Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zone Alarm Vs 180 Solutions: Zango hooks?

Hemos posted more than 8 years ago | from the deconstructing-postmodern-spyware dept.

Security 166

Sub-Seven writes "Found at Vitalsecurity.org, they detail how a Microsoft MVP pulled the Zango file to pieces, and discovered some interesting facts about exactly what a "simple" fun and games application does to a machine that its running on. Hooking into Windows OneCare and Microsoft Antispyware? What's that all about? "

Sorry! There are no comments related to the filter you selected.

Wow first post? (-1, Offtopic)

Fordiman (689627) | more than 8 years ago | (#14184879)

I have no idea what this article is on about.

Re:Wow first post? (0, Offtopic)

HulkProtector1 (728239) | more than 8 years ago | (#14184894)

You must be new here.

Re:Wow first post? (0, Troll)

n00tz (926304) | more than 8 years ago | (#14184897)

No background on the article, and it's a blog... WTF are the editors doing?

Re:Wow first post? (1, Funny)

Fordiman (689627) | more than 8 years ago | (#14184903)

Ohhhh... it's saying 180Solutions is Spyware.

One word: Duh.

Software firewalls?! (4, Interesting)

FatSean (18753) | more than 8 years ago | (#14184913)

Um...not sure what's going on here...but I think software firewalls have to be one of the silliest 'security products' out there. I still can't believe cable companies don't distribute modem/routers to users and remotely configure them to block the commonly exploited ports and protocols.

My conspiracy theory is that they have big investments in the software firewall companies...and in existing non-router cablemodems.

SO we suffer.

Hey - _I_ need a software firewall (1)

dtolman (688781) | more than 8 years ago | (#14184932)

Hey! Those poor saps out there who don't have your fancy-shmancy high-speed internet connections need software firewalls - unless you can figure out a way to block ports on my modem.

Nothing wrong with software firewalls... (3, Informative)

StupidKatz (467476) | more than 8 years ago | (#14185101)

[...] unless you can figure out a way to block ports on my modem.

Done and done [multitech.com] . Other types of "dial-up routers" exist, but this is the one I re-found first. Again, nothing wrong with software firewalls, as I like knowing when programs try to use the network, but they aren't a magic bullet.

Re:Nothing wrong with software firewalls... (0, Troll)

dtolman (688781) | more than 8 years ago | (#14185166)

Hey! That thing costs $$$ - if I wanted to spend money on my internet connection at home, I wouldn't be using my modem (free internet connection + freeware firewall).

Re:Hey - _I_ need a software firewall (1)

Blkdeath (530393) | more than 8 years ago | (#14185823)

Hey! Those poor saps out there who don't have your fancy-shmancy high-speed internet connections need software firewalls - unless you can figure out a way to block ports on my modem.

As another person already pointed out, there are a multitude of dial-up capable routers on the market today. Most of them have been phased out in favour of broadband-only variants but some are still produced. Many models have both dial-up and broadband capabilities, some even go to the extent of using dial-up as a failover if the broadband link is down. Typically these routers come with atleast 4 ports making it easy to network your home. They'll also cost you pretty much the same as a decent 4/5 port 10/100 switch.

If, on the other hand, you don't want to "pay anything" for your home connection - that's fine. Just don't be alarmed when your computer is taken over and your 48kbit connection becomes a 1kbit connection. :)

Re:Software firewalls?! (2, Informative)

Anonymous Coward | more than 8 years ago | (#14184958)

That's a pretty arrogant statmenet. Software firewalls have a legit use in controlling internet access at the application level regardless of what ports the application uses.

Just because you don't have a use for them doesn't mean they don't serve a purpose.

Re:Software firewalls?! (4, Informative)

sirwired (27582) | more than 8 years ago | (#14184961)

Um...not sure what's going on here...but I think software firewalls have to be one of the silliest 'security products' out there. I still can't believe cable companies don't distribute modem/routers to users and remotely configure them to block the commonly exploited ports and protocols.

Errr... because quality software firewalls (like ZoneAlarm) and home hardware firewalls/routers protect against two entirely different problems?

Home Routers/Firewalls protect your machine against INBOUND, unsolicited connection requests. This makes you immune to attemts to exploit server-type services, like file-sharing, IIS holes, etc. This lets me run VNC, Apache, whatever on my home machine and not have to worry about keeping patches up to date (or even setting a password, for that matter.)

Software firewalls protect you against OUTBOUND connections you did not authorize. Port-blocking does nothing to stop this because a nefarious software vendor can't be stopped from sending an outbound request on port 80 by an external firewall.

I can't count how many programs (even legit ones) that shouldn't be talking to the internet keep requesting outbound connections. (This is all caught by ZoneAlarm.)

SirWired

Re:Software firewalls?! (2, Insightful)

hal9000(jr) (316943) | more than 8 years ago | (#14185080)

Home Routers/Firewalls protect your machine against INBOUND, unsolicited connection requests.

That is not correct. Typical home routers are Network Address Port Translation (NAPT) devices that translate private internal addres to a singel public external address. Stopping unsolicited external connections is a beneficial side-effect of NAPT because there is no translation rule for the NAPT router to pass traffic inward. Now, many NAPT routers can't properly handle dynamic protocols like gaming protocoals (specirfically gaming protocols that use ephemeral ports from external hosts (VoIP suffers from this too, btw)), so without specific game support (on a per title or service basis), you essentially create a default inbound rule that says "any external unsolicted connection gets sent to this internal computer."

Software firewalls protect you against OUTBOUND connections you did not authorize.

Wrong again. Host firewalls will block unsolicted external connections to the host and in fact was the original design goal of BlackICE, Zone, and others. Check it out. Turn one on, scan it and see what happens. Then turn off the host firewall, scan it, and compare the results. The blocking of outbound connections came later, as a feature to stop worms and network viruses from spreading.

So if your doing on-line games and your router doesn't intelligently support the gaming protocol (assuming the gaming protocol uses ephemeral ports), then your host is a sitting duck.

Re:Software firewalls?! (3, Informative)

harrkev (623093) | more than 8 years ago | (#14185280)

You are picking nits...

A NAT box does indeed protect from incoming connections (provided that you do not use DMZ and port forwarding). This may indeed be considered to be a side-effect, but that does not mean that it does not work. How well these routers work for gaming is another matter entirely. And as far as gaming goes, I am certainly not an expert as I am not into on-line games, but each game should specify which ports it uses so that you can open those ports in your NAT box. Having to use DMZ for a game is silly and dangerous.

As what the GP post said is correct. Software firewalls offer outbound protections. You are right that their first purpose is to protect from inbound threats, but if you have a NAT, you have NO inbound threats (except perhaps for those ports used for games when your game software is not running). Filtering outbound connections is the only reason that I use a software firewall. In fact, my software firewall has NEVER had to block an incoming connection since I built my present computer over a year ago, thanks to my NAT box.

Re:Software firewalls?! (1)

sirwired (27582) | more than 8 years ago | (#14185433)

Yes, stopping unsolicited external connections cold is a "side-effect" of a NAPT box, but that does not make it any less useful or effective.

As far as the DMZ goes... Anybody that sets up the DMZ on a router better know exactly what they are doing, and the two routers I have dealt with have thrown up warning boxes that setting up a DMZ was a bad idea. Personally, I think that any protocol designer for the last couple of years that can't decide on a single inbound port, knowing how common home routers are, needs his head examined.

For the software firewalls... yep they all certainly were designed to block inbound connections, but a NAPT box does a much better job. I believe that ZoneAlarm has ALWAYS done outbound monitoring.

SirWired

Re:Software firewalls?! (2, Informative)

Budfrogs (848963) | more than 8 years ago | (#14185819)

The disadvantage of using a router for outbound filtering/blocking/security is that the Application data is not availalbe. While a software firewall can determine which application if trying to make/recieve the connection. Many software firewalls check to see if the program accessing the net has changed and lets you decide if you want the new version to have access.

We need a hybrid (1)

phorm (591458) | more than 8 years ago | (#14185865)

Personally, I'd be happy to lay down cash for a device which works as both. Having a device which has a secure (keyed or passworded) connection to the host machine and could be updated with incoming/outgoing block rules would be wicked. I have a 'nix box with iptables that does this to some extent, but it can't specifically block a piece of software running on the NAT'ed boxes (mainly because it doesn't know what is running).

Now one way would be to have a piece of software running on the client boxes which updates the router as to what software is running which ports, and which is authorized etc. At that point you'd still be running the overhead of software on the machine, but possibly less than if it were doing all the actual firewalling, etc etc.

Re:Software firewalls?! (2, Informative)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14185105)

I can't count how many programs (even legit ones) that shouldn't be talking to the internet keep requesting outbound connections. (This is all caught by ZoneAlarm.)

For OS X users, try A href="http://www.obdev.at/products/littlesnitch/in dex.html">Little Snitch for the same functionality. Some of the outbound connections Adobe software attempts to make (weird out of country IP addresses) are scary.

Re:Software firewalls?! (1)

Mnemia (218659) | more than 8 years ago | (#14185175)

That's all true, but unless Windows has a really good way to prevent tampering with drivers and unrelated programs then the software firewall will be vulnerable to being disabled or bypassed by malware. At least when you have a separate machine running your firewall nasty applications can't mess with it.

What we really need is a cheap, standalone appliance with an application-level firewall that can determine what application is sending requests by looking at packet contents (I know this is difficult). This won't solve the problem entirely, but it would help. A way to absolutely prevent unknown programs from loading into the kernel space or "hooking" into applications like this one did would help the existing software be more secure at least. Maybe require a reboot with Windows explicitly asking if it's okay?

Impossible (1)

AnEmbodiedMind (612071) | more than 8 years ago | (#14185346)

What we really need is a cheap, standalone appliance with an application-level firewall that can determine what application is sending requests by looking at packet contents (I know this is difficult).
What you are suggesting is not just difficult - it is impossible (for well designed malware). For example, malware could just talk http with ssl with some server and you'd never know which application was doing it.

You really need applications to not require Admin access to install (e.g. OS X) and than you can feel secure about your firewall. Don't install any dodgy apps that require admin access.

Re:Impossible (1)

Mnemia (218659) | more than 8 years ago | (#14185632)

You're correct that you can't look inside all streams of data just by looking at the packets. Encryption can defeat this as you point out (although in theory it is still possible for non-encrypted data). But then again, you could have a system to ban all encrypted data streams except to specific hosts whitelisted by you. This could be a pain given the number of hosts people often perform encrypted communication with, but still doesn't seem like a completely terrible idea to me given that a user should be aware whenever an authorized piece of software is sending out encrypted data.

Re:Software firewalls?! (1)

towsonu2003 (928663) | more than 8 years ago | (#14185242)

anyone knows any software firewall gui (for easy configuration of iptables and stuff) for linux?

Are you kidding? (2, Informative)

FatSean (18753) | more than 8 years ago | (#14185244)

Software Firewalls are useless! I can configure my cheap-ass 5 year old netgear router/hub to deny outgoing connections on specific ports just as I can control incomming.

If your PC is compromised enough that you have un-wanted programs sending data to third parties...you've got much bigger problems. If that malicious code is already running on your machine, your 'software firewall' is just as vulnerable as any other program.

