Internet Intruders:
|
Infraction | Comment | Nominees |
Drive-by Download | We think there should be no software in your machine that you did not choose to put there. But some products install themselves simply because you visited a web site. AdultLinks will not ask if you want to install it. Hotbar will install even if you indicate you do not want to install it, and some OnlineDialer installer pages open a JavaScript error and try again if you click 'No' to the install box, to try to force you to install the software. PerMedia was installed from e-mail; upon agreement to install, further invitations would be sent to all entries in a user's address book. StripPlayer and IEAccess can install automatically on versions of Internet Explorer older than IE6 Service Pack 1. | AdBreak, AdultLinks, Brilliant Digital, BrowserAidToolbar, DownloadWare, HighTraffic, Hotbar, HuntBar, IEAccess, INetSpeak, Lop, MoneyTree, OnlineDialer, PerMedia, RapidBlaster, Search-Explorer, SearchitBar, StripPlayer, SuperBar, TinyBar, Xupiter |
Misrepresentation of Intention | We think that a product should do what it promises to do. A product that promises to block ads should not deliver them. A product that promises to stop spyware shouldn't be spyware. | StopSign |
Misrepresentation of Source | We don't think a product should claim to be from one vendor when it is from another. Claiming your product is from Microsoft might give your product credibility, but it isn't the way business should be done. | ASpam |
Combining Good to Create Evil | We are seeing a growing number of pests that combine (pirated) commercial software and legitimate applications with scripts or custom files to produce a dangerous result. The result is that proper detection is much more complex - just what these attackers have intended! | |
Porn without Permission | We believe that pornography should not be installed on a user's machine without their permission, and without parental consent if they are a minor. Not all vendors agree. AdultLinks, for instance, adds links to porn and other sites to the Internet Explorer Favorites menu. While installed, it can add more links when directed to do so by a web page. | AdultLinks |
Missing or Disappearing Uninstallers | All software must include uninstallers. Nominees in this category do not. | Cydoor, Cytron, DailyWinner, DialerOffline, HighTraffic, IEPlugin, IGetNet, Transponder |
Uninstallers that Leave Working Code Behind | If you run an uninstaller, you expect the product to be uninstalled -- not continue to operate silently. Nominees in this category leave working code after the uninstall is finished. HXDL AL and Aveo Attune continue to run after uninstallation -- the uninstaller claims that the program is removed, but at reboot, the software is back and running -- only the uninstaller is gone. HuntBar's uninstaller simply hides its working code, rather than removing it. | Aureate Spy, HXDL AL and Aveo Attune, HuntBar, PalTalk, StopSign, Wnad, Xupiter |
Hijacking Searches | Everyone is entitled to use their favorite search engine, and see the results that it offers when they make their request. HuntBar changes your search bar settings to point to HuntBar's servers, and automatically opens this search bar when it detects you using any other search engine. SuperBar adds its own items to your search results. | CnsMin, CommonName, HuntBar, IGetNet, SuperBar |
Modifying Pages you Visit. | We don't think that computers would be much worth defending if we could not trust their results. When you visit a web page, you expect to view the original web page, not a modification. Our nominees here include TopText, which will alter all pages viewed in IE, adding extra links to words and phrases targeted by advertisers. GAIN may superimpose ads on pages visited. | GAIN, TopText |
Silent Download and Execution of Arbitrary Code | Silent updates to an installed product may be desirable if a user gives permission for this. But no product should download and execute arbitrary code, as an "update" feature, without your consent. | AdBreak, CashToolbar, CommonName, DownloadWare, eXactSearch, FavoriteMan, FreeScratchAndWin, HighTraffic, HuntBar, IEPlugin, MoneyTree, OnlineDialer, PerMedia, RapidBlaster, SearchitBar, StopSign, TopText, Transponder, Xupiter |
Uninstallers that cannot work with scripts | There is no reason why an uninstaller should require a secret code to operate. Uninstalling a product should be easy. Nominees in this category went to some trouble to try to prevent anti-spyware products from removing them. | |
Programs that fight back when you try to remove them. | We assume that spyware, adware, and such is rarely removed by accident, and don't think it appropriate to fight the user who is trying to remove it. But some won't go down without a fight. | n-Case. |
Lost network and Internet Connections with Imperfect Removal | We don't think that imperfect removal of any software should ever result in loss of a network or Internet connection. Our nominees think otherwise. | CommonName, MarketScore, NewDotNet |
