Archived from groups: alt.games.battlefield1942 (
More info?)
"Clark" <who@whoknows.com> wrote in message
news:1VDqe.3515$%j7.3000@newssvr11.news.prodigy.com...
> "I would encourage you not to bother using that site again"
>
> I think you miss the point. I did not go directly to the site, but was
> sent there through another site. That is the kind thing that happens when
> you are innocently surfing. If something malicious was going on, it would
> have been too late. What their purpose is really doesn't matter, but the
> fact they can do it, does. I knew about the encoded Javascript and I can
> stop it, but if I do, I cannot even sign into my ISP's web page. You
> didn't mention, do I have my router or firewall setup incorrectly which
> allowed them to see the address?
I said it's a bit of code that runs in the browser. That info is not from
their site, it's not available to see from outside your browser. It's a
tactic used to make you think you're vulnerable, just like the old activex
one that made it look like your entire hard drive was visible from the net,
when in fact it was visible only to you in the control in your browser.
> There was an article today that mentioned there are almost 4500 versions
> of spyware/adware out already. The prediction was that soon hackers would
> be able to insert code into RSS feeds to infect your computer. They are
> also using "rootkits" to hide from anti-virus programs. There was a
> comment about arrests being made where spyware was being used for
> corporate espionage. Do you think that company "agreed" to having the
> spyware installed on their computer?
No, but then again do you think companies agree to letting unhappy employees
or staff (eg. cleaners) install software to sell info to their competitors?
That's where most of this comes from - it's not some hidden installation of
software that you never see, it's a deliberate circumvention of company
security procedures. Do you think the company I used to work for agreed to
allow a cleaner to steal one of it's laptops containing valuable customer
data?
> If all you are engaged in is collecting "benign" information, good for
> you. But the rest of us need the help of expert programmers, such as
> yourself, to help defend against those who seem to want to hurt us for
> either their own personal pleasure or monetary gain.
And hence the list of useful applications I provided. Those were written by
expert programmers to do exactly what you're asking for
Dan
> Clark
>
> "Spack" <news@worldofspack.co.uk> wrote in message
> news:3h0c0jFen5ffU1@individual.net...
>>
>> "Clark" <who@whoknows.com> wrote in message
>> news:V2Cqe.2517$I14.1218@newssvr12.news.prodigy.com...
>>>> You got an example of a website showing your internal IP?
>>>
>>> http://www.testmyfirewall.com/
>>>
>>> After I saw this I did some research and found out the address is not
>>> routable and I should not be worried. I have to turn off Active
>>> Scripting to keep it from happening and if I do that, other things don't
>>> work. Even Outlook Express has some startup script. But knowing the
>>> address is not routable does not relieve my worries about other things
>>> being done, and what can be done seems to change on a daily basis.
>>
>> That website is merely a way of getting paranoid users to pay for
>> software they don't need. It uses a simple piece of Javascript (albeit
>> encoded) to write whatever the local IP address of the machine is into
>> the page. There are many of these sites around whose sole purpose is to
>> scare people into thinking they are vulnerable when they are most likely
>> not. It's a somewhat effective form of extortion. I would encourage you
>> not to bother using that site again, and instead if you're worried to use
>> a reputable site (the problem being that the reputable ones are not
>> widely known as their reputation tends to remain within the closed
>> circles of those who work with security systems). I can highly recommend
>> the audit system at Security Space (http://www.securityspace.com/ ), you
>> get one free standard audit which does a pretty thorough job, and one of
>> the companies I have worked for has regular audits done to ensure their
>> systems are as well protected as possible (when you're running e-commerce
>> systems 24/7 it pays to ensure your systems are reliable and customer
>> data is safe). The ShieldsUp scanner at www.grc.com also used to be safe
>> enough and would return pretty accurate results, but take the rantings of
>> the site owner with a pinch of salt.
>>
>>> Many of the EULAs have disclaimers in them and then proceed to install
>>> other software that is not related to the basic installation. If you
>>> think this is acceptable, I would suggest there should be a standard
>>> EULA to protect the rights and properties of the authors and any
>>> nonstandard information be in bold type at the beginning. At least in
>>> this manner, everyone that agreed would be totally aware of what is
>>> being done. Do you remember the situation with a well known firewall
>>> program where someone selling a Firewall had decided to also install
>>> spyware in the same package?
>>
>> I don't think this is acceptable, however it's often the case that it is
>> in the EULA (a few years ago there was a raucous when a number of
>> applications included spyware/adware without warning, the most notable
>> being Gator and an ad serving program whose name escapes me for the
>> moment) but hidden away where it's easy to miss. However, this sort of
>> thing tends to be included in software that I wouldn't trust to have on
>> my system in the first place - before installing any software you are
>> unsure off (and that should be at least 99% of it) it's easy enough to
>> search around Google to see if anyone else has reported unlisted or
>> suspect software being included in the installations. It's one of the
>> reason ZoneLabs and Real software (just a couple from a long list) will
>> never go near any machine I am responsible for.
>>
>>> My original question was whether there was spyware on my computer or
>>> not. That is not being paranoid, just observant. In this situation, you
>>> said the information gathering is benign. That may be true, but I have
>>> no way of knowing. I will continue to be "paranoid" so I don't
>>> accidentally open the wrong e-mail or happen to click the wrong button
>>> on some pop up window.
>>
>> I guess I was overly harsh in my first reply. I daily have to deal with
>> people claiming that there must be spyware or a virus on their PC due to
>> various reasons when it often turns out to be something completely
>> unrelated (eg. a slow PC doesn't necessarily mean that a worm is
>> spreading emails; often due to people installing XP on a PC with only
>> 128MB of RAM and a sub 1Ghz CPU will easily do the same
) When I saw
>> the word spyware in your post I immediately assumed you were this sort of
>> person, and for that I apologise.
>>
>> I'd suggest running at least 4 applications regularly - a reputable virus
>> scanner (I'm a big fan of McAfee VirusScan, it's been the AV choice where
>> I work for more than 6 years and we've never had an infection yet,
>> although like any AV package it will occassionally misdetect innocuous
>> programs as infected, but I'd rather it did this than allow real infected
>> ones), Ad-Aware (while occassionally missing things, it's pretty good at
>> finding and removing a large number of known malware applications,
>> www.lavasoft.de), SpyBot Search & Destroy (normally finds the things
>> Ad-Aware misses, http://www.safer-networking.org/en/index.html), and
>> HijackThis (takes a while to work out how to use it, but is good for
>> checking registry entries that are commonly affected,
>> http://www.spywareinfo.com/~merijn/). This is not a comprehensive list of
>> applications that will guarantee to protect you from everything -
>> however, it's a good start when you're unsure if you may be infected, and
>> I tend to take them with me when I fix friends PCs. Also you need to make
>> sure you keep them all up to date, and keep your machine patched. But the
>> most important thing I tell people is to never trust anything you
>> download (or your machine tries to download when you visit a site), or
>> are sent by email - do a bit of research first.
>>
>> Dan
>>
>>
>
>