 |
 |
 |
|
Get your company information out
onto the Internet with |
||
|
|
|
|
|
This is an article I found on the Internet some years ago but it is still happening to Internet Surfers that download freeware and shareware. Who's Watching You Surf? Michael
J. Miller,Editor-In-Chief Security
is a primary concern for all of us on the Internet, not only the individual home
user, but even those working for corporations who have the added protection of
company firewalls. Although
firewalls are a defense against some lines of attack, unsuspecting users might
open themselves up to other intrusions by their own actions without even knowing
it. Each
time you connect to the Internet, you may be sharing that connection with a
spyware program that could have been installed with or without your knowledge. Spyware
programs appear in various ways. Some install automatically with no indication
to you when you visit Web sites that use them. Others come along with shareware
or freeware that you've downloaded, some of which give more detailed accounts
than others of what exactly is being installed on your system. For
example, here are three common programs you might want to check your system for.
The first is Comet Cursors, which provides users with fun cursors, while
simultaneously counting the number of users of Comet Cursors on its partner
sites. Although it claims not to record the information, the company does
receive your IP address, and if you have a fixed IP, can identify you by it. The
second program is TSAdBot. This one comes with many freeware and shareware
programs. It downloads advertisements from its home site, stores them on your
computer and displays them when the associated program is running, thereafter
capturing information about the ads you've been shown and which you've clicked
on. Some
of the programs that install TSAdBot are open about it, some gloss over the
information in their privacy statements, and some neglect to mention it at all. The
third program to be aware of is Aureate DLL. Again, it is installed with
freeware and shareware downloads with the stated purpose of following your
habits regarding advertising so as to tailor ad offerings to your interests.
Unfortunately it also introduces a serious security hole that can potentially
leave your system open to hackers. While these programs do nothing of a criminal nature, many users feel they are a violation of one's privacy. The companies that use them claim any information that is gathered is only used for marketing and other seemingly innocuous purposes. But some think they go too far.
By Neil J. Rubenking — June 30, 2000 Many of the shareware or freeware programs you downloaded -- whether from Conducent or its affiliates -- are accompanied by TSAdBot, which downloads ads that display when you run the associated programs. When you download a program, you may or may not be told about TSAdBot. Even if you are, the information may be hidden in the license agreement. User Profile information and downloaded ads are maintained on your hard drive. You may be presented with an optional survey form during installation. If you fill it out, the information is sent back to Conducent's site along with the other information gleaned by the TSAdBot. As you run a program, TSAdBot uses your internet connection to convey information to its home site and to download more ads. A personal firewall, such as ZoneAlarm, can alert you when this occurs. Security
is a critical issue for every computer that's connected to the Internet, whether
in the office or at home. The recent denial-of-service attacks that brought down
major Web sites were possible only because hackers managed to subvert many
poorly secured computers, forcing them to participate in the attack. Some
e-mail-enabled viruses (such as the notorious Melissa virus) attempt to
broadcast private documents -- your own or those of your company. And if the
infamous "Back Orifice" Trojan horse has inveigled its way into your
computer system, it will turn over control to any hacker who asks.
Fortunately,
most corporate users are sheltered by a company firewall, and personal firewalls
such as
BlackICE
Defender and
ZoneAlarm
can protect small-office and personal PCs. With a firewall and an antivirus
program running, you're safe. Or are you? Even
though your system is protected against outside attack, it's still vulnerable to
betrayal from within. Each time you connect to the Internet, you may be sharing
that connection with a traitor -- a spyware program that has its own
agenda and communicates secretly with its home site. Some spyware programs are
installed automatically when you visit Web sites that use them. Others are
installed along with particular shareware or freeware programs. The installation
may occur completely without your knowledge, or you may accept it by clicking on
Yes without reading the entire license agreement. News
items have accused various spyware programs of inventorying software on the
user's system, scanning the Registry, searching out private information, and
then shipping all this data back to the home site. In truth, none of these
accusations have been proven. We call these programs spyware not because they
actively steal private information but because they act in secret, without your
knowledge or permission. Their
stated purposes seem innocent enough. Some, called adbots, display banner
ads in associated programs and attempt to tailor the advertising to your
interests. Others collect usage statistics for their clients. All of the known
spyware programs claim to respect your privacy, and under scrutiny, these claims
appear to be true. The nonpersonal information gathered by these programs could
be misused, however, and the presence of spyware might compromise your system.
We'll look at three of the most common examples, and discuss what (if anything)
you should do about them.
Comet
Cursors, an ActiveX control from
Comet
Systems
provides colorful, unusual, animated cursors any time you visit a Web site that
has licensed the Comet Cursors control. Depending on your security settings, the
signed and certified ActiveX control may be downloaded and installed without
your knowledge or participation.
Comet
Systems counts the number of visitors using Comet Cursors on its partner sites.
The utility associates a unique ID with each user, so it can report the number
of distinct users. According to Comet Systems, it never asks for an e-mail
address or other personal information, it does not associate the unique ID with
an individual, and it does not track patterns of movement from one site to
another. You can view the privacy policy for Comet Systems at their
Web
site.
On
the other hand, whether the company records it or not, Comet Systems does
receive your IP address. If you have a fixed IP connection, such as a cable
modem or DSL, the IP address can identify you; otherwise, it identifies your
ISP. For an eye-opening view of how much an IP address can reveal, check the
index
pages for Class
C IP addresses.
In
case you'd like to retain the pretty cursors but remove your unique ID, Comet
Systems graciously supplies a
utility
for this purpose.
To remove Comet Cursors completely, first try the Add/Remove Programs applet in
Control Panel. There may or may not be an entry for Comet Cursors. If you can't
find it,
download
the uninstall program.
TSAdBot,
from Conducent Technologies (formerly
TimeSink),
is distributed with many freeware and shareware programs, including the Windows
version of the popular compression utility PKZip. It downloads advertisements
from its home site, stores them on your computer, and displays them when an
associated program is running . According to Conducent, TSAdBot reports your
operating system, your ISP's IP address, the ID of the TSAdBot-licensee program
you're running, and the number of different ads you've been shown. It also
indicates whether you have clicked on any of the ads. On installation, TSAdBot
may present an optional survey. If you answer the survey, your answers are
conveyed along with the other information gathered by TSAdBot. Conducent's
privacy statement is available at their
Web
site.
The
install program for PKZip for Windows 2.70 clearly states that the product
integrates "sponsored messaging technology" that will make use of your
Internet connection, and identifies Conducent Technologies as the source. The
program also describes precisely what information will be sent to the Conducent
home site. Furthermore, PKZip's uninstall program removes TSAdBot, as long as no
other programs are relying on it. Unfortunately, this degree of candor is rare;
many other programs install and use TSAdBot without ever informing the user.
To
determine whether this program is present on your system, click Find on
the Start menu and search all local drives for files named Tsad*.*. If
TSAdBot is present, you will find Tsad.dll in the Windows folder and Tsadbot.exe
in another folder, probably C:\Program Files\TimeSink\AdGateway. Subfolders
below the AdGateway folder contain user profile information as well as the
downloaded ads. If
you want to remove TSAdBot, you must first uninstall all programs that rely on
it. You're effectively paying for these programs by allowing them to show you
banner ads, so in all fairness, you should remove them. (If fairness is not
sufficient incentive, consider that these programs will not run in TSAdBot's
absence!) In most cases, uninstalling the related programs will not remove
TSAdBot itself, so you'll have to delete Tsad.dll and the entire AdGateway
folder using Windows Explorer. Explorer may refuse with an Access denied
message; in that case, restart Windows and try again. If you still can't delete
them, restart the computer in MS-DOS mode and delete these files using the
command line.
The
Aureate DLL, from
Radiate.com
(formerly Aureate Media), is installed with hundreds of freeware and shareware
programs; it displays banner ads while the program is running. It downloads
advertisements from its home site and reports which ads have been shown and
clicked on. The program's author is paid based on the advertising views and
click-throughs. In the case of a freeware program, this is the only money the
author gets. The Aureate DLL includes an optional survey that may appear some
time after the initial installation. Uninstalling the host program does not
remove the DLL; it can continue to operate independently.
