Support.com has a similar problem to the one you describe -- establishes a channel back to the site to maintain your systems. I'm wondering about the ability to legally download trojans (that could be activated later, illegally of course) and spyware that could then report back things like credit card numbers, traffic patterns, sites accessed, usage, etc >>> "Dorning, Kevin E - DI-2" <kedorning@private> 07/18/02 10:02AM >>> We have banned the use of Gator and have blocked the Gator sites. The problem with the Gator approach is that it allows anyone to create an open connection into an otherwise protected network. The opening is not protected since it uses an http connection that is established and kept open by the internal client system. The client (Or someone at Gator) may then use this connection for just about anything that they want. K.D> -----Original Message----- From: Jere Retzer [mailto:retzerj@private] Sent: Thursday, July 18, 2002 9:32 AM To: crime@private Subject: CRIME Gator Am I the only one that sees some security concerns with the Gator approach? Do current laws prevent this approach for downloading a trojan? Reporting back information such as credit card numbers? See the following article: Fool.com: Peeved Over Pop-ups [Fool on the Hill] July 17, 2002 (http://www.fool.com/news/foth/2002/foth020717.htm) FOOL ON THE HILL Peeved Over Pop-ups The Washington Post Co. and The New York Times Co. are among those suing pop-up king Gator Corp. The companies say Gator is a parasite that siphons away advertising revenue and drives away customers. Email this pageFormat for printingBecome a Fool!Receive via HandheldReuse/ReprintRelated Links cexx.org ThiefWare.comDiscussion Boards Fool on the Hill Webmaster's Corner ByRex Moore (TMF Orangeblood) July 17, 2002 The next time you see a pop-up ad while surfing the Net, know that some media companies are waging a battle to limit the number you'll see in the future. The Washington Post Co. (NYSE: WPO), The New York Times Co. (NYSE: NYT), and Gannett-owned (NYSE: GCI) USA Today are suing the much-despised Gator Corp., a pop-up company based in California. The story is an interesting mix of questionable business practices, uncharted legal questions, and privacy issues. Got Gator? Gator makes software that helps users fill in forms on the Internet. It remembers what you've typed before and automatically fills in things like your name and address. But this is no more than a front for its real business -- serving up pop-up ads for its clients. You see, when you install its software, Gator can also install an additional "spyware" application, sometimes through subtle methods. This program will monitor your surfing habits and display pop-up ads when you visit certain sites. The company claims some 400 advertisers. The spyware can also install on your computer in ways you might not imagine. Sometimes freeware and shareware downloaded from sites like CNET have a small "install stub" attached, called Trickler. Trickler is a program that will silently load whenever you start your computer, and will slowly download the rest of the spyware. All this happens unbeknownst to the user, completely separate from the program they really wanted. According to cexx.org, a website dedicated to keeping the world up to date on various types of questionable software, "It is suggested that this 'trickling' activity is intended to slip under the user's radar, the steady, low usage of bandwidth going unnoticed." Finally, Gator and other spyware companies have a new tactic called "drive-by downloads." A user may visit a site and receive a pop-up asking, "Do you accept this download?" Many, of course, will click "yes" because they think it's part of a browser plug-in, or some other "normal" computer operation. Instead, they receive spyware that remains on their computer, running in the background, forever (well, for the life of the computer, anyway). Legality Aside from the ethical questions involving such programs, there are legal ones as well. And the issue goes straight to the bottom line of companies you may be invested in. First, this software displays unauthorized pop-up ads on websites. The program is a sort of parasite, feasting on traffic drawn to various sites. Now, marketing types presumably have some idea of how many pop-ups a user can tolerate (OK, maybe not). If a third party piles on a few more, then the owners of the site have lost control of the user experience and may lose visitors in droves. What's worse, in many cases the ads are for the website's competition! While at first blush this may seem illegal, it's really a gray area. For example, what if the user wants to see hundreds of pop-ups? Presumably, some people willingly download the software, even though they may not know exactly what it does. Is a pop-up ad in a separate window any different than other applications that bring up windows, like instant-messaging programs? As you can see, it's a tricky legal issue. Incredibly, however, some of the ads served by the Gator software actually display over existing ads on a website. "They look and feel like the site's real banners, but place ads for things the actual Web site never intended," says cexx.com, "including ads for competitors' products and possibly even adult material." Not only that, the site loses money because the legitimate ads are covered and therefore not seen or clicked. Is that theft or a legitimate business tactic? Lawsuit If all this is making you a bit queasy, well, it means you're human. And, understandably, the websites Gator and others prey upon are up in arms. Yesterday, a judge in Virginia issued a preliminary injunction against Gator, prohibiting the company from "popping up" on the media sites mentioned before, as well as nine others. Gator may or may not appeal, but the Associated Press says the company is "confident it will win the case at trial." A Gator attorney is quoted as saying, "We believe strongly that the facts and the law are on our side." Let's hope our law doesn't allow a company to distribute software that, in many cases, works its way onto a user's computer without his knowledge, deteriorates his Web-surfing experience by displaying pop-up ads without his consent, and -- if he's a shareholder of an online media company -- takes money out of his wallet in the form of a lower stock price for that company. If you're curious whether you're one of the 22 million with Gator on your computer, you can find out. The company says the software can be detected and uninstalled using the Add/Remove Programs menu in the Microsoft Windows control panel. A better suggestion is to use a program like Lavasoft's Ad-Aware, a free utility that scans your entire computer for Gator and other spyware software and removes them, if you wish. We'd love to hear what you think about this issue. Our own Richard Dressner (TMF Twitty) writes, "It's an unfair advantage for competitors to have the ability to counter what is, essentially, a private dialog between a consumer and a business." Please join us on the Webmaster's Corner discussion board and have your say! Rex Moore studiously avoided using the terms "thiefware," "scumware," and "hijackware" in this column. The Motley Fool is investors writing for investors. The Motley Fool is dedicated to Educating, Amusing, and Enriching all visitors to their website at http://www.fool.com/index.htm?ref=Yo.
This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 11:55:41 PDT