Last month, I reported on a discovery made by a German publication that had caught Microsoft snooping around and uploading a list of what hardware and software you have installed on your computer. The publication tecChannel utilized home-grown software to use an undocumented function of the Windows API to log the information being passed to Microsoft servers during a Windows Update session. Although the information is encrypted before being uploaded, the API function allowed tecChannel to log the list in plain text just before Windows encrypted it.

Microsoft has now come out and admitted to this, although they claim that they aren't violating their privacy statement. Chris Cannon, a product manager in Microsoft's server division, is quoted as saying "In order to provide driver updates, there has to be some knowledge of the hardware."

That is nonsense. Windows Update handled driver updates (and all other updates) for years without having to upload a list of installed software or hardware. On the contrary, a list of available updates was downloaded and your computer sorted out what you needed and what you didn't. No information passed to Microsoft. This is no longer true.

There have been several articles published by infoworld.com about this, one of which doesn't seem to be available on their site yet.

Related articles (in chronological order):
http://www.tecchannel.de/betriebssysteme/1126/index.html
http://www.spywareinfo.com/newsletter/archives/march-2003/10.php
http://www.infoworld.com/article/03/03/14/11winman_1.html
http://www.infoworld.com/article/03/03/21/12winman_1.html
http://www.spywareinfo.com/forums/index.php?act=ST&f=15&t=5005

Permlink | Top

Benign
Author: Firetrust
License: $24.95
Download

Every week, I bring you a discount on expensive software that lets you keep your private business private and your computer running smoothly. The commissions let me pay for hosting this bandwidth hog of a web site without bringing in 3rd party advertisers (and their tracking cookies). If there is a program you'd love to have, but the price tag is too much, let us know and we might feature it here.

This week I am bringing back a very popular program that I featured just last month, Mailwasher Pro. I absolutely love Mailwasher. If I hadn't gotten a free copy for having registered the beta version last year, I would have bought it anyway. It's that good. If you missed that issue, you should go back and read what I had to say about it before.

Mailwasher is not the only program being featured this time. This week I am also featuring Firetrust Benign. Unlike Mailwasher which lets you spot spam and virus-ridden emails on the server, Benign protects you from those spam and virus emails even if you aren't using Mailwasher.

We asked Mailwasher's creator, Nick Bolton, to explain just what Benign is and what it does.

SWI -Nick, what is Benign?

Nick Bolton:
Benign (B9) is a utility that eliminates possible email borne attacks via email messages through a strict approach that validates inbound messages by rewriting their content and eliminating potential viruses, worms or other potentially malicious code from harming a users computer and further spreading over the internet . Benign protects you from future worm email attacks because it automatically removes the vulnerabilities that make these worms run. It can also rename or delete potentially harmful files. Benign can also remove images that track whether you have read your email which can confirm your address to spammers.

SWI - Nick, why do I need Benign?

Nick Bolton:
Industry analysts say that spam and viruses are only going to increase in the next year. With over fifty percent of all email being spam these days, this also increases the number of vicious viruses and bad files for your computer. The unexplained slow downs and other computer interruptions cause us to lose valuable time trying to repair damage from things we don't need.

You can download the rest of this interview (typos and all) at http://www.spywareinfo.com/downloads/mailwasher/interview.doc (left click to open in Word or Wordpad, or right-click and "save target as" to save it)

Before I agree to feature something here, we have several people try out the program to make sure it's worth buying. This is what one of our reviewers had to say about Benign after trying it out:

WOW!!! Benign rocks. Extremely simple to setup, works with all the email clients I tried (including Mozilla's which was a surprise). And it works transparently. No need to mess with settings after it's installed. Very, very, very, very, very, very, very good program. :D

Purchase Mailwasher Pro

Purchase Benign

Permlink | Top

AOL is filing five separate lawsuits against over a dozen companies and individuals, who the Company alleges are together responsible for sending an estimated one billion spam emails to AOL members and generating over 8 million individual spam complaints from members. The latest lawsuits filed by AOL are the first to leverage the complaints received by AOL from its members who are using the popular "Report Spam" button in AOL 8.0.

Say what you will about AOL (and some of you have quite a bit to say), I see this as a very good thing. I hope they win and I hope they win big.

Maybe all these lawsuits will distract them from mailing out so many millions of unwanted CDs. Nah..... Probably not. :(

Permlink | Top

"Governments should control the Internet in the same way other public networks, such as electricity and traffic information networks, are controlled.

"Rules for usage of the network should be enforced by Internet police with users licensed to use the Net."

That is what Eugene Kaspersky, head of antivirus research at Kaspersky Labs, had to say recently at a trade show in Hannover, Germany.

"If we want to have a big public network like the Internet in the future, there must be very strict usage rules. If we don't have those, the Internet will just die," Kaspersky said. "The Internet today is like a road without policemen and driving licenses." Kaspersky argues that without government licensing of internet users, fast-spreading viruses could wreak havoc on the internet.

Which government should issue this license? There are roughly 200 independent nation-states on this planet. Which of them would be responsible for this license? Perhaps Kaspersky would have the United Nations deciding who should have internet access and who shouldn't?

What should the requirements be to get a license? What infractions would result in the license being revoked? How would that be enforced, with government spyware installed on every computer? What if you started criticizing your government, and they responded by revoking your internet license?

Contrary to Mr Kasperky's naive ideas, requiring a license would kill the internet far more quickly than 1,000 slammer worms. The ability of people to go online and communicate with others around the world is what gives the internet its power. People can express their displeasure with their government and even organize its replacement, even if doing so is against the law in their country. If people need to go to their rulers with hat in hand to beg permission to check their email, then we may as well scratch liberty out of the dictionary and crown someone emperor.

Kaspersky has a right to have this opinion, no matter how foolish it is. He also has a right to express this opinion, and he doesn't even need a license to do it. And that is the way it should remain.

Source

Permlink | Top

A University of Michigan graduate student noted for his research into steganography and honeypots -- techniques for concealing messages and detecting hackers, respectively -- says he's been forced to move his research papers and software offshore and prohibit U.S. residents from accessing it, in response to a controversial new state law that makes it a felony to possess software capable of concealing the existence or source of any electronic communication.

"Concealing the existence of communication is my dissertation, and concealing the source of communication takes place in honey nets," says Niels Provos. "So I decided to be proactive about it and move it to another location, and for now just deny anybody from the states to download any of my software."

Read the complete story....

A couple of weeks ago I mentioned these new laws. Somehow they had slipped under the radar and were quietly passed in a few states and are under serious consideration in several more, my own included.

• These laws make it illegal to use a NAT router to secure a computer from attack.
• These laws make it illegal to protect your files on your computer from theft by using steganography to hide them.
• These laws make it illegal to use steganography keep a sensitive document from being stolen as you email it to your boss.
• These laws make it illegal to use a "honeypot" to trap and analyze malicious network traffic such as hacking attempts and new internet worms.
• These laws make it illegal to use such services as Anonymizer.com and other web proxy services, whether you are hiding your IP address or trying to get to a site made inaccessible by a bad router between your ISP and the site (something I've had to do).
• These laws make it illegal to use a VPN (Virtual Private Network).
• These laws make it illegal for my ISP (and many others) to provide NAT routing to provide myself and tens of thousand of other people with internet service, without the need to purchase one IP address per customer.
• These laws make it illegal to use a remailing service to post anonymously to newsgroups.
• These laws make it illegal to build, own, promote, advertise, or even explain steganography (meaning that I will be a criminal in Michigan next week for advertising a program that lets you easily use steganography).

