 | Read the Sept 6 Spyware Weekly | 
|
|
Spyware Weekly Newsletter > June 17, 2003
Is Your Boss Spying On You? Employers increasingly are turning to sophisticated commercial spyware programs to monitor the activities of their employees on company-owned PCs according to a recent article at bCentral. I'm not talking about the annoying pop up generating, browser hijacking adware parasites you'll find in Grokster and Kazaa. The spyware tools that many employers are using are every bit as sophisticated as the programs you might read about in pulp fiction spy novels. In some cases, they're even more advanced than the fantasy software invented by your favorite authors. Two popular and widely-used spyware programs are WinWhatWhere's Investigator and eBlaster. WinWhatWhere Investigator runs in the background, hides itself from the user, logs keystrokes, takes periodic screenshots of user activity, sends out logs by email, connects to the internet by itself, and allows remote users to connect to your PC. WinWhatWhere's founder is often a source of amusement. He's written on his web site and whined on public forums that "the so-called spyware detectors claim to find and remove spyware. That's great, except they are also including the legitimate computer monitoring programs." Well imagine that, spyware detectors detecting spyware. Spectorsoft's eBlaster record emails, chats, instant messages, web sites visited and keystrokes typed and then automatically sends this recorded information to the email address of the person spying. The spy gets an activity report of latest chats, instant messages, keystrokes and web sites visited, plus a summary of all emails. You can install it normally, or you can send it to a target machine as an email attachment the same as any other virus or trojan. Spectorsoft scored some free publicity for itself last year. A developer for SpyCop discovered that Spectorsoft had included a function that simulates a system crash when it detects antispyware software such as SpyCop, SpySentry, AntiSpector, SpectorDetector, X-Cleaner, Who's Watching Me?, Nitrous AntiSpy, and SpyCop's Single File Scanner. As part of this fake system crash, it would terminate the process for the detection software to mislead users into thinking the product wouldn't work properly. This may surprise you, but I don't have a problem with a company putting spyware on their own equipment and using it to monitor employees. The computer belongs to them, not to the employee using it, and they have a right to use any software they please on it. On the other hand, I consider it unethical for employers to do this secretly and would like to see undisclosed employer monitoring made illegal. The United Kingdom agrees with my opinion it seems. Employers in the UK violating the Data Protection Act may be subject to criminal and civil actions. A newly released code of practice from the Information Commissioner, Richard Thomas, spells out what is acceptable, and what will land an employer in hot water. Thankfully, the code does not spell out what constitutes "monitoring". That would certainly have led to loopholes through which employers would have crawled. While avoiding the pitfall of limiting itself to possibly shortsighted definitions, the code specifically includes CCTV cameras, opening emails or voicemails, checking internet usage, automated checking software, listening to or keeping records of telephone calls, gathering information from point of sale terminals, or checking with credit reference agencies. How do you feel about it? Do you think it is acceptable for employers to spy on their workers? Take part in the debate and cast your vote in our poll. Links:
http://www.bcentral.com/articles/enbysk/156.asp Article at bCentral X-Cleaner Spyware Remover
Author: XBlock Platform: Windows 9x, ME, NT 4.0, 2K, XP License: $39.95 [10% off for SpywareInfo visitors] For those of you who don't want your boss spying on you, you don't have to put up with it. X-Cleaner Spyware Remover is an award winning spyware detector that finds and removes commercial spyware programs. Features include:
Busts spyware like: You can even put this on a floppy disk and carry it to work in an envelope or in your shirt pocket. Insert floppy, scan, and zap the keylogger! Please visit our X-Cleaner information page for more information. Every week, SpywareInfo arranges a discount on the programs best suited to keep your private life private. This arrangement lets us pay the bills to keep SpywareInfo running without having to sell ads to the likes of DoubleClick and X-10. We do need your help, as the discount is for your benefit. What commercial privacy software would you like to see featured here at a discount? Drop us a note and let us know. Links:
http://www.spywareinfo.com/downloads/x/ X-Cleaner information page SmartDownload Case Settled
Three years ago, Netscape began to bundle spyware into its SmartDownload download manager. Almost immediately, they were caught. In fact, it was one of the original scandals that brought the problem of advertising spyware into public light. Every time SmartDownload was used to download any file from anywhere on the internet, the complete address of the file, a unique identification number, and your computer's individual internet IP address were immediately transmitted to Netscape. The IP address was sent to Netscape in the form of a cookie, meaning that even if you were using a proxy service to stay anonymous, the spyware could circumvent that protection. People signed up for Netscape's "NetCenter" system, were especially at risk of privacy violation because NetCenter members also had their NetCenter logon ID and their personal email address sent with each file download report. Not long after all of this became public, Chris Specht, a New Jersey-based website operator, filed a class-action lawsuit against Netscape. Netscape's defense always centered around their click-through End User License Agreement. Netscape's argument is that the users agreed to having the spyware on their system by the very fact that they installed it. Last year, a judge ruled that by placing the user agreement for that plugin where it is difficult to find, the agreement is invalid. The New York Attorney General's office also started an investigation last year into the situation. Last Friday it was announced that Netscape will pay $100,000 as part of a settlement with complainants in New York. Netscape will also delete all URLs and related data it has obtained through its SmartDownload browser software and undergo privacy audits. Netscape does not admit any wrongdoing or liability in the deal. Although Netscape got off cheap, I definitely call this a victory and feel that a very good precedent has been set. If Netscape can be brought to justice for bundling spyware into its products, all the little slime balls need to watch their backs as well. Links:
http://grc.com/downloaders.htm Netscape caught spying Small, But Important Victory
Another victory has been won by one of my readers. This victory wasn't worth a hundred thousand dollars. In fact, it wasn't even worth one thousand dollars, but it was a victory all the same. As I've been repeating in nearly every issue lately, there is a topic at the support forums specifically for victims of dialer programs to post what happened to them and how much it cost them. Monday, a visitor posted this:
Nice going! My advice to anyone who receives a fraudulent charge on their phone bill should fight it as hard as they can. Telephone companies are in bed with these companies and love raking in the profits from people infected with these dialers. I think these telcos should be held just as responsible as the companies that spread these dialers around like a virus. A few telcos are ethical and will happily work with you to identify the charges and credit them, so be nice when you call them! Never, ever pay the phone bill when you see a fraudulent charge. Protest the charges, in writing, and file a complaint with the FCC. Let the telephone company know that you will file a complaint with your local public utilities commission if they attempt to cut off your service. If you believe you may have a dialer program installed, please read this FAQ and follow the directions. We can help you remove any spyware, hijackware, dialer, or other malware you might have installed. Links:
http://www.spywareinfo.com/rd/dialers/ Dialer thread at SWI forums Web Site Redesign
I have decided that it's time to redesign the web site yet again. I've made a very dramatic change in the design of the home page of the web site. The page is fully valid XHTML and CSS according to W3C specifications, so I don't want to hear any whining about Netscape 4.x. Netscape 4 is six years old and was designed to support proprietary Netscape standards, not official web design standards. It is time to update to something usable. Eventually I'll fix it so that Netscape 4.x will leave the CSS file alone and just display plain text. I haven't had time to go any further than the home page. I haven't finished tweaking everything yet and I'm considering moving the sidebar area to the right, but I'm running into problems. Personally, I think it looks awesome. Altogether, opinions are a little mixed. Check it out and tell me what do you think. Links:
http://www.w3c.org/ World Wide Web Consortium Javascript In Last Week's Issue
Last week in my bit about cookies, I had screenshots that opened in pop up windows. I honestly meant to remove the javascript that turned the new windows into pop ups before I mailed last week's issue out, but I totally forgot about it. Most of you wouldn't have noticed, but I'm sorry if anyone had any security programs go off. At least no one complained this time. Last time I did that, some moron in Germany emailed demanding - demanding! - that I not mail javascript and to stop using CSS in the newsletter. Normally I delete flame mail without responding, but I was in a mood that day, so I answered him. Then I posted it at the message boards. Anyway.... The javascript was for the online version, not the emailed version. Next time I have an issue with javascript in it, I will try to remember to remove the javascript from the mailed version. Links: http://www.spywareinfo.net/18 Flame mail post Recommend SpywareInfo to a friend
Do you like SpywareInfo and this newsletter? Then please tell a few friends about it! We are trying to come up with ways to increase the number of visitors to the web site and the number of subscribers of this newsletter. Recently I signed up for RecommendIt's service, also used by Scot Finnie and Fred Langa. When you use RecommendIt's service to send a link to a friend or family member, you can also choose to enter a contest with a grand prize of $10,000. The privacy policy of the site looks solid and I did ask around if anyone had heard anything bad about it before I signed up for it. You can use their service to recommend SpywareInfo to someone you know at http://www.recommend-it.com/l.z.e?s=881459 Of course, you don't *have* to use RecommendIt's site to send a friend a link to the site. Just sending an email will also do the trick. Links:
http://www.scotsnewsletter.com Scot Finnie's Newsletter |
Site Navigation
About SpywareInfo Spyware Search
All material on this web site is copyrighted SpywareInfo banner designed by mockie |
I'm tempted to buy him a dictionary and send it to him with the page that lists the definition of spyware bookmarked. Or perhaps I should buy him a clue. He could certainly use one. :-)
