1. What is alt.privacy.spyware?
2. Who can post here?
3. What is spyware?
4. Can you give me some more details on the types of spyware that exist?
5. How is spyware different from, or similar to, adware?
6. Why/How is spyware a problem?
7. Are there any posting restrictions, rules or guidelines?
8. How reliable is the information I might get?
9. How can I identify, prevent and eliminate spyware in my computer?
10.Why didn't (X anti-spyware program) find (Y spy program or file) on
my computer?
11.Am I being spied upon?
12.What are third party cookies and what do they have to do with spyware?
13.How can I keep track of what another person in the household is doing
on a computer?
14.Is privacy the same as anonymity on the Web?
15.How is the issue of consent important when it comes to spyware?
16.How can I be spyware-free without all this hassle?
17.Do different types of programs exhibit different degrees of
vulnerability to spyware?
A1. Appendix One: Some helpful URLs.
Some links to useful free programs and to further spyware-related
information.
Note that any opinions and recommendations in the links are not
necessarily those of the majority of this newsgroup.
A2. Appendix Two: Helpful online forums.
Recommended for posting of Hijack This! logs among other things.
---
1. What is alt.privacy.spyware?
---
alt.privacy.spyware is an unmoderated newsgroup for the discussion of
internet privacy and spyware issues.
This newsgroup was formed in April of 2000.
---
2. Who can post here?
---
alt.privacy.spyware is open to anyone who wishes to post, provided they
remain on-topic and observe established standards of netiquette. Please
note that this is a *discussion* group. Unsolicited commercial posts,
also known as spam, are not welcome and will be reported to the
offender's ISP.
---
3. What is spyware?
---
Spyware refers to any software capable of collecting or reporting
information that might compromise your privacy.
---
4. Can you give me some more details on the types of spyware that exist?
---
Spyware can be found in many forms, such as an application program,
installation utility, ActiveX control, Browser Helper Object, "cookies",
(Java)script, Java applet, the HTML code found on some web sites, or any
combination of the above. In short, ANY form of executable code and/or
user-to-host data exchange can potentially be used to implement
"spyware" functionality.
Some of the more common types of spyware (but by no means a complete
list) are:
a. Keyloggers: Small programs which run silently in the background,
recording every key-press and mouse-click. The data can either be
recorded to a log which, when later "played back", will then provide a
complete step-by-step record of exactly what the user did on the
computer, or it can be sent via a network connection to another computer
where the usage of the primary system can be monitored directly.
Although widely considered to be blatant "trojan horse" programs,
keyloggers and similar utilities are also often marketed under the guise
of "parental control tools" in an attempt to legitimize their functionality.
b. Ad trackers: Programs, scripts, etc., which attempt to collect data
on who and/or how often a given ad has been viewed, and/or "clicked on,"
thus indicating a specific interest in that product or service. Ad
trackers can be as benign as simple statistical counters, or as
insidious as full-blown "E-pending" -i.e. the correlation of your
personal data (name, street address, e-mail address, age, gender,
income, credit history, etc.) with precisely which ads you have viewed
and/or clicked on, when, and from what source.
c. Usage trackers: Programs, scripts, etc., which attempt to collect
data on the usage of a specific program or function (for example,
tracking which .MP3 files you download with file-sharing programs like
KaZaa; or your usage of a particular application program on a particular
machine, such as is done by such DRM tools as C-Dilla). In most cases,
the collected data is either sent to a third party (generally without
the user's fully informed consent or knowledge) to
be used later for any of a wide variety of purposes, and/or used
directly to determine or alter the functionality of the host application
program.
---
5. How is spyware different from, or similar to, adware?
---
The term "adware" is sometimes used to describe a class of
spyware.However, the terms are NOT interchangeable. Some spyware is also
adware; but some (cf. keyloggers and usage trackers, above) is not.
Similarly, any given example of adware may or may not also be spyware,
depending on how it operates. In its purest and simplest form, the term
"adware" only denotes applications which are in some way supported by
advertising (typically, as you use the program, part of your screen is
used to display one or more advertisements). If,and ONLY if, the
application also engages in some sort of data logging / reporting (such
as by "phoning home", i.e., reporting information or otherwise making
information available to a third party such as the vendor or advertiser,
usually via a surreptitious network connection) can it rightly be called
"spyware".
