Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Your computer may not be as secure as you think, thanks to 'spyware'
Stars and Stripes ^ | October 29, 2002 | Rick Chernitzer

Posted on 10/28/2002 7:12:41 PM PST by Nachum

YOKOSUKA NAVAL BASE, Japan — Spies could be lurking through the corridors of your computer, taking note of what you type, where you surf and with whom you talk online.

They could be reporting this information to numerous companies and individuals, amassing huge secret files about you and your family.

And possibly the most galling thing about this is that you may have given them permission to be there.

“Spyware,” as they’re called in computer jargon, are tiny programs that bury themselves deep in the recesses of your computer, not taking up much space but playing Big Brother to everything you do online.

Kevin Monis, a network administrator at Yokosuka Naval Base, Japan, said these programs, supposedly used for market research, can be utilized for darker purposes.

“The potential is there,” he said. “From the standpoint of a terrorist looking for information, if they were able to easily break into something, they could see what measures the base is taking to respond to a specific attack.

“If you disrupt the base communications … while at the same time maybe physically attacking the base, it could just be a catastrophe.”

Monis said the base network takes “very strong protective measures” to ward off such intrusive programs. He declined to specify but said the measures are “along the lines of what every company should be doing.”

But for the most part, Monis said, programmers tend to be more interested in information they can market to others, selling it to companies that have interest in your Web-surfing habits.

“I call it dishonest,” he said. “You think you’re getting this, but in reality, you’re getting that and some other things you didn’t want.”

Spyware’s advent really took hold when computer users began demanding more from Internet sites they visited, Monis said.

“The users have demanded whiz-bang interfaces … nice gee-whiz kind of screens like you might see on CNN.com … people want to see real-time information on their screens,” he said.

Among the easiest ways to do this is to create programs that interact with the Web browser or software that allows users to access the Internet.

Programs are downloaded that tell the browser what to do. They also can instruct other parts of your computer to do things, such as keep a log of your keystrokes, access records of Web sites you’ve visited and send that information through your modem or other Internet connection to specific Web sites.

“So I give permission for this program to be installed, but I didn’t read the fine print where it says I said it was OK to track my demographics,” he said.

The programs also use your Internet connection to transmit the information back to whomever is asking for it. This transfer takes up your bandwidth, which can slow Internet access.

“That’s the most insulting part of it,” Monis said.

He said it doesn’t usually happen on computers with network firewalls, which restrict access by allowing only certain information to pass and only through particular portals, or electronic routes that allow access, either to Web sites or individual computers.

“You got a much better situation when you’re behind the firewall,” Monis added.

But breaching a firewall does happen occasionally, he admitted, adding that many computer users are unaware of the dangers these programs can present.

“The average person takes no precautions whatsoever,” he said. “They don’t know there are ways to protect themselves against some forms of these programs.”

The simplest is to adjust your browser’s security level, he said: “When you go to the Web sites that have this type of spyware, because your security is closed tighter, it won’t be able to get into your computer.”

Another defense mechanism, if you use high-speed access such as DSL, is a network router, Monis said. It masks your computer’s “IP address,” an identifying number every computer must have to be recognized and allowed to connect to the Internet.

“It’s not foolproof but far and away one of the easiest ways to cut down your exposure to malicious attack,” he said.

Users also can delete the tiny bits of information some sites leave on your computer to remember you, called “cookies.”

On the surface, they are very convenient, Monis admits: They remember certain settings, or your name, thus speeding time needed to get what you want from the site — but the information also could be used to target you.

“I’m guilty of it myself … I hate like heck to dump my cookies, even though it’s a good idea to dump them every one or two weeks,” he said.

“If people used just a little bit of caution, they wouldn’t have all these problems,” he added. “There are lots of bright people out there who are trying to crash through your front door.”


TOPICS: Crime/Corruption; Government; News/Current Events
KEYWORDS: spyware
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-65 next last
To: martin_fierro
Gator....what IS Gator? LOL....no I don't think I would care.
41 posted on 10/28/2002 8:47:43 PM PST by goodnesswins
[ Post Reply | Private Reply | To 39 | View Replies]

To: JeanS
Start with explorer.exe and go from there.