Worst
of all, according to Steve Gibson of
Gibson
Research, the
Aureate DLL introduces a serious security hole. A malicious hacker could
redirect the Aureate DLL to phone the hacker's server. That server could then
take control of the Aureate DLL, instructing it to download further malicious
code onto the user's machine and execute that code. According to Gibson, the
Aureate DLL's ability to download new programs has been confirmed, though there
is no evidence that this has yet been used for nefarious purposes. Gibson also
notes that browser problems, including complete browser crashes, have been
traced to the Aureate DLL.
Radiate
states that its DLL does not gather or report any personal information, does not
track your Web-surfing habits, and does not monitor what you do on your
computer. The DLL does, however, associate the information it gathers with a
unique ID, so as to tailor the ad offerings to your interests. For those who
wish to remove the program, Radiate offers an
uninstall
utility.
Naturally, removing the Aureate DLL will disable any freeware or shareware
programs associated with it. You can check Radiate's
privacy
policy at their
Web site.
The
distinction between marketing demographic analysis and invasion of privacy was
already blurred long before the invention of spyware. Right now, you're targeted
for specific direct-mail advertisements based solely on your ZIP code. Every
time you enter a contest, fill out a survey, or send in box tops for a free
trinket, you're adding to the vendor's database of demographic data. Marketers
would love to know every little thing about you, so they could deliver
advertisements that would pique your interest. Some people think this is just
fine; they love getting mailings and catalogs that cater to their hobbies and
interests. If that's not your style, you'll need to stay alert. Check
your browser's security settings to make sure ActiveX controls can't be
installed without your knowledge. In Internet Explorer 5, choose Options
from the Tools menu and click the Security tab. By default, the Internet
zone is set for the Medium security level. At this level, you'll be
prompted before downloading ActiveX controls but not before running or scripting
them. If you want to change the security options, click the Custom Level...
button. Make sure the Prompt box is checked under Download signed
ActiveX controls, so you'll be prompted before any such installation. Select
Prompt under Run ActiveX controls and plug-ins and Script
ActiveX controls marked safe for scripting, at least temporarily. If the
frequent prompts generated by the second two settings prove too annoying, you
can change them back to Enabled. Every
time you install a new program or utility, read the license agreement. If it
mentions integrated advertising, background use of your Internet connection, or
anything that suggests spyware, you may want to abort the installation and
investigate. And if, despite these precautions, your newest game or utility
sports ever-changing banner ads, check with the vendor to find out where they're
coming from. You
can learn a lot by visiting a spyware vendor's Web site. You'll usually find
links with information for advertisers and developers. Follow those links and
carefully peruse them. Chances are good you'll find phrases like
"...significantly improve online advertising performance by integrating
actual online identity with off-line demographics and behavior." This will
appeal to an advertiser but may appall the consumer whose "demographics and
behavior" are under scrutiny.
Internet
security cognoscenti are already familiar with the ShieldsUp! page on Gibson
Research's
Web
site. With your
permission, ShieldsUp! probes your system's security in much the same way a
hacker would and reports any loopholes. The related
OptOut
site provides
information and tools for users who want to opt out of providing free marketing
data through spyware. The site supplies detailed information on all known
spyware programs, including the names and Web addresses of the suppliers, what
information is gathered, and the programs that integrate them. Gibson
doesn't suggest eliminating such marketing tools; after all, some users adore
free programs and don't consider privacy an issue. He proposes a "Code of
Backchannel Conduct" for tools that work in the background and share your
Internet connection. The code is fairly detailed, but this quote sums it up:
"You may use my Internet connection, but you must first help me to
understand why you want to use it and how you will use it, then receive my
explicit consent before using it. Then, if I ever change my mind, you must cease
such use and go away." Central
to the site is the OptOut utility, which searches your system for known spyware,
reports its findings, and optionally removes the offending files. As of this
writing, OptOut exists as a free prerelease program that removes only the
Aureate DLL. The final version should detect and remove them all. It will be a
$24.95 purchase (direct), with indefinite free updates to handle newly
discovered spyware.
There's
no evidence that spyware programs are gathering private information or
associating that information with individuals. You may feel that giving away
some limited, nonpersonal information is a small price to pay in return for free
programs. But the possibility of abuse exists, so it behooves you to know just
who's sharing your Internet connection. For more information on privacy
concerns, see our
Special
Report on Privacy. Who's Watching
|
|
|
| ||||||||||
