The Legacy Sunbelt Software Blog

There’s a rumor by a poster on SpywareWarrior which goes like this (link here):

…I am compelled to write after doing research on Enternet Media Inc. I found out what they are all about and I thought someone might be interested.

Their office in Woodland Hills was raided yesterday by 7 policemen and 5 people in suits. I can only speculate, but they were there all day and took a bunch of stuff out. I heard the words “injuction”and “putting key corporate information under a fictitious business name”.

Maybe this will be one less company out there with no conscience. …I know all this because I work directly across from that office, about 20 feet away, in an open courtyard, and could see all this, but only caught snippets of conversation. The door to the office was kept wide open all day.

Enternetmedia. As Suzi mentions on that forum, these are the Kind Friends who bring us wonderful products such as SearchMiracle/Elitebar and rogue antispyware program SpywareBomber.

If anyone has a lead or more information on this rumour, let me know.

Alex Eckelberry
(Thanks Eric)

Integrated Search Technologies — makers of the notorious IST Toolbar, is the target of a complaint by the CDT and the Canadian Internet Policy and Public Interest Clinic.

The Center for Democracy & Technology (CDT) and the Canadian Internet Policy and Public Interest Clinic (CIPPIC) today asked the US Federal Trade Commission (FTC) and the Canadian Competition Bureau to investigate the business practices of Montreal-based software distributor Integrated Search Technologies and several of its business partners located in the United States and elsewhere.

In a complaints filed with the FTC and the Competition Bureau, CDT and CIPPIC allege that Integrated Search Technologies (IST) and its affiliates have engaged in a widespread campaign of installing unwanted software on users computers, and have done so using unfair and deceptive practices prohibited by federal law.

CDT’s complaint focuses on how IST and several of its affiliates — NegativeBeats.com, ContextPlus, Meridian Business Ventures, Surf Accuracy and Internet Optimizer — rely used deceptive techniques to dupe Internet users into downloading software they did not ask to receive in exchange for little or no benefit. CIPPIC’s complaint documents how a specific ‘bundle’ of questionable software provided by IST was installed with neither notice nor consent. The unwanted programs, which can dramatically slow a computer’s performance, are installed in such a way that many users do not even know they are there. Making matters worse, the companies behind the programs in many cases deliberately design them to be difficult to uninstall.

Press release here. Complaint here.

Alex Eckelberry

The Dutchman Attacks
According to an article in InformationWeek, 180 Solutions was the victim of a Denial of Service (DoS) attack back in September.

Noted adware supplier 180solutions said Thursday that it was the target of an alleged denial-of-service (DoS) extortion attempt by one of its own distributors, a Dutchman who, with help from two others, created a botnet of some 1.5 million machines.

The admission not only revealed some of the behind-the-scenes business that goes on in the adware world, but identified the American company that Dutch law enforcement officials said had been victimized by a trio of men arrested last month.

Article here.

In other 180 news, we have another “In the Wild” pic for you today. It is a 180 download alongside a CoolWebSearch infestation — not only 180 but also Comet Cursor Starware was observed being foisted on our test machine.

Alex Eckelberry

Follow up to my earlier blog post.

Sony BMG Music Entertainment and a technology partner are working with antivirus companies on a fix for a potential security problem in some copy-protected CDs.

Earlier in the week, security experts said that anticopying technology used by Sony BMG could be adapted by virus writers to hide malicious software on the hard drives of computers that have played one of the CDs. The antipiracy tool is included on many of Sony BMG’s latest music releases, from Van Zant to My Morning Jacket.

Sony BMG’s technology partner First 4 Internet, a British company, said Wednesday that it has released a patch to antivirus companies that will eliminate the copy-protection software’s ability to hide. In consequence, it will also prevent virus writers from cloaking their work using the copy-protection tools.

Link here via John Murrell.

Alex Eckelberry

Sunbelt is famous (or infamous, depending on your viewpoint) for its annual Halloween event.

It started as a tradition years ago, and probably the ultimate of Sunbelt Halloweens was 2002 (video), when the technical support team all dressed as aborigines. Now, this was not just dress-up. The support manager actually saved up chicken bones for weeks to make real bone jewelry.

You can see me here in 2003 Halloween, in a costume that will be well understood by those who have seen Office Space .

At any rate, it all culminates in mass walk (some loosely describe it as a “parade”) down to our local Starbucks, and the local citizens look on bemused.

After that, there’s a contest and both individuals and teams are judged for the best costumes.

And that brings us to Halloween 2005
Once again the crazies at Sunbelt overtook the streets and bum-rushed Starbucks in Downtown Clearwater with Scarecrows, Pirates, Ghouls and even a Pizza Delivery Guy for this year’s festivities.

(I make a brief appearance as an aging 80s rocker talking nonsense).

View Video 5:50 WMV – Low Res
View Video 5:50 MOV – High Res

See The Photos
View Photo SlideShow

You can see these videos and more at the Sunbelt Underground site, here.

Alex Eckelberry

It’s bad enough that we’re shipping waste PCs to third-world countries (thereby creating immense environmental hazards with lead, cadmium and other toxic materials used in PCs), but the Basel Action Network has also found some pretty sensitive information on these discarded PCs sitting in dumps.

You can see some of the examples here via beSpacific.

Alex Eckelberry

Our spyware seminar in Miami is being cancelled due to Wilma.

Oh well, I guess here come more cease and desist letters.

But last week, DirectRevenue CEO Jean-Philippe Maheu indicated to OnlineMediaDaily that the company is prepared to go on the offensive, and raised the possibility that the company will intervene to prevent its software from being deleted by adware removal companies.

“I think that if we’re going to clearly mark opt-in, [anti-spyware companies] should clearly mark opt-out,” he said. He was referring to some software removal programs that consumers either purchase or download to rid their computers of unwanted programs; these programs often automatically delete Direct Revenue’s adware.

Link here.

Alex Eckelberry
(Thanks Suzi!)

Wow, a great example of why having an open architecture is so powerful.  Within weeks of Google Maps coming out, we saw enterprising developers come up with all sorts of “hacks” to Google Maps.

Now, the latest – a game based on Google Maps — Brewster Jennings Protects America.  Link here.

Alex Eckelberry 

Bill recently wrote a piece in iMediaConnection, where he talks about the state of behavioral advertising:

• The software must never be installed without the explicit consent of the consumer. That means showing a short, clear notice outside the EULA (“Here’s the deal…”) that says what the software will do. Download Google’s toolbar for a good example.
• If the software transmits people’s browsing histories and shares that behavioral data with third parties, then that needs to be stated up front (for the record, WhenU software doesn’t do that, so we don’t state that in our notification screen).
• It also means that the EULA and privacy policy (the links go to ours) are as short and as free of legalese as possible.
• There should be no affiliate distribution because it’s impossible to police in order to make sure that all downloads are permission-based.
• Marketing (banner-based or otherwise) should be carefully monitored, and Active-X ads or advertise on sites aimed at children just shouldn’t happen.
• The software must be extremely easy to uninstall and shouldn’t slow down the computer’s performance.
• Finally, consumers must be constantly reminded of the source of the ads (to combat what iMedia’s executive editor Brad Berens has aptly dubbed “application amnesia”). At WhenU, we do this by putting our logo — and the logo of the software with which it came bundled — on the “wrapper” of every ad, along with our toll-free number for live help.

Now, check this out:

Some have posited that if complete disclosure were provided, no one would consent, but that hasn’t been WhenU’s experience — in fact since I became CEO a year ago and we upgraded to dirt simple notification screens, downloads from some of our long-term distribution partners have reached historically high levels.

Similarly, you might think that putting a toll-free help number on every ad would require an outsourced call center, but volume has been low enough to be handled easily in-house by two staff members. Eliminating un-policeable affiliate distribution is a no-brainer.

The goal is to build a highly qualified audience of people who know what they are getting; if they got it by mistake or they change their minds later, we must make it easy to leave.

Alex Eckelberry

From Reuters:

This week, Mattel’s Fisher-Price unit is undergoing a full rollout to store shelves of its “Knows Your Name Elmo,” a doll that can greet a child by name when it is unwrapped this holiday season, even before being taken out of its box.

The new Elmo comes with a CD-ROM and a USB cable that lets parents download personal information about a child — like his or her favorite color or birthday — into the plush doll.

Link here via Catherine.

Alex Eckelberry

Ever sent an email only to regret it?  As Thomas Jefferson once said “When angry count to ten before you speak. If very angry, count to one hundred.”  Well, sometimes the Send button gets pushed before you’ve had a chance to think things through.

Deb Shinder, who writes Sunbelt’s WXPNews, has a neat little technical trick to avoid Sender Regret:

1. In Outlook, click the Tools menu and select Rules and Alerts.
2. Click the New Rule … button.
3. In the Rules Wizard dialog box, click Start From a Blank Rule.
4. Under Step 1, select Check Messages After Sending.
5. Click Next.
6. Don’t select any conditions so the rule will apply to all messages, and click Next again.
7. Click Yes when asked if you want the rule to apply to all messages.
8. Under “Step 1: What do you want to do with the message?”, select Defer Delivery by a Number of Minutes.
9. Under “Step 2: Edit the Rule Description,” click “a number of” and set the Deferred Delivery setting to 1 minute. Click OK.
10. Click Finish.

Now when you hit Send, the message will remain in your Inbox for a minute, giving you a chance to recall it or change it.

 

Alex Eckelberry

WindowsSecurity.com has an article by Massimiliano Romano, Simone Rosignoli and Ennio Giannini on “How Botnets work”.

It’s a very in-depth (and technical) article that will give you lots of gory details.

What you will learn…

• what are bots, botnets, and how they work,
• what features most popular bots offer,
• how a host is infected and controlled,
• what preventive measures are available and how to respond to bot infestation.

What you should know…

• how malware works (trojans and worms in particular),
• mechanisms used in DDoS attacks,
• basics of TCP/IP, DNS and IRC.

Structure of a typical botnet.

Botnet hardening

Link here.

Alex Eckelberry

Pretty interesting post here by the venerable Mark Russinovich at SysInternals (Mark is one of the super gurus of Windows kernal programming).

Turns out that the Digital Rights Management (DRM) software that Sony is using (made by First 4) acts as a rootkit.

Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden …The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application…

Link here. (Note that I have linked to the main page of his blog, as the permalink has been having problems).

Alex Eckelberry
(Thanks Jarrett)

WarXing — accessing publicly accessible networks or systems. You scan for a wifi access point… and come up with your neighbor’s… What are the legal implications?

Attorney Robert Hale has just written an extensive piece on the subject:

Suppose you turn on your laptop while sitting at the kitchen table at home and respond OK to a prompt about accessing a nearby wireless Internet access point owned and operated by a neighbor. What potential liability may ensue from accessing someone else’s wireless access point? How about intercepting wireless connection signals? What about setting up an open or unsecured wireless access point in your house or business? Attorneys can expect to grapple with these issues and other related questions as the popularity of wireless technology continues to increase.

This paper explores several theories of liability involving both the accessing and operating of wireless Internet, including the Computer Fraud and Abuse Act, wiretap laws, as well as trespass to chattels and other areas of common law. The paper concludes with a brief discussion of key policy considerations.

The conclusion?

As a general matter, until the courts and legislatures better define the legal status of Wi-Fi arrangements, the piggy-backing Wi-Fi user should simply stop the practice of accessing others’ open WLANs, absent an explicit agreement or notice. If a Wi-Fi interloper must continue, he or she should avoid heavy downloading activity (music, games, movies, etc.) that has a tendency to overburden the network and may amount to recoverable damages. Similarly, sapping a residential neighbor’s Internet service in lieu of paying for one’s own seems potentially more culpable than accessing signals in a business area while on a lunch break. On the other hand, those for whom piggy-backing supplies the only practicable means of obtaining residential high-speed Internet access may want to seek out services that provide Wi-Fi sharing arrangements, through which ISPs pass through service payments from end users on to WAP operators.

(There’s more in the document — the “conclusion” section starts at page 557)

Link here via beSpacific.

What do you think?

 

Alex

 

The St. Pete Times came down and interviewed a bunch of people here, including spending time with Patrick Jordan.  Link here.

Steve Bass writes about an MS KB article that explains why XP SP 2 might slow your system down.  Steve Bass link here, Microsoft link here.

Microsoft’s reasons why you may have a slowdown:

• You have spyware or malware running on the computer.
• You have viruses that are running on the computer.
• You do not have sufficient free space on the hard disk.
• You do not have sufficient random access memory (RAM) installed on the computer.
• You have corrupted or outdated drivers.
• You have too many files in the Recycle Bin or temporary folders

In other words, a general statement of the obvious to any reasonably technical computer user.

As I’ve said before, there is no excuse these days not to have XP SP 2 on your system.  From a security standpoint, it’s absolutely essential.  For example, we have never been able to infect an XP SP 2 system with the keyloggers we’ve found through an exploit.  But do you know that one of the people we found infected with that Winldra keylogger back in August was a security professional?  It was on his laptop and he hadn’t bothered to get SP 2.  I think he was more of a Linux guy at work and his laptop was not his primary work system, maybe used for personal stuff. He had just never applied SP 2.    

Alex Eckelberry 

Got this off Xavier’s blog.  AirMagnet just released a new free Bluetooth tool.

Bluetooth technology is here to stay and can be found almost everywhere. Mobile phones, PDAs, laptops, and hundreds of smaller peripheral devices have made Bluetooth a part of everyday life both for consumers and the enterprise. However, an omnipresent, unmanaged networking technology can have a serious downside in terms of security. With this in mind, AirMagnet has developed AirMagnet® BlueSweep™, an easy-to-use freeware utility to identify and analyze any nearby Bluetooth device. With AirMagnet BlueSweep, users can:

• Identify every local Bluetooth device
• See interconnections between Bluetooth devices
• Identify all services available on each device

This provides a simple way to gain visibility into your Bluetooth environment and identify related security issues that otherwise would go unnoticed. To insure ubiquitous access to this tool, AirMagnet is providing BlueSweep at no charge, and without technical support.

You can download BlueSweep here.

AirMagnet looks like it does some nice stuff, and incidentally their marketing veep, Rich, is a sort of guru of product management (he was once nice enough to let me use one of his requirements document templates). 

Alex Eckelberry

Seen today by Adam Thomas in spyware research on a naked (completely unpatched) Windows XP system.

 

Alex Eckelberry

We’ve been running a Sunpoll on our corporate site last week, asking the following questions:

What’s your position on Desktop Firewalls on all your user’s workstations?

	WinXP SP2 is good enough for me
	Already run a third party firewall on the desktop
	Don’t have one, but want to/should have one
	Don’t have one, not interested
	Other

The results were as follows:

WinXP SP2 is good enough for me
	28%	403 votes
Already run a third party firewall on the desktop
	51%	725 votes
Don’t have one, but want to/should have one
	4%	70 votes
Don’t have one, not interested
	9%	133 votes
Other
	5%	76 votes
Total: 1407 votes

Note that we think that these results would bias toward IT managers, because a) the way the question was asked and b) because a lot of IT people come to our site.  Again, without putting more science out there, it’s really more of a gimmick.  

But that leads to the next question — what’s your favorite software firewall?

I got a list off of www.antionline.com and started culling it to represent current popular products:

• Sygate  (recently acquired by Symantec)
• Zone Alarm 
• Outpost 
• Kerio 
• Tiny 
• Norton 
• BlackIce
• McAfee

Let me know your thoughts.

 

Alex Eckelberry