I bought a laptop earlier i the year, one that came with a few months or Norton AV. The license expired and I waited a bit for the price to come down on a suite of Norton products.

Upon getting said suite or products and running them guess what shows up as a Trojan?

Ding!!!

iexplorer.exe.

had to delete the file under DOS as Windows and Norton would not remove it because it was protected.

42 posted on 10/28/2002 8:53:14 PM PST by PFKEY
[ Post Reply | Private Reply | To 20 | View Replies]

To: Senator Pardek
According to Google.com,

lsas.exe might be an FTP program?

csrss.exe = Win32 subsystem server process

and

smss.exe (and csrss.exe) are filenames commonly found in the %SystemRoot%\System32 directory. Presence of these 2 files in the System32 directory is not an indication of infection.

43 posted on 10/28/2002 8:53:23 PM PST by martin_fierro
[ Post Reply | Private Reply | To 38 | View Replies]

To: goodnesswins
Gator is a utility that purports to remember all your passwords for you -- so when you visit a site that requires you to enter your password, Gator does it for you.

Sounds great, but Gator is notorious for 1) putting lots of Spyware on your PC; and 2) bugging you with those popup ads.
44 posted on 10/28/2002 8:57:53 PM PST by martin_fierro
[ Post Reply | Private Reply | To 41 | View Replies]

To: martin_fierro
What I'd like to get rid of are the emails that are porno comeons about pictures of musicians (Brittney, et al) and their sex lives.....anyone got any ideas for that....my Eudora only allows me to dump them in my trash.
45 posted on 10/28/2002 9:00:01 PM PST by goodnesswins
[ Post Reply | Private Reply | To 44 | View Replies]

To: goodnesswins
I don't know if your ISP or e-mail setup allows for it, but try Mailwasher.

Mailwasher (free) looks at the e-mail waiting for you on your server and helps you "pre-delete" SPAM before you download it to your computer.

46 posted on 10/28/2002 9:04:03 PM PST by martin_fierro
[ Post Reply | Private Reply | To 45 | View Replies]

To: goodnesswins; FlyVet
Spyware can be embedded in a program that you downloaded yourself (such as RealPlayer) or program you gave permission to download & install, or just a cookie that activates when you hit a certain website. All of these come through the http internet port 80, so a firewall doesn't block them (unless you blocked access to the internet.

Computers have hundreds of ports that can be used to communicate various things & that's what a firewall is designed to manage & close. For example, your e-mail program most likely uses the standard pop3 & smpt ports of 25 & 110.

If you configure your firewall to close those ports (in this example), then you would not be able to send/receive e-mail with that program.

Goodnesswins, Ad Aware runs fine on Win98 & all versions of Windows.

FlyVet, you don't have to delete all of your cookies to get rid of spyware, but you should periodically examine them & delete all except those you need (like FreeRepublic).

A good web site to check out for info on spyware & internet privacy issues is: http://www.grc.com/

FReegards,
RebelTex
47 posted on 10/28/2002 9:05:26 PM PST by RebelTex
[ Post Reply | Private Reply | To 29 | View Replies]

To: FreedomPoster
Norton Firewall...works like a charm for me running W2K





45semi


48 posted on 10/28/2002 9:06:12 PM PST by 45semi
[ Post Reply | Private Reply | To 13 | View Replies]

To: martin_fierro
lsass.exe is the Local Security Authority process and is a standard system process. Don't mess with it. :)
49 posted on 10/28/2002 9:12:45 PM PST by agitator
[ Post Reply | Private Reply | To 43 | View Replies]

To: RebelTex
Thanks for your rational response. Like I said, I run AdAware daily and almost always find spyware on my system. But I still wonder why it's legal. I don't have a problem with cookies that provide a "memory" to such sites as TV listings or e-mail, since it's a convenience not having to input info every time you visit the site. Spyware, monitoring your surfing activities, uninvited, I don't understand that. Shouldn't be legal. I think it was the Sun Microsystems CEO that was quoted a few years ago, "There is no privacy, get over it."
50 posted on 10/28/2002 9:16:06 PM PST by FlyVet
[ Post Reply | Private Reply | To 47 | View Replies]

