-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SPYware and other such trojan insertion is quite common on these "Free" P2P apps.. I have had to uninstall "Bonza Buddy" so many times... Most of the times these say something during the install.. but many times they don't (that makes it a trojan) Limewire and Grokster are both spyware as is bearshare. I think that "SwapNut" also does it.. XoloX seems rather well behaved though... GNUcleus is released under GPL and it is great... If you are going to use a free app, and you want any level of security, make sure you have the source code (and it is freely available), like the GPL, some BSD or other OpenSource licensing. If that is not the case, go for a firm you can trust (Microsoft., etc) but as far as I know, there is no MS-Gnutella just yet... I tend to use GNUcleus (GPL) if I want this sort of P2P fuctionality (or "gnut" for Linux, it is command line and can be used over a term...) All this leaves me with more questions than answers... I wonder; Does LimeWire for Linux drops any of these SpyWare type programs, and if it does, what does it log/do, and how? Is it *legal* for a company (even one that releases freeware) to make a program that secretly installs something that compromises your personal privacy without telling you? If so, what can be legally collected by these companies and what can't? How does it all sit with various countries' privacy laws and Freedom of Information acts? Is there any mention of this funcionality buried somewhere in the license aggreement of the program (that you would have read of course, fully understood because they are in common easy-to-understand language and accepted before installing it)? [If there is, it is not technically a trojan.] Is there a full list of programs that have this sort of unethical trojanware included? Is there a utility anyone knows of that can create locked files (files marked as "in use") anywhere in the filesystem [or mark files as in use for read or write] so that malware cannot install in default locations? Personally, I would put this down to being a more unethical use of technology then spam E-Mail and junk Faxes. - -- Benjamin Holmes Getronics, Brisbane, AUSTRALIA > -----Original Message----- > From: Kerosene [mailto:keroseneat_private] > Sent: Monday, 31 December 2001 11:52 AM > To: Kenat_private > Cc: Markus Kern; yankerat_private; vuln-devat_private > Subject: Re: Grokster and your email > > > Why hasn't this hit the media yet? A trojan installed on a > P2P app that > many people use? I think someone needs to blow the whistle on this.. > > Were these trojans installed intentionally or did someone somehow get > into the code and maliciously insert the trojans? > > Cary C. > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> Comment: Pee Gee Peeeeee! iQA/AwUBPDAIeXLvuelW5gClEQLfiACgojX8QfRVaiOiOs2+31qjJL52TvkAn2WS YbMUvWS2Ml1PhPC6rDlGd+78 =HkV7 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sun Dec 30 2001 - 23:02:53 PST