This is getting kind of long, so I'm snipping some stuff out to reply to
particular points

"sponge" <yosponge@yahoo.com> wrote in message
news:8d76ec03.0307142022.5c89ab3e@posting.google.c om...
> On Mon, 14 Jul 2003 07:54:37 -0400, "mto" <nobody@nowhere.com> wrote:
>
> >Oh I agree there - and being denied acess to a site isn't exactly
> what I
> >meant. It used to be that web designers spent lots and lots of time
> - and
> >companies paid them very well to do it - making sure that everyone
> could see
> >pretty much the same thing in as close as possible to the same way.
> Very
> >time consuming. Paid VERY well. Doesn't happen anymore. So while
> you
> >aren't being denied acess you are also probably not seeing things the
> way
> >they are meant to be seen. Some places that doesn't matter. Others
> it
> >does.
>
> True. Personally, I don't partake in any website that requires
> ActiveX, so there is no need for IE. Some people do. My advice to
> them, generally, is to lock down IE's Internet Zone so ActiveX and
> VBScripting is off and place any sites in which they do need to use
> them in the Trusted Sites zone (e.g. Windows Update, MSN Games, etc.).

This would be the LAST recommendation that I would EVER make. A Trusted
Site can do anything it wants to - and way more than once Microsoft has had
problems with some nasty pretending to be them. Remember a few years back
when someone actually got 4 or 5 secure certificates stating that they were
Microsoft?

<SNIP>

>
> >> In fact, I've been using Opera (impersonating IE 5.0) for about the
> >> past 8 months and rarely have a problem with it, either, and it's
> far
> >> less mainstream than Netscape/Mozilla.
> >
> >Opera? Tried that one a few years back and the miserable thing took
> over my
> >computer and claimed to be the default browser even after it was
> uninstalled
> >and gone. What a mess. More to the point, though, I've seen a
> number of
> >reports on both Opera and Netscape that those two are spyware
> themselves.
> >Netscape has at least a couple of lawsuits over their's, one of which
> was
> >recently settled with the New York AG.
>
> Netscape did include spyware, SmartDownload. AFAIK, it's still a part
> of Netscape, though I don't know if the spyware component is still
> there. Given it's past, though, I generally don't recommend it.
> Especially since Mozilla is the exact same product, minus the
> SmartDownload and the Netscape branding.
> Opera DID include spyware starting with Version 5. Cydoor, IIRC. In
> version 6 and up, they removed the Cydoor in favor of an ad window at
> the top right served by Advertising.com. I've found this to be a
> non-issue. My spyware filter lists will block all the ads and any
> contact with their sites, as will DNSKong, so it's not a problem. I've
> actually found it useful because, from time to time, I shut down the
> firewall and DNSKong to investigate something. Seeing an ad (other
> than for Opera) appear serves as a nice reminder that my security
> software isn't running. To an average user, the appearance of ads
> could let them know that their firewall has been nuked.

Once it is spyware, always it is spyware If you are a site owner or
program author including spyware & selling the email addresses your system
collects is BIG money - in fact, close to the only money there is if you
don't actually sell a product. Pay per Click is a figment of the
imagination to attract small sites that are still innocent enough to believe
they will actually get paid enough to cover the delivery costs.

Any ad that is served by any server other than the one on which the site you
are visiting resides is pretty much guaranteed to be spyware in & of itself
(those cookies and gif-bot's) or to contain code that will install spyware
programs onto your system under the guise of "Rich Media" ads.


Well, it's
> food for thought.
> Opera doesn't compel you to you to fill in any sort of information. It
> does have a GUID (unique identifier), but I've changed mine and even
> created a rule for ID-Blaster to randomly change it. So, even on a
> no-firewall system, as long as ID-Blaster is running, Advertising.com
> will constantly get changing identifiers from you. If I wanted to be a
> dick, I could really wreak havoc with Advertising.com's databases by
> constantly changing the ID and clicking ads. But I like to be
> nice...:-)

> >When I do have problems, it's
> >> usually either because I have Proxomitron deliberately misreporting
> >> the browser type as "SpaceBison v0.95" and the OS as Windows 67k,
> >> which is Proxo's default settings when set to falsify browser type,
> or
> >> because of the unusually aggressive (and experimental) filters I'm
> >> using with Proxo..

I would want to see the server logs to confirm this actually works - I
strongly suspect that it does not and that a half-smart programmer who
really wanted to collect information about you could do so despite your
constantly changing GUID. The "Space Bison" thing is of no importance - IF
it works - that just puts you into the category of "Other" when the
statistics program sorts the logs.

> >> So, using IE is far from mandatory. Sure, it's the most popular
> >> browser, definitely. But there doesn't seem to be any number of
> >> websites deliberately excluding people who don't use IE. And I have
> >> yet to see any websites really render improperly due to the use of
> a
> >> non-IE browser. About the only thing you'd miss are game sites that
> >> use ActiveX, and you can always fire up IE just for that.

If you had to pick just ONE place on the Internet to avoid like the
proverbial plague if you don't want Spyware on your machine that would be
game spots of any and all descriptions. Check out google for "security" +
"gamespot" + "spyware"

> >Actually there are more differences than that - quite a few. Besides
> the
> >ActiveX there are some real basic differences in the way that IE vs.
> >Netscape/Mozilla handle basic html - tables, music, embedded objects
> just to
> >name a few.
>
> True, but I haven't noticed any significant rendering differences. No
> doubt, they exist, but I haven't had any problems with
> Mozilla/Netscape.
>
> >> The point is also that, just because 85% of the public is leaving
> >> themselves open to hackers, hijacks, and exploits, doesn't mean you
> >> have to. Every day I read post after post and email after email,
> all
> >> saying the same thing, like, "What's this f^#king new toolbar?" and
> >> "Help, my computer's been hijacked!".
> >
> >Agreed there - I get more of that than I can count. But I can also
> tell you
> >that 99% of the time this kind of problem is due FAR more to basic
> >carelessness and lack of knowledge than it is to IE. People really
> can be
> >idiots about such stuff you know. My position is this - guns are
> very
> >dangerous pieces of equipment, but can be handled in a safe manner
> with
> >care. Should some idiot shoot himself in the foot that is not the
> fault of
> >the gun. IE isn't secure, but most people are not going to switch
> for one
> >reason or another.
> >
> >I am far more concerned about sites like MSNBC and FoxNews that serve
> >advertising loaded with spyware (knowingly or unknowingly) and
> companies
> >like Earthlink, who under the guise of PeoplePC knowingly serves up
> porn
> >that is almost impossible to get rid of. I am making my second trip
> out to
> >clean out my daughter's machine today in as many weeks - despite
> AdAware and
> >Spybot S&D because of the danged PeoplePC.
>
> True, and that's your greatest threat, although I'm checking out a
> WMP-related problem right now that may make a lot of that irrelevant.
> Do you have any info on PeoplePC? Any of the spyware, the domains it
> calls, IP addresses it contacts, etc.?

Well, let me tell you how this has come about. A few months back my
daughter moved to a first apartment with her fiance. Not too long ago they
acquired a computer and contracted with PeoplePC for Internet service (dial
up - over my dead body but it is cheap). Then a couple of weeks ago she
calls and asks if I will come take a look at it, because it has suddenly
acquired a porn tool bar - along with a couple others - and she can't seem
to get rid of it.

So I get out there and the kid's browser window is down to a visible 3
inches or so on a 17 inch monitor because of all the extra toolbars
Downloaded AdAware and ran it - that took out >200 files. [Mind you, this
is on a computer that they have had about a month, they both work full-time+
at the rate of about 60 hours a week, are joined at the hip and go online
really only to check their email or **visit game sites.**] The porn toolbar,
however, remains ---

So, I go get SpyBot S&D - and THAT takes out another couple hundred files.
The porn toolbar disappears. I note, however, while I am mucking around
with their machine, that PeoplePC (owned, BTW, by Earthlink as of about 1
year ago) has popped up a full screen window of advertising behind the
browser that refreshes regularly. Should you try to close that pop-up a
message pops up asking if you want to disconnect. I warned her - but kids
will be kids and they can barely afford PeoplePC. Tried to get her to let
me install Zone Alarm but she says that they cannot read their email at all
with Zone Alarm installed.

Last week I get a frantic phone call. The phone bill has just arrived. It
is for HUNDREDS of dollars for calls that they didn't make, mostly to 900
numbers but including at least one to Australia that was $80. She was smart
enough to run SpyBot and get rid of the dialer. Had her disable any
automatic connections to the Internet so the machine can never call out
without her knowing it and set up SpyBot to run every time they reboot.

Couple of days ago she stops in on the way to work. The computer is showing
porn - lots of porn, really embarrassing porn. And they are pretty sure it
is the PeoplePC because of that page of ads - well DUH.

So a couple of nights ago I spent a couple of hours googling out PeoplePC.
That's when I found that it is owned by Earthlink. You might remember
People from a couple of years ago - they used to provide free internet
access in exchange for looking at their ads. Since Earthlink bought it,
however, they are charging $10.95 or so a month and STILL forcing you to
accept their ads - IF you have installed their oh-so-helpful software, which
most folks do because all of the big ISP's have convinced folks that it is
SO difficult to set up your own Internet connection. (NOT) BTW, they use
the same dial up lines as Earthlink. - more on that in a minute.

The "spyware" - other than all the crap that gets installed with the ads
they foist on you - is the PPC software itself. Not sure about IP numbers,
etc. - I didn't bother to look at that - but will check that out before I
uninstall the PeoplePC software and muck with the registry.

So, back to how I know that PPC is using the same dial up lines as
Earthlink. We used to use Earthlink, some 4 years or so ago and they were a
great ISP. Then another daughter went to work for a large company, lets
call them a software company though that isn't exactly right. Part of her
compensation package is that she gets discounts here and there from local
businesses as part of their contract with her employer, one of which is that
she gets nearly free Internet access. Not quite as spiffy as Earthlink
**used to be** (note that used to be) but perfectly acceptable.

Then a couple of months ago we decided to have a second phone line installed
so that I could be online and use the phone at the same time. (People are
constantly complaining that they cannot get ahold of me.) Our phone line
has ALWAYS functioned at just about, pretty darned close to that magic 56K
unless it was a high-traffic time of day, in which case we'd get something
like 49 or 50. Worked great 2 minutes before the phone man arrived and
couldn't get anything better than 26 K immediately after he left. We tried
everything we knew with the machine itself - no good. So my daughter calls
up Earthlink for a "free trial" and gets the numbers over the phone.
(software will arrive in the mail - thank God it didn't.) STILL 26 K.
Total disaster - there is NO way that I can work at 26K.

Now long since I had switched all of my local clients over to Earthlink
after a different ISP they were using was sold and the new owners decided to
make a bundle by immediately selling the email addy lists. So I happen to
know, from installing Earthlink connections - I don't put in their
software - that they have FOUR local dialup numbers. So, I call Earthlink
tech support to get the other two - the ones that won't come up on the
look-up at their website. They tell me that one is down and the other about
to be upgraded and won't give me the numbers.

So, the other night while I am hunting up how to get rid of the spyware on
daughter's machine I come across instructions for getting rid of the PPC
software. And of course you need the dialup numbers to make connections
afterwards. So I go off to PPC to get the numbers - and they sure looked
mighty familiar. Hunted through my client records and there are those
magically disappearing Earthlink numbers.

BTW, the 26K turned out to be because the stupid lineman didn't feel like
working that day and installed a line splitter instead of a second line.
Took >10 days of constant arguing all the way to Verizon's head office (they
don't guarantee performance except that you get a dial tone) before they
finally sent someone out to do the job right.

Meantime, I've come across reports that the Earthlink Pop-up blocker is
spyware, same re AOL software - so obviously I also strongly suspect MSN.
And that REALLY frosts me! It is bad enough when corporations steal your
data when you visit a web page or view an ad or enter data in a form. But
for your ISP to CHARGE you and then mine your data really, really makes me
MAD.


> >But I surf on peacefully,
> >> knowing that I don't have to sweat the problems these other folks
> are
> >> sweating. If IE were the only browser on the market or if every
> >> websites mandated the use of IE, then people might be forced to use
> >> IE. Neither one is the case, however, so you can use
> >> Mozilla/Netscape/Opera/whatever freely and without much concern as
> to
> >> accessibility.
> >
> >I am not at all sure that I buy that statement. I pointed out above
> that
> >there are any number of reports that Netscape & Opera are themselves
> >spyware. One that I read the other night re Mozilla stated that
> while Moz
> >itself is secure, no one was guaranteeing that the 3rd party plugins
> that
> >allow you to see java, etc. were. Java, javascript and cookies can
> be just
> >as - if not more - dangerous in the wrong hands as ActiveX. Bottom
> line -
> >if you run Windows you are not secure - and simply using Mozilla
> isn't
> >going to change that.
>
> No, that's not true at all really. In fact, I can't believe I'm going
> to say this, but I have to give M$ some credit here. As much as I give
> M$ crap, and they richly deserve genuine criticism...
>
> (drum roll, please)
>
> Windows is not inherently much less safe than most other common
> operating systems.
>
> There, I said it.
>
> The problem is their upper-level apps.

I strongly suspect that exactly the same is true of every other OS and every
other browser. The problem there is that the cost/benefit ratio of
developing something for an OS or browser that few use is down in the
negative numbers so nobody bothers to try to hack those systems/programs.


> All exploits need some way of being injected onto a PC, and your
> browser is a standard, high-level interface that virtually every PC
> has. And since IE is used on most PCs and even many Macs, it's even
> more standard. That's why all the browser hijackers target IE, as too
> various proof-of-concept (and many real) exploits. That means if you
> can exploit IE, you effectively can do what you will with 80% of your
> visitors.

That figure is actually 96% these days, 80% disappeared well over 2 years
ago. That is why almost no one bothers to code for Netscape anymore.

Some of these exploits are actually features (ActiveX and
> VBScript). Some are bona-fide exploits, but which are as-yet
> unpatched. The XML cross-site scripting that was discovered by
> Greymagic back in February as an example. Yet others are patched, but
> new ones are discovered on a daily basis and, of course, patching is
> useless unless people use them -- which most don't.
>
> You are probably correct to the extent that, if you stick to
> "mainstream" sites, it is unlikely that you will be exploited by the
> "non-feature" exploits, and if you lock down the ActiveX and other
> features, you probably will not fall victim to those either. ActiveX
> and VBScript account for the lion's share of problems, while the other
> exploits probably only account for a small percentage of hijackings or
> hackings. Most third-party ad vendors, although being of
> highly-variable repute, prefer to use the "accepted" hijacking methods
> like ActiveX and VBScript. So, the "other" kinds of exploits are not
> currently a raging problem as yet. But, they ARE still a problem
> nonetheless.

Not true. Most third party ad vendors are entirely without either morals or
scruples - and nearly ALL "mainstream" sites use third party ad vendors.
The phenomenon of a site serving it's own advertising is pretty much gone
with the wind. Cheaper and FAR easier to let somebody else sell the ads.

The most common exploit is that infamous gif-bot, the 1x1 pixel clear gif
you never see that is so small your mouse won't pick it up as a graphic.
Still gets called from the ad server though, still gets served up with it's
very own cookie that lasts at least until the year 2037 and calls home
pretty constantly. Cookies, of course, tie for first place.

And if you are familiar with Apache, which most of the web is hosted on, you
will know that it is quite easy to make calls to the server for one thing
actually deliver something else - different picture, different page, etc.
Can be done site-wide with a single short file that the visitor never even
has access to. What you ask for is not what you get by a very long shot.


<SNIP>
> Wish you the best of luck with IM and hope the next time you patch, M$
> doesn't take it upon themselves to "upgrade" or reinstall IM. Ugh.
>
> Sponge
> Sponge's Anti-Spyware Source
> www.geocities.com/yosponge

Until I managed to shut the miserable thing off IM was nagging me constantly
to upgrade. In a pig's eye. But knowing MS sooner or later they will force
the issue through some kind of mandatory "upgrade."