Category: Spyware

Yahoo! now employing Spyware tactics!

I read with interest a post on Angsuman’s site this morning that Yahoo!’s new Instant Messanger application, when installed using the default settings on your system, will change your systems settings and install various applications on your hard drive unasked.

A News.com article on the new release lists the changes:

By accepting Yahoo’s “typical” installation of YIM with Voice, it will also download Yahoo’s Search Toolbar with anti-spyware and anti-pop-up software, desktop and system tray shortcuts, as well as Yahoo Extras, which will insert Yahoo links into the Internet Explorer browser. The IM client also contains “live words,” which will automatically show an icon when the user highlights words online and then hyperlink to Yahoo search results, definitions or translation tools. Finally, the installation will alter the users’ home page and auto-search functions to point to Yahoo by default.

To avoid these changes, users must actively choose the “custom” installation and uncheck five boxes.

If you use Yahoo!’s Instant Messanger, you can follow Angsuman’s advice and:

Use Google or any other IM for IM needs. Request your friends to do so. Otherwise you can use any Jabber clients like neos.

Use Skype instead of Yahoo’s voice services

This, coming hot on the heels of Ben Edelman’s post outing Yahoo for funding Spyware, and Yahoo!’s part in the jailing of a Chinese journalist paints an appalling picture of Yahoo! corporate ethics.

Just when I thought Yahoo! was getting back in the game!

Microsoft to start selling anti-virus services

The BBC are running a story about Microsoft starting an anti-virus and security service for PC users.

According to the BBC’s site

The service is designed to automatically patch-up security holes, as well as beef up anti-virus and spyware protection. It will also help maintain the health of a user’s PC generally

Is it just me, or does anyone else see a conflict of interest here? Why would Microsoft want to create secure software incapable of being infected by viruses if they are selling anti-virus services. It would be bound to be in Microsoft’s interest for non-customers to become virus infected and thereby require Microsoft’s anti-virus services.

To anyone who is tired of viruses/malware and spyware infecting their PCs I say – buy a Mac (or a linux based PC). I don’t have any anti-virus or anti-spyware software on my Macs (I do on my PCs) because I don’t require it. There are simply no viruses or spyware for Mac.

Firefox is less secure than Internet Explorer?

Fred Langa has written one of the most misleading and ill-informed articles I have read on the web in quite some time.

In this misleading and ill-informed article, Fred posits that

changing to Firefox–or Mozilla, or any similar software–because “it’s more secure” is a dangerous misconception; and demonstrably false

Incredibly, Fred is trying to tell us that Firefox is not more secure than Internet Explorer!

To back up his claims, Fred very carefully chooses quotes from the US-CERT site

In most cases in the more recent issues, you’ll see the list of IE’s vulnerabilities are fewer than those for Firefox, Mozilla, and the other alternate browsers

and from the Symantec Internet Security Threat Report

Between July 1 and Dec. 31, 2004, Symantec documented 13 vulnerabilities affecting Microsoft Internet Explorer. This is notably lower than the 21 vulnerabilities affecting each of the Mozilla browsers that were documented during the same period

All sounds pretty damning, right? Yes, until you do a little bit of research.

Firstly, Fred conveniently neglects to mention what classification the vulnerabilities have (high/medium/low) i.e. how potentially risky they are for your computer.

Compare the two graphs below (from Secunia) to see that for Internet Explorer 6.x – 42% of its bugs are highly dangerous or above whereas only 7% of Firefox bugs are highly dangerous.

Microsoft IE 6 criticalities from 2003 - 2005

Mozilla Firefox 1.x criticalities from 2003 - 2005

Secondly, US-CERT – the site Mr. Langa choses to take some of his information from, explicitly advise people not to use Internet Explorer

IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system. It is possible to reduce exposure to these vulnerabilities by using a different web browser

For an unbiased review of vulnerabilities in both browsers, see the Vulnerability Reports on the Secunia website for IE 6.x and Firefox 1.x. Scroll down on these pages to see that Internet Explorer currently has 19 unpatched (some of which are highly critical and have been unpatched for more than a year) and 10 partially fixed vulnerabilities whereas Firefox has 4 unpatched (none of which are even moderately critical).

Finally and from a purely personal perspective – I frequently get support calls from clients infected by spyware and malware of all sorts. I have never had one of these calls from a client I have migrated to Firefox – it is always the IE users who get infected.

With this level of inaccuracy in his piece, you have to wonder about the motivation behind writing such a dangerous and misleading article…

Blogs used to infect PCs with spyware and malware

I note a story on the BBC Technology site which says Spyware and Malware authors have copped on to the popularity of blogs and are now using them as vectors to host spyware and malware to infect people lured to the blog.

I’m surprised it took so long for them to come up with this.

Of course I can be smug – I use a Mac so I don’t have to worry about Spyware and Malware!

Who writes Spyware and why

I read a very interesting article on Livejournal by Franklin on how, when his partners PC was infected by Spyware, he tracked down who was making money from the Spyware and reached some very interesting conclusions about who is distributing Spyware and why.

One of the interesting aspects of the article, for me, is when he said “A couple nights ago, Shelly’s computer became infected. Shelly’s technically savvy, the apartment we live in is on a closed private network with a hardware firewall between us and the Internet, and she also runs a software firewall on her computer, and she still became infected nonetheless”.

To my mind, this backs up what I said in my earlier post on Spyware, the only way to stay safe from Spyware and Malware is not to use Internet Explorer or Windows.

This isn’t an anti-MS rant, I’m actually pretty agnostic when it comes to OSes normally and work easily on whatever platform I am presented with, but it now seems obvious (esp. for home users) that this is the only route which will work.

How to rid a PC of viruses and malware

My parents have asked me to look at their neighbours PC – it has started ‘acting funny’ and “they think it might have a virus”, I was told.

“Uh oh”, I thought. Here we go again. If you are the local IT guru you know this feeling well. And, is it just me or is it becoming more frequent?

I have developed a routine for dealing with these PC’s now – inevitably the “it may have a virus” turns out to be 10’s if not 100’s of viruses, trojans, worms and spyware all combining together to grind the PC to a halt. So, what I do, is to re-install the OS – more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG.

The reason for disabling System Restore is that many of the more recent Viruses, etc. hide in the System Restore volume so that they are restored after a scan is run and are impossible to delete while System Restore is running.

Once all the above software is installed and has scanned and cleaned the PC, then, and only then, connect the PC to the Internet and do a Windows Update updating the PC with all available updates. Finally, connect to and install Trend Micro’s Housecall online Anti Virus scanner . Run this scan on the PC, disconnect from the Internet and scan once more with all the previous tools ensuring all scans come up clean again. If they don’t keep repeating until they do or consider formatting the PC.

Be sure to set the Windows Updates to update automatically through the Security Center (sic).

Install Firefox and Thunderbird and set them to be the default browser and default mail client respectively. removing desktop shortcuts for Internet Explorer.

Finally, on returning the PC, you need to inform the owner of all the changes that have been made to the PC and be sure to let him/her know that these measures will only keep the PC secure for 6-9 months maximum.

It is at this point that you need to tell them that if they want to stay uninfected going forward, they’d be far better off getting a Mac!

Internet Explorer use falling further still

I note that eWeek are reporting that usage of Microsoft’s internet Explorer has fallen another 1.5% to 90.3%.

Of course, what is amazing, to me, is that over 90% of people are still using internet Explorer!

Still, I shouldn’t complain, a lot of my business these days is coming from people whose PC’s have been decimated by Viruses/worms/spyware/etc. because they are using Internet Explorer!

Security center could not change your automatic updates settings

I was working on a friends PC the other day. It had Windows XP Home on it and several viruses! After cleaning out the viruses, I updated the PC to XP SP 2 to get the security advantages that the service pack confers.

However, on re-starting the PC after the install, the Security Centre gave a warning that Automatic Updates were not turned on. On attempting to turn it on from the Security Centre, I got the error message “The security center could not change your automatic updates settings”.

I tried changing the Automatic Update settings through the Control Panel but according to the Control Panel, the Updates were turned on! However, every time I re-started or logged in again, I got the warning “Your computer may be at risk”.

Resolution:

I did a Google search on this error and found a resolution on Google Groups – after registering the dlls in this thread, I closed and re-opened the Security Centre and the Automatic Updates showed as being on.