Re:Are you kidding? (1)

sirwired (27582) | more than 8 years ago | (#14185458)

Software Firewalls are useless! I can configure my cheap-ass 5 year old netgear router/hub to deny outgoing connections on specific ports just as I can control incomming.

Err... what do you do about software sending outbound connection requests on port 80? I certainly hope you aren't going to plan on blocking that one.

SirWired

Re:Are you kidding? (1)

itsnotthenetwork (634970) | more than 8 years ago | (#14185866)

You could treat it like cookies. Have it ask you.
If you just requested a web page, you can allow it.
If it is trying to make the connection while you are at work, or asleep, it gets blocked.

Re:Software firewalls?! (3, Insightful)

nonsequitor (893813) | more than 8 years ago | (#14185016)

Who do you want to control the firewall for your connection? I would rather have full control over my home network, let everyone else be damned. What if they start blocking port 21 (no ssh for you), then they block 80 (you shouldn't be running a webserver on a non-commercial line anyway), and so on.

Sorry, good idea, but there's no real standard between OS's on reserved ports in the sub 1024 range. Ports which you may not want exposed to the world on a windows box could run a perfectly secure service on a *nix box. I don't think that is the case at the moment, but you get the idea.

Your ISP is a common carrier, they are not liable for what is transmitted over their network. I believe they are looking into attack mitigation for large scale DDoS and worm traffic, but if they start requiring me to use a firewall configured by them, I'll switch ISPs.

Re:Software firewalls?! (1)

Thangodin (177516) | more than 8 years ago | (#14185158)

You should have both a software and hardware firewall. Hardware firewalls are much better for dealing with attacks from outside, but they will not prevent spyware or trojans from sending information out. Something like ZoneAlarm will at least notify you when something that should not have internet access is trying to get through. Hardware firewalls are pretty much useless once a program is on your machine.

Re:Software firewalls?! (1)

arkanes (521690) | more than 8 years ago | (#14185455)

Software firewalls can usually be simply bypassed by anything running on the same machine as they are. In combination with a number of other techniques (not commonly used and frequently impractical on Windows), they can provide real protection. In the general case, they do not. A properly configured and sufficently powerful external firewall actually can block outgoing traffic, including nasty malicious stuff. An internal firewall like ZoneAlarm will only even see trivial and barely malicious stuff, like spyware. On the other hand, its a lot easier to set up and at least it looks like its doing something.

Re:Software firewalls?! (1)

Alchemar (720449) | more than 8 years ago | (#14185225)

You need to block all the ports THAT YOU ARE NOT USING. I have a hard enough time getting things set up around broadband companies firewalls. I paid for a connection to the internet, I want a connection to the internet. If I want a company to give me restricted access so that I can't hurt my computer, I would hire a security company not an ISP. Let me put my own router on that I can configure. When the ISP start deciding what I need it ends up being surfing the web and sending email to their server. If I only needed two ports, lets just change the IP spec to a single digit number. That would give us 80% capacity to expand in the future if the ISP decides I am allowed to do something else.

Re:Wow first post? (0, Interesting)

Anonymous Coward | more than 8 years ago | (#14184946)

Basically after RTFA seems to me that 180 and friends are trying to deny what the app actually does, It was interesting to see the M$ explaination of the Procedure call.

TBH 180 and all those other search / tool bar(ish) things are spyware to improve your popups and help slow your PC to a crawl.

--

First Time I've ever seen that... (4, Informative)

dtolman (688781) | more than 8 years ago | (#14184898)

Is it just me, or is the friggin slashdot summary got more information than the linked article?

Thats gotta be a first...

It's not just you (2, Funny)

winkydink (650484) | more than 8 years ago | (#14184910)

The linked-to blog article is clear as mud

Re:It's not just you (3, Funny)

croddy (659025) | more than 8 years ago | (#14184927)

No, that's not muddy. That's the New Journalism. It's supposed to be nonsensical and unreadable.

Re:It's not just you (0)

OneSmartFellow (716217) | more than 8 years ago | (#14185136)

Surely that makes it Post Modern Journalism ?

Re:It's not just you (0)

Donut2099 (153459) | more than 8 years ago | (#14185141)

Oh Noes!

Re:It's not just you (0, Funny)

Anonymous Coward | more than 8 years ago | (#14185148)

no, i think thats New Jersey you're thinking of.

New Journalism is when you write the article first, then look for sources after.

Re:It's not just you (2, Informative)

Pollardito (781263) | more than 8 years ago | (#14185384)

just to show that it wasn't a one-time thing, here's a quote from his entry describing his blog [vitalsecurity.org] :
If you want a full on, voice of God raging from a thunderstorm malware apocalypse complete with stupid pictures, pressure cranked up to 11 and the now obligatory sound and vision link, keep it tuned to Vitalsecurity.org.

Re:It's not just you (5, Insightful)

ergo98 (9391) | more than 8 years ago | (#14184975)

The linked-to blog article is clear as mud

No kidding. The blog article has ZERO content, apart from linking to two other sites about some program that purportedly is being flagged as spyware.

If slashdot is accepting lame "my blog entry" submissions like this (and what's with the "Microsoft MVP" comment in the submission? That's like trying to give credibility to a blog entry by purporting it to come from a "high school graduate"), then I'm going to start submitting every entry I make. Maybe I'll blog about this blog entry that blogs about a blog entry and submit that.

Ah well, like I - esteemed high school graduate and Blockbuster cardholder - said - most blogging is bloggers talking about blogging [yafla.com] . (Yes, hypocrisy runs deep with this)

Re:It's not just you (0)

Anonymous Coward | more than 8 years ago | (#14185093)

but the mike burgess guy *is* an MVP...

Re:It's not just you (1)

ergo98 (9391) | more than 8 years ago | (#14185118)

but the mike burgess guy *is* an MVP...

