New utility blows the cover on 'spyware' programs

Friday, June 30th 2000, 12:00 am
By: News On 6

Gibson Research's OptOut is a simple way to rid your system of sneaky software

Worms, Viruses, and Denial of Service attacks have captured a lot of press lately. The disruption of email caused by "I.Love.You" and "VBS_Stages" were major news events, and the popularity of broadband connections like DSL and cable modems has prompted numerous warnings about port sniffing and Trojan horse programs like Back Orifice. Most hacker attacks involve someone trying to break into your computer, but there are some security threats you may actually bring on yourself, by installing software known as "spyware".

A new innovation with shareware and other downloadable programs is ad-supported software. "Shareware" is software you can download and try before you buy. After the expiration of the trial period, you are expected to pay a license fee or remove the software from your computer. But now some developers are producing special versions of popular utilities that display banners ads. The ad-supported versions are available for free or for a substantially reduced license fee.

Popular shareware programs that have taken this tact are Get Right, Go!Zilla, Cute FTP, 3D FTP, Abe's MP3 Finder, Abe's Picture Finder, Net Vampire, People Seek 98, and MP3 Friend. The only problem is that some have gone a step further and tried to target the ads that appear in the program. To do this, the software monitors your computer usage and reports the information back to a server. It all takes place in the background so you might not know what's going on or realize that you've actually given the software permission to do this.

How is this possible? Most people don't take the time to read the End User License Agreement ("EULA") when they install software. You simply press "I Agree" and go. Read the fine print, however, and you may discover you've granted the developer the right to install adbots on your computer. In a nutshell, adbot software retrieves banner ads from a server on the Internet, caches them on your hard disk, and then displays them in a special window in the utility or application.

Even if you don't regard this as an invasion of privacy, you may be disturbed to learn that adbots can cause system problems. When an adbot is installed on your system, it consumes part of your Internet connection speed. In postings to newsgroups, there are numerous reports of ad-supported programs causing slow retrieval of web pages and system crashes. Also common is the complaint that adbots remain on a computer after the ad-supported software is uninstalled. Other users who tried to remove just the ad-serving agents report that the corresponding shareware programs are immediately disabled and removal can no longer be accomplished with the Windows Remove Programs control panel.

Steve Gibson of Gibson Research Corporation has identified over 400 ad-supported downloads he refers to as "spyware". Gibson is well-known as the creator of ShieldsUp!, the online utility that tests the security of your Internet connection. Experiments with ShieldsUp! led Gibson to introduce a new spyware detection and removal utility called OptOut.

OptOut searches a PC's system registry and hard disk for evidence of ad server technology providers such as Radiate, Inc., formerly known as Aureate Media, and Conducent Technology. Conducent is used on sites such as Lycos and Go2net, which post hundreds of applications like the popular PKzip file compression utility.

According to a recent article in InternetNews, Radiate has criticized Gibson for fanning privacy fears with OptOut. "We're simply delivering advertisements, but he makes it sound like we are tracking where you surf. That may be what he thinks is going on, but it isn't," says Radiate's VP of marketing Jeff Ready. Ready, however, has acknowledged that some of the uninstall utilities used by Radiate's partners fail to properly remove the Radiate DLLs. To correct this situation, Radiate has released its own file removal utility.

One of Gibson's pet peeves is the claim that the adbots are installed with the user's consent, based on clicking "I Agree" to the EULA during installation. He finds it odd that the newsgroups would be so "up in arms" if the software was really informing them about the ad-serving components. To rectify what he sees as a routine exploitation of consumer trust and ignorance, he urges the creation of a Code of Backchannel Conduct.

In addition to performance problems and privacy issues, some users are concerned by the security implications of adbots. These components activate ports on your system that are "always-on". Many fear these ports may open security holes and make systems connected to the Internet via cable modems and digital subscriber lines more vulnerable to intruders.

Gibson is currently working on a commercial version of OptOut, but is offering a freeware version pending its release. Gibson claims OptOut is written entirely in assembly language which is why it only takes 31KB to download. No installation is required, and it runs on any 32-bit Windows system. Even if you rarely download freeware or shareware, OptOut is worth a try, especially if your system has been experiencing mysterious slow-downs or crashes.

Last year, Real Networks came under fire for monitoring the users of its software. A security expert who intercepted and examined data generated by Real Jukebox, discovered that it monitored the listening habits and certain other activities of people who use it and continually reports this information, along with the user's identity, to Real Networks.

I mention this because astute installers of newly-released RealPlayer 8 will notice that a checkbox has been added to disable this "feature". The moral here is that any free software, even an Internet staple like RealPlayer, may try to slip you an adbot, unless you pay attention to the EULA or employ a tool like OptOut.