Thursday :: Jul 6, 2006

Et tu, Billy G?


by pessimist

There has been a great deal of discussion in the media (which includes us in the blogosphere) concerning illegal government spying of our phone conversations:

Police bypass subpoenas to get Americans' phone records
Practice raises civil liberties questions
June 21, 2006

Federal and local police across the country -- as well as some of the nation's best-known companies -- have been gathering Americans' phone records from private data brokers without subpoenas or warrants. These brokers, many of whom market aggressively across the Internet, have broken into customer accounts online, tricked phone companies into revealing information and sometimes acknowledged that their practices violate laws according to documents obtained by The Associated Press. Legal experts and privacy advocates said police reliance on private vendors who commit such acts raises civil liberties questions.

As far as I'm concerned, this is a legitimate concern, and there should be real oversight by accountable authorities to avoid abuses.

But do we have any such oversight when the spying is being done by the private sector?


Microsoft challenged with 2 spyware lawsuits
www.chinaview.cn 2006-07-04

Microsoft was hit within a week with two lawsuits claiming that its Windows Genuine Advantage (WGA) anti-piracy tool, which is downloaded by Windows as a security update, is in fact spyware.

The first lawsuit ... sought unspecified damages as well as class action status on claims that Microsoft's WGA softwaremislead users as to its true purpose, failed to obtain consent [i.e., no warrant] before installing, and transmitted data to the company's servers.

The lawsuit alleged that Microsoft's anti-piracy tool, which gathers ... such information as hard drive serial numbers — and determines whether the Windows software on the system is a legal copy, is in violation of spyware laws and the rights of consumers.

The suit says that Microsoft misled customers in that "the updates from Windows Automatic Update installed WGA 2006 Verification without specific notice to or approval from the users, even when the users sought to specifically control what was installed on their system through the Custom installation setting."

Big Brother - buy yours and make the incredibly rich even richer!

But I digress.

The first suit was filed by an individual, the second - essentially identical - was filed by a group of businesses.

While there has been much attention to the issue of just how far a government can go to protect the nation by violating your rights, there is little such talk over similar actions, as presented above, by the private sector.

Is it any less a violation of one's rights when a non-elected, private profit entity is the spy?

We say no.

The potential harm caused through the abuse of private information is much greater when there is no oversight, and businesses have been zealous in protecting their 'rights' as superior to those of mere mortals. They have successfully lobbied Bu$hCo to gut most governmental oversight of business activities.

We might - MIGHT be able to come to some kind of an understanding concerning the corporate ability to gather information on potential and current customers IF said corporate entities were responsible.

The following post indicates that Microsoft in particular is less than responsible concerning the abuse of, and through the use of, its products:


WGA Garners More Attention, All of it Bad
by Paul Thurrott
July 06, 2006

WGA Notifications is designed to display annoying pop-up alerts to users running pirated versions of Windows. But the software was also secretly phoning home to Microsoft servers every time an XP system rebooted.

And Microsoft had made WGA a critical security update on WU and AU, despite the fact that it was until recently in beta. That means millions of users inadvertently downloaded unfinished Microsoft code to their PCs without understanding what they were doing and how the software behaved.

But wait, there's more.

A group of companies and individuals have filed a second class action lawsuit against Microsoft for delivering spyware to consumers in the guise of the anti-piracy tool WGA and deceiving consumers about its intentions. The suit complains that WGA secretly communicates with Microsoft's servers and "gathers data that can easily identify individual PCs," contrary to Microsoft's assertions.

But wait, there's still more!

This week, security researchers at Sophos identified a worm called Cuebot-K that disguises itself as WGA and is spreading via AOL's instant messaging (IM) network. The worm identifies itself as "wgavn" and "Windows Genuine Advantage Validation Notification," and is installed to run each time the system boots. If the user tries to disable the worm, they're warned that doing so could result in system instability. Behind the scenes, Cuebot-K disables the Windows Firewall and opens a backdoor from which hackers could remote control the PC, steal personal information, or launch distributed denial-of-service (DDOS) attacks.
All you AOL users! Pay attention!


Worm poses as Windows Genuine Advantage
Robert Jaques, vnunet.com
04 Jul 2006

"People may think they have been sent the file from one of their AOL IM buddies, but in fact the program has no friendly intentions," said Graham Cluley, senior technology consultant at Sophos.