Perhaps I'm missing a joke, however both the linked blog entry, and the linked Burgess entry that he links to, are MVPs. Good for them, but it really doesn't designate quite a level of accomplishment or credibility that it merits mention in the submission.

Re:It's not just you (0)

Anonymous Coward | more than 8 years ago | (#14185339)

well possibly not, though the boyd guy is well known for hitting big "busts" - last one was this http://www.eweek.com/article2/0,1895,1888714,00.as p [eweek.com] and he had the bittorrent thing some time ago. i'd say thats a pretty decent accomplishment. and what sounds better - "security mvp" finds x, y and z" or "some random guy"? Surely a little background info goes a long way?

Re:It's not just you (1)

ergo98 (9391) | more than 8 years ago | (#14185442)

i'd say thats a pretty decent accomplishment. and what sounds better - "security mvp" finds x, y and z" or "some random guy"? Surely a little background info goes a long way?

It said "Microsoft MVP" (which could mean an MVP in any number of very isolated technologies) rather than Microsoft Security MVP. In any case, if someone has that sort of history a simple "Noted security expert" would be vastly preferrable to "Security MVP", as least IMHO.

Re:It's not just you (0)

Anonymous Coward | more than 8 years ago | (#14185498)

fair enough - though in this case, Mike Burgess is not what id call a "noted security expert" - though he *is* noted security mvp.

Re:It's not just you (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14185377)

The shot about MVPs is unwarranted, in my opinion. At least for C++, I thought they did a reasonable job of vetting them -- all of my experience with the other C++ MVPs showed them to be very knowledgeable about the language. Certainly, the standard was higher than merely "high school graduate." And Microsoft had an obvious incentive for that to be so, both because they spent money on the program, and because the MVPs were sort of a proxy support group for MS and their quality reflected back on the company.

Personal bias -- I was a VC MVP for two years, and I earned that status by providing a lot of good, free advice on C++ programming with VC in the newsgroups. My status lapsed after I had a significant downturn in involvement in the groups.

Re:It's not just you (2, Informative)

ergo98 (9391) | more than 8 years ago | (#14185412)

The shot about MVPs is unwarranted, in my opinion.

I didn't intend to make a shot at MVPs (and I'm sure there are a lot of kick-ass, very talented people with the designation. Usually it's one of their many designations). All I was doing was questioning whether it really gives any additional weight to the submission (most of the people who are linked have a BSc - how many times do submissions say "BSc holder John Topley says that...". A BSc is a much greater accomplishment than a MVP).

There are any number of accomplishments that people in this field have achieved, but unless they are pertinent they really don't usually get mentioned in a Slashdot submission. In this case the "Microsoft MVP" thing just looked ridiculous (especially outside of a Microsoft only forum).

Here is the background (4, Informative)

bytemonger (843131) | more than 8 years ago | (#14185011)

Hi I think this text shed some lights: http://blog.180solutions.com/PermaLink,guid,5795b8 5d-feea-4656-93e1-d788a01f760a.aspx [180solutions.com] Poor people @180solutions that suddenly found their spy-ware being detected by Zone-lab's Zonealarm. Zonealarm is obviously a great piece of software. So when 180Solutions became aware of this, they saw their business-model go the way of the dinosaurs.

Re:First Time I've ever seen that... (1)

Ooblek (544753) | more than 8 years ago | (#14185014)

The article didn't make much sense, but I *think* someone figured out that some downloaded POS program uses the CBT windows hooks. CBT is for [C]omputer [B]ased [T]raining. If I had to guess why they would do this, it is so their program can react to content that trigger's their CBT hooks. If I recall correctly, you can imbed this type of CBT stuff in Windows media files. So their memory resident POS program sits their and reacts to video streamed off their affiliates sites?

Of course, the problem here is that other parites will be able to figure this out too. I bet someone finds out that Zango can launch external programs based on content in WMV streaming media. If so, this will be the next Sony-DRM-type scandal.

Re:First Time I've ever seen that... (5, Informative)

Bob_Villa (926342) | more than 8 years ago | (#14185061)

On the blog, just click the link that says "Very thorough runthrough", which links to the following url: http://mvps.org/winhelp2002/temp/zango.htm [mvps.org]

I think this link is actually pretty good. I agree, the blog wasn't the most clear.

Re:First Time I've ever seen that... (1)

CaymanIslandCarpedie (868408) | more than 8 years ago | (#14185066)

Yeah, not sure why they linked to that blog. The blog does however have a link to the useful info. This [mvps.org] is it.

Re:First Time I've ever seen that... (1)

Prog_Burner (663126) | more than 8 years ago | (#14185088)

Yeah, this is an awful article, people we've never heard of, telling us things we already know. 180 Solutions = Bad. Thanks random blogs.

Yes. And also: (3, Insightful)

sammy baby (14909) | more than 8 years ago | (#14185198)

The Slashdot summary has more info than the linked article, but the impressive thing is that the Slashdot summary still is only barely written in complete sentences. I mean, I'm a sysadmin with about ten years of experience, I've been reading Slashdot for years, and not only can I not understand what the article says, I'm not even sure what it's supposed to be about. Someone not flagging spyware when they should? Or tagging it as spyware when it shouldn't? Or... christ, I give up. Not worth it.

I'll paraphrase the article for clarity: (5, Funny)

Crizzam (749336) | more than 8 years ago | (#14184904)

Zango dango bo-bango, banana fana fo-fango fe-fi mo-mango, Zaaaango.

Re:I'll paraphrase the article for clarity: (0, Offtopic)

Yaa 101 (664725) | more than 8 years ago | (#14185035)

It shows that mods have no sense of humor at all in most cases...

Re:I'll paraphrase the article for clarity: (0)

Linker3000 (626634) | more than 8 years ago | (#14185119)

Wil, is that you?

