Spyware Sucks

When you connect to a Web site that uses a client certificate for user authentication, IE6 does not filter out invalid certificates on a Windows XP SP2 based computer:
http://support.microsoft.com/default.aspx/kb/929477

How to move the Standard toolbar to a location that is above the Address bar in IE7:
http://support.microsoft.com/default.aspx/kb/930645

That’s one hell of a headline, yes?  It’s taken from this announcement by the Office of the New York State Attorney General Andrew M. Cuomo:
http://www.oag.state.ny.us/press/2007/jan/jan29b_07.html

Basically, thanks to their involvement with Direct Revenue (having spent hundreds of thousands of dollars delivering advertisements through Direct Revenue software) Priceline.com Incorporated (“Priceline”), Travelocity.com LP (“Travelocity”) and Cingular Wireless LLC (“Cingular”) have been found responsible for how their advertisements are displayed on user’s computers.  To quote the press release:

““Advertisers will now be held responsible when their ads end up on consumers’ computers without full notice and consent,” Cuomo said.  “Advertisers can no longer insulate themselves from liability by turning a blind eye to how their advertisements are delivered, or by placing ads through intermediaries, such as media buyers.  New Yorkers have suffered enough with unwanted adware programs and this agreement goes a long way toward clamping down on this odious practice.””

Priceline, Travelocity and Cingular all promise to:

• Provide to consumers full disclosure of the name of the applicable adware program and any bundled software;
   
• Brand each advertisement with a prominent and easily identifiable brand name or icon;
   
• Fully describe the adware and obtain consumer consent to both download and run the adware;
   
• Make it practicable for consumers to remove the adware from their computers;
   
• Obtain consent to continue serving ads to legacy users;
   
• Require their affiliates to meet all of these same requirements.
• Undertake “due diligence” when selecting and using adware providers including investigating how the online ads are delivered.
• Immediately cease using any adware provider if said provider breaches the above terms “or their own adware policies”.

Priceline will pay $35,000 to the State of New York as penalties and investigatory costs, Travelocity will pay $30,000 for the same reason, and Cingular will pay $35,000, again as penalties and investigatory costs.

The implications of this decision are quite staggering, and will force media buyers and other intermediaries and those who buy content from them, to clean up their act, unless they want to lose advertising income from their reputable clientele.

I would have liked one more condition to be added to the agreement between the New York State Attorney General and Priceline, Travelocity and Cingular, that being that if their media buyers or other intermediary are shown to be allowing cr*p like Winfixer to be promoted via a service also used by Priceline, Travelocity and Cingular, that they (Cingular, Travelocity and Cingular) should stop using said media buyers or other intermediary unless and until the media buyers or other intermediary stops said malware advertisements.

The words “or their own adware policies” could be a stumbling block for media buyers and other intermediaries such as Right Media and those they on-sell to.  What if, for example, Company X has a “no spyware or malware” policy.  It could be said that the New York agreements mean that if the companies in question hire media buyer or intermediary X, and that supplier also has, for example, people who are distributing Winfixer as a client, then the companies affected by the New York settlement could quite likely be beholden to dump media buyer X as their supplier.

That scenario, as far as I’m concerned, would make me very happy indeed.  I want the media buyers, intermediaries and anybody else who conspires and contributes to the distribution of malware like winfixer via pop-up ads to become internet pariahs, avoided by reputable companies and relegated to the world of has-beens, avoided by anybody who values their reputation.

The full “Assurance of Disclosure” can be found here:
http://www.oag.state.ny.us/press/2007/jan/adware-scannedAODs.pdf

Yay. Thanks to Susan for pointing this out.

Available here:
http://www.microsoft.com/downloads/details.aspx?familyid=25bb5f65-4734-4268-b2b1-1606dceac06f&displaylang=en&tm

Fixes the following issues:

• 917718 The ISA Server Control service may not start after you rename and then restart a computer that is running ISA Server 2004
• 917265 Error message when client computers that are behind a proxy server access Web sites that are published by using ISA Server 2004: "404 Not Found. The requested item could not be located (12028)"
• 917903 You cannot join a Windows Vista 64-bit client computer to a Windows domain on which ISA Server 2004 is configured as a firewall (Bingo - need this for my Ferrari x64)

More specifically the TomTom software being distributed with the 910 was infected with win32.Perlovga.A Trojan and TR/Drop.Small.qp - an excellent write-up (and, I think, the article that originally broke the news) is available here
http://www.daniweb.com/blogs/entry1276.html

TomTom's statement about the situation is here which notes that the satnavs were produced between September and November last year:
http://www.tomtom.com/news/category.php?ID=2&NID=349&Language=1

Regarding TomTom's statement that the viruses are "low risk", I say B*LLS*T. There is no such thing as a trojan that is not dangerous.  If that trojan is used to morph your system into a spambot, that is dangerous - if it is used to host somebody's p0rn or warez collection, that is dangerous.  If your infected system is added to a botnet for DDOS attacks, that is dangerous.

Nobody has any way of knowing what the end result of infection by that trojan is going to be, and how the bad guys are going to use the access granted by said trojan, and therein lies the real danger.  It is all well and good to tell victims to delete the two affected files that TomTom installed (copy.exe and host.exe) but what about the crud that is installed on a system *by* that trojan - hands on experience has shown me that the crud that is downloaded and installed by such trojans after infection can be extremely difficult to detect and remove.

Detection of perlovga has been available since July 2006 - two months before TomTom started distributing the trojan, so where was their antivirus protection?  How did this trojan get into their production environment? Just like happened with Apple, who distributed a mystery number of iPods infected with the RavMonE virus, we are seeing the end result of a basic breakdown in quality control and antivirus protection.  It simply isn't good enough to distribute between September and November malware that has been detectable since July.

Well, at least they didn't try to blame Windows, unlike Apple:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/18/184326.aspx

Microsoft have released a series of updates for Windows Vista, both x86 and x64 versions, including (finally) a phishing filter update for IE7 that speeds up Web surfing - the XP version of the phishing filter update was released a while back.

Here's what you will see in a corporate environment if you are using WSUS:


If updates have already been downloaded by your Vista system, or if Windows Update is otherwise active (installing or waiting for a reboot) you will see this icon in the system tray: 

Vista users can access Windows Update easily, by clicking on the Start button and typing Windows Update:

Windows Update will show you what updates are available and away you go - you can install the whole lot or pick and choose - unfortunately, Windows Vista may need a reboot after installation (I thought we weren't going to have to do that anymore?) and I recommend that you check for further updates after you reboot - my system detected 3 updates on the first run, and another 5 on the second run.  The reboot is a bit disconcerting the first time you see it; the system shuts down normally, then the blue/green loading screen comes up as per normal to let you know that the updates are being installed but then, be warned, your screen may go black again when the system restarts a second time as part of the update installation - it can be a bit scary to see the screen go black again - I actually thought something had gone wrong - but hang in there - if the power is still and there is hard drive activity things should be fine - be patient with lower resource systems.

When installation is finished you can View update history which has a cool feature - if you double click on any entry in Update History a new window will open just like this one that describes the update in detail:

Installed Updates window (see the failed ATI  and Atheros updates? That's how the Ferrari 5000 was delivered to me - not too good Acer)

 Updates detail window

Windows Update:

Selecting updates:

Updates successfully installed:

Back in June last year I wrote about how a Vexatious Litigant by the name of Leo Stoller had gone after Castlecops by claiming that he (Leo) owned the trademark "Castle":
http://msmvps.com/blogs/spywaresucks/archive/2006/06/28/103057.aspx

I later reported that the USPTO had finally run out of patience with Stoller:
http://msmvps.com/blogs/spywaresucks/archive/2006/07/23/105518.aspx

Stoller has now drawn the ire of no less than Google, by apparently claiming that he (Stoller) owns Federal registration of the Google trademark (and common-law rights) via the various corporate entities mentioned in the lawsuit.

Google alleges false advertising, RICO violations and unfair competition.

Google v. Central Mfg Inc., No. 07CV 385
http://www.roylance.com/Uploads/CentralMfgCo/Complaint%20FILED.pdf

Google's prayer to the Court for relief requests:

1) An injunction prohibiting the Defendants from engaging in further acts of false advertising, racketeering and unfair competition as to Google.

2) An order requiring the dissolution and/or reorganisation of the enterprise and requiring the divestment of any interest, whether direct or indirect, therein.

3) Three times the plaintiff's (Google's) damages and defendant's profits, together with reasonable attorney's fees and costs.

4) Three times the plaintiff's damages and costs of suit, including reasonable attorney's fees and costs.

5) Punitive damages sufficient to punish the Defendant and deter such misconduct in future.

