sony-BMG is facing at least three class-action lawsuits, with more possibly on the way. They are being sued by the State of Texas for violating their new antispyware law. An Italian electronic rights group has filed a complaint with the Italian police and are asking for a criminal investigation. The artists whose music Sony-BMG distributes are outraged; and a few music labels are considering taking legal action.

To top it all off, the US Department of Homeland Security is angry at Sony because they discovered that the rootkit was installed on several computers at that agency. Someone at Sony-BMG potentially could go to federal prison over that last one.

Another interesting discovery was made recently. Some of the software code in the copy protection program was used in violation of the copyright license. They used code from an open source MP3 encoder but failed distribute the source code of their modifications or even to disclose that they had used it. So, it is okay to break someone's copyright, as long as you are doing so to protect your own?

You really have to wonder what is going on at Sony. It is a simple matter to install any one of dozens of programs and download any piece of music you want for free. You can have it in MP3, OGG or any other format you want. You can play it on any music-playing device or program you choose.

Rather than showing respect for the people who choose to pay for their music and buy the CD, Sony violates numerous laws and even violates someone else's copyright to install a hidden trojan. All of this effort just to restrict how you can use the music you have purchased. You can't even transfer the songs to an iPod without a complicated workaround.

They wonder why people download the music for free? I'll tell them why. It's because the music you can download for free is more valuable than what they sell. When the product is inferior and costs more, people will ignore it and use the superior version. It is a very simple concept. Do these people not go to business school?

Companies like Sony are doing far more to encourage the unauthorized distribution of music over P2P than any of the companies who make the P2P programs.

The very worst part of this situation is how Sony-BMG responded to the public outrage over their use of a criminal's tool: "Most people, I think, don't even know what a rootkit is, so why should they care about it?" - Thomas Hesse, President of Sony BMG's global digital business division.

This is Sony's attitude towards their customers. They have demonstrated nothing but malevolent contempt for the people who purchase their products. I don't know about you but I will not do business with people who act this way. Because of this, I will never buy a music CD, DVD or any other product made by Sony.

Permalink | Top

Program: Registry Mechanic
Author: PCTools
Platform: Windows 9x/ME, NT, 2K, XP
License: $29.95 $19.95 ($10 off for SpywareInfo readers until Nov 30, 2005)
Link: http://www.spywareinfo.com/rd/rm111605
Note: Discount is applied automatically when you click the "Purchase Now" button (Expires Nov 30, 2005)
Spyware Doctor also is available for $10.00 off, if added to the order.

If it has been some time since you last installed Windows, then your computer's registry is probably a horrible mess. Everything you do on your computer leaves traces in the registry, from picking through the start menu, opening program, installing programs and surfing the web. These traces build up over time and fill your registry with unneeded junk.

Even after uninstalling them, many programs leave invalid entries throughout the registry and it is nearly impossible to remove them all. If you ever have had a problem with Windows telling you a file is missing after you restart it, this probably is because of an invalid registry entry.

Registry Mechanic scans your entire registry to find these junk entries. It also checks your shortcuts to find those pointing to non-existent programs. Once it has scanned, it lists every invalid registry entry and every shortcut pointing to a missing file and lets you delete them with the click of a button.

Every entry that is removed is backed up, in case you need to restore something. Depending on how long it has been since you installed Windows, you might see a small difference to a dramatic increase in performance and stability.

Registry Mechanic is available for $10.00 off until Nov 30, 2005. If you add Spyware Doctor to the order, that also is $10.00 off. I have written a full review of Spyware Doctor.

If you have any problems with the ordering page, please email Catherine http://www.spywareinfo.com/email2.php.

Permalink | Top

In the last newsletter, I suggested creating a limited user account on your computer and using that to surf the internet. As a limited user, it becomes very difficult for malware to attack the browser and install itself. As it turns out, there is an even simpler way to do this.

Several people wrote to mention a program written by a Microsoft programmer called DropMyRights. This program allows you to use your computer as an administrator while opening programs with limited rights. It is a much easier way to surf the web than what I described last time.

You install the program, then move the .exe file to another folder, "c:\lowrights" for example. Then you right-click on your desktop and create a new shortcut. To create a shortcut that loads Internet Explorer with limited rights, this is what you would put as the location: c:\lowrights\dropmyrights.exe "c:\program files\internet explorer\iexplore.exe".

When you launch Internet Explorer with that shortcut, the DropMyRights program will give it the same permissions as a limited user. You cannot install or run ActiveX and most of the methods used to install malware will fail. I tested this out on a couple of very nasty web sites and absolutely nothing happened.

You still see the prompts asking permission to install ActiveX controls. However, nothing happens even if you say yes. You can test this out at SpywareInfo. We have a page that will load an ActiveX spyware scanner designed by X-Block and it is perfectly safe. The page is at http://www.spywareinfo.com/xscan.php . If you ever have a legitimate need to install an ActiveX control, you can simply launch Internet Explorer with the normal shortcut.

This also works with any other program on the computer. Just create a shortcut to the program, with dropmyrights.exe in front of the program's location and it will launch that program with limited rights. That means you can do this with your email or instant messenger programs.

A few people mentioned a similar program, also written by Microsoft programmers. This one does the exact opposite of DropMyRights. MakeMeAdmin lets you log in as a limited user, but launch certain programs with administrator rights. It is similar to the Windows "Run As" function. The difference is that this program gives administrator-level rights to your limited account just before launching a program.

Of the two programs, it probably is safer to use MakeMeAdmin while logged in as a limited user. That way you cannot accidently launch Internet Explorer or your email program with full rights. Both of these programs give you a very elegant way to avoid much of the risk associated with the internet. If you (or a family member) are constantly fighting a spyware infection, this may be the solution to the problem.

Related Links:

http://www.spywareinfo.net/nov11,2005#limitedsurfing :: TIP: Surf More Safely In Any Browser
http://msdn.microsoft.com/library/en-us/dncode/html/secure11152004.asp :: Browsing the Web and Reading E-mail Safely as an Administrator
http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx :: MakeMeAdmin - temporary admin for your Limited User account
http://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx :: MakeMeAdmin follow-up

Permalink | Top

Someone asked me recently how a certain large internet company could help reduce the spyware problem. At the time, the only thing that came to mind was to point to something Microsoft did recently.

Microsoft put together a team to study some of the custom HOSTS files people have posted on the internet. These files contain a list of some of the most spyware-ridden sites on the web. When someone puts one of these HOSTS files on their hard drive, the computer should be rendered incapable of contacting any site listed in the file.

Using those HOSTS files as a starting point, Microsoft looked for every site they could find that tried to install malicious software and then deleted them from MSN's search engine results. Not a bad idea at all. If Google and Yahoo did something similar, that would be a big help.

A few more ideas occurred to me later.

A very large number of people who use Internet Explorer also use Google's toolbar. Many of the hijackers out there attempt to tamper with Google in one way or another. What if Google altered the toolbar so that it pops up an alert if it finds any Google's web sites in the HOSTS file? Or it could sound the alarm if someone tries to load Google but another piece of software redirects the browser elsewhere.

Microsoft could make things so much easier if they simply would tell us where things are loading from at startup. There are literally dozens of locations within the registry where Windows looks for files to load into memory when it starts up. Many of them probably are not documented anywhere. Every time we think we have found them all, someone discovers another one.

Since Microsoft insists on doing this, they at least can make it easier to find these locations. They should make a distinct registry hive under which every single file that will be loaded with Windows can be found. Services, library files, drivers, user programs .... EVERYTHING. And they should not put anything else under that key - only startup commands.

Microsoft should make it impossible for something to be loaded into memory at startup without it showing up somewhere in that registry hive. This would make it SO MUCH EASIER to find malware. I'm sure this is not possible for existing versions of Windows. But what about Vista? Bill? Steve??

Google, Microsoft and Yahoo have an enormous influence on the web. All three companies claim to want to do something to help the spyware problem. Send me your ideas on what they or other influential companies could do about it. I'll read through your suggestions and, in a week or two, I'll publish them here and see what comes of it.

Permalink | Top

Tomorrow is Turkey Day. Which means that the following day is Black Friday, the day when retail stores around the US expect to make a dramatic profit from Christmas shoppers.

People always say we should vote with our wallets when a company does something to offend us. I happen to agree, for the most part, so consider this a campaign ad for the Black Friday Elections.

There are two companies that have offended me greatly and who will not see any of my money this Friday.

1) Sony - no explanation needed I should think.

2) Wal-Mart - for a very shocking reason.

Wal-Mart is suing a brain-damaged former employee. This ex-employee was hit by a tractor-trailer and Wal-Mart's insurance plan paid for the medical expenses. The woman then sued the trucking company and won a settlement.

As unbelievable as this sounds, Wal-Mart is suing this woman not just to recover what the insurance plan paid out. They are suing her for every penny she received from the lawsuit, plus an additional $51,000. They are trying to use the courts to take money that doesn't belong to them from a brain-damaged woman!

If Wal-Mart wins this lawsuit, this woman will not be able to afford her medical expenses or the medical caretaker who lives with her. Her husband would have to sell the van they bought to accommodate her wheelchair and he would have to divorce her just so she will qualify for Medicaid.

I must have missed the memo announcing the contest for "2005's Most Morally Bankrupt Company". Sony and Wal-Mart certainly have competed fiercely for the title. Ask yourself if you want to spend money with companies that behave as these two have. I know I don't.

Permalink | Top

SpywareInfo has a new(ish) feature, listing news headlines relevant to spyware, privacy and safely using the computer. There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

This Spywareinfo News Section is updated every day - and several times during the day. It is a section of Spywareinfo that we hope will keep you informed on a daily basis - and keep your internet time a bit safer. Go have a look.

Permalink | Top

Running SpywareInfo has become an expensive thing to do. We are using three separate servers to display the site and to protect it from denial of service attacks. This is not a cheap web site to host.

If you would like to help with the costs, there are three options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 71
Vidalia, GA USA 30475

Thank you very much for your contributions.

You can also purchase t-shirts, hats, bumper stickers and other items from our CafePress storefront. We'll have more designs to offer soon.