Gratituitous Pop-Ups and Pop-Unders. | We don't think that any software should be accompanied by software that displays ads throughout the day in your machine when you are not using that software. Tracking the source of such ads can be very aggravating for a user who may have never used the software, never intend to use it. | Cydoor |
Lousy Code Slows Machine, Causes Errors and Crashes. | We think that if you are going to annoy a user, it shouldn't be with code that crashes their applications, generates error messages, or requires rebooting. Some vendors seem to think otherwise. The winner of our nominations might be IGetNet: An estimated 200,000 users have reported problems with IGetNet during the period January 10 and March 17, 2003. | AtomWire, Brilliant Digital, Cydoor, DownloadWare, FavoriteMan, FlashTrack, Grokster, IGetNet, iMesh, NetPal, NewDotNet, ProfitZone, SaveNow, Search-Explorer, TinyBar, Transponder |
Removal Refusal | If you want to remove software, you shouldn't have to arm wrestle with the stuff. As they say, "no means no". But some, such as CnsMin, cannot be deleted while running, cannot be stopped without rebooting with no registry entries that invoke them, and insist on re-writing registry entries as fast as you delete them. | CnsMin |
Opening Security Holes | No product that is installed in your system should reduce your security by design, without your permission. After Comload is installed, any web page has the ability to run any executable file on the local machine. | Comload, StripPlayer |
Disabling Security Software | No product should offer to disable your security software. But some products do just that, and receive our nomination in this category. For instance, StopSign is a Firewall Killer interfering with the operation of several personal firewalls. In addition, it suggests turning off Norton Anti-Virus Email protection and PC-Cillin POP3 Filter, and detects and offers to remove both SpyBot and AdAware. Radlight will try to remove Ad-aware. | Radlight, StopSign |
Tampering with your Changes to Settings | It is one thing for software to configure your machine to its liking, so that it runs better. But it is another story when software changes your subsequent settings back to those which suit it. Lop adds a task to run on startup which sets your homepage and search back to lop if you change them. | AdBreak, Lop |
KitchenSinkWare | It is one thing to elect to install a package. It is another to find yourself out of space on your drive because the package installed all of its friends. Grokster is nominated here because its install can lead to the installation of BullGuard, Cydoor, EBates Moe Money Maker, GAIN, Golden Retriever, IGetNet, IPinsight, King Solomon's Casino, MyWay Speedbar, NetPalNow.com, NewtonKnows, Purity Scan, Sidestep, and Webhancer (14). StopSign will add about 28 Mb of software to your machine. FavoriteMan installs Transponder/VX2, NetPal, ClickTheButton , ezCyberSearch toolbar, SideStep, BargainBuddy/Adp, NewDotNet, IGetNet, HotBar, n-Case (180solutions), Mail.com Alerts (which also comes bundled with BargainBuddy/Apuc), and various homepage hijackers. (11+) iMesh includes GAIN, Cydoor, Hotbar, eZula TopText, New.Net, CommonName, SideStep, NetPal, FavoriteMan, VX2, FlashTrack, and BonziBuddy. | FavoriteMan, Grokster, iMesh, StopSign |
Logging your KeyStrokes, Capturing your Screen, Recording your Conversations - all surreptitiously. |
Of course, the products listed above probably pale in comparison to the intrusion that a key logger can do. Products such as ISpyNow are designed to be small enough to be attached to e-mail. NETObserve Keylogger logs Internet conversation, window activity, application activity, clipboard activity, printing, keystrokes, web site activity, and captures screenshots and via webcam. Such products can be quite stealthy, too: STARR does not show up as an icon, does not appear in the Windows system tray, does not appear in Windows Programs, does not show up in the Windows task list, cannot be uninstalled without a pre-specified password, and does not slow down the operation of the computer it is recording. |
Key Loggers |
Adware, BHOs, Hijackers, and Spyware are easily the most common kinds of unwanted software, if measured by number of files found in user machines. If measured by number of times the product as a whole is encountered, then Adware, BHOs, Hijackers, and Spyware trail Spyware Cookies in commonness. If measured by numbers of files found in user machines, the most common kinds of pests, in descending order of "popularity": Adware, P2P, Spyware, Browser Helper Object, Spyware Cookie, Worm, Hijacker...
Our world of computing has changed quite radically
in the past few years. Not long ago, few users had access
to the Internet. Today, Internet Intruders have access
to most users!