6) Prejudgment interest, as appropriate.

7) Such other and further relief as the Court deems just and proper.

Commentaries on the lawsuit:

43(b)log
http://tushnet.blogspot.com/2007/01/google-v-stoller.html

The TTABlog
http://thettablog.blogspot.com/2007/01/google-sues-leo-stollers-companies-for.html

Stoller responds:
http://rentmark.blogspot.com/2007/01/google-inc-plans-to-sue-leo-stoller-in.html

So, what drew Stoller to Google's attention?  Stoller did it to himself.  Research reveals that back in 2006 Google applied to register the mark GOOGLE for "toys and sporting equipment, namely plastic exercise balls.", and that this registration application led to Stoller filing an opposition, wherein he claimed to own the mark "Google" (Source: The TTABlog: http://thettablog.blogspot.com/2006/04/leo-stoller-opposes-google-application.html).  Surely Stoller did not honestly believe that Google would let such claims stand unchallenged.  The suit was eventually dismissed with prejudice by Stoller's bankruptcy trustee.

Stoller also petitioned for the cancellation of the mark Google for search engine services - again Stoller's bankrutpcy trustee withdrew and dismissed "with prejudice" the petition (Source: The TTABlog: http://thettablog.blogspot.com/2006/12/stoller-trustee-consents-to-dismissal.html)

As much as I dislike Stoller's activities, I have to ask, why the heck did Google apply to register the mark for "toys and sporting equipment, namely plastic exercise balls" in the first place?  Google don't manufacture sports equipment, and Google cannot expect to stop everybody from using the word "Google" in whatever context - especially now that Google is a transitive verb http://www.m-w.com/dictionary/google  (Wordnet (Princeton University) lists google as a noun *and* a verb - http://dictionary.reference.com/cite.html?qh=google&ia=wn)

How did Stoller become a bankrupt?  Well, in what ended up being another fantastic misjudgment on Stoller's part, Stoller himself started things by lodging a Chapter 13 voluntary petition for relief back in December 2005 whilst embroiled in a lawsuit with Pure Fishing (another one of Stoller's attempts to sue for trademark infringement lawsuits).  The Chapter 13 had the effect of staying the lawsuit against Pure Fishing which Stoller was on the verge of losing in spectacular style.  In a Chapter 13, Stoller would have controlled the reorganisation of his debts and finances.

The Pure Fishing lawsuit was decided in Pure's favour in December 2006, with judgment being entered for the amazing sum of $969,751.81.

The Chapter 13 was converted to a Chapter 7 insolvency after Pure Fishing lodged a claim in Stoller's bankruptcy proceedings, and requested the conversion to Chapter 7.  The Court agreed to the request and a trustee was immediately appointed to manage Stoller's estate.   By December 2006 the trustee not only had control of Stoller's bankrupt estate, he also had the ability to begin, maintain, terminate, or settle any pending proceeding that involves Stoller or any of his proprietorship entities AND Stoller's actions as sole share holder of all corporate entities owned or controlled by Stoller - oops.

Why was Stoller's Chapter 13 converted to a Chapter 7? For starters, it was because of bad faith on the part of Stoller - bad faith in this case a being lack of candor and a failure to maintain books and records, the fact that Stoller would be denied a discharge under Chapter 7 because of said failure and the fact that he transferred real property to his daughter just before starting the Chapter 13 proceedings, and didn't declare that property, Stoller's failure to disclose the existence of unincorporated business entities he owns, and, ironically, because Stoller does not have a regular income and because to convert to Chapter 7 is in the best interest of creditors.

Court documents reveal the quote about Stoller revealing that Stoller, "who was actively engaged in business for many years lacked business books and records from which his financial condition and income could be ascertained so as to determine whether his Chapter 13 Plan for payments to the Chapter 13 Trustee was proposed in good faith. Second, [Stoller] deeded title in valuable real estate to a family member shortly before filing in bankruptcy and did so without apparent consideration. The circumstances of that property transfer raised serious questions as to whether it should or could be attacked as a fraud on creditors or otherwise, an issue that should be investigated by a Chapter 7 Trustee." (Source: http://www.ilnb.uscourts.gov/JudgeSchmetterer/Opinions/Stoller.pdf).

The Findings of Fact in the ilbn.uscourts.gov PDF make for interesting reading.