"Technical Windows users would not be surprised to see WGA in their list of services, and may not realise that the worm is using that name as a cloak to hide the fact that it has infected the PC.

"If users heed the false warning about removing the program, and leave it running, they will present a backdoor to hackers that could allow them to gain control over the computer."

And we worry [justifiably] about MySpace!

Microsoft doesn't usually admit they screwed up so readily:


Microsoft admits WGA cock up
Privacy Vole wonders what they were thinking of
By Nick Farrell
04 July 2006

VOLE in charge of Microsoft's privacy strategy has admitted that the outfit dropped the ball when it came to Windows Genuine Advantage anti-piracy tool.

Peter Cullen has been selected as a PR firefighter and to sooth customers who have been upset at the way that Microsoft has presented WGA. People should have patched machines. However WGA neglected the area of notifications, he admitted. He said that although the press had focused on WGA being an anti-piracy tool it was mostly about protecting the privacy of users against hackers.

The uproar among XP users, at least, was great enough for Microsoft to stop acting like the Chinese government and ease up on controlling what is on their customers' computers:


Microsoft to stop checking if Windows is pirated amid controversy
July 5, 2006

Microsoft has announced its plans to drop the part of its Windows Genuine Advantage (WGA) tool that sends data back to Microsoft saying if it is genuine or not. There has been a huge amount of controversy over that part of the application, mainly because every time your PC is booted it sends the data. If the PC is reported to be a pirated version the user is presented with numerous pop-ups and icons stating that the PC is running an illegal version of Windows.

The main problem with the tool was that it was downloaded automatically with automatic updates and then automatically installed by the computer and then periodically sent data back to Microsoft, which is what spyware does.

I happen to know from personal experience that Microsoft was doing much more than merely snooping on the users of their software.

A person of my acquaintance had a pirated copy (as I found out later) of Office, and while using it one day, suffered a crash so massive that the computer couldn't boot anymore. I spent three hours reconstructing the installation by adding missing files from another PC and rebooting, only to discover that when the icons for Office programs were clicked, the result was a pop-up ad offering 10% off the purchase of a legitimate copy of Office - on line!

Other users seem to have had to have similar experiences:


Windows vs hackers: who is a winner?
07/06/2006

WGA requires users to enter the key code that comes with every copy of Windows XP. If the code is not genuine or has been used by someone else, users are told that they do not have a licence to use XP and are invited to buy a genuine copy at a discount price, BBC News reports.

For some, the best approach to solving a problem is to use a shotgun:


Get your Mac, it's raining Trojans
AV firm tells home users to shun PCs
By Lucy Sherriff
5 July 2006

Security firm Sophos has issued a call for home computer users to ditch the Windows operating system and switch to Macs for the sake of their safety online. The call came as part of a report detailing the main trends in malicious software so far this year.
The main finding was
that all of the top ten threats to online users
targeted the Windows environment.

Such an article lends a false sense of security, for Macs also have their vulnerabilities:

Apple released updates to Mac OS X and iTunes to address security issues.

Last week, Apple issued an update to Mac OS X as version 10.4.7 and an update to the iTunes software as version 6.0.5.

Both updates address security issues.

Like casual sex, computing requires that one take seriously the extra security measures to ensure as safe an experience as possible. Use a firewall. Use anti-virus software and keep it updated!. Don't go where you know you are going to get into trouble. Don't 'go' with strangers' email attachments, etc.

I still use my PC, but I have abandoned Windows. My life has been a whole lot simpler since then. No virus panics (yes, I follow my own advice about firewalls and anti-virus software!), and I don't have to deal with those annoying pop-up ads anymore.

So give up the toys and the cartoonish graphics and find another means of getting on the Internet that won't cause you to spend more time repairing the damage than actually using the Redmond Yugo of software.

And it won't cost you so much money - a real concern in an age of Bu$hCo-sponsored job offshoring and declining purchasing power.

Copyrighted [©] source material contained in this article is presented under the provisions of Fair Use.


FAIR USE NOTICE


This article contains copyrighted material, the use of which has not always been specifically authorized by the copyright owner. I am making such material available in my efforts to advance understanding of democracy, economic, environmental, human rights, political, scientific, and social justice issues, among others. I believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material in this article is distributed without profit for research and educational purposes.

pessimist :: 8:22 AM :: Comments (21) :: TrackBack (0) :: Digg It!