RE: Plaxo

[Murad Talukdar <talukdar_m () subway com>]

Hi Joe,
Here's something I found on a blog
http://loosewire.typepad.com/blog/2004/03/does_plaxo_have.html
'More importantly, Plaxo does not contradict the basic idea here, namely
that there's no easy way to find out if Plaxo has your data, and there's no
easy way to remove it if they are.'

That I don't like personally. I also NEVER reply to any requests to update
my info. If they really need to get me, they will. I'm forever reminding
people to not load any crap like this--I had to fight to get the P word in
here, now everyone knows the boundaries. Maybe you could call it something
else-a little euphemism goes a long way when people resist!

Also, if you can't find something to remove it, then check the usual
suspects after uninstalling through add/remove ie registry-program files
etc.
Might be good to do a filemon/regmon when the program is running to see
where it turns up.

Murad
-----Original Message-----
From: Joe George [mailto:j.george () conservation org] 
Sent: Thursday, September 15, 2005 6:24 AM
To: security-basics () securityfocus com
Subject: Plaxo

I hate this invasive application but as it is typical with users in my
organization, people exclaim some bizarre business need for it.  I'm finding
more and more users end up hating it because it auto-sends advertising to
those in their contacts.  In the EULA it states this, and in the end it's a
pain to remove from the client. Anyone know of a removal tool for it? Is
there any benefit to having an untrusted third-party know who you email?
What is the best way to explain to users that untrusted apps are a "no-no",
without establishing a policy (the dreaded P word is a sin to say around
here)? 

Thanks,

Joe