Information about Stoller with links to court documentation that was used for this article is available at Wikipedia:
http://en.wikipedia.org/wiki/Leo_Stoller

Source: http://billpstudios.blogspot.com/2007/01/upgrade-to-vista-lose-compuserve.html

What I want to know is, *why* won't CompuServe work with Vista?

Does anybody have instructions on how to connect to CompuServe without using CompuServe software?  I'd much prefer that a workaround be found, rather than users not install Vista if that is what they want to do - the security improvements are worth the effort.

Kind of predictable, really:

How to uninstall IE7 (22,582)
http://msmvps.com/blogs/spywaresucks/archive/2006/02/05/82589.aspx

Helping HP Director play nice with IE7 (18,729)
http://msmvps.com/blogs/spywaresucks/archive/2006/10/22/197647.aspx

IE7 Gold has gone live (16,954)
http://msmvps.com/blogs/spywaresucks/archive/2006/10/18/182724.aspx

Ah, the charms of living in Australia during the Summer, and a drought.

My son and I faced a bit of a challenge when we went to pick up my daughter from work this afternoon.  My son took some photos using my camera when we realised that this trip could get a little interesting...

Uh oh - this could be a problem:

Getting closer:

Somehow I don't think we're going to get to my daughter.... maybe we should plan an alternative route:

This was as close as we could get - the police have blocked off the road - excuse me but my daughter is on the other side of that thing!!

I found out today that my blog entry about the problems with HP Director and IE7 is currently the 3rd most commonly visited page at msmvps.com - amazing.  The only blogs visited more often are Chrisl and Coad.

My HP article is not only an often visited article, it also attracted more reader comments than any other article that I have written, and would have attracted even more if comments were not automatically barred after 60 days:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/22/197647.aspx

I also found out today that I have been quoted by The Register:
http://www.theregister.co.uk/2007/01/27/myspace_scareware_myscare/

""I have said this many times, but I strongly recommend that MySpace be blocked on your networks," writes Sandi Hardmeier, a consultant under Microsoft's most valuable professional program, on her blog. "Don't let your kids go there. Don't let your employees go there. It simply isn't safe."

Pot, meet kettle, perhaps."

The blog entry they have taken the quote from is this one:
http://msmvps.com/blogs/spywaresucks/archive/2007/01/25/516895.aspx

Let's not forget that it was The Register, and Temerc, that first drew the MySpace problem to my attention.  Temerc has posted about the problem on dozens of forums, including his own:
http://temerc.com/phpBB2/viewtopic.php?p=3422711#3422711

I have now tweaked my home network now so that I can access MySpace, while still preventing anybody else on the network from getting there, so that I can keep an eye on things. 

Mike Burgess of MVP Hosts File fame, advised that MySpace adverts are served up from delb.myspace.com (216.178.33.60), which redirects to Right Media (ad.yieldmanager.com).  Whois Results for www.yieldmanager.com

I'll be honest - I still think it is time to go after Right Media; they are further up the distribution chain than MySpace, ActiveWin and the Messenger Plus! sponsor program, all of which I have personally seen being used as a conduit to get Winfixer aka Drivecleaner aka Errorsafe on to victims' computers.  The FTC went after Zango, and I can see no reason why they could not go after Right Media as well.

That being said, it is extremely important to keep the pressure on MySpace to clean up its act.  With its "119.5bn ad impressions in Q4" (source: The Register)  (which I calculate to be 1,327,777,777.78 ad impressions per day, at 90 days per quarter) it presents a risk to potentially millions more people than the Messenger Plus! sponsor program ever did (the latest statistics posted by Patchou reveal that Messenger Plus! is being installed roughly 230,000 times per day and has 14 million activer users) and, unlike CiD, MySpace doesn't have the option of editing its users' HOSTS file in an attempt to protect visitors from risk.

I am sure that, if they could be convinced to take such a step, a threat by MySpace to take their business elsewhere would be more than enough to encourage Right Media to clean up their act.  Add to that convincing Circle Distribution (CiD - the provider of the Messenger Plus! Sponsor Program) and other high volume clients to do the same thing, and negative press from the anti-spyware community, and we may just be able to make a difference.

www.yieldmanager.com redirects to https://my.yieldmanager.com/ which is a Right Media log-in page.

99.85% for Opera 8.x, 80.41% for Opera 7.x and 13.66% for Opera 9.x

See the news pane to the left of screen for the latest statistics.