The Spyware Weekly Newsletter is distributed every week to 20,000 subscribers and read online by hundreds of thousands of visitors. Click here to subscribe. Please read our Terms of Use for quoting guidelines.This edition of the Spyware Weekly Newsletter is archived permanently at http://www.spywareinfo.net/july25,2006.

Wherever the term "adware" is used, it is referring to a category of software, not to any particular company or product.

The contents of this newsletter is all commentary.

Permalink | Top

• McAfee Needs A Dictionary
• PCTools - Spyware Doctor
• Testing. 1..2..3..Testing
• Back To School
• P2P Testing
• Privacy In The News

Permalink | Top

The creators of malicious software have adopted open source collaboration to improve the quality (if you can use that term) of their malware. That is the underlying message throughout the first edition of "Sage", a newsletter published by McAfee.

Several of the viruses that have wreaked havoc in the past couple of years have been created and improved upon by several programmers. The source code is available to any miscreant who wants to use it.

Malicious coders are using free and open source bug tracking databases, CVS systems and even Wiki-based web sites to work collectively to "improve" these malicious programs. You can even read questions and comments left by coders in the source code of some viruses. These are all methods used by the developers of open source software.

There is nothing surprising in all this. When an open source program becomes popular and more people start working on the code, that program becomes better and better. It doesn't matter whether we are talking about a web browser or a virus. One coder working alone in his basement with a six-pack of Surge can't compete with that.

For the most part, McAfee's "Sage" newsletter was pretty good, if a little dry for non-geeks. Unfortunately, the entire message of the newsletter was lost in the controversy over two very confused articles.

Both of the controversial articles blame "open source" for making malware attacks worse. Of course, to do that, they had to ignore the definition of "open source" completely and make up another on the spot.

Before we go further, let me give you an accurate description of "open source". I hope all of you at McAfee pays attention to this. You keep using that term. I don't think you know what it means.

Open source means that the source code for a software program is provided to the public, along with a license that allows anyone to alter it. If a programmer sees something that can be improved, he or she edits the source code and improves it. If a piece of software becomes popular, there could be dozens or even hundreds of programmers working on the code. That's it. That is what is meant by the term "open source".

Now, let's see what McAfee thought it meant.

One article in McAfee's newsletter discusses the sharing of virus source code and how that has assisted people in making more dangerous variants of those viruses. The other discusses the irresponsible practice of publishing the details of security flaws, without first informing the maker of the buggy software.

Both articles refer to those practices as being "open source", which is just blatantly incorrect. This would be like me trying to describe spyware and pointing at a glass of water to make my point. In other words, one has absolutely nothing to do with the other.

One article talks about people making the source code of viruses available publicly. People do this on the theory that it speeds the development of countermeasures against these viruses. The author is talking about, in his own words, the "proponents of the free and unrestricted dissemination of malware samples and source code".

The article makes a fair point. In fact, it is a good article. So what is wrong with it? The problem is with the article's title and tag line: "Good Intentions Gone Awry - Open source was supposed to hinder malware. So what happened?".

Indeed, what happened there? The article has not even begun and already we have a glaring error. At no point does the article actually use the phrase "open source", which leads me to wonder if an editor is to blame for that tag line.

The other article leaves no room at all for doubt. The author of the next article very clearly had no idea what he was talking about.

In the article "Is Open Source Really So Open?", the author describes the practice of publishing the details of software flaws. For some reason, he refers to that practice as being "open source" and refers to the people who do it as "open source advocates".

If he had called them elves, he would have been just as accurate. Which is to say, not accurate at all. Publishing security flaws has nothing to do with "open source" and the people who do it have nothing to do with "open source advocates".

Is it really possible that two very senior employees of a successful software company do not know the definition of "open source"? The thought certainly doesn't inspire confidence in the maker of security software.

Maybe the newsletter was nothing but a publicity stunt? If so, it worked. Articles sprang up across the web talking about it. I'll bet more people went to McAfee's site to read their newsletter on its first day than will read this one the entire week it sits on the front page of my site. Bad publicity is better than no publicity, even if it does leave you looking like a fool.

