WARNING: Hidden Spyware of the most diabolical kind

[Guest]

ExtremeTech has an article up on the despicable actions of a new series of commercial sites that offer "Download Accelerators" on the internet: including some of the most "reputable" sites there are (GameSpot is only the first).These new series of download accelerators are spyware of the most diabolical kind. Not only do they have the ability to report your download patterns to companies of unknown origin, but they include a COMPLETE spy component that:"has the ability to track distribution of its content via the publisher and through the downloader: if it was used, if it was opened, et cetera," Szelenyi said."This, my friends, IS Big Brother in its truest form. With such capabilities, they have the mechanism to track every thing you do with a piece of legal software or media you download from the internet (note: we're not talking illegal MP3's or such here - this is licensed material directly from site you download from such as games or media files). So you like to play a lot of First Person Shooters do you? How interesting. Whoa, and you sure are learning how to fly a heavy aircraft well... Extremely interesting. Specially since you look to have a lot of free time everyday at 2:00 pm. Bob of 1234 Street, Anytown USA.But wait... It gets worse (if thats possible):"According to Mark Szelenyi, director of enterprise marketing at Kontiki, the client software includes the Windows Media Rights Manager from Microsoft. "The publisher in the enterprise can delete content after X weeks, limit its forwarding ability, limit the times it can be used," Szeleny said. "It is very flexible. It can play and delete itself, or not allow it to be forwarded, as well as limit the number of times it can be used on systems."There goes the last bit of your supposed legal right to "Fair Use". With such a download manager and the licensed and legal material you download with it, a game or music file you purchase online may only allow you to play it one times before its deleted from your system.Ok, I was wrong. It actually gets *much* worse:"The Kontiki Software or particular Content may include or enable a digital rights management software program ("DRM"), either proprietary to Kontiki or provided by or licensed from a third party," the agreement states. "DRMs are designed to manage and enforce intellectual property rights in digital content provided over the Internet. You may not take any action to circumvent or defeat the security or content usage rules provided or enforced by either the DRM or the Kontiki Software. DRMs may be able to revoke your ability to use applicable Content. Kontiki is not responsible for the operation of the third party DRM in any way, including revocation of your ability to use Content or the collection or use of information collected from you by the third party DRM."Without your upfront knowledge, these innocent looking download accelerators install the spyware and DRM components on your system: and you absolutely have NO RIGHT to remove it from your system once its there (even if you delete the download accelerator itself: the spyware and DRM remains). And oh yea, if its buggy and crashes your system (or opens your system wide to the entire internet), too damn bad - its your responsibility not theirs. They don't even specify *where* the spyware or DRM may come from! It could be absolutely anybody's code they choose, now or in the future.Want more? Ok:"In addition, another portion of the agreement allows Kontiki the right to automatically update the software without the consent of the user. "You consent to such automatic upgrading, and agree that the terms and conditions of this Agreement will apply to all such upgraded versions," the EULA says."So in a nutshell, even if you somehow think the spyware and DRM that is snuck into your system is ok the way it is: it may be changed in the background at any time to any code they see fit. Good code, bad code, even worse spyware than it is already (Maybe they'll send your complete usage pattern and personal information directly to the Office of Homeland Security in the future??), gaping wide buggy code: doesn't matter. And you won't notice a thing when "upgraded".So what is this download accelerator exactly? Well, at the moment its being flogged from GameSpot in their new "faster download" links (note: GameSpot is almost wholly subscription based now - so this is twice as evil as it seems). Kontiki is also in the process of licensing the front end "download accelerator" to many other very extremely popular commercial sites as well (CNet is the parent of GameSpot by the way). All will be branded by the licensor to hide its true identity. The client can also be downloaded by itself as a standalone download manager from Kontiki. PCMagazine reviewed this exact download manager recently and gave it its "Editors Choice Award". The review stated, "it does come without banners and spyware", a complete and boldfaced lie.I HIGHLY RECOMMEND YOU READ THIS ARTICLE AND INFORM YOURSELF. Whats more, I beg of you all who read this to put your foot down and make a stand right now. Inform all those whom you know to avoid such horrible spyware and educate everyone you know about the perils of DRM and spyware schemes like the one above. Even more, write to GameSpot and Kontiki to inform them that their sneaky and despicable practices will not be tolerated. Otherwise, your every move and personal data on your own computer are on their way to becoming public property to the highest (or most diabolical) bidder.http://www.extremetech.com/article2/0,3973,365073,00.asphttp://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[MikeAdamo 51]

Elrond,Extemely intersting read. As a matter of fact, I tried to download a demo from Gamespot and that "download accelerator" was installed as part of the download process. I had absolutely no say in the matter. Thanfully, I uninstalled that program and reinstalled winXP (for different reasons) shortly after. Amazing to see what people can think up!!MikePS, thanks for bringin this up!

[Guest]

Hi Mike,And unfortunately, reinstalling Windows would be the only way to completely get rid of the spyware and DRM I believe. Since a piece of the spyware is a Microsoft component (the DRM module), it integrates itself into your Windows install completely. There is no way to "uninstall" the DRM and spyware components specifically since they are signed - even when you uninstall the "download accelerator". I don't even think Ad Aware could handle such an issue.Take care, http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest mikehaska]

I'll say it this way:It's stupid people's faults this is happening.The internet is getting user friendly, and (un)fortunately, anyone can get online. Before, computer-smart people used it, were aware of what was running on their systems, and why it is there.Now, anyone downloads KaaZam, MSN Messenger, and Download accelerators (because they're "really cool") and unwittingly installs spyware (even if they knew what spyware was!). So before, when a company doing this would have no one use their software, every computer-stupid idiot on the internet will use it, and spread it around.I can't stand it when people sign up for things on the internet with all their info. I understand usernames, emails, and passwords, but when a site asks you for your address, income, and if you have a DVD player or not, it's obvious to most that they're going to sell your information to a marketer faster than you can say "Pan-fried pineapple."Most computer-smart people are outraged by these infringements on their privacy. Yeah, sometimes people need info, but these companies have absolutely no right to spy on me. The dumb people don't even fathom it.Simple solution: Stupid people- go back to playing with Yo-Yo's. The Internet is still too complex a place for you!(Sorry to vent, but I'm always the one who has to clean up the computer from Gator Spyware and such...)Edit: It's scary to see how our rights have slowly dissolved. If you told someone 10 years ago a giant company would always be watching us, tracking our patterns, and then selling that information, everyone would be outraged. It's time for the lawmakers to get involved to protect this sacred freedom which is slowly slipping away. (man, that's especially poetic... I must have ate something funny :-))

[Guest]

""It's stupid people's faults this is happening.The internet is getting user friendly, and (un)fortunately, anyone can get online. Before, computer-smart people used it, were aware of what was running on their systems, and why it is there"""So what you're saying is that unless someone has some computer savy, they're stupid. Why am I even talking to you???? What a ridiculous thing to say. My thinking is that Microsoft developed windows and its accompanying browser so that the really smart folks could use the internet. Obviously!!!!!!!!!!!!!!!! there wasn't much for intellect on the net before.

[Guest]

That's disgusting. I pay for a computer, software and internet connection and some greedy twit can do whatever he wants to my computer? It's unbelivable. I don't care if the government knows my name or my address, I have nothing to hide, but when people start to install and update things on my computer whenever they feel like it and change things whenever they want and record my activities is invasion of privacy. It should be under vandalism or theft (or Break and Enter :-lol) It's my computer and my property so they cannot just comein and do what they want. It's like someone coming into your house at night, entering and stealing..don't you agree?And knowing that you are not allowed to do anything about it is just horrible. There should be some laws to put these people in jail. Amn, I am I angry now!I try my best to keep spyware out with all these programs, firewalls, erasers and all kinds of stuff and I know that I cannot stop all of it but this is getting out of hand.Sorry for ranting. :-shyMike

[Tom Allensworth 1,532]

"It's stupid people's faults this is happening.The internet is getting user friendly, and (un)fortunately, anyone can get online. Before, computer-smart people used it, were aware of what was running on their systems, and why it is there."That's a stupid statement Mike. Two things to say in response...I have been online via things like The Source, C$erve, and my own BBS' since 1983; and now the Internet. I run anti-virus, anti-spamming tools, a firewall and other "preventitive" measures, and I still get "caught out".My wife is a 28 year veteran of the University of Virginia's teaching Hospital. She is an RN who is on a transplant team and an Operating Room Nurse. She has the benefit of my knowledge, plus her own common sense and online experience, and she ain't stupid by any measure. She gets "caught out" too. Neither one of us are stupid. I think you just seriously embarrassed yourself.

