Technology Vault - NewsBytes
Sunday 27 June, 2004
Critical IE flaw found by turnitonagain @ 8:54 pm
Microsoft are currently 'investigating' reports of a security issues affecting Internet Explorer and Microsoft Internet Information Services (IIS), Microsoft's web server software. Dubbed as Download.Ject (with aliases JS.Scob.Trojan, Scob or JS.Toofeer) Internet Explorer users can be infected by malicious Javascript code placed on web sites.
This is actually a combination of 2 security issues; one is in IIS, and allows hackers to place the code on web sites that run IIS that have not updated to KB835732. The second issue is with a vulnerability Internet explorer and, at this time, there is NO patch available to seal the hole.
The advice for IE users at the moment is to set the Security Level to 'High' and only use Javascript if and when it is totally necessary. Personally, my advice would be to use a different browser entirely.
To check if you have been infected, Microsoft advise searching for 2 files on your system: If either of these files are found, then you might be infected and you can obtain tools for removal from Symantec or F-Secure. The latest AVG update (AVG 7.0 - AVI 263.3.7 and AVG 6.0 - 712) also protects against it.
If you have ever been at all curious at to what Mozilla is and what it could do for you (reduce your chance of being infected by a virus for one) then just now is probably one of the best times you could download it and give it a try - at the very least until this latest vulnerability in IE is patched. Much talked about on the boards, Firefox is the standalone Mozilla web browser and comes highly recommended.
If you have any queries about IE, the vulnerabilities, or about switching to Mozilla, then feel free ask on the boards; we are always happy to oblige :-)
Tuesday 1 June, 2004
Privacy concerns by bluetracker @ 11:45 pm
Ad Aware v SpyHunter
According to the latest release of The Eye (Lavasoft/Adaware's mouthpiece to your inbox) Lavasoft have 'poo-pooed' SpyHunter by Enigma Software Group and added it to the Adaware database.
In what could be construed as a fit of pique or perhaps an attempt to defame a competitor, Lavasoft claim a violation of end - user privacy is being made when the program is installed; and not without good reason either, or so it would seem.
A rash of pop-up adverts for SpyHunter have circulated about the web of late, these pop-ups have been found in four 'flavours' to date, and I'll not show the links on here, after all they (Enigma SG) will have enough publicity via this and other stories that are sure to abound without adding to it via links to their dubious software download pop-ups, a description will have to suffice: -
The first looks amazingly like the Blue screen of death we all know (and love???).
The second resembling a Virus alert which purports to have found the Netsky.P@MM virus on your computer.
The third...in the guise of a scrolling look-alike DOS (command prompt) box
Fourth and last, one that is more recognisable as trash...a warning box with yellow borders flashing in yer face!
All contain live links direct to a download .exe program rather than the vendors' website and inform the viewer that several objects of question have been found on their computers and to remove them they must scan and remove with SpyHunter....
OK fine...what it DOESN'T tell you is that once you download the program it DOES scan your computer and it DOES find nasties, but it DOESN'T clean them from your machine...oh no siree bob...you have to pay for the commercially available version before that happens!
It is a basic SCANNER that you have downloaded nothing more nothing less...oh yes, it is updateable and will probably find just about any 'nasty' that’s lurking for free. But what happens when you update this freebie 'scanner'?
It sends your Microsoft Windows Product ID to the Enigma Software Group's servers as well as uniquely identifying the user by use of a unique ID for each installation!
This is what Lavasoft believes is definitely 'not cricket' and have therefore added SpyHunter to the list of 'nasties' their offering Adawaredetects.
To quote from The Eye
"Earlier this year the so-called anti-Spyware software SpyBan was removed from the website Download.com because adware was installed along with the software. According to News.com SpyBan “had failed to disclose and explain all the software components included in its installation, a violation of the Web site's policies”.
Lavasoft go on to say...
Enigma Software Group’s End User Licence Agreement does not contain information about SpyHunter transmitting a client id or the Product ID of the Microsoft Windows Operating System. That is why we at Lavasoft hope that SpyHunter will be removed from the Download.com website soon.
So are Lavasoft having an attack of competition colly wobbles or are they right to add SpyHunter to their list of nasties?
