WebTrendsLive?

Archived from groups: alt.games.battlefield1942 (More info?)

Anyone know anything about WebTrendsLive and why it seems to be associated
with the EAGames website?

Thanks,
Clark
14 answers Last reply
More about webtrendslive
  1. Archived from groups: alt.games.battlefield1942 (More info?)

    "Clark" <who@whoknows.com> wrote in message
    news:cT%pe.2088$I14.1340@newssvr12.news.prodigy.com...
    > Anyone know anything about WebTrendsLive and why it seems to be associated
    > with the EAGames website?
    >
    > Thanks,
    > Clark
    >

    WebTrendsLive is a log analysis software package that has the capability of
    making reports and doing real-time analysis visitors to a web site. It's
    used all over.

    What type of "association" specifically are you talking about? Company owns
    another? You see something on the site about it?
  2. Archived from groups: alt.games.battlefield1942 (More info?)

    The link to EAGames in the drop down on the right side says "Redirect", and
    on the left it says http://www.eagames.com. If I go to the site and watch
    the bottom of the browser I see the WebTrendsLive address being shown, which
    is how I know that what it was. The page takes a very time to load like it
    was going through another site all the while the address was flashing with
    something about download from WebTrendsLive.
    I visited the eagames site on another computer and afterward the same
    indications were in the URL address history, so it appears to happen every
    time.

    Is this software a type of spyware resident on my computer or is it
    something that locks onto the address and redirects every time it is
    requested? The reason I call it an association, it because the eagames site
    is the only one I see it with.

    Thanks,
    Clark


    "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
    news:42a9a76e$1_2@newspeer2.tds.net...
    >
    > "Clark" <who@whoknows.com> wrote in message
    > news:cT%pe.2088$I14.1340@newssvr12.news.prodigy.com...
    >> Anyone know anything about WebTrendsLive and why it seems to be
    >> associated with the EAGames website?
    >>
    >> Thanks,
    >> Clark
    >>
    >
    > WebTrendsLive is a log analysis software package that has the capability
    > of making reports and doing real-time analysis visitors to a web site.
    > It's used all over.
    >
    > What type of "association" specifically are you talking about? Company
    > owns another? You see something on the site about it?
    >
  3. Archived from groups: alt.games.battlefield1942 (More info?)

    "Clark" <who@whoknows.com> wrote in message
    news:OXjqe.2387$751.1320@newssvr30.news.prodigy.com...
    > The link to EAGames in the drop down on the right side says "Redirect",
    > and on the left it says http://www.eagames.com. If I go to the site and
    > watch the bottom of the browser I see the WebTrendsLive address being
    > shown, which is how I know that what it was. The page takes a very time
    > to load like it was going through another site all the while the address
    > was flashing with something about download from WebTrendsLive.
    > I visited the eagames site on another computer and afterward the same
    > indications were in the URL address history, so it appears to happen every
    > time.
    >
    > Is this software a type of spyware resident on my computer or is it
    > something that locks onto the address and redirects every time it is
    > requested? The reason I call it an association, it because the eagames
    > site is the only one I see it with.

    It's purely for web stats tracking - nothing to do with spyware. There's a
    transparent image loaded from the WebTrendsLive stats server with the EA id
    on it - all it does it update their real-time tracking database (page
    impressions, visitor demographics, etc). There are also DoubleClick tracking
    items too. It's all harmless stuff. Why is it nowadays everyone immediately
    assumes spyware when they see something like this?

    Dan
  4. Archived from groups: alt.games.battlefield1942 (More info?)

    Why is it nowadays everyone immediately
    > assumes spyware when they see something like this?


    Cuz lots of time it IS spyware.

    In this case, it appears not to be.
  5. Archived from groups: alt.games.battlefield1942 (More info?)

    OK, Thanks

    Clark

    "Spack" <news@worldofspack.co.uk> wrote in message
    news:3gu6crFe81ejU1@individual.net...
    >
    > "Clark" <who@whoknows.com> wrote in message
    > news:OXjqe.2387$751.1320@newssvr30.news.prodigy.com...
    >> The link to EAGames in the drop down on the right side says "Redirect",
    >> and on the left it says http://www.eagames.com. If I go to the site and
    >> watch the bottom of the browser I see the WebTrendsLive address being
    >> shown, which is how I know that what it was. The page takes a very time
    >> to load like it was going through another site all the while the address
    >> was flashing with something about download from WebTrendsLive.
    >> I visited the eagames site on another computer and afterward the same
    >> indications were in the URL address history, so it appears to happen
    >> every time.
    >>
    >> Is this software a type of spyware resident on my computer or is it
    >> something that locks onto the address and redirects every time it is
    >> requested? The reason I call it an association, it because the eagames
    >> site is the only one I see it with.
    >
    > It's purely for web stats tracking - nothing to do with spyware. There's a
    > transparent image loaded from the WebTrendsLive stats server with the EA
    > id on it - all it does it update their real-time tracking database (page
    > impressions, visitor demographics, etc). There are also DoubleClick
    > tracking items too. It's all harmless stuff. Why is it nowadays everyone
    > immediately assumes spyware when they see something like this?
    >
    > Dan
    >
  6. Archived from groups: alt.games.battlefield1942 (More info?)

    "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
    news:42a9eaee$1_3@newspeer2.tds.net...
    > Why is it nowadays everyone immediately
    >> assumes spyware when they see something like this?
    >
    >
    > Cuz lots of time it IS spyware.

    No, spyware looks very different to this. Img tags in a page linking off
    site to small transparent images are almost always some form of tracking
    system, completely benign (I was adding this sort of thing to sites I ran 11
    years ago, back when Netscape was but a startup and Mosaic was the dominant
    browser). Spyware is by definition software that runs on your machine
    collecting and sending information to a recipient; a cookie or img tag
    doesn't fall into this category.

    It's unfortunate that with the rapid increase in internet access, and
    subsequent explosion of issues this has brought with it (mostly due to
    people having little idea what they are doing and blindly opening every
    piece of email they are sent - I am no longer amazed that the a few people
    where I work keep bringing their home PCs in for a good clean out as they
    continually manage to ignore the daily warnings from anti-virus and other
    security software on their systems that updates are required to keep them
    "safe"), that paranoia has taken hold to the point that every little glitch
    or unexpected occurrence is immediately considered to be
    spyware/malware/virus related. I'm not saying people shouldn't be wary, just
    that they shouldn't jump to conclusions so fast.

    Dan
  7. Archived from groups: alt.games.battlefield1942 (More info?)

    I hate to bring it up, but is it paranoia if the threat is real? I see
    people every day that have had their browser hijacked, or their system
    slowed down by spyware, or even systems made unusable. I am not an
    experienced programmer so when I see a website that can see my internal IP
    address through a router and a firewall, how do I know what else they can
    do.

    Maybe we need to shift some of the blame to where it belongs-the malware
    programmers-and ease up on the poor inexperienced folks who are the victims
    of their endeavors.

    And Lastly, if you are collecting my information or habits or whatever, I
    would expect a check! ;)

    Clark

    "Spack" <news@worldofspack.co.uk> wrote in message
    news:3guijvFe5g4hU1@individual.net...
    >
    > "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
    > news:42a9eaee$1_3@newspeer2.tds.net...
    >> Why is it nowadays everyone immediately
    >>> assumes spyware when they see something like this?
    >>
    >>
    >> Cuz lots of time it IS spyware.
    >
    > No, spyware looks very different to this. Img tags in a page linking off
    > site to small transparent images are almost always some form of tracking
    > system, completely benign (I was adding this sort of thing to sites I ran
    > 11 years ago, back when Netscape was but a startup and Mosaic was the
    > dominant browser). Spyware is by definition software that runs on your
    > machine collecting and sending information to a recipient; a cookie or img
    > tag doesn't fall into this category.
    >
    > It's unfortunate that with the rapid increase in internet access, and
    > subsequent explosion of issues this has brought with it (mostly due to
    > people having little idea what they are doing and blindly opening every
    > piece of email they are sent - I am no longer amazed that the a few people
    > where I work keep bringing their home PCs in for a good clean out as they
    > continually manage to ignore the daily warnings from anti-virus and other
    > security software on their systems that updates are required to keep them
    > "safe"), that paranoia has taken hold to the point that every little
    > glitch or unexpected occurrence is immediately considered to be
    > spyware/malware/virus related. I'm not saying people shouldn't be wary,
    > just that they shouldn't jump to conclusions so fast.
    >
    > Dan
    >
  8. Archived from groups: alt.games.battlefield1942 (More info?)

    "Clark" <who@whoknows.com> wrote in message
    news:vCpqe.3274$%j7.1711@newssvr11.news.prodigy.com...
    >I hate to bring it up, but is it paranoia if the threat is real? I see
    >people every day that have had their browser hijacked, or their system
    >slowed down by spyware, or even systems made unusable. I am not an
    >experienced programmer so when I see a website that can see my internal IP
    >address through a router and a firewall, how do I know what else they can
    >do.

    There's a difference between paranoia and being careful.

    You got an example of a website showing your internal IP? AFAIK the only way
    it could happen is if (a) the IP is being displayed in code/object in the
    page (and most browsers prevent this by default nowadays), or (b) your
    router/firewall is misconfigured. Either way, someone knowing your internal
    IP inside the router/firewall is no use unless the "attacker" somehow gains
    root level access to your router - and if they can do that, knowing your
    internal IP is the least of your worries :P

    > Maybe we need to shift some of the blame to where it belongs-the malware
    > programmers-and ease up on the poor inexperienced folks who are the
    > victims of their endeavors.

    I would lay the blame on everyone- after all, if the vulnerabilities didn't
    exist in the first place there would be no malware, and for those pieces of
    malware that require installation, blame the users who blindly click Yes to
    every box that appears (back to my reply, one guy who's machine I regularly
    clean up always runs anything that is sent to him by email, the last major
    one being a fake animated greeting card). You're right that if malware
    wasn't there in the first place that life would be easier, but it's human
    nature to try and do things you're not supposed to do ... if it wasn't we'd
    all still be wandering around in jungles scrabbling for bugs in the earth.

    > And Lastly, if you are collecting my information or habits or whatever, I
    > would expect a check! ;)

    Check the T&C of any site you go to - pretty much all have a disclaimer that
    shows that by using the site you agree to any and all data collection as
    required by the site. If you don't like it, you can choose not to use the
    sites. You might as well turn off your internet access though, as by default
    all websites collect at least minimal data. With the addition of some simple
    code you can get a lot of information about each visitor to your site - even
    something that's been around a long time like BrowserHawk can easily
    determine the country you are in, what screen resolution you are using, and
    a whole lot more - if you're interested to see what can be gleaned with
    little effort take a look at http://www.browserhawk.com/showbrow.asp :)

    Dan

    > Clark
    >
    > "Spack" <news@worldofspack.co.uk> wrote in message
    > news:3guijvFe5g4hU1@individual.net...
    >>
    >> "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
    >> news:42a9eaee$1_3@newspeer2.tds.net...
    >>> Why is it nowadays everyone immediately
    >>>> assumes spyware when they see something like this?
    >>>
    >>>
    >>> Cuz lots of time it IS spyware.
    >>
    >> No, spyware looks very different to this. Img tags in a page linking off
    >> site to small transparent images are almost always some form of tracking
    >> system, completely benign (I was adding this sort of thing to sites I ran
    >> 11 years ago, back when Netscape was but a startup and Mosaic was the
    >> dominant browser). Spyware is by definition software that runs on your
    >> machine collecting and sending information to a recipient; a cookie or
    >> img tag doesn't fall into this category.
    >>
    >> It's unfortunate that with the rapid increase in internet access, and
    >> subsequent explosion of issues this has brought with it (mostly due to
    >> people having little idea what they are doing and blindly opening every
    >> piece of email they are sent - I am no longer amazed that the a few
    >> people where I work keep bringing their home PCs in for a good clean out
    >> as they continually manage to ignore the daily warnings from anti-virus
    >> and other security software on their systems that updates are required to
    >> keep them "safe"), that paranoia has taken hold to the point that every
    >> little glitch or unexpected occurrence is immediately considered to be
    >> spyware/malware/virus related. I'm not saying people shouldn't be wary,
    >> just that they shouldn't jump to conclusions so fast.
    >>
    >> Dan
    >>
    >
    >
  9. Archived from groups: alt.games.battlefield1942 (More info?)

    > You got an example of a website showing your internal IP?

    http://www.testmyfirewall.com/

    After I saw this I did some research and found out the address is not
    routable and I should not be worried. I have to turn off Active Scripting
    to keep it from happening and if I do that, other things don't work. Even
    Outlook Express has some startup script. But knowing the address is not
    routable does not relieve my worries about other things being done, and what
    can be done seems to change on a daily basis.

    Many of the EULAs have disclaimers in them and then proceed to install other
    software that is not related to the basic installation. If you think this
    is acceptable, I would suggest there should be a standard EULA to protect
    the rights and properties of the authors and any nonstandard information be
    in bold type at the beginning. At least in this manner, everyone that
    agreed would be totally aware of what is being done. Do you remember the
    situation with a well known firewall program where someone selling a
    Firewall had decided to also install spyware in the same package?

    My original question was whether there was spyware on my computer or not.
    That is not being paranoid, just observant. In this situation, you said the
    information gathering is benign. That may be true, but I have no way of
    knowing. I will continue to be "paranoid" so I don't accidentally open the
    wrong e-mail or happen to click the wrong button on some pop up window.

    Clark


    "Spack" <news@worldofspack.co.uk> wrote in message
    news:3gvojgFeg7t6U1@individual.net...
    > "Clark" <who@whoknows.com> wrote in message
    > news:vCpqe.3274$%j7.1711@newssvr11.news.prodigy.com...
    >>I hate to bring it up, but is it paranoia if the threat is real? I see
    >>people every day that have had their browser hijacked, or their system
    >>slowed down by spyware, or even systems made unusable. I am not an
    >>experienced programmer so when I see a website that can see my internal IP
    >>address through a router and a firewall, how do I know what else they can
    >>do.
    >
    > There's a difference between paranoia and being careful.
    >
    > You got an example of a website showing your internal IP? AFAIK the only
    > way it could happen is if (a) the IP is being displayed in code/object in
    > the page (and most browsers prevent this by default nowadays), or (b) your
    > router/firewall is misconfigured. Either way, someone knowing your
    > internal IP inside the router/firewall is no use unless the "attacker"
    > somehow gains root level access to your router - and if they can do that,
    > knowing your internal IP is the least of your worries :P
    >
    >> Maybe we need to shift some of the blame to where it belongs-the malware
    >> programmers-and ease up on the poor inexperienced folks who are the
    >> victims of their endeavors.
    >
    > I would lay the blame on everyone- after all, if the vulnerabilities
    > didn't exist in the first place there would be no malware, and for those
    > pieces of malware that require installation, blame the users who blindly
    > click Yes to every box that appears (back to my reply, one guy who's
    > machine I regularly clean up always runs anything that is sent to him by
    > email, the last major one being a fake animated greeting card). You're
    > right that if malware wasn't there in the first place that life would be
    > easier, but it's human nature to try and do things you're not supposed to
    > do ... if it wasn't we'd all still be wandering around in jungles
    > scrabbling for bugs in the earth.
    >
    >> And Lastly, if you are collecting my information or habits or whatever, I
    >> would expect a check! ;)
    >
    > Check the T&C of any site you go to - pretty much all have a disclaimer
    > that shows that by using the site you agree to any and all data collection
    > as required by the site. If you don't like it, you can choose not to use
    > the sites. You might as well turn off your internet access though, as by
    > default all websites collect at least minimal data. With the addition of
    > some simple code you can get a lot of information about each visitor to
    > your site - even something that's been around a long time like BrowserHawk
    > can easily determine the country you are in, what screen resolution you
    > are using, and a whole lot more - if you're interested to see what can be
    > gleaned with little effort take a look at
    > http://www.browserhawk.com/showbrow.asp :)
    >
    > Dan
    >
    >> Clark
    >>
    >> "Spack" <news@worldofspack.co.uk> wrote in message
    >> news:3guijvFe5g4hU1@individual.net...
    >>>
    >>> "Sparky Polastri" <jafiwam@MuNGEDyahoo.com> wrote in message
    >>> news:42a9eaee$1_3@newspeer2.tds.net...
    >>>> Why is it nowadays everyone immediately
    >>>>> assumes spyware when they see something like this?
    >>>>
    >>>>
    >>>> Cuz lots of time it IS spyware.
    >>>
    >>> No, spyware looks very different to this. Img tags in a page linking off
    >>> site to small transparent images are almost always some form of tracking
    >>> system, completely benign (I was adding this sort of thing to sites I
    >>> ran 11 years ago, back when Netscape was but a startup and Mosaic was
    >>> the dominant browser). Spyware is by definition software that runs on
    >>> your machine collecting and sending information to a recipient; a cookie
    >>> or img tag doesn't fall into this category.
    >>>
    >>> It's unfortunate that with the rapid increase in internet access, and
    >>> subsequent explosion of issues this has brought with it (mostly due to
    >>> people having little idea what they are doing and blindly opening every
    >>> piece of email they are sent - I am no longer amazed that the a few
    >>> people where I work keep bringing their home PCs in for a good clean out
    >>> as they continually manage to ignore the daily warnings from anti-virus
    >>> and other security software on their systems that updates are required
    >>> to keep them "safe"), that paranoia has taken hold to the point that
    >>> every little glitch or unexpected occurrence is immediately considered
    >>> to be spyware/malware/virus related. I'm not saying people shouldn't be
    >>> wary, just that they shouldn't jump to conclusions so fast.
    >>>
    >>> Dan
    >>>
    >>
    >>
    >
    >
  10. Archived from groups: alt.games.battlefield1942 (More info?)

    "Clark" <who@whoknows.com> wrote in message
    news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
    >> You got an example of a website showing your internal IP?
    >
    > http://www.testmyfirewall.com/
    >
    > After I saw this I did some research and found out the address is not
    > routable and I should not be worried. I have to turn off Active Scripting
    > to keep it from happening and if I do that, other things don't work. Even
    > Outlook Express has some startup script. But knowing the address is not
    > routable does not relieve my worries about other things being done, and
    > what can be done seems to change on a daily basis.

    That website is merely a way of getting paranoid users to pay for software
    they don't need. It uses a simple piece of Javascript (albeit encoded) to
    write whatever the local IP address of the machine is into the page. There
    are many of these sites around whose sole purpose is to scare people into
    thinking they are vulnerable when they are most likely not. It's a somewhat
    effective form of extortion. I would encourage you not to bother using that
    site again, and instead if you're worried to use a reputable site (the
    problem being that the reputable ones are not widely known as their
    reputation tends to remain within the closed circles of those who work with
    security systems). I can highly recommend the audit system at Security Space
    (http://www.securityspace.com/ ), you get one free standard audit which does
    a pretty thorough job, and one of the companies I have worked for has
    regular audits done to ensure their systems are as well protected as
    possible (when you're running e-commerce systems 24/7 it pays to ensure your
    systems are reliable and customer data is safe). The ShieldsUp scanner at
    www.grc.com also used to be safe enough and would return pretty accurate
    results, but take the rantings of the site owner with a pinch of salt.

    > Many of the EULAs have disclaimers in them and then proceed to install
    > other software that is not related to the basic installation. If you
    > think this is acceptable, I would suggest there should be a standard EULA
    > to protect the rights and properties of the authors and any nonstandard
    > information be in bold type at the beginning. At least in this manner,
    > everyone that agreed would be totally aware of what is being done. Do you
    > remember the situation with a well known firewall program where someone
    > selling a Firewall had decided to also install spyware in the same
    > package?

    I don't think this is acceptable, however it's often the case that it is in
    the EULA (a few years ago there was a raucous when a number of applications
    included spyware/adware without warning, the most notable being Gator and an
    ad serving program whose name escapes me for the moment) but hidden away
    where it's easy to miss. However, this sort of thing tends to be included in
    software that I wouldn't trust to have on my system in the first place -
    before installing any software you are unsure off (and that should be at
    least 99% of it) it's easy enough to search around Google to see if anyone
    else has reported unlisted or suspect software being included in the
    installations. It's one of the reason ZoneLabs and Real software (just a
    couple from a long list) will never go near any machine I am responsible
    for.

    > My original question was whether there was spyware on my computer or not.
    > That is not being paranoid, just observant. In this situation, you said
    > the information gathering is benign. That may be true, but I have no way
    > of knowing. I will continue to be "paranoid" so I don't accidentally open
    > the wrong e-mail or happen to click the wrong button on some pop up
    > window.

    I guess I was overly harsh in my first reply. I daily have to deal with
    people claiming that there must be spyware or a virus on their PC due to
    various reasons when it often turns out to be something completely unrelated
    (eg. a slow PC doesn't necessarily mean that a worm is spreading emails;
    often due to people installing XP on a PC with only 128MB of RAM and a sub
    1Ghz CPU will easily do the same :P) When I saw the word spyware in your
    post I immediately assumed you were this sort of person, and for that I
    apologise.

    I'd suggest running at least 4 applications regularly - a reputable virus
    scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where I
    work for more than 6 years and we've never had an infection yet, although
    like any AV package it will occassionally misdetect innocuous programs as
    infected, but I'd rather it did this than allow real infected ones),
    Ad-Aware (while occassionally missing things, it's pretty good at finding
    and removing a large number of known malware applications, www.lavasoft.de),
    SpyBot Search & Destroy (normally finds the things Ad-Aware misses,
    http://www.safer-networking.org/en/index.html), and HijackThis (takes a
    while to work out how to use it, but is good for checking registry entries
    that are commonly affected, http://www.spywareinfo.com/~merijn/). This is
    not a comprehensive list of applications that will guarantee to protect you
    from everything - however, it's a good start when you're unsure if you may
    be infected, and I tend to take them with me when I fix friends PCs. Also
    you need to make sure you keep them all up to date, and keep your machine
    patched. But the most important thing I tell people is to never trust
    anything you download (or your machine tries to download when you visit a
    site), or are sent by email - do a bit of research first.

    Dan
  11. Archived from groups: alt.games.battlefield1942 (More info?)

    "I would encourage you not to bother using that site again"

    I think you miss the point. I did not go directly to the site, but was sent
    there through another site. That is the kind thing that happens when you are
    innocently surfing. If something malicious was going on, it would have been
    too late. What their purpose is really doesn't matter, but the fact they
    can do it, does. I knew about the encoded Javascript and I can stop it, but
    if I do, I cannot even sign into my ISP's web page. You didn't mention, do
    I have my router or firewall setup incorrectly which allowed them to see the
    address?

    There was an article today that mentioned there are almost 4500 versions of
    spyware/adware out already. The prediction was that soon hackers would be
    able to insert code into RSS feeds to infect your computer. They are also
    using "rootkits" to hide from anti-virus programs. There was a comment
    about arrests being made where spyware was being used for corporate
    espionage. Do you think that company "agreed" to having the spyware
    installed on their computer?

    If all you are engaged in is collecting "benign" information, good for you.
    But the rest of us need the help of expert programmers, such as yourself, to
    help defend against those who seem to want to hurt us for either their own
    personal pleasure or monetary gain.

    Clark

    "Spack" <news@worldofspack.co.uk> wrote in message
    news:3h0c0jFen5ffU1@individual.net...
    >
    > "Clark" <who@whoknows.com> wrote in message
    > news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
    >>> You got an example of a website showing your internal IP?
    >>
    >> http://www.testmyfirewall.com/
    >>
    >> After I saw this I did some research and found out the address is not
    >> routable and I should not be worried. I have to turn off Active
    >> Scripting to keep it from happening and if I do that, other things don't
    >> work. Even Outlook Express has some startup script. But knowing the
    >> address is not routable does not relieve my worries about other things
    >> being done, and what can be done seems to change on a daily basis.
    >
    > That website is merely a way of getting paranoid users to pay for software
    > they don't need. It uses a simple piece of Javascript (albeit encoded) to
    > write whatever the local IP address of the machine is into the page. There
    > are many of these sites around whose sole purpose is to scare people into
    > thinking they are vulnerable when they are most likely not. It's a
    > somewhat effective form of extortion. I would encourage you not to bother
    > using that site again, and instead if you're worried to use a reputable
    > site (the problem being that the reputable ones are not widely known as
    > their reputation tends to remain within the closed circles of those who
    > work with security systems). I can highly recommend the audit system at
    > Security Space (http://www.securityspace.com/ ), you get one free standard
    > audit which does a pretty thorough job, and one of the companies I have
    > worked for has regular audits done to ensure their systems are as well
    > protected as possible (when you're running e-commerce systems 24/7 it pays
    > to ensure your systems are reliable and customer data is safe). The
    > ShieldsUp scanner at www.grc.com also used to be safe enough and would
    > return pretty accurate results, but take the rantings of the site owner
    > with a pinch of salt.
    >
    >> Many of the EULAs have disclaimers in them and then proceed to install
    >> other software that is not related to the basic installation. If you
    >> think this is acceptable, I would suggest there should be a standard EULA
    >> to protect the rights and properties of the authors and any nonstandard
    >> information be in bold type at the beginning. At least in this manner,
    >> everyone that agreed would be totally aware of what is being done. Do
    >> you remember the situation with a well known firewall program where
    >> someone selling a Firewall had decided to also install spyware in the
    >> same package?
    >
    > I don't think this is acceptable, however it's often the case that it is
    > in the EULA (a few years ago there was a raucous when a number of
    > applications included spyware/adware without warning, the most notable
    > being Gator and an ad serving program whose name escapes me for the
    > moment) but hidden away where it's easy to miss. However, this sort of
    > thing tends to be included in software that I wouldn't trust to have on my
    > system in the first place - before installing any software you are unsure
    > off (and that should be at least 99% of it) it's easy enough to search
    > around Google to see if anyone else has reported unlisted or suspect
    > software being included in the installations. It's one of the reason
    > ZoneLabs and Real software (just a couple from a long list) will never go
    > near any machine I am responsible for.
    >
    >> My original question was whether there was spyware on my computer or not.
    >> That is not being paranoid, just observant. In this situation, you said
    >> the information gathering is benign. That may be true, but I have no way
    >> of knowing. I will continue to be "paranoid" so I don't accidentally
    >> open the wrong e-mail or happen to click the wrong button on some pop up
    >> window.
    >
    > I guess I was overly harsh in my first reply. I daily have to deal with
    > people claiming that there must be spyware or a virus on their PC due to
    > various reasons when it often turns out to be something completely
    > unrelated (eg. a slow PC doesn't necessarily mean that a worm is spreading
    > emails; often due to people installing XP on a PC with only 128MB of RAM
    > and a sub 1Ghz CPU will easily do the same :P) When I saw the word spyware
    > in your post I immediately assumed you were this sort of person, and for
    > that I apologise.
    >
    > I'd suggest running at least 4 applications regularly - a reputable virus
    > scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where
    > I work for more than 6 years and we've never had an infection yet,
    > although like any AV package it will occassionally misdetect innocuous
    > programs as infected, but I'd rather it did this than allow real infected
    > ones), Ad-Aware (while occassionally missing things, it's pretty good at
    > finding and removing a large number of known malware applications,
    > www.lavasoft.de), SpyBot Search & Destroy (normally finds the things
    > Ad-Aware misses, http://www.safer-networking.org/en/index.html), and
    > HijackThis (takes a while to work out how to use it, but is good for
    > checking registry entries that are commonly affected,
    > http://www.spywareinfo.com/~merijn/). This is not a comprehensive list of
    > applications that will guarantee to protect you from everything - however,
    > it's a good start when you're unsure if you may be infected, and I tend to
    > take them with me when I fix friends PCs. Also you need to make sure you
    > keep them all up to date, and keep your machine patched. But the most
    > important thing I tell people is to never trust anything you download (or
    > your machine tries to download when you visit a site), or are sent by
    > email - do a bit of research first.
    >
    > Dan
    >
    >
  12. Archived from groups: alt.games.battlefield1942 (More info?)

    "Clark" <who@whoknows.com> wrote in message
    news:1VDqe.3515$%j7.3000@newssvr11.news.prodigy.com...
    > "I would encourage you not to bother using that site again"
    >
    > I think you miss the point. I did not go directly to the site, but was
    > sent there through another site. That is the kind thing that happens when
    > you are innocently surfing. If something malicious was going on, it would
    > have been too late. What their purpose is really doesn't matter, but the
    > fact they can do it, does. I knew about the encoded Javascript and I can
    > stop it, but if I do, I cannot even sign into my ISP's web page. You
    > didn't mention, do I have my router or firewall setup incorrectly which
    > allowed them to see the address?

    I said it's a bit of code that runs in the browser. That info is not from
    their site, it's not available to see from outside your browser. It's a
    tactic used to make you think you're vulnerable, just like the old activex
    one that made it look like your entire hard drive was visible from the net,
    when in fact it was visible only to you in the control in your browser.

    > There was an article today that mentioned there are almost 4500 versions
    > of spyware/adware out already. The prediction was that soon hackers would
    > be able to insert code into RSS feeds to infect your computer. They are
    > also using "rootkits" to hide from anti-virus programs. There was a
    > comment about arrests being made where spyware was being used for
    > corporate espionage. Do you think that company "agreed" to having the
    > spyware installed on their computer?

    No, but then again do you think companies agree to letting unhappy employees
    or staff (eg. cleaners) install software to sell info to their competitors?
    That's where most of this comes from - it's not some hidden installation of
    software that you never see, it's a deliberate circumvention of company
    security procedures. Do you think the company I used to work for agreed to
    allow a cleaner to steal one of it's laptops containing valuable customer
    data?

    > If all you are engaged in is collecting "benign" information, good for
    > you. But the rest of us need the help of expert programmers, such as
    > yourself, to help defend against those who seem to want to hurt us for
    > either their own personal pleasure or monetary gain.

    And hence the list of useful applications I provided. Those were written by
    expert programmers to do exactly what you're asking for :)

