The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/jan27,2006.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is commentary. It should not be mistaken for unbiased, objective journalism.

Permalink | Top

• Browser Appliance Article Complete
• PCTools - Spyware Doctor
• Rogue Software Vendor Slapped With Dual Lawsuits
• Complaint Filed Against 180Solutions, CJB.net
• Correction

Permalink | Top

As promised in the last newsletter, I have written an article about how to use VMware's Browser Appliance. It was so long that I broke it up into four pages. Using the Browser Appliance will be so effective at preventing spyware and browser hijacker infections that I have used it to replace the article I wrote long ago, on the same subject.

The article covers everything I think that you will need to know, if you decide to use the Browser Appliance. Page One introduces newcomers to the idea of the Browser Appliance and explains why it offers 99.9% protection from all spyware. Page Two explains how to perform a few tweaks to the default set-up. Page Three explains how to share files between the virtual computer and the real computer. Page Four explains how to install some additional software you probably will want to have.

It is now my official position that using the Browser Appliance is the best and only way for Windows users to remain completely safe on the internet. I will no longer explain how to alter security settings, block massive lists of nasty web sites or how to install a half dozen different programs, all protecting different parts of the system.

I'm not saying that those methods don't offer some protection or that they shouldn't be done. I am saying that they are not complete protection. I will no longer give complicated instructions that offer only a little protection, when there is a much easier way to have full immunity.

You can lock your machine down with firewalls, script blockers, antispyware programs, antivirus programs, enormous web site block lists, block all ActiveX and then live in fear of the next 0-day exploit. Or you can install the Browser Appliance and be immune to all web-based malware installers. The choice is your's to make.

You can download both the VMware Player and the Browser Appliance from vmware.com.

Since the most obvious problem in using the Browser Appliance is how to share files between the virtual computer and your real computer, I have decided to include that part of the article in this newsletter. It is page three of the article, so you can skip the rest of this, if you plan to read all four pages on the site.

NOTE: Very little of this will make sense, unless the Browser Appliance is open in front of you.

Sharing Files Between the Appliance and Your Real PC

Mike Healan
Jan 25, 2006

Two Machines, One File

Since the virtual machine is separated from the real machine, it takes a little work to share files between one and the other.

USB Drives

If you have a hard drive or jump drive (also known as a pen drive) that connects to the computer via USB, then this probably is the easiest way to share files.

Linux cannot write to NTFS. Or, more accurately, it can write to NTFS, but it will destroy it in the process. Microsoft refuses to allow Windows to see any file system associated with Linux.

For these reasons, the drive will need a FAT, FAT16 or FAT32 file system. Most jump drives come formatted with the FAT file system and are ridiculously cheap ($5.00, give or take, for 256MB), so this is your best bet.

If you have a USB hard drive, you need a FAT32 partition in order for both Windows and Linux to be able to use it. It needs to be large enough to hold any file that you might transfer. If I remember correctly, no single file can be larger than 2GB on a FAT32 file system. If you have to repartition or reformat the USB hard drive, make certain you back up any files stored on it, before altering it.

When you plug in the USB drive, or if it already is plugged in when you start the Browser Appliance, the VM Player window will show a button for it. To use it from within the Browser Appliance, click the button to "connect" the drive. This will dismount the drive in Windows, so close anything that might be using a file on the USB drive.

This ~usually~ works. Linux is kind of goofy about USB drives, so you may have to pull the drive in and out of the USB port repeatedly or even reboot Ubuntu a few times before it sees the drive and mounts it. Be aware that it will take several seconds for it to recognize and mount the drive. The logo next to "VMWare Player", at the bottom of the player window, will be flashing while it does this.

When and if the Browser Appliance finally sees the drive and lets you use it, a window should pop up and an icon will be placed on the desktop. When you are done, click the button on the VM Player's title bar to "disconnect" the drive, then use Windows Explorer to work with it. Wait until Windows remounts the drive before trying to open Windows Explorer.

When you click the button to connect the drive to the VMware Player, you may see an error message. If Windows says that the USB drive is in use and cannot be disconnected, then something on Windows has locked a file on that drive. Install a program called Unlocker on Windows, in order to deal with this.

After you have installed Unlocker on Windows, open "My Computer" and right-click on the USB drive's icon. Click the Unlocker entry. If anything is listed, click on the "Unlock All" button. That will terminate any file locks on that drive. Now you can try to connect the drive to the Browser Appliance again.

FTP Server

If you can't make the USB drive work or if you don't have one, you can set up an FTP server instead. You need a server and a client.

The Server

You want to install this server on the Browser Appliance, rather than on your real computer. On the other hand, if you already have an FTP server running on your real computer, you can skip the rest of this and go right to the "The Client" section.

Click the "Applications" button, go to "Accessories" and click the entry for "Terminal". Type the following:

sudo apt-get install proftpd

When it asks for the password, type vmware.

Text will flash by quickly for a few seconds, then it will ask you to continue. Press y and hit "Enter".

When it asks whether to use "inetd" or "standalone", go with "standalone" and press "Enter". It will install the server and start it automatically.

The Client

You will need an FTP client. I suggest Filezilla for Windows. You also can just use Internet Explorer. Firefox cannot be used as an FTP client, on either system.

For Ubuntu, you will be installing gFTP. If you already have a preferred Linux FTP client or you don't want one, you can skip to the "Connecting to the Server" section. If your only FTP server is installed on Windows, you will need to install a client on Ubuntu.

Click the "Applications" button, go to "Accessories" and click the entry for "Terminal". Type the following:

sudo apt-get install gftp

When it asks for the password, type vmware.

Text will flash by quickly for a few seconds, then it will ask you to continue. Press y and hit "Enter". When it is done, gFTP will be installed at "Applications" > "Internet".

Connecting to the Server

Now you have to figure out the IP address of your server.

If you installed the server on Ubuntu, then you will be connecting to it with your Windows FTP client. The user name and password are both "vmware". The port is 21.

Look on the taskbar at the top of the Ubuntu desktop. In between the volume icon and the weather icon, there is an icon for an applet that lets you look at your network connection. If you hover the mouse over it, there should be a pop-up balloon that says "Network Connection: eth0". Left-click this icon.

A small applet will open. Click the "Support" tab. The IP address being used by Ubuntu will be the top number. That is the address of the FTP server, if you installed it on Ubuntu.

If you plan to use Internet Explorer for this, connect to it by typing ftp://vmware:vmware@ipaddress. Internet Explorer will do fine, although it may be slow, depending on your firewall.

If you installed the server on Windows, then you will be connecting to it with gFTP on Ubuntu. The user name and password will be for whatever user(s) you set up on the server. The port will be 21, unless you changed it in the server for that interface.

Open a CMD prompt on Windows (Start > Run > CMD). In the CMD prompt, type ipconfig. Look for this line: "Ethernet adapter VMware Network Adapter VMnet1:". The IP address listed just under that entry is the address of your Windows FTP server, at least as far as Ubuntu is concerned.

If you connect to your Windows server from the FTP client on Ubuntu, it most likely will set off a firewall alert. Allow the connection.

Depending on your firewall and its settings, it may or may not take several seconds to connect to the server, especially if you use Internet Explorer. Kerio, for some reason, causes a delay when I do this.

These are the two easiest ways to share files between the Browser Appliance and your real computer. Just keep in mind that you still can infect yourself with spyware, if you download a program that bundles it and move it to your Windows computer.

Permalink | Top

Program: Spyware Doctor
Author: PC Tools
Platform: Windows XP, Me, 98, 95 and 2000

Purchase Spyware Doctor: $19.95 (Normally $29.95. Discount applied automatically until Feb 3, 2006.) http://www.pctools.com/spyware-doctor/purchase/?ref=afl_spywareinfo

Purchase Privacy Guardian: $19.95 (Normally $29.95. Discount applied automatically until Feb 3, 2006.) http://www.pctools.com/privacy-guardian/purchase/?ref=afl_spywareinfo

Purchase Registry Mechanic: $19.95 (Normally $29.95. Discount applied automatically until Feb 3, 2006.) http://www.pctools.com/registry-mechanic/purchase/?ref=afl_spywareinfo

Read my review of Privacy Guardian or Registry Mechanic for more information about those programs.

I gave Spyware Doctor a test drive on my computer a couple of months ago. After playing with it for awhile, I consider Spyware Doctor to be one of the top antispyware programs. On a scale from 1 to 10, I would give this program a 9 1/2.

PCMag evidently agrees with my opinion. PCMag editors included Spyware Doctor in their "Best of the Year" awards for 2005. Spyware Doctor also is a PCMag's Editors Choice for this year.

Spyware Doctor is a very nice and very polished antispyware protection program. The interface is uncluttered and easy to navigate. A system scan is initiated with the click of a single button. The same goes for updating the program. You could give a copy of this program to your grandmother for her first computer and she would have no trouble running it, with the default settings.

You may remember my marathon spyware killing experiment. I still have a copy of that infected virtual machine. On my "infected" test system, Spyware Doctor found a staggering 2,400+ infection items, kicked several processes out of memory and blocked 19 malicious start up entries.

Every item found was organized by the name of the malware and included a short description, as well as a detailed listing of every file and registry entry that it believed to be associated with it. Every item is labeled with a "threat level", showing how serious PC Tools considers that particular piece of malware to be.

OnGuard, the real-time protection module, protects against several methods used by browser hijackers and other malware. All of these components optionally will pop up an alert if something is detected. If a piece of malware exploits a browser flaw and tries to install itself, you will know about it immediately.

This is an excellent program. I consider it to be my favorite spyware scanner. Spyware Doctor has my recommendation - it is that good.

PCTools is offering a $10.00 discount on each of their top three programs, until Feb 3, 2006: Spyware Doctor, Registry Mechanic and Privacy Guardian. The discounts should be applied automatically when using the links above. You will see the discount applied when you click the green purchase button.

If you have any problems with the ordering page, please email Catherine: http://www.spywareinfo.com/email2.php. Anyone buying as a corporate customer and needing many copies of this program, please contact Catherine.

Permalink | Top

Two lawsuits have been filed against Secure Computer LLC, the software company responsible for a rogue antispyware program called "Spyware Cleaner".

Washington State's Attorney-General filed a lawsuit Tuesday in U.S. district court, alleging that the company had violated state and federal antispam laws, as well as state antispyware laws. The suit charges that Secure Computer offered a free scan, which detected spyware that did not exist, then pitched their software to "remove" the spyware.

Microsoft also has filed a lawsuit against Secure Computer. Microsoft's lawsuit alleges that many of the advertisements used to pitch Spyware Cleaner made use of Microsoft trademarks. According to the lawsuit, the trademarks were used in such a way as to deceive consumers into believing that Microsoft endorsed the Spyware Cleaner program.

This is the first lawsuit based on Washington's antispyware law, which was passed late last year. Secure Computer could face penalties of up to $100,000 per violation of Washington's antispyware law, $250 per violation of the federal CAN-SPAM law, $500 per violation of Washington's antispam laws and $2,000 per violation of Washington's consumer protection laws.

$2,000 here, $100,000 there... I think this might cost Secure Computer LLC some REAL money.

Related Links:

http://www.realtechnews.com/posts/2566 :: Washington State Sues Fake Spyware Cleaner
http://www.itworld.com/Man/2681/060125mswashington/ :: Microsoft, Washington AG sue alleged spyware company
http://www.spywarewarrior.com/rogue_anti-spyware.htm :: Rogue Antispwyare Products

Permalink | Top

The Center for Democracy and Technology (CDT) has filed a complaint with the Federal Trade Commission, asking them to put a stop to "the illegal and deceptive practices of 180solutions Inc".

In a detailed complaint, CDT outlines a pattern whereby 180Solutions, through a complicated web of affiliate relationships, deliberately and repeatedly attempted to dupe Internet users into downloading intrusive advertising software. The complaint illustrates how 180solutions continued this pattern of practice even after being warned by technology experts, privacy advocates and its own auditors that its practices were unethical, and in several cases, illegal.

The CDT also filed a separate complaint regarding a 180Solutions affiliate, CJB.net. CJB.net offers free web hosting, with the caveat that they will place numerous advertisements on customers' web pages. Along with other annoying ads, CJB.net includes ActiveX pop-ups that will install software from 180Solutions.

CJB also displays messages claiming that "the site is 'supported by advertising'. While most consumers understand a site 'supported by advertising' to mean a Web site that contains banner ads delivered by the page, the 'advertising' on a CJB.NET Web site actually involves a program that runs continuously and tracks everything that the user does online".

I should point out that CJB.net was responsible, a few years ago, for installing Gator on *my* computer. I lowered my Internet Explorer settings all the way down in order to test something on my web site. I forgot to reset them to normal afterwards, browsed to a site hosted on CJB.net and WHAM! After seeing a suspicious firewall alert, I ran an Ad-Aware scan and found that the computer was absolutely littered with Gator files.

The CDT is asking the FTC to investigate both companies, to seek an injunction that forbids either of them from continuing their "deceptive and unfair installation of software" and to seek monetary penalties for "deceptive" and "unfair" practices. You can read both complaints at CDT's web site.

CDT has been trying, for two years or more, to work with 180Solutions on ways to improve their practices. 180Solutions even joined the Consortium of Anti-Spyware Technology Vendors (COAST). The group disbanded soon after, with every founding member withdrawing, presumably in protest of 180Solutions becoming a member.

Since 2004, 180Solutions has published countless press releases, all claiming that they were cleaning up their act. They promised to stop installing their software, without informed consent from the "user". They promised to keep their affiliates in check. They even sued a couple of affiliates.

No one believed they were serious. Every few weeks, a rogue affiliate was discovered using viruses or trojans or other adware to distribute 180Solutions software. The affiliate is outed in the press, 180Solutions cans the affiliate and releases a blizzard of press releases about it. Then, a few weeks later, it happens all over again. You can read all of the sordid details at the Spyware Warrior web site.

I'll be keeping an eye on the FTC. Just because a complaint is filed, it doesn't mean that something will happen. Anyone can file a complaint with just about any federal agency. Let us hope that the FTC acts on this complaint.

Permalink | Top

Last week, I mentioned a program called Quicktime Alternative. I used the wrong address when I linked to it. That address should have been http://www.free-codecs.com/download/QuickTime_Alternative.htm.

Permalink | Top

SpywareInfo has a new(ish) feature, listing news headlines relevant to spyware, privacy and safely using the computer. There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

This Spywareinfo News Section is updated every day - and several times during the day. It is a section of Spywareinfo that we hope will keep you informed on a daily basis - and keep your internet time a bit safer. Go have a look.

Running SpywareInfo has become an expensive thing to do. We are using three separate servers to display the site and to protect it from denial of service attacks. This is not a cheap web site to host.

If you would like to help with the costs, there are three options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

There is a snail mail address if you do not like Paypal or have no means of sending money online. Please make sure to make checks (in US Dollars) or money orders (in American currency) out to James Healan and not Mike Healan so I am not hassled at the bank. Please note that contributions to SpywareInfo are not tax deductible.

The address is:
James Healan
PO Box 71
Vidalia, GA USA 30475

Thank you very much for your contributions.

You can also purchase t-shirts, hats, bumper stickers and other items from our CafePress storefront.