The list of perfectly valid activities that would be (and have been in some places) made illegal is enormous. The list of illegal or unethical activities that these laws supposedly were created to help combat is far smaller. For a complete analysis of what is being lost, check out Professor Edward Felton's "Super DCMA" pages.

http://www.freedom-to-tinker.com/superdmca.html
http://www.freedom-to-tinker.com/archives/cat_superdmca.html

Permlink | Top

Lavasoft responded Saturday to a recent review of their Ad-aware software in PC Magazine. The review was one part of a series of reviews of several anti-spyware utilities. Their top pick also happens to be my own top pick, Spybot S&D.

Lavasoft didn't like their review and left no doubts about their opinion of the quality of the entire article. The PC Mag author mentioned a lack of options available in Ad-aware. Lavasoft points out that a simple right-click in the scan results will reveal a rather large list of options. The author also contradicted himself at one point, leading Lavasoft to speculate that the author rushed through his review.

Lavasoft also quite rightly objected to the review of BulletProofSoft's Spyware Remover. BPS is accused by both Lavasoft and PepiMK (maker of Spybot) of stealing components of their software. This is something that I reported on a couple of months ago. As BPS is under threat of a lawsuit for stealing from both of these companies, I agree with Lavasoft that it should not have been mentioned, much less reviewed.

You can read the entire statement by Lavasoft at http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=5963

Permlink | Top

Next week, this will section will just link to another page on the web site where the actual reviews will be written, but there wasn't time for that this week.

Last week I mentioned that I had discovered some trojans on my brand new computer. Both of them were IRC floodbots, little programs that make connections to an IRC server and let a hacker turn the computer into one soldier in an army of machines which can be used in a distributed denial of service attack (DDoS). This is the sort of attack that briefly brought down Steve Gibson's GRC.com a few years ago. These trojans also would have deleted all of my network shares if I hadn't discovered them before rebooting.

I run TrojanHunter, which is considered to be one of the best anti-trojan programs available. However, it wasn't TrojanHunter that detected the trojan infection (although it's what I used to clean them up with). It wasn't my anti-virus that detected it. It wasn't any of the fancy, expensive toys that I am allowed to play with for free (for the purpose of reviewing them of course ;) that detected these trojans.

What alerted me to the trojans in both cases was Startup Monitor, a free program written by Mike Lin. Startup Monitor runs in the background watching the locations from which Windows can be set to load a program. If something writes a startup entry, Startup Monitor pops up a very loud and prominent warning detailing what program is writing the entry and the commandline parameter of the entry. It also asks if I want this change to happen. If I say no, it blocks the startup entry from being written.

I refuse to run a computer without this program in the background and that has twice now saved me from a load of trouble. I even sent the kid $20 via Paypal for saving my butt. This program very definitely has my recommendation and I strongly suggest everyone go download and install it now. And if it saves your butt like it saved mine, consider adding to that "tip jar" of his.

While you are there, also get Startup Control Panel. That is a program that works very well with Startup Monitor and it makes managing your startup programs a lot easier.

Startup Monitor: http://www.mlin.net/StartupMonitor.shtml
Startup Control Panel: http://www.mlin.net/StartupCPL.shtml

There is also a brand new freebie from DiamondCS, maker of TDS anti-trojan, that they have just released in beta that also watches for startup entries. I haven't looked at it myself, but it is receiving some good feedback. That is available at http://www.diamondcs.com.au/index.php?page=asguard

Permlink | Top

It's been a week since I converted the old YabbSE forums over to Invision Power Board and it's been running smoothly ever since. I've added a few of my own tweaks to it to make it even better and to make it easier for the members to use. One of which is the ability to choose a skin which replaces the shockwave banner with a regular image banner. That was for those who have turned off ActiveX and are irritated at Microsoft's obnoxious warning that pops up when the security settings disable an ActiveX script.

If you frequented the old board, I'd like to know what you think of the new software. Is it better or worse? I'd also like everyone to rate the forums at ForumFocus.com if you have ever used the forums. As I write this, SWI forums are rated as 4.41 out of a perfect 5.0.

Last minute edit: We have *just* reached the 3,000 registered members mark. :D