Posted on 04/22/2003 11:38:23 AM PDT by ShadowAce
Dodgy goings on backstage
By : Monday 21 April 2003, 11:10
Being a wary security sort, my early experience with Opera was good. I didn't want to believe that Opera was no longer behaving ethically. I wanted to find other culprits.
Ok, let's review... I was running anti-virus at least two extra full scans a day, with daily updates (AVG-Anti Virus - free for personal use and a very good anti-virus program). I also had Ad-Aware running and cleaning everything it could find several times daily. I didn't want to believe that Opera wasn't behaving ethically. The machine also operated on a network connection behind a firewall appliance.
I realized this wasn't enough.
Time to install Sygate Personal Firewall (free for personal use). Heck - it should have been installed from the outset, but in a previous visit, it had interfered with my nephew's personal mud server.
I digress... Using Sygate is a bit of work if you want to be diligent about security, so I set the options to register every dll. This meant that every time a program loaded a new DLL, I would be asked permission, or the dll would not be allowed to load henceforth. Well - Opera went and caused me numerous notifications, and by reading the fine print, it was loading several DLLs at a time.
Now in fairness, dll's seemed to load at times when there might have been an excuse to do so, for example - when I asked to print a page, it loaded several dlls. Fine. I wasn't certain it needed as many as it asked for, but I allowed it. I noticed that every now and again, it seemed to be loading DLLs at synchronous moments when my nephews Opera-based mail account was periodically going to his POP3 server to look for mail. Odd. Now I noticed that opera seemed to occasionally update a dll that appeared to be connected to it's ad-banner, but while I objected to being updated without my express permission, I allowed it a couple of times.
But then during a now seemingly routine DLL load notification, I read that Opera had loaded a pgpmn.dll file, that I couldn't explain. After all, I wasn't using pgp on this machine, and my nephew hadn't fired it up in weeks, or longer, so I had to wonder - What was Opera doing with my pgp files, without my express permission to be there?
Having tried to e-mail Opera folks about security questions a few times in the past, I knew better than to try again, and I thought about the other odd things Opera had done recently.
Well, one of the things about Opera for some time now, is that I've noticed Opera's memory footprint growing on my system as if it had a bad memory leak. And after a hour of use, the Opera footprint could be pretty large. Opera crashes seemed to happen repeatedly after sucking up mucho memory, but I had thought that a design flaw that failed to dump old memory/pages aggressively enough.
(Right now with about 7 active windows, it was taking about 47 MB, with an additional 69 MB of virtual memory swapped out. I had lots to spare, but that's a pretty big chunk of memory. Opera commonly pumped itself up well over 100MB, and sometimes well over 200.
Time for another tool. PROCESS VIEWER (Free!) I used to use AATools, but those tools are nag-and-timeout-ware now, and this process viewer utility is fine to discover processes and threads under the hood.
Ok, after a look, Opera looked like it had referenced everything but the kitchen sink. While one nasty possibility I floated was that Opera was linking to a PGP dll to get at my private keyring - perhaps snooping for some dark-sunglasses guvmint agencies. An alternate explanation for accessing my pgp files, could be simply as on in a long list of modules Opera was just taking an inventory of. Less nefarious, but still unethical in my book.
Looking still deeper, Opera appeared to have pgpmn.dll listed twice in the modules list, with two different entry points. A few minutes later, Opera dropped one of the entry points, and again had pgpmn.dll registered only once. Time to worry some more. With two entry points to a pgp dll, it was no longer likely to be just a file inventory exercise.
And how many modules was Opera loading? In all one count just yielded 80 modules. Compared with all the other tasks running, it appeared to be the program with the largest number of modules linked.
The Process viewer also showed me the 8 threads it was running, and strangely, though MS Task Manager showed Opera operating at normal priority, the child threads showed a different story. No less than two threads were running at Time-Critical priority, and another thread was "above normal".
Now I'm worried. At this point, I no longer trust Opera, and will soon be removing it from all the PC's I own and influence - and that's a great lot of PC's BTW.
As far as I'm concerned, they have a near-impossible chance of winning back any trust from me, and despite the many features of Opera that I truly enjoyed, like mouse gestures and easy page ZOOM, I'm going to flip over to Phoenix. I've been playing with it, and thought it wasn't quite ready, but I now think that it is ready enough, based on the alternatives. (Phoenix and Mozilla also have the best support I've seen for Math-ML, do render complex mathematical formulae almost as well as TeX.) Phoenix is FAST, has a tiny memory footprint, and it is open source.
Oh, and for you lot out there still trusting the Microsoft browser, and Active-X controls, your security isn't affected by this Opera issue. Mind you, I won't run the Vole's browsers on my PCs either. Most data security professionals credit the Redmond Satan with writing the book on bad examples for security. You can have bad security on a Linux OR Microsoft box, but it is so much easier with MS.
So Opera folks - unless you can come up with a complete and thorough explanation, you might want to plead insanity, and go open source. For me, that's the most likely road back to any measure of trust. Today I've learned to spell betrayal - O.P.E.R.A. µ
Not hardly. See my post #16.
Microsoft Internet Explorer
This is your autoexec.bat file from your hard drive!
And, yes, the exclamation mark ! was there. What does it mean?
I then clicked the geographical location test, which it got wrong.
Many times a reverse DNS lookup (get your hostname from your IP) will identify your general location.
| Many times a reverse DNS lookup (get your hostname from your IP) will identify your general location.
Anybody who has my IP address can find out in a quarter of a second that I'm getting onto the Internet via a server called pcp714488pcs.alxndr01.va.comcast.net. You don't have to be a rocket scientist to figure out where I am. For all its faults, AOL does one thing right. All AOL users, no matter where they are, look like they are coming from Reston, VA. |
Yes, but not mine. My ISP is one of the few tech-friendly ones that will change the reverse DNS for my static IP (DSL) to the name of my choice. :-)
However, that didn't stop the GeoBytes site from locating my IP address in the correct city -- not just the general metropolitan area, but the suburb where I live.
After reading this, I'm not so sure it's all that unwieldy by comparison. If you get the Java-enabled version of Opera, the download size of Mozilla is favorably comparable, and if this guy is using 47M of memory with seven open browser windows, then something's wrong - by comparison, I've got Mozilla 1.2.1 open with six separate tabs right now, and it's taking up about half the amount of memory Opera is for him....
YMMV I suppose..
Wanna be Penguified? Just holla!
Got root?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
That's all it really takes. There's no need for anybody to snoop around on your machine, or extract data from your files. All they need is your IP address, which you must give them or you wouldn't be able to access anything on the web.