shahine.com/omar/

It's too bad that every good thing has to be exploited and and pilferred and abused to the point where it is a threat. Many blame MS for their "insercure" software. When they made IE, they couldn't have known that their technology ActiveX and scripting would be abused like this since at the time, most computing was "safe".

Spyware should be illegal. But even if there was a click-through disclaimer stating that it "help to improve web searches and provides valuable feedback about your surfing habbits to help us improve your experience in the future" it would be hard for people (such as your sister) to a) correlate that with "spyware", and b) fight the urge to simply not install it.

With a description like that, how do you legally classify a product as "spyware" and thus enforce an anti-spyware law?


Thanks,
Shawn

Yay... I finally made it onto Omar's web site!

thanks - finally some on nevine. but was looking for info on her cosmopolitan life, not her lack of tech knowledge. at least it's something. we can only hope for more in the comming months.

"Spyware should be illegal. Users like my parents and my sister don't know any better, and Windows does a poor job of protecting them."

Maybe Microsoft should just turn out some good solid software ... naw that'd be asking too much!

Omar I agree that Windows doesn’t do as good a job protecting users as it should but I don't thin this scenario can ever be addressed through software (sorry Navine).

Users need to be given the option to put software on their PC, the web needs to be a distribution scheme for software, and users do what they are told.

If we accept these last three statements as basic truths then I can not imagine a consent experience a non-educated (in the technical sense) could ever be presented with that they could make an educated decision off of.

Don't get me wrong, I support my family too and have had very similar experiences with spyware funded diet software on family members machines (repeatedly mind you).

The only option I see is delegating all installation decisions to a third party (administrator).

My 2c,

Ryan

Ryan- it's Nevine, not Navine.

I agree with Nuvine.

You think that's bad? It gets worse when even the self proclaimed good guys employ sleazeware methods.

Read on...

DiamondCS is a reputable software firm that developed one of the best Anti-tojan applications I have seen, TDS-3. Unfortunately, DCS employs a hardcode technique that redirects the user to its site with numeric IP 64.91.255.87 upon pressing the F5 function key. Of course there is nothing wrong with this process. This fact could have remained unnoticed had it not been for a spate of really nasty IGN/CWS infections that showed the DCS redirects along with the nasties in hijacked Host files and shown below:
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch

A quick google search of "O1 - Hosts: 64.91.255.87 www.dcsresearch.com" will provide at least 1,500 links (Yup! that many!). It should be noted that an HJT 01 entry will only appear if a Hostfile hijack is involved. Redirecting to the local host to will not appear in the HJT log. When asked about this, representatives of DCS at Wilders Security Forum replied that this is perfectly normal since it simply redirects from an alleged "bad site" to the legitimate DCS IP.

If such were the intention, a simple redirect to the local host would have sufficed as this blocking technique is acceptable. However, redirecting to a preferred website is in any laguage, a hijack. This type of redirect is the method used by hijackers with the same objectives: redirecting to the chosen website. DCS
cannot claim that since they are reputable, a redirect to their site is acceptable. No one has nor can give them that privilege/status. A hijack is a hijack is a hijack.... The method is absolutely wrong!
Now comes an interesting scenario.

Quote:
"It’s becoming such a sizeable problem in the US that the Government voted unanimously in Spring 2004 to approve the first-ever anti-spyware bill. The Securely Protect Yourself Against Cyber Trespass (Spy Act), approved by the US House of Representatives, would levy fines up to $3 million for those who illegally collect personal information, change a browser's default home page or bookmarks, log keystrokes, or steal identities"
Quoted from http://www.net-security.org/article.php?id=746

Do you realize that if I invested in TDS3, bookmarked www.dcsresearch.com or set my homepage to www.dcsresearch.com, the chances are I will be redirected to DiamondCS? This can be documented and I can then sue DCS for illegally redirecting my browser, right? And all because DiamondCS has chosen to adopt a Trojan method instead of a Hostfile block or Help update? Think about it.

Too, what are the chances of a crazy picking up this post and doing exactly the above? This is a possibility they brought upon themselves for insisting that what they were doing was simply protecting their interests. They chose the
expedient/easier route now they are susceptible to legal issues.... Sooner or later, this will happen....

Your thoughts?

Nowadays every computer must be armed with spybot and adaware. If these doesn't help, sometimes manual removal sources like 2-spyware.com or kephyr.com helps.

I tend to use manual resources more and more. I no longer trust the anti-spyware software. A good site is www.processlibrary.com