    Dan

    > Clark
    >
    > "Spack" <news@worldofspack.co.uk> wrote in message
    > news:3h0c0jFen5ffU1@individual.net...
    >>
    >> "Clark" <who@whoknows.com> wrote in message
    >> news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
    >>>> You got an example of a website showing your internal IP?
    >>>
    >>> http://www.testmyfirewall.com/
    >>>
    >>> After I saw this I did some research and found out the address is not
    >>> routable and I should not be worried. I have to turn off Active
    >>> Scripting to keep it from happening and if I do that, other things don't
    >>> work. Even Outlook Express has some startup script. But knowing the
    >>> address is not routable does not relieve my worries about other things
    >>> being done, and what can be done seems to change on a daily basis.
    >>
    >> That website is merely a way of getting paranoid users to pay for
    >> software they don't need. It uses a simple piece of Javascript (albeit
    >> encoded) to write whatever the local IP address of the machine is into
    >> the page. There are many of these sites around whose sole purpose is to
    >> scare people into thinking they are vulnerable when they are most likely
    >> not. It's a somewhat effective form of extortion. I would encourage you
    >> not to bother using that site again, and instead if you're worried to use
    >> a reputable site (the problem being that the reputable ones are not
    >> widely known as their reputation tends to remain within the closed
    >> circles of those who work with security systems). I can highly recommend
    >> the audit system at Security Space (http://www.securityspace.com/ ), you
    >> get one free standard audit which does a pretty thorough job, and one of
    >> the companies I have worked for has regular audits done to ensure their
    >> systems are as well protected as possible (when you're running e-commerce
    >> systems 24/7 it pays to ensure your systems are reliable and customer
    >> data is safe). The ShieldsUp scanner at www.grc.com also used to be safe
    >> enough and would return pretty accurate results, but take the rantings of
    >> the site owner with a pinch of salt.
    >>
    >>> Many of the EULAs have disclaimers in them and then proceed to install
    >>> other software that is not related to the basic installation. If you
    >>> think this is acceptable, I would suggest there should be a standard
    >>> EULA to protect the rights and properties of the authors and any
    >>> nonstandard information be in bold type at the beginning. At least in
    >>> this manner, everyone that agreed would be totally aware of what is
    >>> being done. Do you remember the situation with a well known firewall
    >>> program where someone selling a Firewall had decided to also install
    >>> spyware in the same package?
    >>
    >> I don't think this is acceptable, however it's often the case that it is
    >> in the EULA (a few years ago there was a raucous when a number of
    >> applications included spyware/adware without warning, the most notable
    >> being Gator and an ad serving program whose name escapes me for the
    >> moment) but hidden away where it's easy to miss. However, this sort of
    >> thing tends to be included in software that I wouldn't trust to have on
    >> my system in the first place - before installing any software you are
    >> unsure off (and that should be at least 99% of it) it's easy enough to
    >> search around Google to see if anyone else has reported unlisted or
    >> suspect software being included in the installations. It's one of the
    >> reason ZoneLabs and Real software (just a couple from a long list) will
    >> never go near any machine I am responsible for.
    >>
    >>> My original question was whether there was spyware on my computer or
    >>> not. That is not being paranoid, just observant. In this situation, you
    >>> said the information gathering is benign. That may be true, but I have
    >>> no way of knowing. I will continue to be "paranoid" so I don't
    >>> accidentally open the wrong e-mail or happen to click the wrong button
    >>> on some pop up window.
    >>
    >> I guess I was overly harsh in my first reply. I daily have to deal with
    >> people claiming that there must be spyware or a virus on their PC due to
    >> various reasons when it often turns out to be something completely
    >> unrelated (eg. a slow PC doesn't necessarily mean that a worm is
    >> spreading emails; often due to people installing XP on a PC with only
    >> 128MB of RAM and a sub 1Ghz CPU will easily do the same :P) When I saw
    >> the word spyware in your post I immediately assumed you were this sort of
    >> person, and for that I apologise.
    >>
    >> I'd suggest running at least 4 applications regularly - a reputable virus
    >> scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where
    >> I work for more than 6 years and we've never had an infection yet,
    >> although like any AV package it will occassionally misdetect innocuous
    >> programs as infected, but I'd rather it did this than allow real infected
    >> ones), Ad-Aware (while occassionally missing things, it's pretty good at
    >> finding and removing a large number of known malware applications,
    >> www.lavasoft.de), SpyBot Search & Destroy (normally finds the things
    >> Ad-Aware misses, http://www.safer-networking.org/en/index.html), and
    >> HijackThis (takes a while to work out how to use it, but is good for
    >> checking registry entries that are commonly affected,
    >> http://www.spywareinfo.com/~merijn/). This is not a comprehensive list of
    >> applications that will guarantee to protect you from everything -
    >> however, it's a good start when you're unsure if you may be infected, and
    >> I tend to take them with me when I fix friends PCs. Also you need to make
    >> sure you keep them all up to date, and keep your machine patched. But the
    >> most important thing I tell people is to never trust anything you
    >> download (or your machine tries to download when you visit a site), or
    >> are sent by email - do a bit of research first.
    >>
    >> Dan
    >>
    >>
    >
    >
  13. Archived from groups: alt.games.battlefield1942 (More info?)

    >OK, Thanks
    >
    >Clark
    >
    >"Spack" <news@worldofspack.co.uk> wrote in message
    >news:3gu6crFe81ejU1@individual.net...
    >>
    >> "Clark" <who@whoknows.com> wrote in message
    >> news:OXjqe.2387$751.1320@newssvr30.news.prodigy.com...
    >>> The link to EAGames in the drop down on the right side says "Redirect",
    >>> and on the left it says http://www.eagames.com. If I go to the site and
    >>> watch the bottom of the browser I see the WebTrendsLive address being
    >>> shown, which is how I know that what it was. The page takes a very time
    >>> to load like it was going through another site all the while the address
    >>> was flashing with something about download from WebTrendsLive.
    >>> I visited the eagames site on another computer and afterward the same
    >>> indications were in the URL address history, so it appears to happen
    >>> every time.
    >>>
    >>> Is this software a type of spyware resident on my computer or is it
    >>> something that locks onto the address and redirects every time it is
    >>> requested? The reason I call it an association, it because the eagames
    >>> site is the only one I see it with.
    >>
    >> It's purely for web stats tracking - nothing to do with spyware. There's a
    >> transparent image loaded from the WebTrendsLive stats server with the EA
    >> id on it - all it does it update their real-time tracking database (page
    >> impressions, visitor demographics, etc). There are also DoubleClick
    >> tracking items too. It's all harmless stuff. Why is it nowadays everyone
    >> immediately assumes spyware when they see something like this?
    >>
    >> Dan
    >>
    >
    Damn my daughter gets all kinds of spyware from spongbob site


    Arguing on usenet is like competing in the special
    olympics, even if you win you're still retarded.
  14. Archived from groups: alt.games.battlefield1942 (More info?)

