Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Earthlink: Your hard drive may be spying on you
Miami Herald ^ | 10/14/2003 | Peggy Rogers

Posted on 10/14/2003 1:07:51 PM PDT by ex-Texan

Earthlink: Your hard drive may be spying on you

EarthLink has a word for all of you spam-hating, pop-up-blasting, virus-fearing brethren -- spyware.

And you should be scared, computer users, real scared.

Experts say as many as 90 percent of all Internet surfers have picked up one brand or another of this soaring spyware, also known as scumware, skunkware and malware.

That proportion seems awfully high, but at least a large majority of Internet-connected computer users harbor one or another of the thousands of spyware varieties.

EarthLink has more than a passing interest. Last Wednesday, it added to its Internet software a program called Spyware Blocker that the ISP says is the first anti-spyware software ever offered by an Internet service. Its inclusion underscores three things:

• That the threat of secret software that embeds itself on your hard drive is growing so greatly that experts have variously said its expansion rate could surpass the growth of viruses or spam.

• That many computer users have yet to notice the problem. Spyware is programming code that does everything from feed you ad after ad to record your surfing habits. It can change the Web page to which you're headed and log your every keystroke.

The latter kind reports back to an Internet source such private information as your e-mail messages and credit-card numbers. EarthLink's Spyware Blocker works against 1,500 varieties of scumware and continues to update the numbers as new ones are located.

• That while EarthLink has been on the front lines of blocking annoying and alarming threats to Internet privacy and security, it is not alone. Competitors like America Online have also developed security packages, albeit without antispyware measures.

EarthLink started offering protective software in spring 2002, first with pop-up blockers, next anti-spam and last month offering parental control of offensive materials and now spam blocking. By year's end, it expects to include a virus blocker.

Spyware is damaging, in part, because it is a largely silent plague. Now it is starting to get the serious and mass attention it so richly deserves.

''Since spyware is the next big threat, it was a logical and obvious thing for us to include,'' said Matt Cobb, vice president of product management for EarthLink.

He sees a greater drive to spook than to spin viruses.

''People who make viruses are malicious,'' he said. ``The people who do spyware are economically motivated, so we think it's going to become more like spam than viruses and surpass the number of virus attacks.''

Spyware can ensnare you in several ways. If you've ever downloaded freeware or shareware, particularly programs that provide such Internet services as music swapping, form fillers, download managers and other utilities, there's a good chance such programs offset their costs by letting one or several ad makers piggyback.

They can swarm your desktop with pop-ups, floating cubes and even more intricate display methods. One spyware program reportedly posted what looked like error messages to download software.

E-mail can also come infected with Trojan horses that steal information off your disk or follow your surfing habits. One company was caught planting spyware in the guise of electronic greeting cards.

If your Internet Explorer browser is set to automatically allow the download of software needed for such things as the proper viewing of Web pages, spyware can also slime you.

Look under IE's Tools menu>Internet Options>Security>Downloads, and disable file downloading. Re-enable it only when you choose to download software.

If you don't have EarthLink, there are plenty of sites with free or low-cost programs that will scan for spyware and allow you to quarantine or delete it.

One such site is www.spy checker.com. Look for information also at www.cexxorg/adware.htm and www.doxdesk.com/para site.

A word of caution: Some programs will stop running when the spyware element is removed. You'll have to decide which is the greater evil, giving up privacy to run a program or stopping the program to secure privacy.


TOPICS: Crime/Corruption; Culture/Society; Front Page News
KEYWORDS: computersecurity; earthlink; malware; privacy; spyware; trojans
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-125 next last
To: my_pointy_head_is_sharp
It's just a registry path. It could be anything.
81 posted on 10/14/2003 3:28:35 PM PDT by Sir Gawain
[ Post Reply | Private Reply | To 75 | View Replies]

To: Sir Gawain
So what will happen if I remove it?
82 posted on 10/14/2003 3:31:06 PM PDT by my_pointy_head_is_sharp
[ Post Reply | Private Reply | To 81 | View Replies]

To: ex-Texan

You can begin blocking ads and help keep yourself from being tracked by using the Hosts file with Windows and other operating systems.

What is the Hosts file, and how does it stop ads and tracking?

The Short Answer:

The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

 

The Longer, More Technically Oriented Answer:

The "Hosts" file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words - the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.

For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.

A series of steps are used when searching for IP addresses that go with these host names. The first step, and the one that concerns us here, is the hosts file on your local computer. The Hosts file tells your computer what the name is in numbers so the computer can go find it. If the IP address is found in your Hosts file, the computer will stop looking and go to that site, but if it is not it will ask a DNS computer (domain name server) for the information. Since the search ends once a match is found, that provides us with a mechanism to block sites we have no interest in. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation. When you type in a web address like www.yahoo.com, the host name portion of the web address is translated into an IP address before the site is accessed. If you put Yahoo!'s host and IP settings into your Hosts file, it would load a little quicker because your computer doesn't have to ask another to translate where to look for Yahoo!

Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already.

Many web sites have links to other servers for the retrieval of advertisements. In the case of those web servers, the browser will quickly fail to locate the requested data (scripts, images, etc.) from the advertising server because we told our computer to look for the information on itself - of course it won't find any of it and will quit looking for it - and will continue loading the pertinent portions of the page you want to see. This will keep your computer from even talking to the ad servers, and thus you won't see the ads, they can't put cookies on your hard drive, and you can't be profiled by them.

What are the benefits and/or restrictions on the Hosts file?

http://www.accs-net.com/hosts/what_is_hosts.html

83 posted on 10/14/2003 3:34:10 PM PDT by ATOMIC_PUNK (The difference between Los Angeles and yogurt is that yogurt comes with less fruit. -Rush Limbaugh)
[ Post Reply | Private Reply | To 1 | View Replies]

To: my_pointy_head_is_sharp
Either nothing, or something will stop working. If AdAware or Spybot found it, remove it. Spybot allows you to revert back to previous settings if something goes wrong.
84 posted on 10/14/2003 3:34:20 PM PDT by Sir Gawain
[ Post Reply | Private Reply | To 82 | View Replies]

To: EggsAckley
Judy -- Thanks for the reply. Glad my suggestion worked for you.
85 posted on 10/14/2003 3:56:49 PM PDT by ex-Texan (Why Davis Orders Shredders - - To Destroy Evidence of Fund Raising Felonies!)
[ Post Reply | Private Reply | To 59 | View Replies]

To: Sir Gawain
OK, I just downloaded and ran Spybot. It found 7 problems (as opposed to ad-aware's 1). Most are just tracking cookies (which I clear out every night).

The other two are:

BDE Projector: File Extension Link - REGISTRY KEY
HKEY_CLASSES_ROOT\.b3d

DSO Exploit: Data Source Object Exploit - REGISTRY CHANGE
HKEY_USERS_.DEFAULT\Software/Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004\=W=3

Do you think I should keep them or delete them?

86 posted on 10/14/2003 4:36:21 PM PDT by my_pointy_head_is_sharp
[ Post Reply | Private Reply | To 84 | View Replies]

To: Sir Gawain
I just deleted them all. As you said, if I need to, I can revert it back. Thanks!
87 posted on 10/14/2003 4:47:02 PM PDT by my_pointy_head_is_sharp
[ Post Reply | Private Reply | To 84 | View Replies]

To: bjcintennessee
Security Test is the FIRST and LAST thing to do. You do it FIRST to see how many ways a hacker can get into your computer while you are on line.

Steve Gibson (GRC.com Security Test)has been doing 'miracles' with hard drive maintenance and security since at least since the 1980's (that ages me as well)

The web site will tell you which ports - look at ports as different paths into your computer ... port 80 is the doorway to websites and your computer is set to only accept certain things through that port (I know it's simplistic) When you are on-line that is ithe ONLY port that should be accessable. CHAT & Instant Messenger use different ports which leave your computer highly vulnurable to hack attacks (IMHO).

AdAware - you run this program TWICE the first time - after that at least once/week. EVERY time you run AdAware, you want to check for updates to keep safe.
HOW to use AdAware (quickie lesson)
1. Right above the START button, you'll see "Check for UpDates Now!" DO IT! Follow directions
2. Click the START button - how long depends on drive size and computer speed - make a cup of coffee if you have a large HD
3. Click NEXT (leave it at defaults until you learn more)
....
....
Ooops dinner's ready - I'll finish this lesson after!
88 posted on 10/14/2003 4:49:43 PM PDT by steplock (www.FOCUS.GOHOTSPRINGS.com)
[ Post Reply | Private Reply | To 78 | View Replies]

To: my_pointy_head_is_sharp; Sir Gawain
I do not recommend ppl changing the registry settings in windows - it's like a spaghetti plate of code. I have allowed ad-aware to modify specific registry settings with no impact, but I'm a renegade and often do things I would not advise others to do. I don't want to break your system, MPHIS.

I have not used the Spybot product, so I'll defer to Sir Gawain on this one.

89 posted on 10/14/2003 4:52:30 PM PDT by stainlessbanner
[ Post Reply | Private Reply | To 86 | View Replies]

To: steplock
Don't foget to open the "FR port" on your computer < grin >
90 posted on 10/14/2003 4:54:19 PM PDT by stainlessbanner
[ Post Reply | Private Reply | To 88 | View Replies]

To: AlBondigas
That spinning globe was a single registry entry. Nothing harmful. FYI, IE 6.0 deletes it.

