Visit spywareinfoforum.info
June 28, 2002

I just got a very depressing email from my ISP. It seems that they are now offering cable internet. Why is this depressing? I live 5 miles from the farthest point where it's being offered. So not only am I stuck at a lousy 30K dialup speed, I get to live with the knowledge that just 5 miles down the road people are downloading files 30 times faster than I am. BLAH!

Anyone willing to donate a DirectPC connection???


Last issue I mentioned that the next issue would be a special news alert pertaining to the anti-spyware world, which wasn't quite ready for the public. Well, it still isn't ready, so that has been pushed back. Sorry about that. I don't know when it will be ready to report, but it should be worth the wait.

Since I couldn't do that story, I should have gone ahead and done the spam issue I promised. However, it seems that darned near every privacy software maker on Earth released a new version of their software since the last issue rolled out. Also, I'm not done researching the spam issue. So instead, this issue will concentrate on the new software that has come out in the last week or two.

I also said that the next issue after that special news alert would be all about spam and how to keep it out of your inbox. That issue is still in the works and will be the theme of the next issue. There were so many near-simultaneous privacy software updates that I just let that make up the majority of this issue.


Our favorite friend Gator has gotten itself sued yet again over it's practice of displaying advertisements on web sites where they have no permission from the owner of the site to do that. There is an article at ZDNet.com and at The Washington Post.

What is your opinion on this?


Those of you that frequent the Lavasoft support forums may be wondering why they've been closed for the last week or so. The reason is that they are being upgraded to Invision Board software. The plan wasn't to do it so soon, but yet another glitch popped up in the Ikonboard software, so rather than wait any longer, the upgrade was started immediately. The forums should be back up soon and will be at a different location, as there were also problems with the server the forums were installed on.


Pacman of Pacman's Portal is running two polls at the forums pertaining to his world famous startup list. One poll asks what you use the list for, the other asks how often you look at it. Come on over and vote! Registration required to actually vote, but not to make a post in the thread.


One of my visitors needs your help! This person's browser is being redirected to a German web site every time it tries to load a non-existant page. Even stranger, when he pings a domain that doesn't exist, even that gets redirected to this German site. I can't figure it out and neither can the other people that volunteer at the forums. The thread is now three pages long, and we're no closer to figuring it out than when it started. If you think you have any idea how to fix this problem, please give it a shot. Registration not required to post.

http://www.spywareinfoforum.info/yabbse/index.php?board=3;action=display;threadid=449

Those of you using the Opera browser (version 6.03) to view my site may not realize this, but the background color of most of the text on my site is actually the same blue you're looking at now, and has been since the redesign. The reason you may not have realized before now was because there is a bug in this version of Opera. I'm not sure if it effects older versions, but 6.03 definitely has a bug that causes it to display the wrong style sheet on my site.

I have two main style sheets that I use. One of them is for the colorful design. The other has far fewer colors and is used when printing. Opera, for some reason, was displaying the printable version. To fix this, I had to reverse the order in which I linked to my printer style and my displayed style in the page. Considering how odd that is, it can't be anything but a bug.


Something happened recently that very greatly pleased me. MSN made some changes to the servers used to relay MSN / Windows Messenger traffic, and they were kind enough to inform the developers of Trillian that the change would knock users of Trillian offline, giving them time to put out a new version that would cope with the change. That was extremely generous of them I thought.

Contrast that to AOL which routinely tries its best to block Trillian users from its AOL Instant Messenger service. There's not much to admire in Microsoft anymore, but I thought that worth a few words of praise.

Just FYI, I've made a decision to block access to my site to the AOL internal browser during those times when AOL is actively trying to block Trillian. Their actions disgust me, and that's my small way of striking back. If you use AOL, you will still be able to access the site via Internet Explorer, Netscape, Mozilla, Opera, or any browser save for AOL's internal browser.


There's a new "probational" member of the spyware-free P2P club. I heard about a relatively new one called Xolox that people were using and found no evidence of spyware. It does have an ad banner, though I don't know who serves the banners.

The reason I don't know is because it is still in beta, and something on my system didn't like it at all. Every time I try to open it, it crashes. So I can't really say much about it other than it doesn't install any spyware known to me.

I logged the installation. No "known" spyware was found and there was nothing blatantly suspicious in the installation log. I'll add it to my list of spyware-free programs that I recommend in place of the adware / spyware-ridden KaZaa. I'll also mention that I was unable to test it myself and am going by the observations of others.

The only file-sharing programs that I know are free of known spyware are Gnucleus, Blubster, and WinMX.

I should point out that I'm hearing rumors of hidden spyware about the newest version 3.21 of WinMX. It is a little odd that they released 3.1, then immediately release 3.21 and blocked access to older versions. This is the same game that the spyware-ridden programs used to do play. I can't find anything wrong with this version, but I'm keeping my eye on it. Personally, I think it's bull. Why? There are no ads in this client, so what would be the point?


Speaking of file sharing programs and spyware, the developer of CompuTwin is getting bad-mouthed on some of the download sites as installing spyware. He's says his product does no such thing and went to the Lavasoft message forums asking to be "certified" as spyware-free. Lavasoft doesn't do that (it would take up too much time), but I'd hate to see someone lose business because they are labeled as spyware when they really aren't.

I have several projects going on, and really don't have time for testing this thing out. Anyone want to try it out and go looking for spyware?

There are two versions:
http://www.winsite.com/bin/Info?5000000038483
http://www.winsite.com/bin/Info?4000000037216

Both versions use an ad banner, but that in itself doesn't make it spyware. If anyone wants to put it through the ringer, post your results here at the message boards.


I've been asked many times if there was an Ad-aware (or similar) for Mac. I don't know thing 1 about a Mac and didn't have a clue about where to look. Well, finally I've found a site that has a whole page full of links to Mac security software. This site is also this week's featured site.

Speaking of which ......


Featured Site

http://www.staff.uiuc.edu/~ehowes/main-nf.htm

Professor Eric Howe's web site is one of the most well respected and useful privacy sites on the internet. It has an enormous wealth of information. This site contains links to numerous pages on the Web where home users can find software and information relevant to Windows PC privacy and security. It also contains a rudimentary "checklist" of basic steps that home users can take to enhance their privacy and security while using the Internet.

This web site was originally designed to assist students who took B&TW 263 F1 (Business and Technical Writing) at the University of Illinois at Urbana-Champaign during the Spring of 2001. It was also used by several B&TW 250 classes and a B&TW 261 class over the past few semesters. It is now being used by the students taking B&TW 263 C during the Spring of 2002.


iClean Macintosh  iClean sweeps away these hard-to-find Internet files that take up disk space and risk your privacy. Whether you're an Internet junkie, or an occasional surfer, you've got Internet buildup. Every time you surf the Internet, your Web browser quickly collects lots of little files - cookies, cache, history files - and buries them deep within your hard drive. Cover your tracks after every Web session with iClean!

Warnings

It has come to my attention that variants of the Klez virus have been emailed out with my email address in the spoofed From: field. Klez has been wreaking chaos around the world by spoofing addresses in this way. Rather than mail itself out using the address of the person infected, it takes a different name from the infected person's address book and mails itself out as that person. That makes it damned hard to figure out what infected person's machine sent that email to you.

For this reason, I am instituting a new policy. No one using a spywareinfoforum.info, spywareinfo.org, or spywareinfoforum.info/newlsetter email address will be sending you an attachment for any reason. Not even a text file. From this point forward, if I need to send you a file, I'll upload it to the web server and email the link to you rather than emailing it. This way you know that any emailed attachment from my domains will be a virus and should be deleted.

Klez and other virii don't always show as attachments. Often they will exploit the MIME vulnerability and send the virus in base 64 encoding. I have no idea how to explain all that in English. Suffice it to say that the virus is included in the email, and by using the MIME vulnerability it will launch the virus if you open the email.

