Posts with tag "spyware"

What a write off

Category: Technology
.
12 comments
.
Posted 1934 days ago

It’s not that I didn’t want to spend time today blogging but even before I had my first coffee this morning our daughter showed up unannounced with her computer in tow. I could let you guess what was expected from me at that point; among some supposed family time with her and her boyfriend. Yup it was the old “Daaddd … my computer isn’t working right. Do you think you can fix it for me?”

One would think that growing up in a home where she was around computers all the time and use to hearing all about people making silly mistakes with them that she would have known better.

It was exactly the opposite and I am still working away at trying to get her machine back to some semblance of being a well behaved computer. Hopefully at some point in the next few hours I’ll be able to get back on track ,,, that is is there are no other surprises hiding away in there.

The Scoble Hype is nothing compared to what Sears is doing

Category: Technology
.
2 comments
.
Posted 1964 days ago

Sears - our newest spy agency So now that we are getting over Robert being suspended from Facebook, Robert being re-instated at Facebook and getting sick of reading about it I sit back and wonder what all the fuss is about.

Really … especially in light of of some serious allegations being leveled against Sears and their My SHC Community on Sears.com. While we in the tech blogosphere get all up in arms over someone admittedly breaking Facebook’s TOS we have a brick and mortar company colluding with Comscore to install that company’s tracking software without your knowledge when you join the community.

According to Techdirt this software will then begin to track all your activities online and send it back to Sears and Comscore as well:

After that, all of your online activities — including to “secure” sites like banking sites — is sent directly to Comscore, despite Sears’ website insisting that none of the data you share will go to anyone but Sears. As for the “community,” it doesn’t seem like there is one. The security researcher who signed up for the community says that once the software is installed, there’s no obvious indicator that it’s installed or running — and he received no “communications” from the so-called community whatsoever. Basically, it sounds like it’s just a trick to get you to install this tracking software while hoping you’ll forget about it

In addition to this as reported by Brian Krebs of the Washington Post blog Security Fix it appears that your shopping habit on the Sears site end up being publicly searchable:

Sears is having a bit of a rough day with the privacy community. The company got off to a rocky start with revelations that many customers who gave Sears their personal details after shopping at the company’s Web site also were giving away their online Web browsing habits to marketers, thanks to snooping software silently installed (and ill-documented) by a Sears marketing partner.

Now, it appears the company’s Web site may also be making those shopping habits publicly searchable, at least as they relate to products purchased in Sears stores and/or via its Web site.

As bad as this is; and it is the worst example of corporate malfeasance in safeguarding our data or respecting our privacy, it amazes me that we are so easily sidetracked by something as stupid and mundane as the Scoble-Facebook nonsense. All these Web 2.0 proponents carrying on about transparency and suggesting that Scoble is the new hero of the open data movement because he stole data from Facebook.

But other than sites like Techdirt; who have followed this from the beginning, or security related sites like Bruce Schneier’s blog this whole story has been a dull thud in the tech blogosphere and that is appalling. Hell even Valleywag took time out from rumor mongering to write about the matter. I guess though for people who think it is okay for Robert to steal what is now someone else’s data they must also think that what Sears and Comscore is doing is okay as well.

Hell even Sony got more of a smack down over their rootkit DRM of CDs that what is happening to Sears or Comscore. Maybe because Sears isn’t a music or movie producer it doesn’t count or maybe because it’s regular folk that are getting screwed with that it doesn’t raise an eyebrow in the tech blogosphere.

Either way the fact that a phoney ass uproar over Facebook defending its TOS rates more attention than what Sears and Comscore is doing is just sad.

Tech Geeks don’t get the real world users

Category: Technology
.
8 comments
.
Posted 1970 days ago

Why don't users listen to us?? I love reading comments on technology oriented blogs especially when they start espousing how it should be, how it is in their homes or how Microsoft is screwing up everything they touch. Yup techies, especially those with years of experience under their belt are a fountain of knowledge and are more than willing to share it whether it is through exhaustive blog posts, or in the comments to those blog posts.

Today I was reading a post by engtech when my eye caught a couple of links to older posts by Jeff Atwood at Coding Horror where he talks at length about the self-interest of anti virus companies and how with proper care and attention; along with some funky software options like virtualization, antivirus programs were unnecessary. As interesting as the post was in itself the comments that followed it proved to be just as interesting; if not more so.

Now I’ve posted before on my feelings about how I think AV companies are no better than snake oil salesmen but I am also realistic enough to know that for the real world computer user and their families not having an AV installed turns their computer into a ticking time bomb.

It is things like this that perfectly illustrate; to me at least, how tech knowledgeable people have gotten to the point where they have lost sight of the reality of the larger world of real computer users. To assume that everyone will know; or even give a shit, what virtualization is in the first place let alone go to all the trouble of installing it and using things like VMware is a fool’s assumption. It’s hard enough to get them not to click on stupid ass email attachments from people that may or may not know.

I can’t even remember the number of machines that I have seen that have had AV software turned off, AV subscriptions so out of date as to be totally useless or even firewalls disabled because they didn’t like all those popup dialogs showing up all the time. These are the people you want to learn to make image backups or not click on that attachment from Aunt Mable or to fire up a virtual version of their OS so they can play WoW – give your head a shake.

Why do you think botnets are ravaging our systems. Why do you think that Sony wasn’t concerned about their rootkit DRM scheme. The reason things like this proliferate is because the real world user doesn’t give a shit past being able to download music where ever they can, surf for porn and clicking on any button just to get rid of those popups. Things like that succeed because normal everyday folks are using tools they don’t have the faintest clue about; and probably for the most part don’t care to learn anything about.

The crackers, phishers and other assorted script kiddies are playing a game of averages and as with Las Vegas casinos the law of averages is always in their favor. It’s in their favor because there are more real world computer users out there than there are geeks; and that isn’t like to ever change.

So for as much as those of us that work with computers in one fashion or another day in and day out like to think we have all the answers the fact is it doesn’t matter if we do or not. The fact is that as much as we would like to think we know how the computer world works the truth of the matter is that as long as we refuse to think like those real world computer users – especially when developing software – no amount of self-righteous chest beating of how things should be done will make one bit of difference.

Security Roundup [26.11.06]

Category: Technology
.
Comments are off for this post
.
Posted 2368 days ago

Looks to have been a pretty average week as far as security news is concerned anyway.

Scandals: Bigger phish to fleece – Sydney Morning Herald

The industry jargon is “phishing” — sending out fake emails designed to persuade people to reveal personal details such as bank account or credit card numbers. A study by the US technology firm Gartner has found the number of “phishing” messages circulating in the US has risen from 57 million in 2004 to 109 million so far in 2006.

Rootkits, polymorphics turn threats tougher in 2006 – IT News

Toughened threats have been the hallmark of this year’s security scene, a prominent security researcher said on Friday.

“They just got tougher this year,” said Oliver Friedrichs, the director of Symantec’s security response team. “They’re harder to detect and harder to remove.

“And they’re harder for individuals to detect themselves. In the past, users could find a malicious file themselves, an errant key in the registry, or a process running in Windows,” Friedrichs said. “Now threats are less likely to show up there and more likely to be hidden on a system.”

Keep eye on computer-using kids, parents told – Times-Tribune

Lynn Tedesco learned some shocking news when she attended a recent Internet safety course: Personal information about her three computer-savvy teenage daughters is available to anyone with Internet access.

And her daughters and other children using the Internet often post that information online themselves.
The 20 people attending the course, put on by the Wallenpaupack Area School District, left with one clear message: Parents need to monitor their children online

Hackers Use Virtual Machine Detection To Foil Researchers – Information Week

Hackers are adding virtual machine detection to their worms and Trojans to stymie analysis by anti-virus labs, a security research said Sunday.

The tactic is designed to thwart researchers who use virtualization software, notably that made by VMware, to quickly and safely test the impact of malicious code. Researchers will often run malware in a virtual machine to protect the system’s actual operating system from infection; virtualization software also lets analysts test malware against multiple operating systems on a single computer.

VXers suffering from ‘writer’s block’ – Channel Register

Virus writers have run out of fresh ideas for the creation of malware, according to a study by Russian anti-virus firm Kaspersky Lab.

Kaspersky reckons that while the hacking community is developing “proof of concept” code for new platforms, it is unlikely that this work will result in malware capable of causing much damage.

Who’s pulling the FUD now?

Category: Technology
.
Comments are off for this post
.
Posted 2427 days ago

Ars Technica is reporting on a statement released by Symantec today that Vista will “reduce customer choice” when it comes to computer security

Now, with Microsoft’s new operating system Vista still on pace for release in January 2007, Symantec is warning that the OS may harm it and other security software companies. In a statement released today, Symantec communications director Chris Paden said that Vista will “reduce consumer choice” when it comes to computer security.

However if you check the current listing of AV/security software packages that work with Vista RC1 as compiled and maintained by IEXBeta.com just about every security package works; including Symantec’s.

So who’s trying to bullshit who here?

Limited beta of Counter Spy 2.0

Category: Technology
.
Comments are off for this post
.
Posted 2435 days ago

Saw posted on the Sunbelt blog that they are opening up a limited beta of their CounterSpy 2.0 product.

I’m pleased to announce the start of a limited public beta for the next version of our flagship anti-spyware application, CounterSpy 2.0.

This limited public beta will allow the first 2,000 applicants to test drive a pre-release version of CounterSpy 2.0, which incorporates a number of significant improvements over CounterSpy 1.5.

You can read more about it here