Author: Alex Eckelberry

Claria, which had tried to go public a couple of years ago, is claiming that they are exiting the adware business. 

Earlier this year, Claria retained Deutsche Bank Securities, Inc. to handle the sale of the company’s adware assets, and Claria is in active discussions with a number of interested buyers. A condition of any sale of Claria’s consumer software applications, however, will be the requirement that any purchaser agrees to adhere to emerging industry standards outlined by TRUSTe and other industry coalitions.

Link here.

Alex Eckelberry
(Another thanks to Amanda)

The Interactive Travel Services Association (ITSA), an industry trade group whose members include Expedia, Orbitz, Hotwire, Hotels.com and others, has made an announcement: 

Advertising in adware is ok, as long as it’s not spyware.  ITSA believes adware “can be useful to many consumers because it provides timely, relevant and money-saving information, or it helps defray the cost of free linked software programs” (link).

According to their press release:

The ITSA best practices document encourages adware companies to: 1) obtain “affirmative consent,” or prior approval from consumers for downloading adware, while simply explaining what the adware will do; 2) for consumers who already have downloads, go back and obtain their approval now; 3) provide an easy to find, understand and use method of uninstalling the adware; and 4) identify who has created or is providing the adware in any download offers or any other promotions, such as pop-ups or pop-unders. In addition, 5) advertisers should require their adware companies and any marketing groups they work with to abide by these practices.

Link here.

Alex Eckelberry
(Thanks Amanda)

From cdfreaks.com (thanks Jarrett):

Now, Futuremark has uncovered a very dangerous anti-piracy system Starforce is now using.  This copy protection system installs a driver that runs at the highest level of access on the system, which gives it low level access to the PCs hardware and any drivers and processes.  This driver runs regardless of whether the game runs; keeping an eye out for any suspicious activity such as attempting to copy a protected disc.  If something suspicious is detected, it forces the PC to make an immediate reboot, regardless of any other applications running and whether or not the user has any unsaved work.

Link here.

(The validity of this report is still uncertain).

Alex Eckelberry

180Solutions director of corporate communications Sean Sundwall has left 180Solutions.   According to sources close the company, Sean resigned on March 1st.

Sean started in June of last year and was the spokesperson for 180 during a time of change for the company.

Alex Eckelberry

A bunch of Sunbelters are going to InfoSec Orlando (April 3–5).  I’ll be there, along with our VP of R&D, Eric Sites, and a number of other Sunbelt staff.  We’re going to be showing our new Ninja Messaging Security suite for Microsoft Exchange as well as our CounterSpy product line. 

Alex Eckelberry

A new version of the IE 7 beta 2 preview is available.

According to Paul Thurrott at Windows IT Pro, it’s to be announced today at the MIX 06 conference today, and that Microsoft is describing this release as “feature complete”. 

You can download it here.

Alex Eckelberry

This site is an affiliate of Coolwebsearch.com that installs a toolbar which hijacks the home page without a EULA.

Run by our Best Friend Ever, Vadmim Praha

Whois Data:
Fedorov Vadim   Praha    CZ         hali @ volny.cz
Fedorov Vadim   Praha    CZ         sp @ prague-sex.com
Fedorov Vadim   Prtaha 5 CZ     sovsem @ nevest.net
Fedorov Vadim   Praha    CZ         radmin @ radmin.kirov.ru

And he’s got lots more sites under the IP 194.187.96.195, which you are welcome to put into your blocklists.

Alex Eckelberry
(Thanks to Sr. Researcher Patrick Jordan)

Just follow the money.  It’s all you need to do. 

Large well-respected companies are helping to fund the virulent spread of unwanted and potentially harmful “adware” by paying for advertisements generated by those programs, a new report by CDT finds.

In “Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend,” CDT details how — through a complicated network of intermediaries — major advertisers pay to have their products and services advertised though pop-ups and other ads generated by unwanted advertising software or “adware.”

The report dissects the financial relationships behind those arrangements and identifies a number of mainstream companies that advertise through one particularly unscrupulous adware distributor.

Link here.

Alex Eckelberry

Well, this will be interesting:

The fight against invasive software will take a step forward this week as the Center for Democracy and Technology (CDT) and the Google-backed Stopbadware Coalition will release two separate reports that state the names of undesirable software programs and the advertisers who help fund them.

Link here.

Alex Eckelberry
(Thanks Amanda)

IPv6 (Internet Protocol version 6) is an upgrade to the current version 4 which has the primary purpose of increasing the amount of Internet addresses available. While it’s been fairly slow to get adoption, it’s on track to become the standard over the coming years. 

IPv6 addresses are composed of two parts:  a 64–bit network prefix and a 64–bit host part.   In IPv6, the 64–bit host part is either “automatically generated from the interface’s MAC address or assigned sequentially.”  

Well, IPv6 has at least one Chinese internet authority rubbing his hands in glee.

“There is now anonymity for criminals on the Internet in China,” said Hu Qiheng, chair of the Internet Society of China, a public-private group founded five years ago to promote the Internet in China. “With the China Next Generation Internet project, we will give everyone a unique identity on the Internet.”

Hu, who was interviewed on a visit to Paris this month for an Internet workshop organized by the Organization for Economic Cooperation and Development, does not represent the Chinese government, but she has long been prominent in the development of China’s Internet and served as adviser to the Chinese government both domestically and at Internet policy meetings of the United Nations.

Link here via Funsec.

Alex Eckelberry

Slick.

This is a tool developed by Mark Meiss and Filippo Menczer at the Indiana University School of Informatics in March of 2006 to allow you to explore the differences in the results returned by different countries’ versions of the major search engines. We currently work with the Web search and image search functions of four national versions of Google and Yahoo!: the United States, China, France, and Germany.

Link here via beSpacific. 

Alex Eckelberry
PS— In order to have the most accurate comparison, they turn off Safe Search, so be warned.

Certainly off the subject of spyware, but we recently did a study with the Yankee Group on server reliability, with over 400 participants.

From Laura DiDio at Yankee:

All of the major server operating system platforms have achieved a high degree of reliability, though Unix-based servers still record the least amount of annual downtime. Microsoft’s Windows Server 2003 notched the biggest reliability gains over the past 3 years and the Microsoft server platform, along with some custom Linux distributions ranked close behind Unix for the most reliable server operating system platforms.

Those are the results of the latest independent Yankee Group/Sunbelt Software Web-based global survey of nearly 400 IT administrators worldwide. The survey also indicated that heterogeneity is the order of the day: a majority of respondents indicated they had an average of three server operating systems running in their environments.

And, in what can only be described as welcome news for corporate users, all of the major server operating system environments: Linux, Windows, Unix and open source environments exhibited a high degree of reliability — with a surprising lack of disparity among the platforms.

Businesses reported that on average, their firms experienced fewer than two, Tier 2 reliability-related outages per server, per year and approximately one of the most severe Tier 3 outages per server, per year across all server OS platforms.

The survey also highlighted a number of crucial IT trends and revealed some surprising everyday administrator practices. Foremost among these is that a majority of IT administrators opt to manually apply patches and updates because they are not yet fully comfortable with automated patch rollouts. Perhaps the most surprising patch management statistic is that Unix administrators spend the most time patching their servers overall — about 58 minutes and about 62 minutes for each server that they patch manually.

Microsoft IT administrators used automated patching far more than their Linux and Unix counterparts — 32% of Windows 2000 Server IT managers and 38% of Windows Server 2003 managers use automated Group Policy to apply their patches. After Windows, automated patch management was most prevalent in the Novell SuSE environment where 28% of admins said they use Group Policy mechanisms to automatically update their systems. Red Hat and Unix administrators were least likely to deliver their updates automatically — only 5% of Red Hat Enterprise Linux managers and 7% of Sun Solaris, HP/UX and IBM AIX Unix managers apply their patches manually. Other survey highlights include:

• Not surprisingly, the UNIX distributions – Solaris, AIX and HP UX took top reliability honors. Corporate UNIX users reported experiencing just under 600 minutes of per server, per year.
• Windows Server 2003 and Red Hat Linux with customizations and Novell SuSE Linux all reported roughly equivalent per server, per year outage times of just under 800 minutes. Surprisingly, Red Hat Enterprise Linux standard distribution users reported said they experienced 900 minutes of per server, per year.
• Windows 2000 Server and Windows Server 2003 recorded the greatest number of Tier 1 Reliability related incidents — nearly 3 incidents per server, per year for Windows 2000 Server and 2.5 Tier 1 reliability incidents for each Windows Server 2003 system annually. Still, the actual number does not vary substantially from rival platforms.
• The Reliability and patch management of Windows servers has improved dramatically — about 20% from Windows 2000 Server to Windows Server 2003.
• Custom SuSE Linux delivers the highest reliability and fewest minutes — about 430 minutes of per server, per yearly outages. However, because so few of the respondents — less than 2% of businesses — use a customized implementation of Novell SuSE Linux, it is not a statistically valid response. Hence, among mainstream server OS platforms, Unix must still be considered the most reliable server environment.
• There were several write-ins for Novell’s legacy NetWare server OS platform — seven to be exact — taking us to task and asking why NetWare was left out of the survey. Overall, we included 11 different server OS configurations that represent the largest share of the current user base as well as the projected server OS environment going forward over the next three to five years. NetWare as a standalone server OS platform is rapidly disappearing. It currently accounts for approximately 3% of the installed base. However, for the record, the respondents still utilizing the legacy NetWare platform had high praise for its reliability and said they suffered little if any downtime.

Alex Eckelberry

In a workplace etiquette-themed survey released by Randstad USA, a temp agency, they reported among the top pet peeves:

• Condescending tones (44%)
• Public reprimands (37%)
• Micromanaging (34%)
• Loud talkers (32%)
• Cell phones ringing at work (30%)
• Use of speakerphones in public areas (22%
• Colleagues engaged in personal conversations in the workplace (11%)
• The use of PDAs during meetings (9%)

Link here.  

Well, my two cents.  All of these are irritating to some degree to all of us.  I put cell phones and PDAs pretty high on my list of irritations, but it depends on the context.  For example, a while back we had a financial type come by the office for a briefing on our strategy.  Hours of careful planning were wasted as he constantly checked his Blackberry, nodding “uh huh, uh huh” as a weak indication that he was listening to our presentation. On the cell phone front, I had a friend who wanted to go out for a personal lunch.  He spent about 50% of the time on the cell phone (I’m not exaggerating), as I looked on, bored out of my mind.  When he asked me out to lunch again, I politely mentioned that I would — so long as he’d leave his cell phone back at the office.  He was surprised and hopefully got the message.

What are your workplace etiquette pet peeves? 

Alex Eckelberry

Sunbelt Tech Tips are a new feature of our blog.  We’ll going to start sharing with you technical tips on general Windows XP operation. 

Here are some to get you started for the weekend:

Add/Remove Programs displays installed programs incorrectly
If you find that your Add/Remove Programs applet in Control Panel is displaying the list of installed programs incorrectly, or showing no listed programs at all, it might be because an installer for some program removed some of the registry entries that are used by Windows. You may be able to fix the problem by editing the registry. There are step by step instructions in KB article 266668 here.

How to use the Pageheap.exe Tool
Pageheap.exe is a tool that can be used to detect leaks in programs running on Windows XP and 2000 systems and find heap-related corruption, which is a common problem in application development. Find out where to download the tool and how to use it from KB article 286470 here.

Administrator can’t unlock a locked computer
If you restart a Windows XP computer and you aren’t able to log on with a local or domain account, and you get a message that the computer has been locked and only an administrator can unlock it (but you aren’t able to unlock it with an administrative account), it may be because the screensaver is set to use a non-existent .scr program or you’re using a corrupted screensaver program that’s password protected. What to do? You can edit the registry or use one of the workarounds described in KB article 242917 here.  

Deb Shinder

By default, the Remote Desktop service in Windows XP uses port 3389. Because this is a known port, hackers could try to intercept packets going to that port. You can make Remote Desktop more secure by changing the port it uses, but be aware that Remote Assistance may not work correctly if you do this. Also, you can’t use a different port to connect to Remote Desktop from a Macintosh computer, because the Macintosh RDC client only supports port 3389. If you do decide to change the port, here’s how:

1. On the XP computer that you want to access via Remote Desktop, open your favorite registry editor.
2. Navigate to the following key: HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-Tcp
3. Double click the PortNumber subkey, click the Edit menu and select Modify.
4. Click Decimal.
5. In the value field, type the number of the port that you want to use instead of 3389.
6. Click OK.
7. Close the registry editor.

Now you’ll need to configure the RDC client to use the new port. Here’s how:

1. On the client computer, click Start | All Programs | Accessories | Communications | Remote Desktop Connection.
2. In the Computer field, type the name or IP address of the XP computer you configured above, then type a colon and the port number (for example, MyComputer:3390.
3. Click Connect.

Good luck!

Deb Shinder

If you’re a power Firefox user, you probably already know about this site run by CERIAS.  It’s a great listing of security extensions for Firefox.  Link here.

Alex Eckelberry
(Thanks Jarrett)

The folks at Belarco Group recently approached Sunbelt about its handling of that company’s rebates program, Shop at Home Select (otherwise known as SelectRebates or GoldenRetriever). We performed our standard software review in response. You can read our full report on SAHS here.

SAHS has a bad history of non-consensual installs, including installations through security exploits. To the company’s credit, Belarco Group decided to end the use of third-party distributors in October 2005, not long after ShopAtHome was booted from Commission Junction. So far as we can tell, that commitment to end third-party installs has proven successful — we haven’t seen any unethical third-party installs nor have we received any reports of such installs since end the end of October.

That said, we still have a few complaints about the software, most importantly the failure to disclose the full range of potential privcy effects outside of the EULA.

Thus, we’ve decided to put SAHS on a probation period until May 1, at which point we will continue to detect the program but lower the program’s risk level to “Low risk” and change the default action presented to users to “Ignore.” If the company manages to address all of our remaining concerns, we will even consider de-listing the product. All of these potential changes are conditioned, of course, on the successful completion of the probation period — Belarco must continue its recent history of good behavior, and it must resolve the remaining problems that we have identified with the software.

Sunbelt welcomes feedback from the anti-spyware community and the internet user community more generally. If you know of on-going third-party installs of Shop at Home Select, esp. those that might be performed in a less than up-front manner, please don’t hesitate to let us know.

Eric L. Howes
Director of Malware Research
ehowes(at)sunbelt-software.com

Brian Krebs at the Washington Post has just released an outstanding look at keyloggers and botnets.  Sunbelt and other security companies worked with Brian on this in-depth story.  Great read.

Link here.

Alex Eckelberry

Darn.  And I was getting all excited.

Nothing about the composition of these strips renders them detectable by scanner or satellite. In 2004, the false belief attaching to this security feature was enhanced by the claim of these bands containing RFID tags. As technology advanced, so did the rumor, leading many to microwave their $20 bills into ashen submission by falling for the canard that nuking their currency would disable these transmitters.

Link here.

Alex Eckelberry