Shame on Windows Secrets Newsletter

I’m a big fan of all the folks who publish the Windows Secrets Newsletter but today an article by Scott Dunn gave me chills.  Scott reviewed a number of keylogging programs under the premise of good parenting.

“Are your kids visiting sites you disapprove of, or is your schnauzer making unauthorized purchases of doggie biscuits on eBay?”

Scott did his homework on the functionality of keyloggers but neglected to understand how often these programs are used for malicious intent. In my own research, I spent a great deal of time listening to the folks at NNEDV(National Network to End Domestic Violence). If Scott had talked with anyone who deals with domestic violence he would understand just how horrible and dangerous these programs are. Their primary customers are not parents.

These programs know they’ll be used for no good and try to ease their guilt with weak warnings. They are not a replacement for proper parental supervision.  The risk and degree of pain caused by the evil use of these programs doesn’t make up for any legitimate usage.

When I was researching keyloggers to verify WinPatrol would detect them I couldn’t help but laugh at the following disclaimers.

Aside from this faux pas, I still recommend the Windows Secrets Newsletter. They’ve given some good reviews of my efforts with WinPatrol in the past. They also announced that Fred Langa is coming out of retirement and will be contributing again which was the best news in today’s newsletter.

See: Ex-Husband Gets Jail Time for Keylogger

Thanks to all my friends on Twitter who helped me figure out how to spell “faux pas”.

 

Domestic Violence and Computers

I recently mentioned that next week I’ll be speaking at a conference put on by the National Network to End Domestic Violence. Even my friends and family have been asking what the connection is between a computer geek like me and domestic violence. Unfortunately, these days computers are often are used to spy on the activities of an estranged spouse or partner.

You might think my first advice to someone who might be in danger of domestic violence would be to run out and get a spyware/keylogger detector like WinPatrol. Not so fast. The rules are a little different when there is any potential for domestic violence.



If go to the NNEDV site the first thing you’ll see is the warning above. If a computer has been comprised it could very well be dangerous and inflammatory to look for keylogging programs while connected to the internet. The folks at NNEDV recommend the following.

“If you are in danger, please try to use a safer computer that someone abusive does not have direct or remote (hacking) access to.”

Read more at http://www.nnedv.org/internetsafety.html

In fact, one of the reasons I created the portable version of WinPatrol was to help potential victims while they’re not connected to the internet. If you know someone who might be in danger a visit to NNEDV online.

Stay tuned next week for more information and perhaps some photos with my friends from NNEDV.

Conference Topics:

Bluetooth Security

WiFi Security Presenation

Keylogger included with Wall-E Online Game?

It’s always a pleasure to meet other security minded people but it’s troubling when it’s related to a new threat for our kids. My grandson Tristan went to the movies to see Disney’s new Wall-E and so did my new security friend who has the blog “Timeless Journeys”.

Unfortunately, I was pointed to a new post at Timeless Journeys by my long time friend Wayne Porter who warned me (via Twitter) about the dangers of the Wall-E online demo.

It turns out an online demo game of Wall-E from THQ may include a keylogger best known as Spyware.Ardakey according to Norton 360 and other security programs. The software is available on a server from Cachefly who confirmed their servers have not been compromised by some outside hacking. They claim to have notified THQ so it will be interesting to find out how quickly the demo is pulled and what the response will be from THQ.

For now stay clear of Wall-E unless it’s at the theater. Tristan did give the movie Wall-E “Six Thumbs Up” and can’t wait to see Beverly Hills Chichuahua. I’ll update this post as I hear more from Cachefly and THQ.

Update: The opinion today by most researchers is that this report is a false-positive and there is no danger. It's not uncommon to see false-positives for keyloggers but it's rare for security programs to point to a specifically named threat. I downloaded the U.K. Wall-E demo and WinPatrol did not find any malicious software installed.

Source:
http://www.wayneporter.com/2008/08/02/keyloggers-games/

http://www.timelessprototype.com/tpdc/blog/post/2008/08/Keylogger-Detected-in-Wall-E-Demo-PC-Game.aspx

Tristan Xavier Cook

WinPatrol 14 Enhances Keylogging Detection

I recently wrote about a local man who was jailed for felony eavesdropping after admitting he stalked his ex-wife using a key logger program. The more I researched this case and heard about others, the more enraged I became. Luckily, there is a way I can help.

While WinPatrol has always detected keylogging programs, only our PLUS version fully supported their identification and removal. Keyloggers typically hide in locations which are unknown to most startup managers like msconfig.exe. These secret locations used to be one of the features used to encourage users to upgrade to WinPatrol PLUS. It’s obvious to me that detection of keylogging software is too important to be a premium feature. The free version of WinPatrol 14.0 will now provide full support for the identification and removal of keylogging software.

In the process of testing the new version, I downloaded known keyloggers and was amused at their warnings.

I’m sure there are legitimate reasons why someone would need a keylogger program but when I read the agreements above I want to barf. When the obvious reasons these programs are used are to spy on someone without their knowledge, these agreements are pitiful. Are they suppose to free the vendor of any liability when their program is used for felony eavesdropping?

Some of these programs are built on excellent technology and this software category is well established. Many will argue that parents may need keyloggers to monitor children but I strongly recommend parents take other approaches. Visit Homeland Security’s “National Cyber Alert System” and you’ll see I’m not alone.

I’m not going to take on the whole industry but I can help folks adhere to their agreement. If someone has a keylogger on their system, our newest WinPatrol will detect it and help them remove it. For information on other new features and to download 14.0 go to http://www.winpatrol.com/upgrade.html

Detecting FBI (CIPAV) Spyware

There has been a lot of news recently about FBI software being used to install keyloggers on the computers of suspected bad guys. Declan McCullagh and Anne Broache recently interviewed many Anti-Malware companies and asked them if they would cooperate by ignoring so called Fedware.

The software was originally called “Magic Lantern” but has migrated into something called CIPAV(Computer and Internet Protocol Address Verifier). It’s actually pretty cool software if you want to trace someones activities.

Most companies claim they haven’t been asked by federal authorities to ignore CIPAV. McAfee and Microsoft refused to say if they have been contacted. It’s not really a secret that both US and British officials have had talks with Microsoft about install security backdoors in Windows. McAfee are reported to have contacted the FBI on their own to make sure they wouldn’t detect their software.

I’ve been asked if I have a policy regarding working with law enforcement. I’m all for catching the bad guys but I don’t have simple answer. By design our program will detect any intrusion. Detection in WinPatrol is not based on signature files or known bad guys. I’m pretty sure I would comply with a court order but not-detecting something would take a special new version of WinPatrol. We’re not really big enough to get the attention of the FBI so I doubt I’ll be asked for any special consideration.

Recent News:

Wired 7/18/2007 : FBI's Secret Spyware
NewsFactor 7/19/2007 : FBI Uses Spyware to Track Bomb Hoax
Wired 7/18/2007 : How Does the CIPAV Work?

FBI: How to Protect Your Computer