WARNING: Hidden Spyware of the most diabolical kind

[Guest]

Been a while since I posted, but this is good stuff, Elrond.While we're at it, I think it should be noted that an obscure but ever so real copyright law was enacted in 1998 under the Clinton Administration. It's called the "Digital Millennium Copyright Act" or DMCA abbreviated.The DMCA aimed (as most laws do) to protect content providers in an online world, as theft is simply a few mouse clicks away. This law however turned out to be way too sweeping.The Constitution of the United States (Article I, Section 9:)"No bill of attainder or ex post facto Law shall be passed."Well, technically, the DMCA doesn't override US Code, Title 17, Chapter 1, Section 107. Because digital content other than Music CDs are not mentioned. So the media industry lobbied for this law which introduces the following powers to copyright holders:- You may not circumvent a protective device. In other words, you cannot do as you please with a piece of software you've purchased. Some people may be alright with this and I suppose it isn't the worst thing that could have happened.- You may circumvent a protective device if you have scholarly intent and have expressed permission from the copyright holder. The copyright holder may revoke these rights as seen fit. This is scary. Copyrights were created to protect individual inventors from bootlegging. Corporations were however granted the same status as a citizen, including protection from the Constitution. Hence a corporation can own a copyright and patents. No longer are copyrights or patents awarded to mortal humans, but to immortal corporations. If professors cannot research something because of copyright or patent fears, we will soon have to trust corporations in a very different way.- Any work fitted with a protective device, no matter how weak, is protected under the DMCA.The DMCA can carry a conviction by means of judge and jury of a felony. It is a misdemeanor to drive too fast and endager other people, but when it comes to some huge corporations welfare, it's a whole different ballgame. The DMCA has been nothing but trouble so far. Search on google for "Dr. Felten DMCA" and you'll find a slew of stuff.A few websites you can visit;http://www.eff.org (If you like what they're doing for your online rights, please consider a donation)http://www.digitalconsumer.org (Among other things, they have a proposal for a "Consumers Bill of Rights" and the ability to send Faxes to your representatives)http://www.anti-dmca.org (Miscellaneous info about the DMCA and other attempts to curb Fair Use and Civil Rights, especially Microsoft Palladium)The corporations that put out this "spy-ware" stuff are indeed low-lives in my book, but they're also allowed and to some extent encouraged to do this. They can make money by tracking people and selling information to other companies. And they're protected by law. Digital Rights Management or DRM is something the media industry is big on right now. They want to not only enforce DRM in your hardware or software, but also with legislation. Please look at the Consumer Broadband and Digital Television Promotion Act, introduced by Sen. Hollings of South Carolina. It intends on putting hardware devices in any consumer electronics to enforce the media corporations' will. Microsoft owns a patent on a DRM/OS and would so be the sole provider of software which can manage these things. Are we having fun yet? I would like to urge registered voters to write in a calm and informative way to their Congressmen about what they think about these bills. Once a bill is signed into law, it is very hard to have it repealed. The best way to stand up for these things is to educate your elected representatives of what you think. They are there by and for you. And even though they may do things that may seem strange at times, they do want your opinion.Once again, use the Fax service at digitalconsumer.org to relay your message in a convenient way. But please do not write profane letters or in any other way act hostile. Chances are that they will not listen to you then. They need facts, evidence and opinions to take with them to the floor when it comes time to vote. Try to raise good questions and perhaps even suggest why a bill contains bad elements. Point out what those elements are.

[Guest]

Gentlemen,Thank you for that link Elrond. "Regular Spyware" has been around for a little time and a bit of information can handle it as well as the virus threat, this is indeed quite different and more insidious, I'd even say vicious, and it seems it is heading in the wrong direction: http://www.computerworld.com/securitytopic...1,72519,00.htmlLegalizing hacking now? And giving rights on my computer to a remote security techie? There are less intrusive attempts to enforce a license, I have no problem with Product Activation, RDM or what it tries to become under the lobbying of the sofware and music industries is quite another piece of work...Time to take the lawmakers by the horns :-) The current trend in favor of opt-out was already annoying, but this is more worrisome... ---All the BestKaty Pluta

[Guest]

This is a good example of why great care must be taken when laws are created. Any time a new law is introduced, it is because a problem needs to be solved. However, the new law also has other far-reaching consequences that the lawmakers may not have even considered. One must balance the tasks of making a law general enough to do the job, and yet concise enough not to grant too much power or authority to the wrong people. It's a complicated thing; that's why lawyers make so much money.Many people tend to push for new laws to fix social problems. However, there are faster and more effective ways to enact policy a free market. Elrond's suggestions are perfect:a. Educate yourself and your neighbors.b. Take steps to eliminate the threat to yourself.c. Contact the perpetrator of the threat, in this case Gamespot. Inform them that their activities are unacceptable and that you will stop using their service to protect yourself.Because we live in a free market where many companies may provide the same service as Gamespot, they will have to consider the fact that they will lose business. Voting with your wallet, rather than contacting your legistlature, is a much faster and more direct way of influencing a companies policy.Granted, there are situations where legislation absolutely necessary to protect the people. But legislation can be a powerful and dangerous tool. Don't trade away too much of your freedom for security. The policy you set for yourself can be changed at any time. The policy set for a nation takes a great deal of effort to change.

[Guest]

On your recommendation I switched from Zone Alarm to Outpost and I find it much better - even though it is more complicated to set up, the power of it makes it much more useful. If you can't remove the spyware DRM component you could always prevent it from working by using Outpost to block the servers that it reports to !!!On the other software issue I use all of the programs mentioned with the exception of Guidescope - since I have never really got on with that.....

[Guest]

>ExtremeTech has an article up on the despicable actions of a >new series of commercial sites that offer "Download >Accelerators" on the internet: including some of the most >"reputable" sites there are (GameSpot is only the first). >Gamespot reputable? That's like saying Netscape 4.5 was bugfree :-halo>These new series of download accelerators are spyware of the >most diabolical kind. Not only do they have the ability to >report your download patterns to companies of unknown >origin, but they include a COMPLETE spy component that: >They're not the first. In primitive forms download managers/accelerators have had all kinds of spyware built in for several years now.>"has the ability to track distribution of its content via >the publisher and through the downloader: if it was used, if >it was opened, et cetera," Szelenyi said." >I can understand why some companies would want that. Very interesting to see what ELSE people download that's not legal.Makes tracking down warez-sites a lot easier.Mind that I specifically DO NOT agree with ANY kind of spyware, especially if it is installed and operates without EXPLICIT consent (and thus not a few carefully worded lines of legal mumbojumbo in the smallprint of a 10 page long EULA) from the user installing and using it.>"According to Mark Szelenyi, director of enterprise >marketing at Kontiki, the client software includes the >Windows Media Rights Manager from Microsoft. "The publisher >in the enterprise can delete content after X weeks, limit >its forwarding ability, limit the times it can be used," >Szeleny said. "It is very flexible. It can play and delete >itself, or not allow it to be forwarded, as well as limit >the number of times it can be used on systems." >That's the definition of subscription software, but with a small twist. Self-execution sounds troublesome, subscription software does not. It can be a viable form of software distribution, especially for trial versions (as you are probably aware, many cracks are available to circumvent trial licenses, this is the next step in the offensive against such operations).But again, the software should openly state such a purpose and list the number or timeframe of allowed use.>There goes the last bit of your supposed legal right to >"Fair Use". With such a download manager and the licensed >and legal material you download with it, a game or music >file you purchase online may only allow you to play it one >times before its deleted from your system. >Read above.>Without your upfront knowledge, these innocent looking >download accelerators install the spyware and DRM components >on your system: and you absolutely have NO RIGHT to >remove it from your system once its there (even if you >delete the download accelerator itself: the spyware and DRM >remains). And oh yea, if its buggy and crashes your system >(or opens your system wide to the entire internet), too damn >bad - its your responsibility not theirs. They don't even >specify *where* the spyware or DRM may come from! It could >be absolutely anybody's code they choose, now or in the >future. >As long as you didn't agree to any contract (and yes, a EULA IS a legally binding contract) they had no right to install it in the first place so you have avery right to remove it (mind that they also have every right to disable their own software if the spyware components are not found IF they are integral to the software or otherwise technically required for the software to operate).>"In addition, another portion of the agreement allows >Kontiki the right to automatically update the software >without the consent of the user. "You consent to such >automatic upgrading, and agree that the terms and conditions >of this Agreement will apply to all such upgraded versions," >the EULA says." >Logical development. Happening everywhere. The average computeruser does NOT keep his/her software up to date yet blames the company supplying it for problems even after they have been resolved, thus creating bad PR.At least they don't state they reserve the right to change the EULA and have you automatically agree to every change they make...They should of course ASK before updating, unless the user has agreed to have the update happen in the background.But since it is spyware and the user doesn't even know it's installed that's highly unlikely.>downloaded by itself as a standalone download manager from >Kontiki. PCMagazine reviewed this exact download manager >recently and gave it its "Editors Choice Award". The review >stated, "it does come without banners and spyware", a >complete and boldfaced lie. >I've never believed in the competence of magazine editors... They probably didn't even look for it.They looked for banner ads, they looked for Gator, and maybe one or two others and when those weren't found they declared it safe.Again, I specifically DO NOT condone spyware (why else did I quit using download managers and Roger Wilco years ago) and won't build it into my own software.But some of the features you describe I can understand and those have legitimate uses in customer support, shareware (and demo) licensing schemes and the prevention of software piracy.

[Guest Fortress]

:DPaul

http://homepage.ntlworld.com/paul.haworth/Fortress.gifVoted Best Virtual Airline of 2002 and Best CEO of 2002 by participants in the BIG VA Vote organized by FSPILOT.comVANF "Best" New Virtual Airline Awardhttp://homepage.ntlworld.com/paul.haworth/saint_georgex1.gif

[Guest]

Hi Jason,Yes, you are right of course. Just like replacing the signed NTOSKRNL to insert with your own personalized Boot Screen, where there is a will there is always a way. But for the average user, reinstalling would simply be the only way.Take care, http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest]

Hi Katy,Insane isn't it? There are so many attacks on our right to privacy and the security of our systems today that its simply unbelievable. While much of this has gone under the radar of the average user for the past decade, hopefully vocal users such as yourself can inform and educate the general populace that our rights are being eroded by congress and the media conglomerates at an insane pace. There are lots of things to worry about in this dangerous world, but if our own society continues to become controlled by those with the most power an the most money, what good is it fighting for democracy in such an environment?The problem with something like Product Activation isn't really what it does, its what it teaches you to expect. All controls must be gently introduced in the beginning because if they were all thrust down your throat at the start, most would balk and quite loudly. Something like Product Activation is fairly small in the scheme of things, but such controls are only the foundation where more stringent controls are built upon. And we are seeing exactly that today from so many different directions: copyrights that get extended to eternity and eradicate Public Domain, DRM in every hardware device including computers that severely limits how you can use any content on those devices, legalized hacking by media owners (extremely bad enough by itself) but even worse when there is no need for proof to initiate it, continued erosion of our First Amendment right to Free Speech when it comes to computer code, assault on our rights to research or circumvent technology that controls our lives (DMCA), and the list continues and continues.Only we as a people can decide to step in and take action... Our representatives REPRESENT US, they don't represent the media conglomerates. But the hard money that such powerful lobbies throw at them completely nulls our own populace voice that they are hired to enforce. Only by our assertion of that strong voice can this be stopped before its too late.Take care,http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest]

Excellent, excellent points Dave.Thank you, http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest]

Hi Astade,Truly an excellent post. I completely agree with your strong recommendations at the bottom as well.To add to your list of excellent links, I ran across a blog (Web Log) of the recent five days of lectures and seminars on Internet law at Harvard Law School. This blog contains some of the best discussion of the problems that are facing us today, from the ever expanding Copyright limits (thats a joke) by Congress to the detriments of the DMCA - and everything in between. The participants ran from lawyers of the big media conglomerates (only 38% of the panel were lawyers though, so no need to run away :-)), representatives from Microsoft (Jason Matusow) and other software/hardware companies with a vested interest, to the brightest minds in our land on Internet Law such as Larry Lessig.For those trying to wrap their heads around all the different angles and attacks on our privacy/rights in the digital age, this is the best resource I've ever seen. In six pages, you'll learn more about the issues that effect us most than any one source I've run across. Highly recommended for all users here who are concerned with their digital future and rights who don't know where to begin to learn about it:Day 1(Larry on architecture; JZ on ICANN roots & politics; Fisher on IP/domain name disputes; Charlie on how to cheer Larry up...)http://www.siliconvalley.com/mld/siliconva...nal/3580048.htmDay 2(Fisher on the state of cyberlaw, using music as an example; Julie Cohen on the DMCA in action and Larry on Eldred v. Ashcroft; JZ & co. on increased control of the Net, via copyright law & other means; Charlie on the bigger question--personal agency in shaping the Net; what it can potentially offer global society.)http://www.siliconvalley.com/mld/siliconva...nal/3586324.htmDay 3(Yochai on works of distributed intelligence; Larry v. Microsoft; Larry on speech in the networked environment; JZ, Ben Edelman, and Charlie on harmful speech/pornography.)http://www.siliconvalley.com/mld/siliconva...nal/3593653.htmDay 4(Ramesh Johari on nuts & bolts; Yochai and Larry on access (or lack thereof); Fisher and Yochai on business-method patents; Sarah Guerrero & Andrew McLaughlin on digital divide issues.)http://www.siliconvalley.com/mld/siliconva...nal/3600823.htmDay 5(Jerry Kang and Chris Kelly on privacy; JZ on Net zoning; Charlie & Anita on cybercrime/hacktivism; Wrap up & audience Q & A)Part 1http://www.siliconvalley.com/mld/siliconva...nal/3605977.htmPart 2http://www.siliconvalley.com/mld/siliconva...nal/3606881.htm There's also another blog that covers these as well from a slightly different perspective:ILAW--The Tourhttp://www.corante.com/copyfight/20020701.shtmlThanks again for your wonderful discussion, specially the links and the extremely appropriate advice you provide to combat the problems.Take care,http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest mikehaska]