Just like the Kennedy Assassination (0)

Anonymous Coward | more than 8 years ago | (#14184906)

Zango is not the same as ZoneAlarm. ZoneAlarm is prosperous and protects against spyware and firewalls. However, because ZoneAlarm contains hooks, the phishers go wild for vulnerabilities. It's vulnerabilities, folks, that I'm talking about. And if you don't believe it, call me a goatse spammer or something.
 
  A poem about microsoft goes like this.
His name is Bill Gates
His os makes for long waits
So does his ISP
But you
are through

Re:Just like the Kennedy Assassination (2, Funny)

frinkacheese (790787) | more than 8 years ago | (#14184955)

ZoneAlarm is prosperous and protects against spyware and firewalls

We all need protecting from those nasty firewalls ;-)

Removing spyware in applications (4, Informative)

dada21 (163177) | more than 8 years ago | (#14184914)

It wouldn't surprise me if 30% of my IT company's income came from user stupidity combined with software such as the XCP, spywared games, and other fun entertainment products. Yet this is just the market at work. Loopholes are found, usually because of click-through-licensing. Companies will always attempt to build their markets and consumers will always find the bad seeds.

It is very important to realize that as long as end users continue to install these programs, marketing companies will feed their needs. You could ague for laws against these backdoor programs, but it wouldn't solve anything and in fact might make the problem worse as companies find sneakier ways to get into your desktop.

The only way to make a smart consumer is to inform them of the bad things. This means getting the word out, telling others to be careful, and even offering training for groups. My company makes a good profit on spyware, but we offer completely free training days for companies that want to save money by training their employees in safe web browsing. I don't think the answer is "Install Linux and Firefox and the problem will go away!" If Linux/Firefox occupied 90% of desktops, the marketing companies would find a way to take advantage of that platform.

Smart users are informed users are users who won't continue making the same mistakes. Finding band-aids through legislation or discrete installation of anti-spyware software isn't going to solve the problem.

As a sidenote -- the reason for training my customers in smart browsing techniques is a selfish one. As we reduce a company's cost of doing business, our referral rate skyrockets. The less we work/bill, the more work we have to bill. If you're a consultant and you're not seeing a decent increase in your customer base every year, you're not doing a good enough job. There is more work in the U.S. than is being tapped, and it is usually because companies aren't seeing things getting better.

Re:Removing spyware in applications (1)

quanticle (843097) | more than 8 years ago | (#14184996)

I agree that education is important in fighting these scams. And yes, I've done my part, telling everyone that I know that billing info/passwords should never be sent through e-mail, that applications should be examined before they are installed, etc. However, I often find that the increasing sophistication of spyware and phishing scams often overcomes whatever training I give (i.e.: "I know you told me not to send my billing information over e-mail but it was so convincing...). Heck, I've seen phishing scams that looked so authentic that I may very well have been taken, if I had a pre-existing business relationship with the organization that the scam was trying to impersonate.

My point is that, yes, education can prevent many from falling victim to the easy and simple scams. However, education that is not absolutely thorough may lead to overconfidence, allowing people to fall for the slightly more sophisticated scam with even greater ease.

Re:Removing spyware in applications (1)

dada21 (163177) | more than 8 years ago | (#14185048)

You're right -- just training someone in proper use isn't enough. It is also important to train people in questioning every action before performing it. Phishing is getting harder to detect, yet it is causing the banks to take better security measures (they end up paying for the phishing in the end). This is the market at work -- government is coming along to draw the chalk-line and collect evidence, the banks are working to prevent the crime from ever happening.

Re:Removing spyware in applications (3, Insightful)

aquarian (134728) | more than 8 years ago | (#14185082)


I agree with everything you said, but especially this:

As a sidenote -- the reason for training my customers in smart browsing techniques is a selfish one. As we reduce a company's cost of doing business, our referral rate skyrockets. The less we work/bill, the more work we have to bill. If you're a consultant and you're not seeing a decent increase in your customer base every year, you're not doing a good enough job. There is more work in the U.S. than is being tapped, and it is usually because companies aren't seeing things getting better.

I've found this applies to whatever business you're in. I've started, grown, and sold 4 different companies, in completely unrelated industries. The more we were able to make ourselves unnecessary, the more work we got.

Re:Removing spyware in applications (1)

Dun Malg (230075) | more than 8 years ago | (#14185221)

I've found this applies to whatever business you're in. I've started, grown, and sold 4 different companies, in completely unrelated industries. The more we were able to make ourselves unnecessary, the more work we got.

Indeed, nothing gets you more good business than word of mouth. At one of the companies I work for, a locksmith, my boss constantly turns away work. I was talking to an employee of one of our competitors and apparently they spend a lot of time waiting for the phone to ring. It's not advertising, 'cause we have a one line ad in the yellow pages and they have a two-page full color spread. The difference is that we do quality work that stays done for years. The other guys use crap materials and do a half-assed job. They charge 20% less than us per hour. We work 8-4 mon-fri and they all take turns taking 24hr emergency pages all week. Quality work sells itself, and sells for more money.

Re:Removing spyware in applications (2, Interesting)

dada21 (163177) | more than 8 years ago | (#14185224)

I've found this applies to whatever business you're in. I've started, grown, and sold 4 different companies, in completely unrelated industries. The more we were able to make ourselves unnecessary, the more work we got.

Succinctly put. What you just said is about 1/3rd the reason I became a libertarian and then became an anarchocapitalist. I realized that businesses that exist to grow and tread new markets are what makes this world wonderful. I saw how some corporations (not businesses) fought to stay the same, and wanted to make a law to enforce the status quo. I've been a businessman since I was 13/14, and I never really thought about "What is legal?" I thought "What is moral?" I didn't need the law to tell me what my customers wanted and what I could provide. I didn't need the law to tell me when a product I made was harmful to my customers. I just knew. As I left my teens, I realized that almost all my businesses were just stepping stones to new ones. I'm always focusing on what will replace me, and then seeing what will replace other industries. Those are the businesses to be in before the masses start investing in IPOs -- which are already too late to the scene.

Oh my - A Microsoft MVP! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14184916)

For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards, providing them with a lot of free labour (a lot of the "Great support" of Microsoft products is due to these waifs), the more likely you will become a Microsoft MVP. It's sort of a "Who's Not Who" list in the trade.

MVPs are people given a participation award award to keep them providing the free support. They are neither exemplary talents, nor are they Microsoft employees.

Re:Oh my - A Microsoft MVP! (5, Insightful)

Frankie70 (803801) | more than 8 years ago | (#14184998)

For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards, providing them with a lot of free labour.


What about all those people providing support on Linux/MySQL/Apache mailing lists/forums etc - what
are they? Unemployed losers or OSS champions?

Re:Oh my - A Microsoft MVP! (2, Funny)

Ooblek (544753) | more than 8 years ago | (#14185068)

I think they are OSS Champions as long as they are still classified as college students. After they graduate, they are unemployed losers.

Re:Oh my - A Microsoft MVP! (0)

Anonymous Coward | more than 8 years ago | (#14185114)

Employed losers.

Re:Oh my - A Microsoft MVP! (0)

Anonymous Coward | more than 8 years ago | (#14185240)

What about all those people providing support on Linux/MySQL/Apache mailing lists/forums etc - what are they?

Bored, since their platform of choice tends to Just Work*.

* - after 1500 hours of nonstop configuration.

Re:Oh my - A Microsoft MVP! (1)

kuzb (724081) | more than 8 years ago | (#14185514)

Probably a mix of both. I'm gainfully employed as a software developer, and manage to provide support for a few applications which the company and I use on a regular basis. However, I could also agree that some of them also do it from their mother's basements.

Re:Oh my - A Microsoft MVP! (4, Insightful)

rborek (563153) | more than 8 years ago | (#14185085)

I'm a Microsoft MVP, and I'm not unemployed, and I'm not a loser.

Those active in other communities (ie Linux) are not told that they are unemployed losers for helping people out. So what if a bunch of us want to actually help people by making use of our expertise?

Not every MVP is an expert in every area, but they are an expert in the area that they were awarded in. For example, my award is in Mobile Devices, but I'm far from being an expert in FoxPro.

Re:Oh my - A Microsoft MVP! (-1, Troll)

Prog_Burner (663126) | more than 8 years ago | (#14185196)

It's kind of like saying "I'm an MSCE." or "I'm a MOS (Microsoft Office Specailist)" It sounds really good to anyone who doesn't know, but it's not something I would brag about to anyone that wasn't a User. It's something that may look good on a resume in addition to real skills, or to a manager that has no real idea of what's going on, but it's not something I'd bring up in conversation with anyone I work with (sysadmin would fall out of his chair.)

Not that I have either of these "qualifications." Just thought I'd menrion that.

Re:Oh my - A Microsoft MVP! (1)

rborek (563153) | more than 8 years ago | (#14185237)

You have to remember that it's an AWARD and not a certification or qualification. It's awarded at Microsoft's sole discretion, and does not make you an expert in all Microsoft products.

Do I bring it up in everyday conversation? No. Just like I don't bring up any of my other certifications or educational qualifications either (like my MCP, or even my BSc).

Re:Oh my - A Microsoft MVP! (2, Informative)

Westley (99238) | more than 8 years ago | (#14185171)

Um, you certainly don't need to give pro-Microsoft answers to become an MVP. I've given plenty of answers berating .NET or Visual Studio in comparison with Java or Eclipse (where appropriate) but have still been awarded as a C# MVP three times.

You're right that it's a participation award, however - it's definitely people who are helpful to the community rather than *necessarily* the brightest stars. You don't necessarily have to be a genius to help a lot of people. That doesn't mean there aren't plenty of extremely bright people in the programme though.

Re:Oh my - A Microsoft MVP! (5, Interesting)

value_added (719364) | more than 8 years ago | (#14185390)

For anyone who doesn't know, you become a Microsoft MPV largely by being an unemployed loser - the more time you can waste away providing pro-Microsoft answers on Microsoft's message boards ...

The MCSE jokes on /. are admittedly funny at times, but this is as unfunny as it is unfair. First, only web weenies would refer to news groups as message boards. Second, those groups are an invaluable resource, being freely available, active, and representing a wide cross section of experience, they're one fo the few places where you can find honest and up-to-date information. And third, while Microsoft does offer a pseudo subscription-based pricing for "guaranteed responses" (from the MVPs, among others), most posts are the result of volunteer efforts.

Perhaps the next time you send a question off to debian-users, for example, hoping for an answer from one of the "regulars", you avoid suggesting that any of them must be an unemployed loser for bothering to respond. Unless playing the part of a troll is somehow more rewarding.

If it sounds like I'm pissed off, yeah, I am. Having to defend something Microsoft related on /. is annoying enough without being forced to justify the efforts of those trying to help others, irrespective of the venue or their individual capacity.

As for anyone else using Windows and is unfamiliar with usenet, I'd suggest exploring the ms.public hierarchy with whatever news client you have available, and get into the habit of reading a few of them before applying the latest patch or service pack, or are otherwise trying to resolve an issue or trying to learn something. The top posting is murder, but the information is free and unlikely to be available to the same extent anywhere else.

