The Legacy Sunbelt Software Blog

Dead simple trick: Type https instead of http when going to gmail.com. Link here.

Alex Eckelberry

* Breaking news *

Sunbelt to acquire the Kerio Personal Firewall. Link here.

Highlights:

• The acquisition is expected to be finalized by the end of this month.   
• The Kerio Personal Firewall will be re-branded on an interim basis as the “Sunbelt Kerio Personal Firewall”. 
• All existing customers of the Kerio Personal Firewall will be able to receive support through Sunbelt once the acquisition is completed. 
• Upon the close of the deal, Sunbelt will also announce new reduced pricing for the full version of the product and a variety of special offers for both Kerio and Sunbelt customers. 
• Additionally, Sunbelt will continue Kerio’s tradition of providing a basic free version for home users.
• During the transition period, Kerio will continue to support the product and users are encouraged to download the Kerio Personal Firewall from the Kerio website at www.kerio.com until the acquisition is completed.

I am, frankly, thrilled with this acquisition.  I’ve used all the big name firewalls, and this is my personal favorite  I’m not knocking the others, as there are some outstanding firewalls out there (ZA and Agnitum come to mind).  I just really like how it operates. It’s straightforward, very effective and also has cool features like ad blocking and intrusion prevention. 

The deal will be closing at the end of the month and at that point we’ll reduce the price.  Sunbelt customers will also get the opportunity to buy the Kerio Firewall at a discount and we’ll also be offering Sunbelt products to Kerio users at a discount.  Such a deal. 

From a technical standpoint, this product is pretty amazing. We were blown away during our technical due diligence with the quality of the coding and the many security features built into the product.  This product is hot.

This should all be wrapped up in a couple of weeks and then you’ll be able to download the new Sunbelt Kerio Personal Firewall.

Alex Eckelberry
President

Really, I could make a fortune. 

So now we have another cease and desist letter, this time from Cassava, makers of the fabulous CasinoOnNet. 

Link here..

I will give them credit for a nicely worded letter that didn’t come from an attorney.

As usual, we will pass this on to our high-priced lawyers and respond in due time.

Alex Eckelberry

180Solutions is suing Zone Labs, makers of Zone Alarm.  Docket info here.

180 believes that ZA has made “false and misleading statements” about 180Solutions.

Some points from the document:

“…180’s products are offered to users free of charge and are sponsored by advertising that users agree to view as a condition of using the products.  180’s products provide the user with access to a wide range of electronic content (such as games, music, video…) all of which is provided to users free of charge because of advertising revenue.  Much like other innovative Internet content companies such as Google and Microsoft, 180 has helped develop an advertising-based business model that allows it to generate revenue from original content, while continuing to allow that content to be made freely available to users…

180’s advertisements are generated on the user’s computer by one of two software applications that users install as an agreed condition of receiving considered software or content…a few times per day, these applications will direct the subscriber to a sponsors website based on the website the user is viewing or in response to a search that the user makes.

…Zone Labs has caused, through false and misleading statements about 180’s products, thousands of 180’s customers to remove or otherwise uninstall Zango and/or 180SA.  180 has been damaged by the wrongful removal of its applications caused by ZoneLab’s tortious conduct.

 

…Zonelabs is aware that its false and misleading statements about 180’s products that are contained  in the ZoneAlarm product have caused certain content vendors to refuse to contract with 180, harming 180’s business and subscribers.ZoneAlarm makes the following false statement … a “DANGEROUS BEHAVIOR [Zango or 180sA] is trying to monitor your mouse movements and keyboard strokes”…the basis for ZoneAlarm’s inaccurate statement is the detection of 180’s products’ use of a particular programming function (the Windows API Hook, or setWindowsHook.Exe) in connection with their operation.  Because the Windows API Hook function can be used in connection with the monitoring of mouse movements and keyboard strokes, ZoneAlarm mistakenly assumes that this is the reason for its employ by 180’s products, despite Zone Labs having been advised by 180 to the contrary….

 

…ZoneLabs was aware that 180 was in discussion with content providers and that certain transactions were delayed, postponed and/or precluded due specifically to ZoneLabs’ improper classification and presentations about 180’s products.  … ZoneLabs, by its conduct alleged herein, intentionally interfered with 180’s business expectancies, inducing and causing termination of such expectancies by falsely characterizing 180’s products for the commercial benefit of Zone Labs.”

Curious about all this, I installed ZA Antispyware and Zango.  Here is the warning that is apparently a big part of this lawsuit (this is what I saw this evening):

Here is the advice they give on Zango after a scan. 

The advice panel has a link that goes to here.

This is all going to be rather interesting, to say the least.

PDF link here.

Alex Eckelberry
(Thanks to Eric Howes for providing me with the document.)

Good read by Marissa Mayer, the keeper of the Google homepage.

Marissa Mayer, who keeps Google’s home page pure, understands that less is more. Other tech companies are starting to get it, too. Here’s why making things simple is the new competitive advantage.

Link here.

Alex Eckelberry
(Thanks Riggs)

Digital analyst Phil Leigh interviews Yankee Group Senior Analyst Mike Goodman:

Our guest [Goodman] believes that even though the record labels have been wining all the legal battles, they are badly losing the war. It’s not even close. They could be headed for extinction if the Internet becomes the vehicle for both promotion and distribution.

Will suing individual P2P users significantly curtail illicit file trading?

No. P2P usage is up. There are too many networks. It will be like online gambling. They (the P2P guys) will find, and operate out of, the political jurisdictions that will tolerate them. 

Will copy protecting CDs work?

No. They will all be hacked. Even if they are not, they must permit at least one instance of ripping to the PC. Once that is done the consumer has a dot-MP3 copy that can be replicated infinitely and the genie is out of the bottle. The consumer will not buy a CD if it can only be ripped into a proprietary format that will not play in her primary music player, which is increasingly iTunes.           

Is TiVo’s plan to port programming to the iPod Video and Sony PSP significant?

The implications are hugely important. TiVo-To-Go essentially makes all television programming available on the iPod, as well as the PSP and laptop computers.  

You can hear the interview here.

Alex Eckelberry

Accoona, makers of a browser toolbar, sent us a nasty letter.

The lawyers state this:

…You falsely claim that the Acoona [sic] software is a “type of threat” that is “more along the lines of commercial type adware that offer[s] a premium service in exchange for tracking your user online performance.”  The Acoona [sic] software currently availble at Accoona.com is not “adware” and it does not “track[] [] user online performance”.

Well, actually what we say is this:

Moderate threats may profile users online habits or broadcast data back to a server with ‘opt-out’ permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.

Description: The ACCOONA Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.

The ACCOONA Toolbar is bundled and installed with programs such as screen savers and desktop themes which target children. Earlier versions of the ACCOONA Toolbar were purportedly difficult to remove.

As usual, we scratch our heads as to why companies need to send us legal threats when a simple email suffices.   Truly.  We even have a nice little submission area for these types of things.  

Oh—that’s right, it’s the holidays and we all need to support lawyers in their time of need.

At any rate, we’ll pass this on to our high-priced lawyers and go through our usual process. 

Alex Eckelberry

Recently, Microsoft listed a new exploit, IE Javascript Window() Remote Code Execution. eWeek discusses it here. CNET raises threat level here.

Take heed. This exploit attacks fully patched Windows XP systems and is quite nasty. The exploit looks something like this:

Monday, Sunbelt spyware researchers Patrick Jordan and Adam Thomas saw the first such instant of this exploit being used in the wild to download some really ugly spyware (we held off publishing the details of this exploit until after we gave Microsoft security researchers a full debriefing).

However, we are only seeing it in a limited number of very nasty spyware sites (professional researchers requiring more info can contact me).

We did a quick check with McAfee (JS/Exploit-BO.gen) and Kasperksy (Exploit.JS.CVE-2005-1790) and both detect this exploit. We haven’t checked other AV engines yet but I assume that most have detections for it. Obviously, having updated AV definitions is a must.

Another way you can secure yourself against this nasty is to turn off Active Scripting in the Internet Zone:

So here, in all its glory, is a real live nasty spyware infestation occurring on a Windows XP SP 2 system. I simply went to the site and was off to the races.

(Sorry for the edits, but the content of this page is pretty raunchy).

At any rate, it’s now confirmed, in the wild and two things MUST happen:

1. Microsoft must patch exploit immediately. 

2. Get your security essentials in — at the very least an AV product. Tight on cash?  Read my article, Security on the Cheap, here.

Alex Eckelberry

I read this story earlier, shook my head and moved on.  Then I saw that competitor Richard Steinon had blogged on this one and figured I’d step in and agree with him (fancy that). He think it’s bunk.

Here’s the silly story:

Global cyber-crime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries, a top expert said on Monday.

No country is immune from cyber-crime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cyber-crime.

“Last year was the first year that proceeds from cyber-crime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion,” McNiven told Reuters.

Link here.

There’s even a reference to “human trafficking”.  Woah. 

We really need some facts here to understand what exactly is being lobbed into “Cybercrime”.

Meanwhile, the REAL news that November was the 194th anniversary of the Luddite uprisings, and my subsequent proclamation that November was to be National Luddite Remembrance Month was completely ignored by all.   

It’s ok.  I’m ok.  I just need some time. 

Alex Eckelberry

WhenU is making a move into comparison shopping, a market that is currently being served with products like SideStep and Dealio.  The new versions of WhenU Save and sister product SaveNow incorporate the company’s new TrueRelevance technology, which provides shopping comparisons.

From WhenU:

A consumer that has WhenU Save with TrueRelevance™ installed who views a Web page describing a particular product or service for sale may instantly receive competitive offers from other merchants for the exact same product or service, saving both time and money.  If the same consumer shops for airline tickets, TrueRelevance technology enables WhenU to offer instant, one-click access to other available flights to the consumer’s chosen destination on the same date that may prove less expensive or more convenient.

Alex Eckelberry

Yet Sony has.

You know you’re in for a bad day when Eliot Spitzer starts issuing statements about your company. Which is precisely the situation Sony finds itself in today. The New York Attorney General has finally caught wind of the company’s digital rights management misstep and has begun looking into it. BusinessWeek reports that Spitzer’s office dispatched investigators, who, posing as customers, were able to purchase affected CDs in New York music retail outlets long after Sony BMG recalled the disks. That didn’t sit well with Spitzer, who promptly issued a statement warning consumers and retailers away from the disks. “It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year,” Spitzer said. “I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony.”

Link here.

Alex Eckelberry
(No offense to Texas!)

Miami police will now will stage random shows of force, asking for IDs and generally making themselves known.

Miami police announced Monday they will stage random shows of force at hotels, banks and other public places to keep terrorists guessing and remind people to be vigilant.

Deputy Police Chief Frank Fernandez said officers might, for example, surround a bank building, check the IDs of everyone going in and out and hand out leaflets about terror threats.  Link here.

At the same time, Deborah Davis refuses to show her ID while on a bus and is ticketed.

Federal prosecutors are reviewing whether to pursue charges against an Arvada woman who refused to show identification to federal police while riding an RTD bus through the Federal Center in Lakewood.

Deborah Davis, 50, was ticketed for two petty offenses Sept. 26 by officers who commonly board the RTD bus as it passes through the Federal Center and ask passengers for identification.  Link here.

How do you boil a frog?  You put it in a pan of cold water and slowly heat up the pot.  Our hard-fought freedoms are slowly and inexorably being reduced in the name of national security.    

Alex Eckelberry

180 Solutions CEO Keith Smith talks about people like us.

The bottom line here is that scanning applications have every right to tell the user exactly what is on their computer and to delete any program that the user chooses, so long as the scanning application provides clear and accurate explanations of what the programs in question actually are and do. Given the fact that some scanning applications will continue to create their own criteria (which some will share and some will keep a mystery) and refuse to engage in meaningful, substantive business discussions about that criteria, as a last resort downloadable applications may be forced to go to court to protect their brands. A legitimate industry standard for best practices is the only answer that can equitably solve this issue. As we all know, it’s close to impossible to get an entire industry to agree on general principles, but until this happens and it is adopted universally, the fight between downloadable programs and scanning applications will rage on.

Link here.

Just another opportunity for us to revisit 180Solutions in 365 Days.

Alex Eckelberry
(Thanks Suzi)

Innovation Interactive has been acquired by Japanese company Livedoor.

Innovation Interactive is the parent company of eXact Advertising,  makers of Bargain Buddy and other fun treats.  Also the focus of some legal trouble…

No news if Livedoor picked up the eXact assets.   I’m still working on this.

Link here. 

Alex Eckelberry
(Thanks Eric)

Well, actually it’s just Windows booting. 

(Click)

Bonus:  If hackers ruled the world.

Alex Eckelberry
Hat tip for both to John Murrell.

Interesting article in eWeek by Andrew Garcia on locking systems down.

Barring users from gaining administrative access—and thus restricting their ability to install such unwanted or malicious software—will automatically tighten security and will garner other benefits as well.

Link here.

Pretty pictures here.

Alex Eckelberry

This is interesting.  L0phtCrack, a well-known password auditing tool, will no longer be available to overseas customers.  The reasons are apparently related to US government regulations.  Link here via Donna.

John the Ripper should suffice for those who are concerned about buying L0phtCrack overseas. 

Alex Eckelberry

Sygate personal firewall to be discontinued.

Link here.

Alex Eckelberry

Well this has got to be rather embarrassing.  But as the article highlights, it’s not the first time it’s happened — other manufacturers have occasionally had the same problem.  

Japanese peripherals manufacturer I-O Data Device has offered product exchanges after it discovered it had shipped out a batch of hard discs contaminated with viral code. Portable hard disk drives in I-O Data’s HDP-U series might be infected with the Tompai-A, a worm that gives hackers backdoor access to compromised machines.

Link here via Catherine.

Alex Eckelberry

We have quietly released a new definition set of CounterSpy that decloaks the Sony rootkit. This means that it gets rid of the driver (Aries.sys) that gives the Sony DRM functionalist its hidden rootkit capabilities.  This is the same thing that Windows Antispyware is doing. 

However, it does not remove the Sony DRM files themselves, as doing so can wreak by causing the CD drive to become inoperable (thanks Sony).   Note that the Sophos uninstaller also just does a decloacking.

I’m not aware of any utility that actually removes these DRM files (not just decloaking).  Microsoft has announced that their Malicious Software Removal tool will remove it, but I suspect it will also be just a decloaking.

Sony provides no way for their DRM files to be removed through Add/Remove programs.  Instead, one has to go to their website to do a full uninstall or go through a cumbersome manual uninstall.

CounterSpy 1.5/CounterSpy Enterprise 1.5: Definition 261

CounterSpy 1.0: Definition 256

Alex Eckelberry

11/30 UPDATE:  Kelly Mackin over at Computer Associates pinged me to let me know that PestPatrol removes the sony rootkit.

They remove:

• The Rootkit itself (that’s the part that hides files)
• The installer
• The patch installer
• The media player

So, as far as I know, they are the only ones that actually remove the rootkit completely.   All others (including the Sophos tool and our own CounterSpy) “decloak” it, meaning to expose it so it’s no longer acting as a rootkit.  

While I’m not supposed to be thrilled to promote a competitor, I have to give them grudging respect for this feat, no small technical challenge. 

Link here.

Alex Eckelberry