Elron, I am behind a hardware firewall (I have a router which includes NAT, Networking, and firewall protection). Would spyware still work on this, or not? I'm not entirly sure if the spyware uses something akin to cookies on each machine, or if it is based on IP addresses.(edit: learning to spell)

[Guest]

Hi Jeroen,"Gamespot reputable? That's like saying Netscape 4.5 was bugfree"LOL... Yeah, thats why I put "reputable" in quotes you'll notice. They are, however, extremely large outlets (CNet is the largest net media company there is today) and reach a huge, huge amount of people."They're not the first. In primitive forms download managers/accelerators have had all kinds of spyware built in for several years now."But they ARE the first to go to the "next" step of tracking and reporting your movements AFTER the software has been downloaded. See the next point."I can understand why some companies would want that. Very interesting to see what ELSE people download that's not legal.Makes tracking down warez-sites a lot easier."Well of course some companies want that... Thats the point. What companies want to control and find out about you and what is good for us as a people most assuredly doesn't mesh 98% of the time. The huge problem with the above isn't only that they track whats being downloaded, its that they now track "if it was used, if it was opened, et cetera"... Think about that. They track WHEN and WHAT you do with software from all over the net, not just that you downloaded something (which is bad enough in itself)."That's the definition of subscription software, but with a small twist. Self-execution sounds troublesome, subscription software does not. It can be a viable form of software distribution, especially for trial versions (as you are probably aware, many cracks are available to circumvent trial licenses, this is the next step in the offensive against such operations). But again, the software should openly state such a purpose and list the number or timeframe of allowed use."That's the definition of subscription software with a HUGE twist. Whether its viable or not, its a drastic limitation on our "Fair Use" rights as experienced to date. If you don't mind that fine... But I'd bet my bottom buck much more than half of the populace does mind - which is the point.">"In addition, another portion of the agreement allows >Kontiki the right to automatically update the software >without the consent of the user. "You consent to such >automatic upgrading, and agree that the terms and conditions >of this Agreement will apply to all such upgraded versions," >the EULA says." >Logical development. Happening everywhere. The average computeruser does NOT keep his/her software up to date yet blames the company supplying it for problems even after they have been resolved, thus creating bad PR. At least they don't state they reserve the right to change the EULA and have you automatically agree to every change they make..."Again, logical or not is beyond the point. Of course its happening everywhere - its a great way to control end users. It indeed can even have its benefits as you say, but where to draw the line (and what requirements are put in place to inform) is the issue. And this particular instance goes beyond the line that the majority would consider appropriate, I have no doubt. They don't even specify where the code may come from for heavens sake.Some good points you bring up Jeroen. But they don't lessen the intrusion of this particular instance of software - its an abomination in my strong opinion. And this is just the first step. Wait till it shows up directly in everything you download.Take care,http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest]

Hi,Unfortunately, hardware firewalls are not designed to stop traffic going out (in general), they are designed to stop traffic coming in.If you are using something like the LinkSys broadband router, it has the ability to work in conjunction with a software firewall such as ZoneAlarm to plug that deficiency (look in your admin setup with your web browser for the option).Running a hardware firewall is excellent of course because it can hide many PC's behind the firewall and is generally much more reliable, but the best bet is always to run both hardware and software firewalls in conjunction. Your router manual should cover this in more detail.Unfortunately as stated above, since the spyware is built into a download manager in this case (or a multi-user game, etc in the future), you'd give the app permission with the software firewall to work online. This, by definition, lets it loose to do its spying. Only if you blocked the specific addresses that the software's spyware component reports to (as suggested above) would it effectively be blocked - but this isn't a trivial thing to do for the average user. Hense the problems pointed out in this thread.Good luck, http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest]

Hi Mike,While this is a serious thread, your comment above made me think of a pretty funny song done by the comedy troup: Three Dead Trolls (http://www.deadtroll.com). I think you'll get a kick out of it:The Privacy Songhttp://www.deadtroll.com/video/privacysong.ramYou have to love the chorus: "lie, lie, lie, lie... lie, lie, lie, lie, lie, lie!"... :-lol(Note: you need a version of RealPlayer to see the video above - free version works fine).Take care, http://members.rogers.com/eelvish/elrondlogo.gifhttp://members.rogers.com/eelvish/flyurl.gif

[Guest]

:-lol :-lol OMG! I laughed hard! That song is a keeper. So there is an excuse to lie now? Well according to all the sited that I have my info my name is "Mynameis Noneofyourbusiness" and I live in "Beverly Hills 90210" :-lolOnly AVSIM knows my real name..it should be ONLY! Avsim but you never know!Thanks for that link Elrond.Mike