Month: April 2005

PC World does more spyware tests, looks at CounterSpy, MS Antispyware and PC Tools SpywareDoctor.

As we wrote earlier this month, eUniverse Intermix had announced had it was being investigated by Elliot Spitzer.

Today from Spitzer’s office:

Attorney General Eliot Spitzer today sued one of the nation’s leading internet marketing companies, alleging that the firm was the source of “spyware” and “adware” that has been secretly installed on millions of home computers. The suit against Los Angeles-based Intermix Media, Inc. is the most sweeping case to date involving programs that redirect web addresses, add toolbars and deliver pop-up ads.

BroadbandReports thread.

ZDNET here.

What an interesting article today.

Alex Eckelberry

Longhorn will have a “blackbox” style crash reporting mechanism. This will allow MS to get what the user was working on at the time of the crash, to help them figure out how to fix these problems.

In general, I think this is a great idea. But this quote in a recent CNET article is a bit freaky: “Sullivan said users will be prompted with a message indicating the information to be sent and giving them an option to alter it, such as removing the contents of the e-mail they were writing when the machine crashed.”
So this really is pretty darned comprehensive, this little black box.

In my experience, MS is actually very responsible with sharing data. It’s just that for this level of granularity, I posit that it’s a little safer to sign up, say, 100,000 users as an “advance testing lab”, fully opted in, that gives them this information. I’m not sure I like the idea of my Mom (possibly) not fully understanding what will be sent to MS.

More commentary: Inquirer and Slashdot.

Alex

New event: “The NAI Strategic Forum on Spyware: eCommerce in the Age of Spyware will bring together leading experts from the current debate.”

Leading experts from the current debate?

Please. Look at the agenda: The only person representing the antispyware industry there is Richard Stiennon from WebRoot (he’s a good guy, but one person can’t hold off the entire adware industry). Ari Schwartz from the CDT is there, but what about people like Ben Edelman, Eric Howes, or some of the journalists who have done lots of work in this space?

Whatever.

Alex Eckelberry

There’s a big CNET spyware conference next week in San Francisco, and I noticed one of the panelists is a general partner from ABS Capital. I was wondering why he was on the panel, as I saw no investments on their part in either the adware or antispyware space.

So this morning it became clear, ABS just put $20 mill into WhenU.

Sunbelt Spyware Research Center listings for WhenU and other adware.

Alex Eckelberry

Interesting article in CMPnet (currently only in the Asia edition).

Gordon Mangione, MS veep for security spoke with a group of editors at CMP.

Lifted from the article:

– A for-fee enterprise anti-spyware product is expected as early as the first half of 2006.

– 14 million users have downloaded Microsoft’s free anti-spyware beta

– Additional upgrades of the client-side anti-spyware tool are due this summer

– About 40 percent of those have opted to send information in to give the company access to detailed information about malware threats.

Alex Eckelberry

According to this article in Online Media Daily, 27% of consumers (nearly 3 out of 10) use an antispyware program to sweep cookies off their system.

I do wish some in the antispyware industry were not so alarmist about cookies, which for the most part are relatively harmless.

Alex Eckelberry

Press release from the FTC.

Here’s one idea: Free legal education to help kids get through EULAS! After all, that’s one of the big justifications spyware adware vendors use when foisting off their crapware.

Alex Eckelberry

Certain to appeal to the marketing wonk, DoubleClick has released a report entitled “The Decade in Online Advertising“.

From the report:

Yet, in this world of hyper-fragmented media and too many marketing messages, consumers are acting to avoid the overload, paying for the unadulterated media they want and investing in technology to strip out unwanted ads, if necessary. Advertisers have to accept that fact not only to be more polite; it’s increasingly a legal requirement. In the past few years, the U.S. Congress, responding to voter outcry, has passed a bevy of policies restricting intrusive marketing practices including telemarketing, fax marketing, email spam and, as of this writing, web “spyware” legislation is making its way through the House and Senate.

Edmond Thomas, chief of technology at the Federal Communications Commission, bluntly warned attendees to an AAAA breakfast this March: “Your challenge is to stop being annoying. You’re almost forcing regulators to get involved.”

I wish the spyware adware guys would get that message.

Alex Eckelberry

I got this helpful note from a a lawyer in Texas about battling spyware. “There is a little used cause of action in Texas entitled “intrusion on seclusion.” The elements are: (1) Defendant intentionally intruded on the plaintiff’s solitude, seclusion, or private affairs; (2) the intrusion would be highly offensive to a reasonable person; and (3) the plaintiff suffered an injury as a result of the defendant’s intrusion.”

Interesting.

Alex

Yup, it’s pretty cool technology.

Alex Eckelberry

Actually a worthwhile read.

A good spam filter helps too (hint).

Alex Eckelberry

This is a really cool new feature in Google.

But a caveat–this history cannot be permanently deleted. It’s got some privacy advocates worried. (Thanks to beSpecific).

Alex Eckelberry

As I blogged a while ago, there’s mucho bucks in adware/spyware.

I’m not sure it’s 2.4 billion, though. That number surprises me (note that it’s possible that the words “profit” and “revenue” have been reversed, as is commonly the case in the press).

Stiennon is a super smart guy (and a worthy competitor) but I think his logic is way off, if this article is an indication of where his thinking is (Thanks, Ben for the link).

I think the total profits (not revenue) in the adware business are between $250 and $500 million based on some very rough math (and it is very rough).

Claria has at least $30 mill in pre-tax. 180 has about 300 employees, and they are very profitable Given that $200k average revenue per employee is fairly realistic, that would make them a company between $50-$60 million. Figuring that they had the same kind of incredible pre-tax as Claria (30%), that puts their pre-tax profit at around $18 mill.

Then the other big ones are Direct Revenue, eXact Advertising, etc. Maybe 10 other guys of note. However, not all of these will be profitable.

The distributors make money, because they get (probably) between 3-25 cents per install. But if that total number of profit was more than 100 million, I would be surprised.

Note that this one quote from the article raised eyebrows here:

“180solutions spokesperson Howard Barokas said Stiennon’s projected $86 million profit for 180solutions was probably too high. He also differentiated the 180solutions software from others on the list, indicating that 180solutions and its Zango software have a clear desktop icon, provide a “double opt-in” for installation, and are labeled clearly.”

I myself just had a stealth install of 180 adware just a couple of days ago on a Vmware test system I was running.

Alex Eckelberry

Opinity tracks your reputation online, to help buyers, sellers, daters, whatever, make “better informed decisions”.

From SiliconBeat.

Alex Eckelberry

We’ve discussed this before here and here. Now eWeek reports on the latest.

However, Ed Bott says:

“If you run Windows 98 or Windows Me, there is no patch for Windows Media Player 9 Series. If you are unable or unwilling to upgrade to Windows XP, I strongly recommend that you disable all downloads of signed and unsigned ActiveX controls.”

More good data at Ed’s site.

Alex Eckelberry

Wayne Porter is another antispyware blogger and software maker. He’s also tight into the industry affiliate marketing circles.

But I guess a few people just don’t like what he’s doing, stirring up the pot…

Dang, where’s the love, people?

Alex

Anyone who knows kids knows that kids love spyware!

Links

Ben Edelman here and here
and the indefatigable Wayne Porter

Alex Eckelberry

Gilbert Nzeka aka Khaalel has come up with the first Open Source Spyware .

Post at Insecure.org here.

From: khaalel
Date: Apr 18 2005

Hi,

Since a few years, the number of spywares is growing up but it’s impossible to find a spyware’s code source to analyse it and better understand their work.

After kruegerware’s (and its child) diffusion, I’m introducing you the first open source spyware.

My goal is not to help people writing more and more spywares but to show some people that spywares are not “magic” stuff (like I can see on differents web sites) and are so easy to code. Besides, Virus generators already exist, why spywares generators could not exist?

For the moment, KSpyware can list all the installed programs, can spy the web sites the victim has visited, can obtain a list of e-mail adresses, can hijack IE’s main page, and use NetSend to spam the victim.

I decided to remove the function allowing the dispatch of the gleaned informations and the functions stopping spyware deinstallation (like in kruegerware).

Well, here is KSpyware’s code cource (in Perl) : http://nzeka-labs.com/hacking/KSpyware.htm

KSpyware is under GPL (loollll) so: “You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice
and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.” BUT DON’T TRY IT ON THE WEB.

– Nzeka Gilbert aka Khaalel
– www.nzeka-labs.com
– Author of the french security book: “La protection des sites
informatique face au hacking”.

Alex Eckelberry