See Q15 below for a more detailed discussion; but in short, to be
considered acceptable, adware MUST be implemented in such a way as to
ensure the true consent of the user/owner AND not impinge on the
user's/owner's security and/or privacy.
---
6. Why/How is spyware a problem?
---
Even in its least objectionable form, spyware exploits web users for
someone's financial or informational profit. The installation of
unsolicited commercial software is generally done in a sneaky,
misleading or unannounced manner. This compromises the security and
privacy of affected users,usually without their knowledge or consent.
(Also see Q15, below)
Many varieties of spyware will create unnecessary additional demands on
the victim's memory and bandwidth resources, resulting in reduced
computer performance. Generally speaking, the older or less powerful
one's system, the greater the performance degradation one can expect to
see as a result of spyware infections.
How significant these additional demands will be vis-a-vis any given
system will vary on a case-by-case basis; but, in general, even
minimal-impact spyware can represent a noticeable additional load. In
some cases, the basic functionality of the infected system is severely
impacted. The user may no longer have a choice of desktop items, browser
toolbars, web browser home page, or of which applications may be used
for what task.
In the more extreme instances, trojans and other types of spyware can do
serious damage: They can gather information about e-mail addresses and
use an e-mail application's address book in order to propagate.
Passwords, financial information, and credit card numbers can be also
compromised by this type of program.
Advertising-supported software in general falls under a slightly
different category. However, it can and must be presented in such a way
as to get the true consent of the user and not impinge on security and
privacy.
Monitoring spyware, such as a keylogger, which is installed on business
machines by an employer, also falls into a different category. The
ethics of snooping by employers is a subject that continues to receive a
lot of attention and debate. However, if you are using your employer's
computer, it's a good idea to do so only for uses authorized by your
employer.
Note that the above represent a general outline of some of the problems
related to spyware, and is not an exhaustive or definitive list of all
possible issues or concerns. There can also sometimes be mitigating
circumstances where some degree of spyware-like behavior is actually
legitimate and acceptable. For example:
- Some applications have an option to turn the spyware feature off. For
example, "SuperCookies" in Windows Media Player, although WMP is rife
with other, more general, security issues.
- Some applications phone home for potentially benign reasons, such as
an auto-update.
If features like these default to "off," that's usually not a problem.
If they come up with an alert box clearly and fully
disclosing all relevant information and asking the user for permission
to connect, that's usually not a problem. If, however, their default
setting is to phone home without specific and explicit user approval,
that should be presumptively considered spyware, as the user has no way
to know what information will be actually up / downloaded, to whom,
when, or why.
---
7. Are there any posting restrictions, rules or guidelines?
---
We encourage you *not to* post HijackThis! logs here. HijackThis! logs
will most likely be ignored. Responses to logs or URLs posted on forums
may come from people with questionable credentials and expertise. The
possibility exists that the combination of such a powerful tool and
dubious advice will damage your system. You will be much safer and wiser
to seek analysis at an (expert) Web Forum that handles HijackThis! logs.
See Appendix 2 for a list.
Also, unless requested, do not post the URL where you suspect you
obtained your adware / spyware / malware / parasite infection.
Instead, alter the URL in some way so as to make it human-readable but
NOT clickable, such as "h**p://www.removethis.example.c*m".
Why? Unsuspecting or inexperienced lurkers might just click on the URL
and get unwittingly hijacked. Note that this request applies only to
suspect URLs, and is not meant to discourage the posting of information
about possibly rogue web sites. Please DO tell us about them; just do so
safely.
---
8. How reliable is the information I might get?
---
Reliability varies and depends on many factors. Just like in any other
unregulated/unmoderated forum, anyone can post their opinion, offer
their expertise, and give advice. You never know who might have what
ulterior motives, who might only have partial information, or who is a
veritable expert on the issue they choose to address. Our recommendation
is to take everything with a grain of salt and lurk for a while, before
deciding to take *anyone's* advice. Lurking will give you an opportunity
to be introduced to the regulars and to form your own opinion about the
reliability of a poster's advice.
