Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Marketscore and Higher Ed

From: "Schultz, Stephen" <SSchultz () CALSTATE EDU>
Date: Mon, 3 Jan 2005 09:46:30 -0800
I would like to point out another concern the statement below does not address.  The MarketScore software, once 
installed, runs in stealth mode and is nearly impossible for a typical user to control.  In addition, the software is 
nearly impossible to remove.  I have followed the instructions that have been posted on this listserv including manual 
removal from the registry and found that the SSL hijack was still happening.  I ran LavaSoft Ad-Aware that detected and 
'removed' MarketScore but still found the SSL sessions were being redirected.  I eventually had to format and 
re-install the OS to remove the threat.  There is nothing legitimate about software that operates in this manner. 

Stephen 

-----Original Message-----
From: David L. Wasley [mailto:david.wasley () UCOP EDU]
Sent: Thursday, December 23, 2004 2:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Marketscore and Higher Ed


I suggest that the SALSA statement of concern (below) fails to
identify the most insidious "problem" with MarketScore: it falsifies
the only available so-called security mechanism that is in broad use
on the Internet today, SSL.  While it may be doing nothing "wrong"
with the passwords or credit card data it sees, the fact that it
isn't obvious to the user makes it a fraud, in my view.  They are
"consensual" only on the sense that the user had to do something to
allow them to be installed.

If a person uses their browser at work to access secure
business-related web sites, and MarketScore is installed, they
potentially are exposing University information to an unknown third
party without their knowledge.  After all, the browser's padlock icon
is "locked" which means (a) they've reached the web site they
intended, and (b) the information will be safe in transit - right?.
Neither is true.

We forbid use of any such software here at UCOP.  We monitor the
network for any srd/dst addresses known to be associated with such
monitoring packages.  We wish there was a better way to learn of
their existence and kill them on sight.

        David

Re:
At 3:13 PM -0500 12/23/04, Mark Poepping wrote:

While we may argue about specific intent or technique, the consensual
nature of these applications generally excludes them from our classifying
them as 'spyware'.  However, the use of these applications may expose
health, financial, or other protected or personal information to third
parties in violation of the security policy of a campus, user, or other
external service.  Institutions that wish to reduce the likelihood of
these types of violations should consider some or all of the following
techniques as they assess their own risk-mitigation
efforts:


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: