Month: October 2006

“Patchou” (aka Cyril Paciullo) has just been given Microsoft MVP status.  Worthy of congratulation, except… Patchou got his fame through a program called Messenger Plus!, which has the option of installing LOP (a not-so-pleasant piece of adware). 

Note that he does give the option to infect your machine (and quite politely, at that). But it’s still LOP.

And here’s what a typical LOP popup looks like after having installed Messenger Plus:

Not even an indication that it’s coming from LOP — unlike even Zango or WhenU, who at least tell people where the pop-up came from.

And then when you go to Add/Remove programs, you don’t see it either.  Instead, it’s lumped together with Messenger Plus:

And here’s a cute little addition to the mix.  There’s a bunch of icons installed with LOP, like this:

Notice that “My Antivirus Update”? What a misleading icon, because this crap is what you actually get:  A fake McAfee-looking page doing the age-old scam of “click here to test your CD-ROM Drive”.

And this has all has made at least one highly respected MVP quite unhappy.

Alex Eckelberry

We have removed innovagest.com from the list of sites affiliated with PestCapture.  The site has been verified as clean (thanks, Andrew).

Patrick Jordan

HP Senior Counsel Kevin Hunsaker in an email on Febuary 3rd, 2006:

“If/when we put the tracer in an email and/or document to the reporter, is there any chance it will be discovered? . . . This needs to be part of the risk assessment. If CNET knows something like that was sent to them, and they ultimately trace it back to us somehow, we could end up with some seriously bad publicity,”

Link here via GMSV.

Alex Eckelberry

 

Sunbelt research has found a new rogue antispyware application, PestCapture.  Incientally, it uses dlls that are the same as that of the notororious Spysheriff

IP: 69.50.166.195   
pestcapture(dot)com           

(Incidentally, it shares this IP with another rogue, bravesentry(dot)com)

More rogue sites:

Innovagest(dot)com  (Update: Verified as not connected)
pesttrap(dot)com
pesttrap(dot)com
Innovagest2000(dot)com
1stantivirus(dot)com
Anti-virus-pro(dot)com
Spycontra(dot)com
Spydeface(dot)com
Virushammer(dot)com 

They also have a new site to take payments called isoftpay(dot)com (IP: 69.50.168.101)

 

Patrick Jordan

In this week’s Sunbelt tech tips, we recommended a number of utilities to help clean up old files.  These recommendations came from users who provided them to us. 

Unfortunately, we have come to find that one of the utilities, Duplicate File Killer, has a partnership with 180Solutions (makers of Zango Search Assistant).   Obviously, we cannot recommend a product which advertises itself as a file cleaner, but is in cahoots with an adware company.

For now, we have removed all links referencing any duplicate file cleaners from that post — just to be safe.  

Alex Eckelberry
(Thanks Andrew)

This is just one of my all-time fave grumpy internet blogs.   The whole site is dedicated to finding out how consumers are getting ripped off from various companies.

For example:

Some things always come in quarts: milk, motor oil, and mayonnaise, for example.  You don’t have to look at the net weight statement, because a quart is 32 ounces, and that is what you always get.

Next time you go to the supermarket and pick up a quart-size jar of Hellmann’s (in the east) and probably Best Foods (in the west), you are going to be in for a little surprise.

*MOUSE PRINT:  The net weight statement now reads “30 oz.” instead of 32.

The site is MousePrint.org.  

Alex Eckelberry
(Hat tip to John Murrell)

(Note: An earlier version of this blog recommended some tools to delete duplicate files.  We have since removed these links pending further research.  Explanation here. )

Fix for some IE 7 rendering problems
IE 7 beta testers have noticed that quite a few web sites don’t work correctly in the new browser. In some cases, that’s because those sites are misidentifying it as an outdated version of the browser. This utility lets your IE 7 browser identify itself as IE 6, as a workaround to the problem. It didn’t solve my “tiny font” problem with IE 7, but it did seem to help with the text alignment problem I was experiencing with some pages. Link here.

Resize photos all at once
High megapixel digital cameras are popular and increasingly affordable, and that high resolution is needed when you want to print large copies of your photos. But when you’re sending them in email or putting them on a web page, it would be nice to be able to reduce them to a smaller size without having to do it one picture at a time. This handy little image resizer lets you resize or convert images from JPG, GIF or BMP formats in batch mode. Check it out here (also, if you have Microsoft Office, the Microsoft Office Picture Manager is quite a nifty little tool for this type of work). 

Can’t have your Java in a Glass?
If you pour hot coffee into a fragile glass cup, you may crack it. Likewise, Java-based applications don’t seem to want to play well with Vista’s Aero Glass interface. It seems running them causes the OS to revert to its non- transparent, non-3-D version. Not a huge problem, but it would be nice if that could be fixed before the final release. Read more about the problem here.

How secure are your credentials?
Is there a point at which requirements for increased length and complexity of passwords and random assignment of user account names – all in the name of better security – can backfire and result in a less secure system or network? That’s something I discussed last week in my technology and security blog. Scroll to the entry titled When “more secure credentials” aren’t.  Link here.