To: jenny65; martin_fierro; RebelTex
Thank YOU ALL.....very helpful.
51 posted on 10/28/2002 9:17:18 PM PST by goodnesswins
[ Post Reply | Private Reply | To 31 | View Replies]

To: martin_fierro; All
Remove Spyware with AdAware

And make sure you install the Ref Update program to go with it to get updates to the signature file. New spyware comes out everyday...just like viruses. Without an updated signature file, you're not getting Zestfully clean!

52 posted on 10/28/2002 9:19:59 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 2 | View Replies]

To: FreedomPoster
Often running Zonealarm (it's been a little flakey under XP - anyone have anything better?)

What version of ZA are you running? I have a copy of ZA version 2.1.44 that might help. I've heard that earlier versions of ZA run better on ME and XP than newer versions. If you want to download it I can put it on my server for you.

53 posted on 10/28/2002 9:25:05 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 13 | View Replies]

To: goodnesswins
I have a HARDWIRED firewall and router....do I really need Adware?

Yes. A firewall will do nothing to stop spyware. A firewall is for port control only. Spyware comes in with regularly allowed traffic. Get it and run it. Win 98 won't care. You'll be fine.

54 posted on 10/28/2002 9:29:17 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 29 | View Replies]

To: martin_fierro
but try Mailwasher.

Wow. You and I must be config'd almost identically. I use Mailwasher all the time and love it. I don't open the mail client unless I've run Mailwasher.

55 posted on 10/28/2002 9:33:21 PM PST by Bloody Sam Roberts
[ Post Reply | Private Reply | To 46 | View Replies]

To: FlyVet
Of course, you're right. Spyware should be illegal. That's why lavasoft created their Ad Aware program & gives it away. They don't like it either & are doing something about it.

Steve Gibson, whose website is http://grc.com , is a great source of info on how to counteract privacy invading software & protecting your system.

These folks & others are working to help make the internet safer & more enjoyable. However, everyone is ultimately responsible for learning all they can about managing, maintaining, & protecting their own systems - then following through with proper actions.

Have fun but stay safe. Happy surfing.

FReegards,
RebelTex
56 posted on 10/28/2002 9:53:22 PM PST by RebelTex
[ Post Reply | Private Reply | To 50 | View Replies]

To: RebelTex
Thanks, I've known of grc.com for a few years and also have run ZA for several years. The self-tests at GRC are quite eye-opening. The more people that are aware, the better. BUMP.
57 posted on 10/28/2002 10:08:32 PM PST by FlyVet
[ Post Reply | Private Reply | To 56 | View Replies]

To: FlyVet
I assume you allow NO cookies onto your machine.

Usually, I don't. I make exceptions for sites I really, really want to get information from, like FreeRepublic. I never run Java or Javascript off of web sites. Nor do I tend to run any software that I don't have in source.

58 posted on 10/28/2002 10:16:30 PM PST by altair
[ Post Reply | Private Reply | To 32 | View Replies]

To: altair
Good enough. Do you run AdAware, and if you do, do you never find unwanted cookies on your machine? My only point was that I shouldn't have to put up with spyware from unwanted sources. I don't invite it, so it shouldn't be legal for them to stick it on my computer. I have the same opinion about junk mail (except for local sales papers), telemarketing, and spam. I didn't ask for it, don't send it to me. If I am looking for ads, I'll look for it myself, either in the local newspaper or the internet or my telephone. Injecting spyware onto my computer is BS.
59 posted on 10/28/2002 10:32:52 PM PST by FlyVet
[ Post Reply | Private Reply | To 58 | View Replies]

To: FlyVet
Do you run AdAware

No.

Injecting spyware onto my computer is BS.

True, but it sounds like you have a perfectly acceptable technological solution to the problem. Do you really need politicians involved?

60 posted on 10/28/2002 10:53:52 PM PST by altair
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-65 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson