Vulnerability Development mailing list archives
[no subject]
From: "Scott D. Yelich" <scott () SPY ORG>
Date: Tue, 12 Sep 2000 10:31:14 -0600
On Mon, 11 Sep 2000, MJK wrote:
Actually it is not in just those money making programs. It is also in common shareware and commercial application. I have seen it in other commercial applications. It is usually embedded in programs. You can download an ad-aware program (Ad-aware v3.61) from the freeware section of http://www.lavasoft.de/. This program inspects your computer for this spyware programs. AD-aware includes the detection and removal of Web3000, Gator, Cydoor, Radiate\Aureate, Flyswat, Conducent\TimeSink and CometCursor (1.0 and 2.0). A list of known spyware can be downloaded that same place.
Would a program such as ... zonealarm ... prevent these things from working. That is, would zone alarm provide you with a pop-up that says something like "so-and-so.dll wants to connect to the internet?" With response options like allow, deny, probe with a red-hot-debugger and "remember" this program? Other than an ad-whacker program which would have to be updated quite often almost like the virus checkers, or zone alarm, is there another solution to this irritating issue? One thing I have noticed about the PC, with winblows, is that it seems that just about every single new program I run across wants to connect back out to the internet. To me, it's VERY scary to reboot my PC and see zone alarm come up with (to me what seems like) random programs wanting to connect out to the net. I'm sure this has been mentioned before, but it seems like either IE or active-desktop or something wants to ping like the last 10 visited URLs upon start/launch. It's kind of silly to be able to write a script to monitor your web logs to know when a friend/stalker has signed on. Is anyone else growing alarmed by this seemingly new trend? On a related note... How do people feel about filling out those 1/2 dozen page "application" forms to download trial software? Is a person legally bound to provide correct information? I see two things things that come out of it -- (1) I get electronic spam... I had to provide an email address to get some "free" clipart -- because I was looking for a single image -- I just wanted to scan the collection... and, almost 30 days later to the day, I started receiving spam from the company... who later claimed that I "opted in" to their mailing list and who also provides a convoluted and BROKEN method of "opting out" and/or (2) I receive what I call "realworld" spam... wasted paper sent to the address that I used, and then I notice that sometimes my address is even sold to different companies. It's really nice when some loser company gets the name of your company wrong (ie: stupid data entry mistakes on their part) and you start getting all these nice little pens and stuff with the WRONG company name on it -- ya, sure, I'll *buy* your product... or you get that annoying phone call -- ever try to evaluate ISS -- one of their sales-dweebs will call you within the HOUR! Anyway, the whole vuln-* twist of this is the issue of programs wanting to access the net -- say on a reboot/login. Does anyone have any example of unix based programs wanting to do this? Alternatively, does anyone have an example of an mp3 player for winblows that doesn't turn music into a RAP song because it can't play continuously? :-> Scott
Current thread:
- Re: How to prevent malicious linking/posting to webapps?, (continued)
- Re: How to prevent malicious linking/posting to webapps? Lincoln Yeoh (Sep 13)
- Re: How to prevent malicious linking/posting to webapps? Robert Collins (Sep 14)
- Re: How to prevent malicious linking/posting to webapps? Pluto (Sep 13)
- Re: How to prevent malicious linking/posting to webapps? Slawek (Sep 12)
- Re: All Advantage Spyware Mark W. (Sep 12)
- Re: All Advantage Spyware Russel Smith (Sep 12)
- Re: All Advantage Spyware Jonathan Rickman (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- Re: All Advantage Spyware Doug Kahler (Sep 12)
- Re: All Advantage Spyware MJK (Sep 12)
- [no subject] Scott D. Yelich (Sep 12)
- Re: your mail John R. Dennison (Sep 13)
- Re: your mail Scott D. Yelich (Sep 13)
- Re: za and spyware (was: no subject) Jonathan Rickman (Sep 13)
- [no subject] H D Moore (Sep 14)
- [no subject] Blue Boar (Sep 14)
- Re: All Advantage Spyware Lincoln Yeoh (Sep 12)
- Auto-update software... Scott D. Yelich (Sep 12)
- Re: All Advantage Spyware Daehlie Owns (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)