Posted on 10/14/2003 1:07:51 PM PDT by ex-Texan
Earthlink: Your hard drive may be spying on you
EarthLink has a word for all of you spam-hating, pop-up-blasting, virus-fearing brethren -- spyware.
And you should be scared, computer users, real scared.
Experts say as many as 90 percent of all Internet surfers have picked up one brand or another of this soaring spyware, also known as scumware, skunkware and malware.
That proportion seems awfully high, but at least a large majority of Internet-connected computer users harbor one or another of the thousands of spyware varieties.
EarthLink has more than a passing interest. Last Wednesday, it added to its Internet software a program called Spyware Blocker that the ISP says is the first anti-spyware software ever offered by an Internet service. Its inclusion underscores three things:
• That the threat of secret software that embeds itself on your hard drive is growing so greatly that experts have variously said its expansion rate could surpass the growth of viruses or spam.
• That many computer users have yet to notice the problem. Spyware is programming code that does everything from feed you ad after ad to record your surfing habits. It can change the Web page to which you're headed and log your every keystroke.
The latter kind reports back to an Internet source such private information as your e-mail messages and credit-card numbers. EarthLink's Spyware Blocker works against 1,500 varieties of scumware and continues to update the numbers as new ones are located.
• That while EarthLink has been on the front lines of blocking annoying and alarming threats to Internet privacy and security, it is not alone. Competitors like America Online have also developed security packages, albeit without antispyware measures.
EarthLink started offering protective software in spring 2002, first with pop-up blockers, next anti-spam and last month offering parental control of offensive materials and now spam blocking. By year's end, it expects to include a virus blocker.
Spyware is damaging, in part, because it is a largely silent plague. Now it is starting to get the serious and mass attention it so richly deserves.
''Since spyware is the next big threat, it was a logical and obvious thing for us to include,'' said Matt Cobb, vice president of product management for EarthLink.
He sees a greater drive to spook than to spin viruses.
''People who make viruses are malicious,'' he said. ``The people who do spyware are economically motivated, so we think it's going to become more like spam than viruses and surpass the number of virus attacks.''
Spyware can ensnare you in several ways. If you've ever downloaded freeware or shareware, particularly programs that provide such Internet services as music swapping, form fillers, download managers and other utilities, there's a good chance such programs offset their costs by letting one or several ad makers piggyback.
They can swarm your desktop with pop-ups, floating cubes and even more intricate display methods. One spyware program reportedly posted what looked like error messages to download software.
E-mail can also come infected with Trojan horses that steal information off your disk or follow your surfing habits. One company was caught planting spyware in the guise of electronic greeting cards.
If your Internet Explorer browser is set to automatically allow the download of software needed for such things as the proper viewing of Web pages, spyware can also slime you.
Look under IE's Tools menu>Internet Options>Security>Downloads, and disable file downloading. Re-enable it only when you choose to download software.
If you don't have EarthLink, there are plenty of sites with free or low-cost programs that will scan for spyware and allow you to quarantine or delete it.
One such site is www.spy checker.com. Look for information also at www.cexxorg/adware.htm and www.doxdesk.com/para site.
A word of caution: Some programs will stop running when the spyware element is removed. You'll have to decide which is the greater evil, giving up privacy to run a program or stopping the program to secure privacy.
You can begin blocking ads and help keep yourself from being tracked by using the Hosts file with Windows and other operating systems.
What is the Hosts file, and how does it stop ads and tracking?
The Short Answer:
The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.
If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.
The Longer, More Technically Oriented Answer:
The "Hosts" file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words - the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.
For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.
A series of steps are used when searching for IP addresses that go with these host names. The first step, and the one that concerns us here, is the hosts file on your local computer. The Hosts file tells your computer what the name is in numbers so the computer can go find it. If the IP address is found in your Hosts file, the computer will stop looking and go to that site, but if it is not it will ask a DNS computer (domain name server) for the information. Since the search ends once a match is found, that provides us with a mechanism to block sites we have no interest in. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.
We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation. When you type in a web address like www.yahoo.com, the host name portion of the web address is translated into an IP address before the site is accessed. If you put Yahoo!'s host and IP settings into your Hosts file, it would load a little quicker because your computer doesn't have to ask another to translate where to look for Yahoo!
Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already.
Many web sites have links to other servers for the retrieval of advertisements. In the case of those web servers, the browser will quickly fail to locate the requested data (scripts, images, etc.) from the advertising server because we told our computer to look for the information on itself - of course it won't find any of it and will quit looking for it - and will continue loading the pertinent portions of the page you want to see. This will keep your computer from even talking to the ad servers, and thus you won't see the ads, they can't put cookies on your hard drive, and you can't be profiled by them.
What are the benefits and/or restrictions on the Hosts file?
http://www.accs-net.com/hosts/what_is_hosts.html
The other two are:
BDE Projector: File Extension Link - REGISTRY KEY
HKEY_CLASSES_ROOT\.b3d
DSO Exploit: Data Source Object Exploit - REGISTRY CHANGE
HKEY_USERS_.DEFAULT\Software/Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004\=W=3
Do you think I should keep them or delete them?
I have not used the Spybot product, so I'll defer to Sir Gawain on this one.
Well, it was there in win95, there when I upgraded to winME, there when I did my dangedest to reinstall IE several times and changed versions, there when I reinstalled winME a few times. All that long after I uninstalled Earthlink.
It only went away when I reformatted my drive. If I had known about the registry entry, I would have looked for it and deleted it. I did a registry search for the string " -- provided by earthlink" which was also stuck on my browser, and found a couple entries(as I recall), but deleting them didn't make the string go away.
It's probably just one of those little things that was tangled up in the un-uninstallable portions of that version of MSIE, some tidbit of data serialized by an obscure COM object. But there was also the sporadic network activity that showed up on the netmon but not in the firewall. It made me paranoid.
Incidentally, I just downloaded and ran the SpyBot program. It found the remnants of some spyware that I had already disabled(Gator) and several tracking cookies. No keystroke monitors or any active spyware. So I guess I am safe *for now*.
I should have read the posts before I posted my own, I would have directed it to you.
I had the same probs with Earthlink. If you didn't catch the exchange, #33 is what I said, #40 is what AlBondigas said about that, and #91 is what I said about what he said. : )
I don't trust Earthlink.
I started using it a few weeks ago and it's great. Other than the pop-up manager, the tabbed browsing is the best part, if I can stop hitting the 'close other tabs' when I want 'close tab'. ;-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.