Vista Performance Information Feature
Vista has a new feature called the Windows Experience Index that lets you find out the base score for your system and individual scores for different components such as the processor, memory, hard disk, and graphics card. You find it in Control Panel, labeled Performance Information and Tools, and you can use the score to compare one system to another, to evaluate new PCs or the effect of hardware upgrades, and when buying software, to determine whether it will run properly on your PC. My system got very respectable 4 and 5 point something scores on processor, memory and hard disk, but my ATI Radeon X600 with 256 MB of RAM proved to be the “weak link” at 3.6/3.8. You can read more about it on the Vista team blog here.

How to Uninstall VTP or Get Rid of Aero (Transparent) Theme

Several of you who installed the Vista Transformation Pack asked how to get rid of the transparent background that’s installed by default as part of the VTP. Unfortunately, it’s part of the Aero Glass theme. You can get rid of it temporarily by switching to a different theme:

1. Right click the Desktop and select Properties.
2. Click the Appearance tab.
3. Under Windows and Buttons, choose the Windows Classic or XP Style theme.
4. Click OK.

To uninstall VTP completely, run the installer program again (Vista Transformation Pack 5.0 or 5.5.exe) and select “I want to enter Vista Transformation Pack – Maintenance Center,” then select “Uninstall Vista Transformation Pack.” From the Maintenance Center, you can also change the toolbar style, rebuild the icon cache, enable or disable themes services, or repair the transformation.

How to disable Remote Desktop using Group Policy
Remote Desktop is a great tool that allows you to connect to your XP Pro computer from another location, but for security reasons, you might want to prevent remote desktop connections. You can disable RD on the Remote tab in the Systems applet of Control Panel, but if you share the computer with others and don’t want them to be able to reenable it, or if you want to disable RD on a group of computers in a Windows domain, you can use Group Policy to disable it. Step by step instructions are in KB article 306300.

Can’t reconnect to a wireless network with a hidden SSID?
If your Windows XP SP2 computer is connected to a wireless network that doesn’t broadcast its SSID and you manually disconnect, you can’t reconnect either manually or automatically, unless you remove and re-create the SSID profile for the network in the Preferred Networks list. There’s a hotfix for this problem, but you’ll need to contact Microsoft Product Support Services (PSS) to get it. Find out how in KB article 907405.

Can’t change Windows wallpaper after removing spyware?
You may find that after you remove spyware from your Windows XP system, you’re still not able to change your desktop wallpaper. What’s up with that? The problem is that the malware has set the registry to hide or lock the display settings. You can fix the problem by editing the registry. Instructions are in KB article 921049. Note that this registry setting may also have been changed by an administrative policy, in which case you’re out of luck unless you can convince your system administrator to change

Deb Shinder, MVP 

Although studies show that young people are abandoning email in favor of text messaging and IM programs for social communications, businesses and many of us “oldies but goodies” continue to depend on email for exchanging messages with family, friends, co-workers, clients and others. Some of the information we put in email is personal, and some of it is even subject to laws such as HIPAA or the GLB Act that mandate we protect it from unauthorized disclosure. So the subject often comes up: just how private is email, and what can we do to make it more so?

In the past, we’ve discussed how the nature of email communications makes it easy for them to be intercepted. Sending an unencrypted email over the Internet is like sending a post card through the postal system – anyone who happens upon it along the way can read it. Of course, you can use encryption program such as Pretty Good Privacy (PGP) to make it more difficult for anyone but the intended recipient to open the mail.

But then another problem arises: how do you protect against the recipient him/herself divulging the contents of your mail to others, either intentionally or accidentally? Or what if the message goes awry; for example, you mistype one letter in the address and the mail is sent to the wrong address? It’s obvious that people are worried about this, because more and more companies are adding disclaimers to some or all of the messages sent from their networks. These messages usually read something like this:

“If you are not the intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it.”

Reader Kip M. recently wrote to ask what legal obligation this actually places on a person who receives such a message. I’m not an attorney, and this is by no means legal advice, but the attorneys I’ve talked to about this acknowledge that in most cases, companies do this primarily for the purpose of “covering their own behinds” in case a message ends up in the wrong hands. The appended disclaimer indicates that they took steps to make it clear that the message was confidential.

Of course, if an email containing national security secrets fell into your hands and you published it in a letter to the editor of the New York Times, you might face some serious legal repercussions. And of course, under the U.S. civil court system, anyone can pretty much sue anyone for anything (with some specific limitations), so it’s possible that a company could bring a lawsuit against you if you forwarded a copy of their confidential mail to the wrong person. In a world where big record companies sue elderly grandfathers who don’t own computers for music piracy, anything can happen.

From the point of view of those who want to keep information private, disclaimers are of dubious value in accomplishing that. I see forwarded messages all the time that contain the disclaimers. And of course, since the disclaimer is usually added to the end of the message, it’s a bit unreasonable to demand that the recipient not read the message that he already read before getting to the disclaimer.

If you do elect to use disclaimers, it might make more sense to put them at the beginning of the message instead of at the end. And if you’re really serious about it, put the disclaimer in the body of the email and put the confidential message itself in an attachment; at least then it’s possible for the recipient to do what you’re asking (not open the message). Better yet, password protect that attachment.

Yet none of this keeps the intended recipient from forwarding, copying or printing that message. There are ways to technologically control that to some extent, by using a software solution such as Microsoft’s Rights Management Services (RMS). With RMS, which is supported by the Professional version of Office, you can set permissions on messages you send in Outlook that prevent the recipient from forwarding, copying or printing the message. Those options are simply grayed out. You can even set the message to “expire” after a particular time; even the user won’t be able to open it once it’s expired.

RMS sounds great, and it does prevent easy, casual, often mindless “clicking and forwarding.” However, it requires an RMS server, and if the recipient is really determined to breach your privacy, RMS won’t stop it. He can just open the message and hit PrtScn to capture a screenshot that can be saved, printed and sent to others – or even take a picture of it with a digital camera, for that that matter.

Bottom line: it’s still wise to treat email as a non-private medium. There are a lot of things you can do to increase privacy, but as long as another person (the recipient) is able to open your messages – and what would be the point of email if they couldn’t? – there will always be a weak link.

What do you think? Do you pay any attention to disclaimers? Do you use disclaimers on your own messages, or does your company add them automatically to outgoing mail? Do you think they do any good? Under what circumstances, if any, would you consider suing someone for disclosing an email message you sent to them? If a service like RMS were available to you, would you use it? Do you encrypt some or all of your email messages? Should a law be passed making it illegal to read someone else’s email without permission (like the laws regarding opening postal mail) or would that create more problems than it would solve? 

Deb Shinder, MVP

All since August.  For your blacklisting pleasure:

IP: 85.255.117.51          
uptodateprotection(dot)com         
uptodateprotection(dot)net           
theuptodatesecurity(dot)com        
syssafetypage(dot)net     

IP:85.255.118.36           
thesecuritytool(dot)net     
givegate(dot)com
testonsecuritypages(dot)com       
thessecuritypages(dot)com          

IP: 204.13.161.33          
spywarequake2(dot)com   

Patrick Jordan

The folks over at SiteAdvisor have made a video on spyware, called Spyware Rubbernecking.   It shows a machine getting infected by WMF exploits and the like, set to opera.

Link here.

Just a little side humor, we’ve had a number of amusing emails from a malware author, Dark Omega.  Apparently, we’ve made grave errors in the classification of his product. 

It starts off with this (edited for clarity, as he’s using our web-based form to email us):

you got my website address wrong! it is http://www. dark-omega.co. uk not darkflame.tripod.com … you stupid people

Then:

i am only 15 and waz a bit drunk wen i sent the last message so soz 4 bein a bit of a tw*t, i created my trojan based on my schools remote admin tool.  nice to talk to you. if you want…more information on other security threats please email me…. p.s. you need a way of contacting you with out having to use the report virus form. 

Then:

one other thing… Dark-Avenged is a BackDoor!…u got it rong again

And finally:

actualy dark-avenged is classed as a RAT (Remote Administration Tool.) please change this….  i got it wrong last time! :S

Alex Eckelberry

 

“Music should flow freely…there should be an ability to get what you want when you want it…and I’m not sure you’re protecting that much with DRM…I think it puts a lot of obstacles up…the consumer is buying those files, and they have the right to do whatever they want with them…we [the industry] really have to think hard about what are we protecting… and are we really afraid of our consumers to the extent where we basically don’t trust them…”   —  Jim Sturgeon, CEO of Naxos USA

As an (albeit rusty) classically trained musician, I’m a big fan of this music genre and have a broad selection of classical music at the house.  Unfortunately, at maybe 4% of the overall market, it’s not a genre that most of the population cares much about.

So it’s even more unfortunate that the only significant record label that actually “gets it” is Naxos, the world’s largest classical music label — as opposed to the often reprehensible tactics of the rest of the industry (harassing people with idiotic lawsuits, using rootkits for DRM, etc.).  

And there’s a practical effect as well. As digital analyst Phil Leigh says:

…Classical is a disproportionately large share of digital music sales. Naxos finds that the classical genre market share doubles online.

Naxos endorses the advantages of DRM-free digital files. Their music is sold on eMusic in the dot-MP3 format with no DRMs. While some piracy may occur, Naxos feels that the enhanced user utility a DRM-free file provides outweighs the minimal piracy that may happen.

About 20% of Naxos revenues this year will be from digital music downloads or online subscriptions. That’s about three times the proportion for the major labels like Sony, Warner, Universal, and EMI. 

Now, taking the other side, it’s perhaps enlightened self-interest on the part of Naxos, since classical is probably less likely to be pirated than the latest pop hit.  Nevertheless, their pragmatic CEO does seem to have a good understanding of what the customer actually needs and wants.

You can listen to an interview with Jim Sturgeon, CEO of Naxos, here (MP3, approximately 33 minutes).

Alex Eckelberry