Usually Klez emails are between 130KB and 170KB, which is much larger than anything I would ever send out. The largest email you might receive from me would be this newsletter, and I am trying to keep each issue under 30K total. I might stray into the 40K neighborhood (and it looks like I've already done that with this issue), but that would be the max. If I need to send you an email that is very large, I will send another one first to warn you it is coming.

All of this will be posted elsewhere on my site. This new policy is to ensure that none of you become infected because of an email bearing my return address. It's bad enough I've been labeled a spammer without people getting a virus in my name too.

I'll be writing an article on just this problem for Lavasoft soon. Keep an eye out for it.


Speaking of spam, there's an email scam / spam going around that very nearly fooled me. "Someone has a crush on you. Click here and enter this secret code to find out who!" the email beckoned. It's not terribly different from the sort of thing that my girlfriend (and beautiful and talented editor) and I send each other back and forth via email. However, this spam was mailed to my public email address rather than to my personal address, and she doesn't use that address when she emails me. If I hadn't caught that, if I had gone to that site and entered the code, I would have been telling that spammer that "Yep, my email address is valid. Spam away." These people make me sick.


Recent privacy software updates

Ad-aware 5.83

Program: Ad-aware
Author: Lavasoft
Latest Version: 5.83
Platform: Windows 9x, ME, NT 4.0, 2K, XP
Size: 870 Kb (compressed zip)
License: Free ($15.00 upgrade available)
Download

New in AA 5.83 build 2930:

Faster scanning. Log files include more file details, mouse wheel error corrected when scrolling in the "sections to scan" window. Errors encountered with the use of the "log file detail level" options corrected. Log files include more detailed information if the "include additional file\process information" options are selected.

Ad-aware will scan your system for known advertising parasites and let you remove them. It does this by scanning your memory, registry and file system for known components and shows you the result in an detailed list.

From there you can decide which items to remove, backup or add to the exclusion list. If a spyware module was found in memory, it means the spyware was active until Ad-aware detected and unloaded the particular module.

This version already has a new reference file. This reference file (032-23-06-2002) includes support for the detection and removal of SearchExplorerBar, Bulla.com BHO, TrustToolBar, HomePageWare and NowBox as well as several new versions of previous targets. It can be downloaded on the same download page.



Spybot S&D 1.0
Program: SSD
Author: PepiMK Software
(English language page available by clicking the Swiss flag on the left)
Latest Version: 1.0
License: Free
Download

New features in version 1.0: (all changes since 0.95 public version)

Most buttons replaced with Office 2k style toolbars
Office/Outlook style toolbar for easier navigation
Secure (File) Shredder (in Tools section)
Settings combined in one big configuration tree
Improved bot info section
Basic skin options
New help files
Update supports proxy and displays progress
Search presets in system internals fix dialog



RegRun Security Suite 3.2
Program: RegRun Security Suite
Author: Greatis Software
Latest Version: 3.2
License: Starting at $19.95
Download

Greatis Software has released RegRun Security Suite 3.2!

If you do have any version of RegRun 3 installed you may install new version over old.

Version 3.20
What's new?

Added new feature Trojan Analyzer to the Gold version;
Added new feature WinCleaner to the Gold version;
Added new feature "Safe Shutdown Shortcut" to the Gold version;
Updated File Protection file list;
Updated Application Database;
New design for WatchDog;
Fully rebuilt Launch Soon. Now it may work in the system tray and edit its shortcuts;
Updated RunJob. Now it may work in the system tray;
Added compatibility with AVG anti virus;
Resolved the problem with working in the Safe mode under Windows 98/Me;
Fixed bug with Infection Detector checking in the Start Control.



StartPage Guard 2.0
Author: Piotr J. Walczak
Latest Version: 2.00
Platform: Windows 9x, ME, NT 4.0, 2K
Size: 678 Kb (compressed zip)
License: Free
Download

StartPage Guard protects your PC from cyberscams, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. Malicious programs (viruses, trojans, back doors, etc.) sometimes change the StartPage to "gain the ground". Spywares use this way to invade user's privacy by tracking destinations which user visited, and collecting personal information. In some cases this activity may be totally transparent to the user. But most often this is just plain annoyance when start page is changed without asking user's permission. SPG effectively deals with all this problems, making surfing the net safer, more secure, and by reducing frustration - more fun.

Start Page Guard allows you to set your Internet Explorer start page and then guards that setting against unauthorized changes. If something alters your home page setting without your permission and doesn't let you change it back, this product will change it back for you. Please see our Hijacked! page for more information about this problem.


BHODemon

Author: DefinitiveSolutions
Latest Version: 1.0.0.3
Platform: Windows 9x, ME, NT 4.0, 2K
Size: 129 KB (compressed zip file)
Status: Freeware
Download

BHODemon scans your Registry for BHOs, and presents any it finds in a list.  By highlighting a BHO in this list, and clicking the "Details" button, you can see information about this BHO, and even disable it if you wish.  BHOs are disabled by simply renaming the DLL that houses them.  By renaming the DLL, instead of deleting it, you have the option of enabling it later if you wish.  Why would you want to do that?  Because the program that installed the BHO will not run if it can't find the DLL: Go!Zilla, for example, won't run if you remove its BHOs.

Nothing really new in this version, except for removal of the feature that lets you check the author's web site for a list of BHOs. There are way too many of them for him to keep up with. He was almost ready to sell the source code, until I mentioned that the new owner might slap a license fee on it, or even ads (shudder).


SpyCop finds computer monitoring surveillance software put on your PC without your knowledge or consent. Find out if a disgruntled employee or the competition is spying on your company. See what SpyCop is and how it works.

<Rant>

Many of you may not realize it, but SpywareInfo has an IRC chat room that's open 24 hours a day. I just moved it off of the WebNet network to WyldRyde. Several other chat rooms also switched over. Mine moved, the Lockergnome chat room, the Links-swaps chat room, and several small private chat rooms also switched over.

There were many reasons for the move. WebNet hasn't been very stable lately. There have been constant net splits of late. The company that runs the network has been installing new (and buggy) software on the chat servers, which was interfering with common text formatting and taking far too long to scan for proxy servers which I'm not running.

The main reason though, was an obnoxious network administrator who actually had the nerve to threaten to close the Lockergnome chat room because the topic of the room criticised the new software. He felt insulted because we didn't like the buggy new software and told him so bluntly.

Most companies take user criticism and fix what is being criticized. Some companies ignore the criticism. Take a look at how ScottK handles criticism. Note the @ symbol next to his name. This shows that he has opped himself. Opping himself in a channel where the channel owner doesn't add him to the op list puts him in violation of WebNet's policies for IRCops. An "OP" is a channel moderator.

"I close channels that have said less. but since I respect ChrisP, I'm going to look the other way and hope you'll come to your senses"

Oh ..... My ..... God .... Could this guy be any more full of himself? Good riddance to a bad network.

The ChrisP mentioned in the log would be Chris Pirillo of Lockergnome and TechTV. That's right. A petulant little man throwing a temper tantrum threatened to shut down Lockergnome's chat room because we dared to criticise the buggy new software. The same person nearly shut down my channel too, but I had the new server listed in my channel topic, which I didn't realize was against the network's policy. Whoops.

The new network is much friendlier. It's smaller, so there are less spammers and script kiddies. And the new java applet for web users rocks compared to the one in use by WebNet. It's still a java client, not a "real" IRC client, but it's still nice. Check it out.

</Rant>
SUBSCRIBE
TO THE
SPYWARE WEEKLY!

Email Address


About SpywareInfo
Contact us
Downloads Page
Links Page
Link To Us
Past Issues
Privacy Policy
Search
SpywareInfo Chatroom
Support SpywareInfo
Support Forums
The Spyware Weekly


Support SpywareInfo with PayPal or Amazon - it's fast, free and secure!
Support SpywareInfo

Affiliates

ZoneAlarm Pro



hosting by zortera.com

All material on this web site is copyrighted
© 2001-2002 by Mike Healan. ® All rights reserved.

Edited by the beautiful and talented GeekGrrl