[Guest]

Weren't we all there at some point! knowing nothing about computers or the internet. :-eek I cannot remember those days!I agree some people are too trusting. I do not know how some people agree to give unnecessary details over the internet. Eg. if I sign up for a free account at a website they want to know by address, tel number, income, sex, zipcode, hobbies ...I never tell them that. I always use nte first and last name "mynameis noneofyourbusiness" and my zipcode is always "90210" if I sign up for anything which is rare. AVSIM is the only site taht knows my real name.Take careMike

[Sonar5 3]

http://ftp.avsim.com/cgi-bin/dcforum/dcboa...orum=DCForumID6I use a 4 Pronged defense.1) I use Guidescope, which is a cookie and ad blocker for which you can set up permissions. Freeware get it athttp://www.guidescope.com/home/2) I use AVG ANti virus Software Also Freeware, notice the pattern. this is a free program for non-commercial use. Get it here:http://www.grisoft.com/html/us_index.htm3) I use the Freeware version of Zonealarm for a stealth firewall which basically tells the computers that you don't exist. Get it here:http://www.zonealarm.com/4) For pesky spyware, I use the best. The Freeware Ad-Aware program, available here:http://www.lavasoftusa.com/These programs will do you know good if you just install them and run them one time. You must continually update the AVg and Ad-Aware program which both come with auto-updaters.It is imperative that you follow the directions for each program in its entirety. If you do not understand what the program can and cannot do, don't install it.There are many other programs out there for you to use, and these are the ones that I recommend because I am familiar with them. They may no longer be the best, but they were at one time, and I see no reason to change mine now. To check if your computer is safe from attacks, try out this link and check your results before and after.Shields Up:https://grc.com/x/ne.dll?bh0bkyd2Just some food for thought.Regards,Joe :-wave.Oshkosh Pictures From 2001 (Part 1) 78 Pics in Frames with 1mb in ThumbnailsHigh speed connection Recommended:http://home.attbi.com/~flypics1/FrameSet.htm.Oshkosh Pictures From 2001 (Part 2) 106 Pics in Frames with 1.5mb in ThumbnailsHigh speed connection recommended:http://home.attbi.com/~flypics2/FrameSet.htm.Picture Gallery of My Flight in a 1945 SNJ-6 on June 1st, 2002Joliet, Illinoishttp://home.attbi.com/~jranos/FrameSet.htm.http://home.attbi.com/~jranos/mysig.jpg http://avsim.com/hangar/air/bfu/logo70.gif

[Guest]

Im basically with you all! Except mikehaska , I was once a computer noob but 7 years later I am now an almost expert in Win OS's and I am still learning! And yes I do think spyware sucks, however, I use Adaware and it almost removes all spyware on my pc in 5 minutes. There are the odd rat-type spyware that just wont leave so i reformat my pc once in a while.Ad-aware can be found at http://www.lavasoft.nu

[Guest]

Thanks JoeOn my way for the first thing on your list. I already have the rest and I must agree that they are working very well especialy ZoneAlarm. Everytime I install anything it wants to access the internet. Even opening a game zonealarm tells me that the game wants to access the internet. Sometimes even Windows Explorer wants to access the internet. What's up with that? Once in a while I get some program that wants to access teh internet that I have never heard of, must be some weird spyware.Zonealarm is good!!!!MikeEDIT: I think that Mr Allensworth should post your list on the fromt page as well so that people can get the proper defense together with Elrond's Outlook Express program. Computers will become fortresses :-eek

[Guest]

Hi Joe,I completely agree... In most cases like this, the best offense is usually a good defense. And the programs you link to above are must haves (except I personally like the free better than ZoneAlarm, but as you say its a personal thing).But in this case, its much more insidious. Since the spyware and DRM piggybacks on the back of a download manager, even the best of Firewalls will let it through: because it must be given permission to work as a download manager. Thus, its free to do its spying and tracking as well.On top of that, the DRM currently included is a signed Microsoft component. For those that may not know, signed code from MS cannot be removed in XP because System File Protection will not allow that once its installed, unless it provides a method to uninstall itself from your Add/Remove control panel. The DRM spy module does not provide this. Uninstalling the Download manager keeps the spyware and DRM module intact. And because its signed code, even Ad Aware would not be able to remove the component (it would simply be reinstated upon reboot from the "important files I must have to function cache" XP keeps - so to speak).Overall though, I wouldn't want to dilute any recommendation to keep protection software installed and updated - as it can be very effective for specific types of spyware, Trojan horses, etc. But on top of that, we as users must completely stamp out the use of insidious spyware components like the above by making our voices heard to those who propagate it - and to Congress (or your own legislative body).Take care,http://members.rogers.com/eelvish/elrondlogo.gif[link:flightontario.cjb.net]http://members.rogers.com/eelvish/flyurl.gif

[Guest mikehaska]

Tom and all- I should have been more careful with my terms... I tried to stick to the phrase computer-smart and computer-stupid, but I forgot to in a few instances. I was searching for the right term, but I couldn't think of it until now. "Computer Savvy and Non-Computer Savvy should have been the terms I used. I can always count on everyone to beat me to death over a miscommunication, though.I am the last person in the world who has to be reminded about how smart people have trouble with computers- I work at an engineering company. I am surrounded by brilliant people when using furanic analysis to determine expected transformer life expectancy, but PowerPoint still gives them trouble! :-lolOn your second point, I understand that computer-smart people can get "caught out". Of course, if software packages hide this software in it so well, how can we notice it? I understand that sometimes, things slip by us. But I am 100% sure, Tom, that if you took a look at all the processes running on your computer, you would know what they are, and what they are doing. And identify the ones that shouldn't be there. That's what I was trying to get across.But I still stand by my original point. Imagine this: Someone doesn't know how to drive, and never used a car before. They liked to listen to the radio in the car, and play with the power seats (who doesn't). One day, however, they decided to start driving around the neighborhood. Turns out they didn't know about turning signals, so they left the left signal on and got T-boned in an intersection. Now, would you find it an acceptable for that person to use the excuse "I was only using the car for the radio- I didn't need to know how to drive"? I consider one of my friends to be computer-brilliant. He would never install software that would spy on him. He told me all about how he prefers WinMX because of it's uncluttered programming and lack of spyware. When I ask my other, computer-stupid friends about spyware, they give me a blank stare. Now, how can we expect to prevent spyware from occuring when a large part of the population is unaware as to what it is? If a pilot wants to fly his aircraft, he is going to check the NOTAMS, be aware of his aircraft's specs, and keep up-to-date with various sources (AOPA, Aviation Mags, meetings, etc.) In the same way, when if I am going to be rollerblading, I check my gear, wear a helmet, do maintanence on them, and learn as I go. Any less of me would be very irresponsible. What if the blades were unsafe to ride on, and I didn't know? What if I didn't wear a helmet because I didn't know? In those cases, it would affect me directly, and a lot of people indirectly. Why is it, then, that people use computers like they are no more complex that a screwdriver? I have heard people say "a computer is just like a VCR. Once you get the hang of it, you are using it for life." No, it's not. A VCR cannot be hacked. A VCR does not need service packs, upgrades, or VCR v2.0. I liken a computer to a car- it is a tool, but it is one that can get you (and a lot of other people) into trouble really quick. You need to know how to work it. It bugs me to no end when I (as a webmaster) hear the stupid things people do. One person accused me of giving his computer a "bug" when the PDF newsletter I sent to everyone starting "missing words and letters. Eventually, the entire thing dissapeared." A computer is a powerful tool, and I don't aplogize for saying that a lot of people shouldn't be using it. People who are so stupid that they don't understand why people are angry when they send them spam. People who complain that the software is full of "bugs" but in reality it is their computer that is giving them the problems. People who are amazed that they get a virus when they execute some program emailed to them from someone they don't know.Millions of dollars are lost every day when someone passes on a virus to someone else, causing a global virus scare. If they knew about viruses and how to avoid them, this cost could have been averted. But they don't use anti-virus programs. They don't install the latest security updates to Outlook. They ever open the files that contain the viruses (why- because it says "I love you!") What is their excuse? "I didn't know?" "I thought I was protected." "It didn't look like a virus- my friend sent it to me." Bullshaft. If you didn't know, you had no right to be using a computer. The internet is a global network, and your stupidity can affect hundreds, even thousands of other users. It's your responsibility to be well informed.Edited to add this paragraph: But what about those cases where that responsibility is passed on to someone else. This is when you have an administrator take this responsability off your shoulders, and puts it on his own. This is when I install software for someone else. This is when I configure Windows for someone else, or tell them how to do it. It is absolutely the administrators responsiblity to be caught up with all aspects of the software they are using. Take this example- Tom, you said in another post that you use PayPal extensivly here at Avsim, and then questioned my motives for pointing out several concerns I had with the service. You are the administrator to us when you recomend PayPal. You should have investigated these concerns, or at least been aware of them (most news services carried articles about the litigation against the service by 4 states!). In this case, you dropped the ball when you should have been on top of it. I have no question in my mind you exposed many bank accounts to a significant risk by not being fully aware of PayPal and it's many problems.Bottom line, a computer is one of those things you have a responsibility to know how to use before you start messing around with it.Once again, my apologies to everyone I may have offended by indirectly calling them stupid, it was honestly a mis-communication.

[Guest]

Elrond...When there's a will, there's a way. I believe it could be uninstalled, but it would definitely take a bit of effort. But it's probably safe to say that it couldn't be easily removed by the average user. But I don't think it would be impossible.I think there should be a class action lawsuit against this company!Just my 2 cents...

[Guest]

What about identify theft? I'm more concerned about that, especially post 9/11.