Well, it was there in win95, there when I upgraded to winME, there when I did my dangedest to reinstall IE several times and changed versions, there when I reinstalled winME a few times. All that long after I uninstalled Earthlink.

It only went away when I reformatted my drive. If I had known about the registry entry, I would have looked for it and deleted it. I did a registry search for the string " -- provided by earthlink" which was also stuck on my browser, and found a couple entries(as I recall), but deleting them didn't make the string go away.

It's probably just one of those little things that was tangled up in the un-uninstallable portions of that version of MSIE, some tidbit of data serialized by an obscure COM object. But there was also the sporadic network activity that showed up on the netmon but not in the firewall. It made me paranoid.

Incidentally, I just downloaded and ran the SpyBot program. It found the remnants of some spyware that I had already disabled(Gator) and several tracking cookies. No keystroke monitors or any active spyware. So I guess I am safe *for now*.

91 posted on 10/14/2003 4:59:40 PM PDT by Yeti
[ Post Reply | Private Reply | To 40 | View Replies]

To: my_pointy_head_is_sharp
Delete.
92 posted on 10/14/2003 5:06:31 PM PDT by Sir Gawain
[ Post Reply | Private Reply | To 86 | View Replies]

To: TheBigB
The toaster is innocent. But you should check on your refrigerator. You can hear it running, but do you have any idea where it is running and to who?
93 posted on 10/14/2003 5:12:07 PM PDT by Harmless Teddy Bear (Ignore the propaganda, focus on what you see.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: South40
Earthlink is the spy.

I should have read the posts before I posted my own, I would have directed it to you.

I had the same probs with Earthlink. If you didn't catch the exchange, #33 is what I said, #40 is what AlBondigas said about that, and #91 is what I said about what he said. : )

I don't trust Earthlink.

94 posted on 10/14/2003 5:13:51 PM PDT by Yeti
[ Post Reply | Private Reply | To 15 | View Replies]

To: Vigilantcitizen; stainlessbanner
turning me on to Mozilla.

I started using it a few weeks ago and it's great. Other than the pop-up manager, the tabbed browsing is the best part, if I can stop hitting the 'close other tabs' when I want 'close tab'. ;-)

95 posted on 10/14/2003 5:26:54 PM PDT by StriperSniper (All this, of course, is simply pious fudge. - H. L. Mencken)
[ Post Reply | Private Reply | To 79 | View Replies]

To: bjcintennessee
Yumm! BBQ Chicken! That hit the spot!

Where was I? Oh yeah We left AdAware scanning so now it's finished.
It will show x Objects recognized, processes, registers, etc.

4(?.) Click NEXT
5. You'll see the list of ALL the spywarez cookies that AdAware has found. 99.9% are innocent (non invasive) tracker cookies. It's the 0.1% that's a danger!
6. Look through the list of files shown, some legitimate programs show here occasionally because they use the same techniques as spywarez. If I remember correctly, most of the accounting programs, some stock programs, etc. go down the list and if recognize the name of the program as one you use, click on the box (left side) next to the file name.
7. After you checked all the ones you recognize as your program, with your cursor still in that box with all the names, RIGHT-CLICK (anywhere) and click on "Add Selected to Ignore List". follow instructions
8. now -- RIGHT CLICK again and "Select all Objects"
9. Click NEXT
REPEAT MINUMUM Once per Week and after visiting a questionable web site (one with a lot of pop-ups qualifies)

You only have to do the "IGNORE LIST" part one time.

96 posted on 10/14/2003 5:27:26 PM PDT by steplock (www.FOCUS.GOHOTSPRINGS.com)
[ Post Reply | Private Reply | To 78 | View Replies]

To: BlessedBeGod; TheBigB
Do you both have this model?!?!

(Click on toaster)

Talkie Toaster Manufactured by: Crapola, Inc.

97 posted on 10/14/2003 5:57:47 PM PDT by StriperSniper (All this, of course, is simply pious fudge. - H. L. Mencken)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ex-Texan
bump for future ref
98 posted on 10/14/2003 6:21:05 PM PDT by JeffreyH
[ Post Reply | Private Reply | To 1 | View Replies]

To: ex-Texan
Bump~
99 posted on 10/14/2003 6:48:44 PM PDT by concentric circles
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sir Gawain
Thank you
100 posted on 10/14/2003 7:19:57 PM PDT by Publius6961 (40% of Californians are as dumb as a sack of rocks.)
[ Post Reply | Private Reply | To 66 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120121-125 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson