Educause Security Discussion mailing list archives
Re: Marketscore and Higher Ed
From: "Schultz, Stephen" <SSchultz () CALSTATE EDU>
Date: Mon, 3 Jan 2005 09:46:30 -0800
I would like to point out another concern the statement below does not address. The MarketScore software, once installed, runs in stealth mode and is nearly impossible for a typical user to control. In addition, the software is nearly impossible to remove. I have followed the instructions that have been posted on this listserv including manual removal from the registry and found that the SSL hijack was still happening. I ran LavaSoft Ad-Aware that detected and 'removed' MarketScore but still found the SSL sessions were being redirected. I eventually had to format and re-install the OS to remove the threat. There is nothing legitimate about software that operates in this manner. Stephen -----Original Message----- From: David L. Wasley [mailto:david.wasley () UCOP EDU] Sent: Thursday, December 23, 2004 2:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Marketscore and Higher Ed I suggest that the SALSA statement of concern (below) fails to identify the most insidious "problem" with MarketScore: it falsifies the only available so-called security mechanism that is in broad use on the Internet today, SSL. While it may be doing nothing "wrong" with the passwords or credit card data it sees, the fact that it isn't obvious to the user makes it a fraud, in my view. They are "consensual" only on the sense that the user had to do something to allow them to be installed. If a person uses their browser at work to access secure business-related web sites, and MarketScore is installed, they potentially are exposing University information to an unknown third party without their knowledge. After all, the browser's padlock icon is "locked" which means (a) they've reached the web site they intended, and (b) the information will be safe in transit - right?. Neither is true. We forbid use of any such software here at UCOP. We monitor the network for any srd/dst addresses known to be associated with such monitoring packages. We wish there was a better way to learn of their existence and kill them on sight. David Re: At 3:13 PM -0500 12/23/04, Mark Poepping wrote:
While we may argue about specific intent or technique, the consensual nature of these applications generally excludes them from our classifying them as 'spyware'. However, the use of these applications may expose health, financial, or other protected or personal information to third parties in violation of the security policy of a campus, user, or other external service. Institutions that wish to reduce the likelihood of these types of violations should consider some or all of the following techniques as they assess their own risk-mitigation efforts:
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Marketscore and Higher Ed Schultz, Stephen (Jan 03)
- <Possible follow-ups>
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 03)
- Re: Marketscore and Higher Ed Stephen D. Franklin (Jan 03)
- Re: Marketscore and Higher Ed Daniel Medina (Jan 03)
- Re: Marketscore and Higher Ed Rodney Petersen (Jan 04)
- Re: Marketscore and Higher Ed David Escalante (Jan 04)
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 07)
- Re: Marketscore and Higher Ed Theresa Semmens (Jan 07)
- Re: Marketscore and Higher Ed Jere Retzer (Jan 07)
- Re: Marketscore and Higher Ed Joel Rosenblatt (Jan 07)
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 07)
(Thread continues...)