Permalink | Top

Program: Spyware Doctor
Author: PC Tools
Platform: Windows XP, Me, 98 and 2000

Purchase Spyware Doctor: $19.95 (Normally $29.95. Discount applied automatically until Aug 1, 2006.) http://www.pctools.com/spyware-doctor/purchase/?ref=afl_spywareinfo

Purchase Privacy Guardian: $19.95 (Normally $29.95. Discount applied automatically until Aug 1, 2006.) http://www.pctools.com/privacy-guardian/purchase/?ref=afl_spywareinfo

Purchase Registry Mechanic: $19.95 (Normally $29.95. Discount applied automatically until Aug 1, 2006.) http://www.pctools.com/registry-mechanic/purchase/?ref=afl_spywareinfo

Read my review of Privacy Guardian or Registry Mechanic for more information about those programs.

I test drive all of the software that is featured here. I was very impressed with Spyware Doctor. I consider it to be one of the top antispyware programs. On a scale from 1 to 10, I would give this program a 9 1/2.

Spyware Doctor is a very nice and very polished antispyware protection program. The interface is uncluttered and easy to navigate. A system scan is initiated with the click of a single button. The same goes for updating the program. You could give a copy of this program to your grandmother for her first computer and she would have no trouble running it, with the default settings.

On an infected test computer, Spyware Doctor found and removed a staggering 2,400+ infection items, kicked several processes out of memory and blocked 19 malicious start up entries.

Every item found was organized by the name of the malware and included a short description, as well as a detailed listing of every file and registry entry that it believed to be associated with it. Every item is labeled with a "threat level", showing how serious PC Tools considers that particular piece of malware to be.

OnGuard, the real-time protection module, protects against several methods used by browser hijackers and other malware. All of these components optionally will pop up an alert if something is detected. If a piece of malware exploits a browser flaw and tries to install itself, you will know about it immediately.

This is an excellent program. Spyware Doctor has my recommendation - it is that good.

PCTools is offering a $10.00 discount on each of their top three programs, until Aug 1, 2006: Spyware Doctor, Registry Mechanic and Privacy Guardian. The discounts should be applied automatically when using the links above. You will see the discount applied when you click the green purchase button.

If you have any problems with the ordering page, please email Catherine: http://www.spywareinfo.com/email2.php. Anyone buying as a corporate customer and needing many copies of this program, please contact Catherine.

Permalink | Top

I spent most of last week testing out some antispyware programs. I have a few observations that I wanted to share.

Someone gave me a link to a warez site to use for my testing, so I checked it out. This site was the mother lode of spyware. I think every unwanted software parasite in existence found its way onto my test computer. It wasn't the worst infection I have ever seen, but it was a strong second. Certainly, I have never seen so many pop-up ads all at once.

Except for a pair of security prompts warning me about ActiveX, there were no installation dialogs, license agreements, disclosures, privacy statements or any other such thing. Considering that somewhere between 70 and 100 separate new programs were installed fifteen minutes later, I think everyone can agree that there was a lack of disclosure here.

Among the wall-to-wall pop-up windows, I found two of them to be very interesting.

One ad was for Stopzilla, which is actually an ANTIspyware program. I even featured it in this newsletter once. I was surprised and disappointed to see this company advertising in this way. There were ads for several other supposed antispyware programs as well.

Even worse than that, I also spotted an advertisement for The March of Dimes (dial-up warning). The March of Dimes is a charity organization that helps out premature infants and children born with birth defects. They also, apparently, have an affiliate program.

The affiliate agreement on their web site specifically and unequivocably forbids the use of spyware, adware or other parasitic methods to increase web site traffic. Either they are not enforcing that or they are not keeping a close enough eye on their affiliates. I sent them an email last week to inform them about their rogue affiliate but no one has answered yet. [Update: See update notice at the end of this article]

I also spotted an installation of Newdotnet software that was done with no disclosure of any kind. Since they are supposed to be out of that business, I told them about it. Newdotnet canned a rogue affiliate a couple of hours later.

I honestly have no idea how in the world the companies paying for these ads possibly can expect to make a single sale out of it. At one point, I watched FIFTY-SIX separate ads pop open in as many seconds.

Now I ask you, would you have been in any mood to buy something at that point? I would be more likely to set fire to the company responsible than to buy anything from them.

I think the companies paying for these ads are being ripped off. There is no way they can be making money like that. Maybe if someone demonstrated this for them, they would stop funding these malware companies.

Update

I have spoken to Jeffrey Bair, who heads up the web operations for the March of Dimes. The pop-up ad I discovered and the company that popped it up is not affiliated with the March of Dimes. The company basically stole the contents of the ad and has been using it since February. The March of Dimes has not authorized the company to use that advertisement. They have been trying to track down the company that is responsible for the ad for several months.

The current theory is that the ad is used solely for the purpose of "disclosing" where the pop-up ads are coming from (Command Desktop Advertising) and for dislcosing the fact that there will be no more disclosures. Put simply, the March of Dimes is an innocent party in all this.

Permalink | Top

By Catherine Forsythe

One of the contentious issues for government, business and law enforcement is the balance between security and privacy. The reach of this topic extends to the very young and it is changing the look and feel of our local schools.

Here are some of the security procedures that a new or returning grade school student may have to face in the coming year:

• surveillance cameras on the school bus
• drug detection dogs in the school parking area
• metal detectors at the school entrance
• random locker searches
• no cell phones
• armed guards on school campuses
• lock down procedures
• surveillance cameras in the halls and classrooms
• backpack searches
• drug testing for all student athletes
• drug testing for all student drivers
• surveillance of computer use
• GPS location indicators for each student
• random desk searches
• restrictions of internet postings, even from home
• data base entries for what is consumed at lunch
• rfid control of library material
• fingerprint identification payment for lunch
• fencing and control entrances to schools

And, there is no physical contact between staff and student. Therefore, if a students falls and is hurt, there is to be no physical contact.

This list is certainly not inclusive. There will be new and innovative security measures to be added. Technology and anxiety will generate more sophisticated methodologies. Some schools, depending on district and budgets, will have only a few of these procedures and routines. Others schools will have more and add to them each year.

Who would ever dare to argue against keeping children safe and secure? However, what does this teach the school kids who adapt to such a system? Will privacy become an archaic concept? Is this an atmosphere that is conducive to learning and creativity... or has school become a training ground for accepting constant surveillance?

Permalink | Top

Later on this week, I intend to update my list of which file sharing programs install spyware and which ones do not. It seems like every time I do this, half of the programs switch sides a week later. As it is now, the list is badly out of date.

If this is something you need to know about right this moment, try this list.

If there is anything not listed on either page that you want to know about, now would be the time to mention it. Go to this page and give me the name of the program and a link, if you have it. Don't email the information to me. I don't read my email very often anymore.

I should be able to finish the whole list by next week. I'll have the results in the next newsletter.

Permalink | Top

Check out FlyingHamster.com for the latest news headlines relevant to spyware, privacy and safely using the computer.

There is a saying that "all politics are local". It seems that this also applies to the internet. It is a close community in that problems can spread from anywhere. If you see a local story that you think deserves attention, please let us know. Use this mail form, tell us some details and we will follow the story.

FlyingHamster is updated every day - and several times during the day and night. It is updated continually, even on the weekends. We hope it will keep you informed on a daily basis - and keep your internet time a bit safer. As soon as I can get around to it, I will add FlyingHamster's RSS feed to SpywareInfo.

FlyingHamster belongs to my partner, Catherine. It is a free service, supported in the same way as SpywareInfo, by offering high-quality software at a discount. This week, FlyingHamster has a $6.00 discount on Sunbelt Kerio Firewall. Go check it out.

Running SpywareInfo has become an expensive thing to do. We are using three separate servers to display the site and to protect it from denial of service attacks. This is not a cheap web site to host.

If you would like to help with the costs, there are two options. There is PayPal for those who have a Paypal account or don't mind signing up for one (it is free).

Thank you very much for your contributions.

You can also purchase t-shirts, hats, bumper stickers and other items from our CafePress storefront .