Well I thought I'd road test 'the beast' just to see what happened...curiosity killed the cat and all that...As a precaution I backed up my Registry so I would have something to compare when the download and install was completed. After downloading the .exe from one of the pop-ups I ran Adaware, which came up blank no Spyware.
An AV scan of the SpyHunter.exe showed no contamination either so onward and upwards....
After I ticked the 'Agreement with the EULA’ blurb without reading it...that's what we are supposed to do isn't it? The prog installed and with the GUI staring back at me The Cleaners' TCMonitor (an app that alerts on Registry changes) sprang into life...SpyHunter had added a RUN entry...hah me thinks I'll stop that beast...I opted for the OPTIONS screen first.
In there were just 3 user definable settings.
1, a box to tick if you wanted the app to start when Windows did (or not) this was unticked by default but I noticed that on ticking then unticking then applying the selection changed not a thing in the start-up list...SpyHunter was still showing as being allowed to start on boot-up in the Registry under the Local Machine\Run key...odd....
The second option was an Updates section with a space to fill in your e-mail address and one for the password as well...very odd wanting that just info to update the application! Why my e-mail addy and its password...the mind boggles thinking of all the nefarious uses that ikkle bit of info could be used for in the wrong hands!
The last option was another tikky box to allow cleaning of the nasties the prog finds as soon as the scan finished...of course I ticked this box...why detect stuff and leave em in-situ thought I?
I then initiated a scan...
Holy cow!
There were 'nasties in me registry... Help!
CoolWebSearch Registry entry found... UNDER HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run...I manually checked and was unable to find this key. Although there was a 'RUN' key there, it was part and parcel of my Epson printer setup! A manual search for any reg key containing the word 'cool' as the search string turned out to be fruitless as well.
There was a reference to a component in NERO that the app also deemed Spyware"Adware Browser Helper Object. Parent company is Avenue Media. May masquerade as an Internet Optimizer program. Some variants may hijack browser error pages said SpyHunter.... odd that Adaware didn't find that one...probably not really Spyware in the Lavasoft meaning of the word methinks.
Anyways...finding these two nasties on yer machine, you would really want to be rid of them wouldn't you?
So I clicked on the "Start Remove" button (as the auto clean up procedure hadn't kicked in, which I found strange, as I'd set it to initiate after the scan completed).
Up popped a box telling me that if I wanted to remove these things I would have to buy the software!
What a dilemma, two Spyware objects that Adaware couldn't detect and no way to remove them...better buy the software huh? NOT! Even more worrying was, that after the scan, I manually removed the RUN entry from the startup list and then clicked the Update button only to have TCMonitor inform me that the startup run command for the proggy had been re-intstated! Needless to say it was removed again and the whole thing un-installed and registry purged of its presence!
What Adaware did find though was the Spyhunter reg values (2) and files(2) plus all the other stuff, help files etc that came with the installation, other than that no problems.
Let's be realistic here; in choosing WindowsXP as my operating system and in order to be allowed updates via Windows update, I don't mind my computer relaying my product ID back to Microsoft...(well I do really but its an 'evil' I'm prepared to live with...and yes I know there are ways and means of getting Windows Updates without transmitting that info but we'll not dwell on those on this site) I would however strongly object to a 'non-Microsoft' application revealing my product MS product ID and any other personally identifying info for that matter without my consent, which SpyHunter is purported to be doing.
Another thing that would 'p' me off would be finding I had downloaded an application on the say so of an advertising pop-up and finding said app won't clean what it detects without me having to part with coin of the realm for the priviledge.
I believe whoever came up with this idea to market SpyHunter needs to re-think his/her strategy! If they really want you to buy their stuff why not offer a time limited "Try before you buy" FULL version first instead of trying to HOODWINK people into buying their kit by falsely intimating that the free download is capable of both scanning and cleaning crud of your computer?
What possible reason could they have to want your MS Product ID and other details, especially as they say on the linked website " Our mission is to purge the web of unscrupulous marketing companies that install spyware in your PC!
Perhaps the line that precedes the above quote says it all?
Your privacy is our business.!!!?
*****************
|