Hmm (1)

CriminalNerd (882826) | more than 8 years ago | (#14184926)

180 is angry about their program being flagged as spyware. So what? Isn't that true? I do know for sure that 180 Solutions is a company that installs a LOOOOT of tracking cookies...Besides...who needs a "search assitant" when you have Google?

Clever (rolleyes) (3, Insightful)

Pope (17780) | more than 8 years ago | (#14184947)

Put a link to the article on the same page as itself, thereby upping your Google ranking.

Blogs are awesome.

Re:Clever (rolleyes) (1)

LiquidCoooled (634315) | more than 8 years ago | (#14185044)

Nahhhhhhhh surely your just trolling

Surely Google wouldn't consider that an uplift.
Most sites and pages have it (even slash).

Re:Clever (rolleyes) (1)

Vorondil28 (864578) | more than 8 years ago | (#14185184)

Yeah, you're right. This is a nearly-stock Blogger.com template. All he's done is add a few things in the sidebar and the fancy title-image at the top. Links like that are there on that template as well as nearly every other Blogger template.

This is worse than Spyware (5, Interesting)

HexaByte (817350) | more than 8 years ago | (#14184948)

From the article:

180Solutions was complaining that "ZoneAlarm was advising that our 180search Assistant "is trying to monitor your mouse movements and keyboard strokes" well let's see after reading the above ... that description looks right to me.

This is worse than spyware. This could be used to transmit your account codes and PINs, passwords, etc.

Sounds like stealware(TM) to me!

Re:This is worse than Spyware (1)

jjeffrey (558890) | more than 8 years ago | (#14185033)

Actually I can think of a number of reasons why an adware program might have legitimate reason to monitor your mouse movements - activating roll overs, pop ups etc.

I can't think of anything it would do with that functionlity that wouldn't be annoying, but I can see why it might be considered legitimate.

If it is storing key strokes to build an advertising profile or something (e.g. if you type "cat food" a lot - that would be different).

Re:This is worse than Spyware (1)

Sique (173459) | more than 8 years ago | (#14185283)

Normally the window that you scroll over gets a mouse event anyway, so if this is your window you'll be fine just to handle that event. To get ALL mouse events means that you are catching stuff that doesn't belong to your software. And here you need VERY good reason to have this.

Re:This is worse than Spyware (1)

YU Nicks NE Way (129084) | more than 8 years ago | (#14185366)

Excatly. There's exactly one class of applications which needs to create a WH-CBT hook -- Computer Based Training apps. They really do need to track everything, in order to correct the insane thing users try to do and say "No, that's not what you want to do." Nobody else should ever hook that stream.

Re:This is worse than Spyware (5, Funny)

Red Flayer (890720) | more than 8 years ago | (#14185133)

"Sounds like stealware(TM) to me!"

Whose side are you on, the **AA?

It's not theft, since they are only making a copy, and you are not deprived of the use of your account codes, PINs, etc.

Re:This is worse than Spyware (0)

alphax45 (675119) | more than 8 years ago | (#14185340)

I have to say this:

So your saying a "copy" of informaion such as your PIN for your bank account and possibly your credit card #, your e-mail passwords, etc... is ok for them to have?
Hey why not post a "copy" on here so we can all get one. You don't need to worry, as we will only have a "copy". I'm sure no one will do anything bad with the "copy".

Note to mods: it's funny, laugh!

Hello alexxa! (0)

Anonymous Coward | more than 8 years ago | (#14185134)

free with windows.. I forgot who owns it now though.

Legit uses? (1)

phorm (591458) | more than 8 years ago | (#14185808)

Just out of curiousity, can anyone see any possible legimate/non-fraudulant use at all for a 3rd-party company to have keyloggers installed in their software?

Interesting little side not (4, Insightful)

ZachPruckowski (918562) | more than 8 years ago | (#14184980)

The whole reason for the lawsuit wasn't because 180 was pissed with misleading statements, it was because a potential business partner of 180solutions had concerns about associating their company which Zone Labs had tagged as a high security risk.

Well, if legitimate companies are afraid to associate with spyware companies, then I'd call that a good side-effect of the Sony malware mess.

Why the blog? (4, Informative)

imroy (755) | more than 8 years ago | (#14185005)

Why link to some guys blog with inane comments, when you can link to the page he refers to [mvps.org] ? Lots more information there.

What is it with blog pages that link to another blog, which links to another blog, and so on? If this is how things are done in the blogosphere, then my already low opinion of bloggers just slipped a little. Just provide a link to the original f**king information!</rant>

Re:Why the blog? (4, Insightful)

Billosaur (927319) | more than 8 years ago | (#14185214)

What is it with blog pages that link to another blog, which links to another blog, and so on?

This is the principle of the "Möbius [wikipedia.org] blog", whereby the information is wholly one-sided and is repeated so often that it is taken for fact by anoyone reading it. As they move from link to link, their indoctrination in the rhetoric increases, with the theoretical maximum value being reached when they return to the original "source" blog. Once a "Möbius blog" is entered, the ability of the reader to avoid reading the next blog in the series decreases proportionately.

The "Möbius blog" is also know as "Internet journalism".

What's the hook being used for? (5, Informative)

kawika (87069) | more than 8 years ago | (#14185020)

180 is suing ZoneLabs for a very specific and narrow statement [180solutions.com] as far as I can tell. ZoneLabs says 180 is monitoring key and mouse info, 180 says it is not.
The analysis [mvps.org] linked from TFA explains that he found evidence of setting a windows hook. The question is, does Zango use that hook to collect mouse and key info, even for a short time, or are they using the hook for other purposes? What would those purposes be?

Re:What's the hook being used for? (3, Interesting)

Ytsejam-03 (720340) | more than 8 years ago | (#14185345)

The question is, does Zango use that hook to collect mouse and key info, even for a short time, or are they using the hook for other purposes? What would those purposes be?
Yes, my thoughts exactly. The longer 180 fails to disclose this information, the more it looks like they are doing something nasty.

That said, I see no evidence that Zango is specifically targeting Windows OneCare or Microsoft Antispyware as TFA implies. The fact that zangohook.dll is being loaded into these processes is *NOT* evidence of this. Zango is setting a system-wide hook, which means that their hook DLL (zangohook.dll) will be automatically loaded into every process in the system that generates one of the events they are trying to hook.

There are legitimate uses for system-wide hooks. Many Single Sign-On products use them, for instance. The real question is, why exactly does Zango need to set a system-wide hook in the first place? I can't think of any legitimate reasons.

Re:What's the hook being used for? (3, Interesting)

arkanes (521690) | more than 8 years ago | (#14185397)

There are a number of things you might install a CBT hook for, even legitimate ones, but with the hook installed it absolutely is "monitoring" all keypresses and mouse moves. This is going to hinge on the definition of monitoring - Windows is calling a hook within the Zango code and notifying it of all the events it registered the hook for (which looks like system wide mouse and key events), however, Zango is quite likely ignoring everything except very specific events. Personally, I'd still call that monitoring.

Re:What's the hook being used for? (1)

parkrrrr (30782) | more than 8 years ago | (#14185510)

There are a number of things you might install a CBT hook for, even legitimate ones, but with the hook installed it absolutely is "monitoring" all keypresses and mouse moves.

Microsoft seems to disagree. From the documentation of CBTProc in the MSDN Library:

The HCBT_CLICKSKIPPED value is sent to a CBTProc hook procedure only if a WH_MOUSE hook is installed. For a list of hit-test codes, see WM_NCHITTEST.
The HCBT_KEYSKIPPED value is sent to a CBTProc hook procedure only if a WH_KEYBOARD hook is installed.

So, even if Zango is setting a CBT hook - and TFA has been revised to say they aren't - they're not getting mouse and keyboard events unless they (or, potentially, someone else) are also setting either a mouse or a keyboard hook.

Re:What's the hook being used for? (0)

Anonymous Coward | more than 8 years ago | (#14185475)

Actually the other article shows Zango is not monitoring key and mouse but that was a 2nd program installed by a popup from a site zango took the computer to.

So technically Zango is hooking and monitoring just about everything but it is not directly at least, monitoring key and mouse.

Then again, how about anti-cheat mechanisms? (5, Insightful)

Idaho (12907) | more than 8 years ago | (#14185022)

This is IMO becoming a problem in a lot of games. Counterstrike, World of Warcraft, Valve with its Steam engine, crap like punkbuster that scans your entire drive, registry and who knows what else, just to make sure you aren't cheating. And we are not talking about minor game companies here.

Don't get me wrong, cheating is a major (if not: the worst) problem in online games, but the lengths to which game providers go to assure (a) that you are using a legally bought version of the game (most important) and (b) that you are not using modified drivers, game libraries etc. in order to cheat (game company couldn't care less, but it costs them customers so they have to care..), could certainly make some of them be rated as 'spyware'. Then again, so can Windows XP itself. After users accepted that activation crap from Microsoft, where else could you expect this thing to go? If Microsoft is allowed to do it, then why not $small_corp_with_questionable_ethics?

(obviously, the answer is that Microsoft should not be allowed to do it in the first place, either. But as it is, this company might actually have a point - if Sony can do it and not be detected for over half a year, why can't they? The idea is ridiculous ofcourse, but hey...)

The lesson? Never trust a company... (3, Insightful)

digitaldc (879047) | more than 8 years ago | (#14185112)

...with a name like 'Zango' that offers free games.

It will only lead to great suffering.

Re:The lesson? Never trust a company... (2, Funny)

Linker3000 (626634) | more than 8 years ago | (#14185157)

Welcome to Zango com - at Zango com you can monitor everything. Hmmm - rings a bell!?

evidence (1)

towsonu2003 (928663) | more than 8 years ago | (#14185189)

may be in vain but, I don't think the article provided any proof that the software recorded mouse and keyboard input... it calls home but to do what? may be I'm getting used to Mark Russinovich'ish (http://www.sysinternals.com/blog/2005/10/sony-roo tkits-and-digital-rights.html [sysinternals.com] ) scrutiny style?

The article blog just got updated. (1)

Spy der Mann (805235) | more than 8 years ago | (#14185426)

Now he says that clicking on the popup in question installs an Apropos spyware [symantec.com] .

180 Solutions and Sony do not respect (2, Insightful)

erroneus (253617) | more than 8 years ago | (#14185593)

I think that's the most simple way to put it. These companies and companies like these simply value their own interests over that of their users in way that breaches respect for their users/customers. In addition to any legal action that is going on or should be going on, there are other actions that I think should be going on as well. Such actions should include protests and any other way that can be used to raise public awareness.

Sony has displayed for all to see that they do not respect their users or their computer systems. 180 Solutions, as much as they have tried to deny their intent, have been shown to write code that does things that... well, it "shouldn't." Again, more than a casual or accidental display of disrespect or even contempt for the user.

"Tarred and feathered" would be the treatment they'd recieve not too many decades ago -- their leaders would be grabbed by anonymous people, put on public display and humiliated. Now that we are somehow beyond this horrible behavior in today's more civilized society, I guess these fraudsters have a lot less to fear from the anonymous public at large.

In my view, there will probably always be these types of people. I truly fail to understand where these people come from, what they are thinking and why they think it's okay. These types of people are truly troubling to me and to my conscience somehow -- perhaps I don't feel as if I am personally doing enough... perhaps my own vigilante drive not being acted upon has something to do with it -- I suspect so. I wish and hope and dream all of the worst for these types of people since it seems these types never quite reap what they sew.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?