---
9. How can I identify, prevent and eliminate spyware in my computer?
---
There is not one fail-safe, guaranteed method of keeping a system
spyware-free. There are too many variables, such as what programs you
commonly use, what your browser of choice is, how you connect to the
internet, etc. In most cases a combination of tools will help reduce
your system's susceptibility to spyware.
Spyware applications can infect a computer in many ways. The potential
for infection while browsing is only one of them. Sometimes spyware is
clandestinely bundled with freeware or shareware programs which are
downloaded from the Internet, included in regular programs that you buy
at a retail store, might come aboard during the use of file-sharing
applications, and so on.
Uninstalling a program which carries offending lateral spyware is
usually only part of the solution. In order to clean up spyware remnants
from the original installation, you will probably need some software, or
at least some expert advice. There are various programs, a lot of them
free, which will help you do that.
The best way to check a computer for infections is to use one or more of
many "spyware sniffer" applications, and to become familiar with basic
firewall terminology. Managing block lists and Hosts files will protect
a computer against infection while browsing the Internet. Keep in mind
that not all spyware eliminator programs are entirely legitimate. Asking
for feedback in this NG will help you choose programs which are safe.
See Appendix 1 for a list of some applications that are frequently
discussed and used in this NG. (Posting a question here should result in
considerable suggestions and comparisons by regulars.) We recommend that
you do *not* use an adware uninstaller from an adware vendor - since it
could and probably would compound your problem(s)."
Overall, remember that "an ounce of prevention is worth a pound of cure."
---
10. Why didn't (X anti-spyware program) find (Y spy program or file) on
my computer?
---
Because new spyware is being developed all the time, some of it
purposely designed to avoid existing spyware detectors.
---
11. Am I being spied upon?
---
Imagine that every time you go online, a commercial internet application
verifies its registration number against a licensing server. Is it
spying on you?
Well, it depends: If all the server does is check the number against a
list and send back a go/no-go signal then it isn't spying, at least not
in the blatant, for-profit sense we usually mean in this group. However,
perhaps the server has a GUID (="Global Unique Identifier," your
registration number) which is tied to your registration info, and it has
your IP, and it knows when you're online. Let's say you fire up your
browser, visit a website, the website sends your IP to the licensing
server, and the server returns your name and address, etc. to the
website. *Now* that internet application is spyware.
---
12. What are third party cookies and what do they have to do with spyware?
---
Cookies are a standard way for your browser to exchange information with
the visited site. But, there is a privacy issue with third-party
cookies: When you go to site A, which includes content from site B, site
B gets to know a little about what you are doing at site A. If there are
*many* site As --for example, if site B is a big advertising network--
this can be used to build a profile of your web usage.
---
13. How can I keep track of what another person in the household is
doing on a computer?
---
This is not the proper NG for this type of question. You will find here
mostly people who are very serious about the sanctity of personal
freedoms and, naturally, privacy. Most of the regulars believe that
communication, honesty and full disclosure are the greatest tools in
order to avoid ever having to ask a question like this.
---
14. Is privacy the same as anonymity on the Internet?
---
No. Being anonymous in the Internet is not impossible, but it's very
challenging. At any rate, anonymity is not the focus of this NG.
However, the abusive behavior of spyware vendors upon the user's
presumed lack of anonymity *is* an issue.
A company derives value from something they take from you without your
knowledge or consent. That meets the standards of most people's
definition of theft.
Spyware exploits the "lack of anonymity" for profit and returns nothing
to the victim. Under normal circumstances, there is no value derived
from the tracks one would leave around the net: They are a by-product.
The corporate world has created a value/potential profit-maker in your
surfing habits that was never intended and you did not agree to.
---
15. How is the issue of consent important when it comes to spyware?
---
As mentioned previously, spyware typically sneaks into a user's computer
without their explicit or informed consent. Being fully aware that
something is spyware, and choosing to install it nevertheless, does not
change the fact that it's spyware. However, since most spyware is
designed to function clandestinely, we believe that terms like
"informed" and "coerced consent" are important: I am about to install a
program. Does it contain spyware? Am I fully informed?
