If you read my past Notepad articles in this newsletter, you know how I feel about spyware. This month, I was reading a paid online newsletter by Brian Livingston, when I ran across an article which is excerpted below.
This news is really outrageous. Consumers actually seem only to be pawns in this spyware assault that benefits those who have committed themselves to making profits using unethical methods.
I'd like to enlist the aid of other newsletter editors and newsletter columnists, to alert members and others to this insidious menace. We shouldn't "get used" to it. And, we shouldn't be silent about it. We deserve better.
In fact, as citizens, we should protest this blatant invasion of our privacy, and the vandalism of our personal property.
Update Windows Media Player to avoid surprises
Late in 2004, computer experts noticed that a popular Windows Media Player video file was actually a silent delivery mechanism infecting millions of PC users with spyware.
On Jan. 3, 2005, security researcher Ben Edelman revealed what was happening to people who played this video file in WMP. After clicking the OK button on a single, legitimate-looking "browser update" dialog box, "My computer quickly became contaminated with the most spyware programs I had ever received in a single sitting," he said.
Edelman counted an amazing total of 31 programs that had silently been installed, without even displaying a license agreement. These included adware from 180solutions, CoolWebSearch, Ezula, ISTbar, and many other adware companies, he said. (A July 14 report by Brian Livingston, coauthor of Windows 2000 Secrets, and Windows Me Secrets, said that Microsoft's AntiSpyware beta program stopped recommending the removal of programs by 180solutions, Ezula, and some other adware companies to the dismay of spyware experts.)
Microsoft initially said the misleading dialog boxes were using a "by-design feature" of WMP, which wouldn't be changed. The company then reversed course, telling eWeek http://www.eweek.com/article2/0,1895,1752247,00.asp in January that a patch would be available by mid-February.
Playing a video file in Windows Media Player can launch a dialog box that looks official but installs spyware.
I'm not pointing to Microsoft as THE one to blame for spyware. But rather saying even a legitimate company's product can be the source of spyware. There is profit in allowing spyware to be distributed with a desirable product.
Ben Edelman also noted on his website that, "As in my prior video of spyware installing through security holes, my records make it possible to track down who's behind the installations - just follow the money trail, as captured by the "partner IDs" within the various software installation procedures. When one program installs another, the second generally pays the first a commission, using a partner ID number to track who to pay. These numbers make it possible to figure out who's profiting from the unwanted installations and, ultimately, where the money is going."
So, who can you trust? Don't say the antispyware makers. Several are on the payroll of companies who struck deals to be delisted as spyware!
Apparently, many businesses can't resist the opportunity to make easy cash. It is up to the customers -- US, YOU and I -- to resist being harvested as a money crop.
Make no mistake, we are the only ones who care about customer rights or privacy.
I've been reminded that keeping Windows updated may help to prevent spyware installations.
But, this is the real world. Not everyone drives with a seat belt fastened, stays alert while standing at an ATM, or keeps Windows updated.
Even if we only write a paragraph a month about any new spyware advance, program, or experience, etc., it will be good. We need to keep reminding our members, our vendors, and our lawmakers that this is something we DO NOT want.
If enough ruckus had been raised at the beginning, spyware might have been stopped in its tracks. Don't make this mistake twice. Raise a ruckus now! And, keep raising it until spyware is declared deaddead wrong!
- 30 -
There is no restriction against any non-profit group using this article as long as it is kept in context with proper credit given the author. The Editorial Committee of the Association of Personal Computer User Groups (APCUG), an international organization of which this group is a member, brings this article to you.
Date Revised: 10 October 2005