    "Clark" <who@whoknows.com> wrote in message
    news:8l6se.2231$ks4.376@newssvr12.news.prodigy.com...
    > I appreciate you letting me know about the "trick part", I did not
    > understand that.
    >
    > But!!!
    > This was an article I saw today. Notice the part about directing traffic.
    > Sorry I did not want to post the entire article, but you get
    > the drift. If you want to read it, try http://www.techweb.com
    > "At the same time, con artists, called "phishers," who have used bogus
    > emails to lure recipients to a fake online banking or
    > merchant site to steal passwords and personal information are increasingly
    > switching to pharming, which subverts some part of the
    > Internet infrastructure.
    >
    > With pharming, malicious code is often placed on vulnerable domain name
    > systems, which then direct traffic to fraudulent websites.
    > A DNS takes the domain name typed into a browser and uses it to locate the
    > site on the Internet.
    >
    > On March 16, for example, Verisign detected an apparent pharming attack
    > that registered a 300 percent increase in probes of
    > DNS computer servers. The apparent attack coincided with users of certain
    > websites being redirected to a site that distributed
    > spyware and adware."
    >
    > Would the EAGames site be considered "vulnerable"? I have no way of
    > knowing for sure, but as I said earlier, I will remain
    > vigilant--not paranoid!

    Reading the above it appears to a more sophisticated way of adjusting DNS
    records than the old "cache poisoning" trick (which was patched long ago in
    most DNS software, but old systems may still be vulnerable).

    "Pharming" isn't down to whether the web site is vulnerable - it's the DNS
    software that's the potentially vulnerable part. Eg. When you type in
    www.eagames.com your PC uses DNS to find out the IP address associated with
    that name so it knows where to address the data packets. This relies on the
    DNS your PC talks to returning the correct data - if it instead returned an
    IP address that wasn't the one for www.eagames.com you would only realise if
    the server it resolved to had a web site that looked like the EA Games site.
    If it looked like anything else you'd be suspicious.

    "Pharming" is a technique for attacking a vulnerable DNS to change the IP
    addresses it returns - however, one thing that article neglects to mention
    is that it may take several weeks for the attack to actually affect some
    users, due to the distributed nature of DNS. If you request www.eagames.com
    then you send a request to your ISPs DNS (most of the time this is true,
    unless you manually override the DNS server addresses). Your ISPs DNS server
    will then cache that address for a time determined by the authoritative
    server (this would be the original server that relates the host name to the
    IP address, which can be found by doing a whois lookup on the domain name).
    If you request www.eagames.com again before your ISPs DNS releases it from
    cache, then it doesn't ask the original server again, it just sends you the
    IP from it's cache. "Pharming" requires the attacker to find a way to change
    the DNS records in one of 3 places

    (1) Caching DNS - only affects the users using that DNS server, and so not
    particularly effective. For widespread changing requires attacking a lot of
    DNS servers at ISPs all over the World.

    (2) DNS server that holds the original hostname to IP mapping - this will
    eventually affect everyone, but many users might not notice for a while. The
    owners of the domain name tend to spot this before anyone else and so can
    reverse the changes quickly. This is most likely what happened in the
    article text you quoted - anyone who was attempting to visit the hosts
    affected and their ISP did not have the address in cache would have been
    redirected to the bogus site.

    (3) The root servers for the top level domains - as effective as (2) because
    the requests can be directed to another DNS server (eg. when you ask for
    www.eagames.com and your ISPs DNS doesn't have it cached, it will first ask
    the root servers for the authoritative DNS server IP for .com, then ask that
    one for the DNS server IP for eagames.com), but unlikely to succeed as these
    are very well looked after. Trying this is going to be noticed very quickly
    and records restored from backups.

    "Pharming" attacks are really going to work if there's some gain as the
    result, and so will likely target DNS records for banks and credit card
    companies, as a replacement to the email spoofing ("phishing"), and instead
    of spoofing domain changes with the major registrars (which has in the past
    resulted in redirection of domains such as Amazon.com, Google.com and
    eBay.de).

    DNS cache poisoning was a much simpler way to do this, but once it became
    widely publicised it was easy to prevent. Basically, a DNS server would
    return data for a domain that it was not authoritative for, and the
    requesting server would overwrite it's cached data. This affected a wide
    range of systems back in the old days - I still remember having to clear
    caches on a couple of servers I manage and applying the patches that were
    hastily released. Most of the time it resulted in just not being able to get
    to a few sites (the most notable being when amazon.com became inaccessible
    to many people) rather than trying to actually fool people into thinking
    they were visiting the original site to hand over details.

    Whether EAGames' DNS are vulnerable, I don't know. With attacks like this
    being publicised most major registrars and ISPs should be patching systems
    pretty quickly. As I mentioned earlier, online banking is most at risk from
    something like this where it might be hard to spot that it's been done. If
    EAGames were to be attacked then I'd expect to see some dodgy spyware site
    pop up rather than a duplicate of the EAGames site with some malicious
    installer, but given EAGames' huge profile you can never rule anything out.

    "Be pure, be vigilant .... behave!". I guess that's an apt quote for the
    modern times :P

    Dan
Ask a new question

Read More

Games Video Games