Informed should mean informed. Not "You should have read the EULA and
deciphered it." EULAs can be intentionally ambiguous, and unfortunately
you don't get a screen during the installation that says "This software
monitors what websites you visit, keywords you search for, and reports
it back to ____________. Do you accept this?"
Chances are that there are "phone home" violations, among others,
whenever you see operative words like "opt-in", "opt-out", and "GUID."
Licensing agreements that accompany software downloads sometimes warn
the user that a spyware program will be installed along with the
requested software, but the licensing agreements may not always be read
completely because they are often couched in obtuse, hard-to-read legal
disclaimers. A great deal of software users routinely click on the "I
agree" button of a EULA without bothering to read it very carefully or
thoroughly. Most of us feel that this click does
not truly constitute consent.
Spyware can also be an application which is installed by coerced
consent: For example, a user may be required to accept a EULA before
they can install an essential update to a program they've come to depend
on and this agreement might include consent to accept spyware. Or, a
user may have already paid for an application only to find out too late
for a refund that they have "explicitly agreed" to the installation of
spyware.
---
16. How can I be spyware-free without all this hassle?
---
Most discussions in this NG deal with Windows operating systems. Windows
exhibits more security vulnerabilities than other operating systems and
this is in part because windows is the biggest "target," due to its
popularity. But a lot of people with a technical background will add
that the code of windows itself is inherently weak, from a security
point of view.
Using an open-source operating system and strictly open-source
applications downloaded from reliable sources will minimize the risk.
However, as open-source becomes more popular, it seems inevitable that
there will be spyware which targets it. Some source code is difficult to
comprehend and could mask spyware. Also, there is much freeware that is
safe. Of course, checking with others before downloading/installing is
sensible advice.
---
17. Do different types of programs exhibit different degrees of
vulnerability to spyware?
---
As mentioned in a previous question, the spyware "machine" mutates and
evolves based on market conditions. The primary concern of a spyware
manufacturer is volume of users. The more people who use a certain
program, or a certain version of a program, the greater the chances are
that it has become a more attractive target for spyware.
---
Appendix 1. Some helpful URLs: Free programs and further information.
Note that any opinions and recommendations in the links below are not
necessarily those of the majority of this newsgroup.
Crash courses for beginners, good reference sites for everyone:
http://www.ik-cs.com/got-a-virus.htm
http://www.claymania.com/nav-map.html
http://windowsdefender.com/
http://k75s.home.att.net/tips.html
http://shplink.com/misc/paranoia.htm
http://www.microsoft.com/technet/arc.../10salaws.mspx
http://www.cert.org/tech_tips/before_you_plug_in.html
Virus Removal Instructions:
http://max.shplink.com/removal.html
Keeping Windows Clean:
http://maxpro4u.yourfreebb.com/
Tools:
http://max.shplink.com/tools.html
Sponge's Site:
http://www.geocities.com/yosponge/
Sponge's site is full of good information for beginners and advanced
users alike.
a-Squared:
http://www.emsisoft.com/en/software/free/
http://www.emsisoft.com/en/software/antidialer/
on-demand scanning.
ewido anti-spyware and anti-malware solutions:
http://www.ewido.net/en/download/
SUPERAntiSpyware:
http://www.superantispyware.com/
Comodo Free Tools:
http://www.comodogroup.com/products/free_products.html
Secunia Software Inspector:
http://secunia.com/software_inspector
Castlecops online antivirus/antitrojan scanners:
http://wiki.castlecops.com/Online_antivirus_scans
Kerio:
http://www.kerio.com/us/kpf_home.html
Zone Alarm:
http://www.zonelabs.com
Zone Alarm is a firewall popular among beginners.
Outpost Firewall:
http://www.agnitum.com/products/outpost/#
Proxomitron:
http://www.imilly.com/tools.htm
Free web proxy server.
Proximodo:
http://proximodo.sourceforge.net/
An open source re-implementation of the Proxomitron.
Privoxy:
http://www.privoxy.org/
Same as the Proxomitron, but also runs on Linux
http://tor.eff.org/cvs/tor/doc/tor-doc-osx.html
Tor/Privoxy bundle for the mac OS X.
Bastille:
http://www.bastille-linux.org/
One of the most popular firewalls ("Hardening Program") for most
"flavors" of Linux.
GreaseMonkey:
http://greasemonkey.mozdev.org/
This is browser specific and runs as an extension for Firefox rather
than being an external proxy. However, it accomplishes the same thing as
other Proxy apps, ie. re-writting web pages.
Ad Aware:
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://lavasoft3.element5.com
Three mirror sites from where you can download Ad-Aware, a spyware
eliminator. Lavasoft (makers of Ad Aware) forum:
http://www.lavasoftsupport.com (requires registration)
Spybot Search and Destroy:
http://security.kolla.de/
http://spybot.eon.net.au
Spyware eliminator. SpyBot threats database:
http://spybot.safer-networking.de/in...gebase/threats
(URL may mirror to another, depending a server load at the time)
DNS Kong:
http://www.pyrenean.com/dnsintro.php
DNS lookup redirector
index.dat suite, File Cleaner:
http://support.it-mate.co.uk/?mode=P...index.datsuite
A hosts file:
http://www.mvps.org/winhelp2002/hosts.htm
Hijack This!
http://www.trendsecure.com/portal/en...age=hijackthis
* Please see Appendix 2, below *
Spywareblaster:
http://www.wilderssecurity.net/spywareblaster.html
Preventive tool.
MRU-blaster:
http://www.wilderssecurity.net/mrublaster.html
Detects and cleans up MRU lists and other "hidden" stored information.
SpywareGuard:
http://www.spywareinfo.com/downloads/swguard/
SpywareGuard provides a real-time protection solution against spyware
that is a great addition to SpywareBlaster's protection method. An
anti-virus program scans files before you open them and prevents
execution if a virus is detected - SpywareGuard does the same thing, but
for spyware! And you can easily have an anti-virus program running
alongside SpywareGuard.
Andrew Clover's parasite detection page:
http://www.doxdesk.com/parasite/
Contains a script that scans for common parasites.
Chris Quirke's Malware page:
http://users.iafrica.com/c/cq/cquirke/malware.htm
A bit out-dated but informative.
CEXX:
http://www.cexx.org/adware.htm
CEXX discussion board:
http://boards.cexx.org/
Mike Healan's Spyware info:
http://www.spywareinfo.com
Spywareinfo Board:
http://www.spywareinfo.com/yabbse/ requires registration
http://www.spywarewarrior.com/uiuc/index.html
A general Privacy & Security site that is a compilation of links to
third party applications and utilities - use these with caution - post
here if you are uncertain.
http://unwantedlinks.com/
Information about data mining:
http://www.anderson.ucla.edu/faculty...datamining.htm
Nice info regarding some known nasties and links to tools:
http://www.imilly.com/
Information on startup/executables:
http://www.sysinfo.org/startupinfo.php
http://www.answersthatwork.com/Taskl...s/tasklist.htm
http://www.3feetunder.com/krick/startup/list.html
Process Explorer from SysInternals:
http://www.sysinternals.com/ntw2k/fr.../procexp.shtml
Shows which program has a particular file or directory open. It also
shows information about which handles and DLLs processes have opened or
loaded.
Faber Toys:
http://www.faberbox.com/fabertoys.asp
Displays a list of all running processes and all modules loaded by the
process.
Spyware Warrior:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Some Rogue/Suspect Anti-Spyware Products & Web Sites
C[rap] Cleaner:
http://www.ccleaner.com/
Deletes/manages temporary and other files.
Microsoft's Spyware Research Center:
http://www.spynet.com/
Test how vulnerable your PC is:
Shields up!
http://www.grc.com
http://www.dslreports.com/scan
http://www.blackcode.com/scan/
http://www.auditmypc.com/
ALKEN's Online Security Check:
http://www.alken.nl/online-security-check.htm
DOZLENG's Online Tools:
http://www.dozleng.com/Security/onlinetools.html
Sygate:
http://scan.sygate.com/
Reply With Quote