Results 1 to 20 of 20
  1. #1
    baraucs is offline Private Member
    Join Date
    June 2002
    Posts
    639
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default I can't see the difference.... can you see the difference?

    Ok, I touched on this before - but either people didn't think it was a great idea or perhaps it just didn't catch people's attention. I'll try one more time here in case it was just the latter.

    I believe, as many others do - scumware is a virus.

    I also believe, that while it's catchy - the use of the term 'scumware' might not be a great idea.

    I live in Canada, so excuse my ignorance of US laws, but it would appear at least that each state has it's own definitions of what constitutes a 'virus'; and it's own penalties for those that distribute them.

    I've looked at a few exerpts from state penal codes, and I firmly believe that the vast majority of 'scumware' applications fit perfectly into the definition of a virus. A couple of snippits from California for example;

    http://www.csupomona.edu/~iit/policy...code_502.shtml

    "Computer contaminant" means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, which are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network.


    You'll notice the reference to transmitting information without intent/permission, as well as these penalities applying not only to those that would transmit what may fall under a traditional definition of a 'virus' (if indeed there is a formal definition); but those that transmit any 'computer contaminant' used for something.... 'bad'.

    What's 'bad'?

    Well, California says a computer contaminant is unlawful if it:

    Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.

    I won't beat this to death, I think you can see where I'm going with this. From my limited sampling of state penal codes they are for the most part very similar.

    So what?

    Only webmasters promoting affiliate programs have issues with 'scumware'. Who's going to empathize? If we continue to differentiate between virii and scumware, whether intentionally or not WE are making a distinction that prevents us from (or at least doesn't help us):

    - Using EXISTING legal avenues to have this virus distribution handled. There are laws in place regarding virii, try calling your local authorities and filing a 'scumware' complaint.

    There's fines, possible jail time and the hilarious possibility of scumware CEO's being banned from computer use a'la bad hacker movies. Why can't we use these 'scumware' detection scripts/etc to alert our visitors that they have a VIRUS on their computer, show them exactly how to remove it and who to contact about filing a complaint with the law for the intrusion.

    - Pressuring AV companies to include these virii in their AV definitions. Why should they now? It's not a virus - it's 'scumware'.

    This shouldn't be as hard as it sounds - if a few scumware purveyors go through criminal proceedings rather than civil court and lose, how can any Anti-Virus company deny it's a virus?

    I'd go so far as to suggest a huge show of support for the first decent AV tool that includes 'scumware' removal. I'll give them some space, wouldn't you? It'd be like ad-aware but less confusing and on-going. Maybe Norton of McAffee won't have time for us - but there's a lot of smaller companies with good tools that would probably love the opportunity for the free exposure.

    These laws were designed to protect you and are already in place, you've got the evidence and the right to demand enforcement so long as you're paying your taxes
    Why not check out some non-gaming Affiliate Programs too?

  2. #2
    Dominique's Avatar
    Dominique is offline Private Member
    Join Date
    March 2002
    Location
    The Boonies
    Posts
    4,777
    Thanks
    452
    Thanked 724 Times in 299 Posts

    Default

    Thank you for this, baraucs.

    I am going to send this on to the right lawyers.

  3. #3
    VPJunkie is offline Private Member
    Join Date
    December 1969
    Posts
    21,916
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    These are all very good points, Baraucs - perhaps we can get some more input in this thread from other sources, also.

  4. #4
    Proper is offline Public Member
    Join Date
    October 2002
    Location
    United Kingdom
    Posts
    288
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: I can't see the difference.... can you see the differenc

    Quote Originally Posted by baraucs
    I also believe, that while it's catchy - the use of the term 'scumware' might not be a great idea.
    I refer to it initially as 'spyware' to the users, they are more aware of that term.

    I would be suprised if the likes of 'gator' haven't gotten round the general legal implications by refering to their product as a 'web browser aid'. The bigger they get the more careful they will be.

    It would be interesting to see if a case could be built tho, If we could prove a particular product did more harm than good. At the end of the day if they mislead users that could be an issue. We could possibly create grief on that angle. Bad publicity would be damaging alone.

    .... hehe could be fun

    ps. What is meant by 'AV tool' I thought 'ad aware' was the one to use. I could possibly get into writing a sever side equivelent. I'd need to know what I was looking for tho. I can code but I know nothing about 'Active X' (yet). If this was for the GPWA I could certainly look into it with the help of a few others.

  5. #5
    baraucs is offline Private Member
    Join Date
    June 2002
    Posts
    639
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Just to add one thing:

    I believe these legal definitions are intentionally left vague in the penal codes as to leave enforcement up to some discretion. I do believe that once the intent of most 'scumware' was proven to the proper authorities - no defense of 'it was in the terms and conditions' would hold any ground unless the terms specifically referenced all the nasty things it did very clearly. I can't get off a murder charge by having the victim agree to it beforehand, it's still against the law. Likewise, I do not think any legalese could totally protect a scumware distributor provided the actual intent of the program was masked and could be categorized as 'bad'. (see above)
    Why not check out some non-gaming Affiliate Programs too?

  6. #6
    Breakfastman is offline Private Member
    Join Date
    October 2002
    Location
    Da Lowlands
    Posts
    217
    Thanks
    28
    Thanked 32 Times in 19 Posts

    Default

    Knowingly accesses and without permission alters....
    And that's the trick: without permission all this scumware would qualify as a virus and thus be illegal.

    However.... the scumware we're fighting mostly asks nicely if we want to install this.
    Gator offers you to remember your password, or tell the correct world-time or I don't know what they are offering , but they ask you if you want to install it.

    It's only in their terms and conditions (which of course nobody reads) that they say that they will also serve you a shitload of advertising and blah blah...

    The problem with 'scumware' is that users actually click 'yes' before it installs, andf therefore way harder to attack on legal grounds. (as far as I know you can even install KazAa without the scumware if you 'tick-off' some options during installation..)


  7. #7
    baraucs is offline Private Member
    Join Date
    June 2002
    Posts
    639
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I hear you BM, and that's the general perception I believe - but without infecting the hell out of my computer to check for myself, I don't think most disclose the actual intent of the program being installed.

    An analogy; let's say you installed quicktime to watch movies. It's free, there was a T&C you agreed to upon installation, but it's understood that the intent of the program is to watch movies.

    A few months later, Apple decides they could make more money by using Quicktime users computers as a giant P2P network instead, and silently changes the software to do just that next time you're online.

    You may have agreed to the terms at the time when you installed it, and if they read like most they probably had lingo in there designed to let them do what they want more or less as far as changes to the software.

    But there has to be a line somewhere, what if a few months later, Microsoft put them out of business and their last act was to vindictively update the sofware to format all MS operating systems next time it ran? Would users have agreed to that because they installed the software with terms that said 'we can update the terms whenever we want'?

    So... why does my precision date and time manager make something pop up ads when I'm surfing, when it's not even a browser application?

    Ok that's a stretch, but what I'm trying to say is these laws appear to be written to allow interpretation, and I would interpret most scumware as both causing damage and not disclosing their intent to end users. I'm sure that 95%+ of people of people that have installed it - whether intentionally or not - would want the sofware OFF once they knew all it did, and ould agree that it did much more (in a bad way) than disclosed when they installed it in the first place. This sentiment properly collarborated could carry weight in court when there's discretion involved.

    Many of these software companies also use technology that re-installs the software on your computer over time or on some event after it's been uninstalled from what people are saying. I don't know if there's legalities behind it, but every piece of legitimate software I've installed seems to let me end my part of the bargain by uninstalling it. If I uninstall a scumware host or scumware application and it re-installs without prompting the T&C's again, I would argue they did not have my permission to do anything at that point, and are now officially a virus in every sense.

    This is all debateable, I know - but I think if you read the penal codes for most states you'd agree there's a very good chance many scumware companies could be prosecuted at least based on the discretion the wording seems to allow. The definitions of 'computer containment' and the penalties associated with it do NOT seem to exclude scumware because they have T&C's on installation, however they DO seem to include them based on language like 'deceive' and 'wrongfully control or obtain money, property, or data'.

    If the law itself prevents the actual activity - they can't get around that by having terms that say you agree to let them break the law, no?

    I would appreciate it if people could perhaps take a run through their own state/provincial/federal laws surrounding this sort of thing, and tell me how most of this scumware would NOT be categorized as a 'virus' (remember, it doesn't have to be a 'virus' in the traditional sense to be unlawful). I say this not to be a smartass, but I'd like to see it ruled out as a possible option based on reviews of actual penal codes rather than assumptions, of which I'm making quite a few myself.
    Why not check out some non-gaming Affiliate Programs too?

  8. #8
    baraucs is offline Private Member
    Join Date
    June 2002
    Posts
    639
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    ps. What is meant by 'AV tool' I thought 'ad aware' was the one to use. I could possibly get into writing a sever side equivelent. I'd need to know what I was looking for tho. I can code but I know nothing about 'Active X' (yet). If this was for the GPWA I could certainly look into it with the help of a few others.
    Sorry proper, I didn't catch that edit at first.

    I meant Anti-Virus programs, such as McAffee and Norton Antivirus SHOULD have scumware classified as a virus and build into their virus definitions. If they did, these scumware applications wouldn't be nearly the problem they are now, as I'd imagine the number of internet users who run some sort of AV software is the majority these days. Compare that to ad-aware, which 99% of Internet users probably haven't heard of.

    Why they don't I'm not sure, but I'd imagine until there's some sort of outcry they're rather avoid potential legalities and leave it alone.

    I'm glad there's an ad-aware, but it's one more thing that your average user won't care about or bother with. If we could get just one AV company to include scumware for removal, they could get a lot of support from webmasters and use it to market their product ('removes ALL virii including scumware!'). Of course, if that becomes a good selling point, everyone will follow suit shortly after; and we'd have something people use already working for us.
    Why not check out some non-gaming Affiliate Programs too?

  9. #9
    Ace Fun's Avatar
    Ace Fun is offline Public Member
    Join Date
    May 2003
    Location
    England
    Posts
    373
    Thanks
    8
    Thanked 17 Times in 16 Posts

    Default

    The whole situation is fairly complex as there are so many different forms of computer threat. There are a few definitions that seem to be accepted by a number of people.

    Malware - a collective term for any malicious item that is installed on your computer.
    Virus - a self propagating routine that may or may not be malicious.
    Trojan- a program that is down loaded secretly or installed by mistake.
    Spyware - a type of trojan that is used to report information on a surfer.
    Scumware - I've picked this up from your board, but I understand it to be a type of trojan that changes specific url when a surfer calls them.

    There is a problem with adding trojan detection to anti-virus software. Programs like Norton (which is not very good - that's why they keep spamming) check files, but more advanced systems like the free version of AVG from www.grisoft.com pick up viruses when the trigger is activated. This doesn't slow down the computer as much and also detects polymorphic and composite viruses.

    To protect yourself you should run one good av program (more than one is worse than one). A firewall like Zonealarm from zonelabs, and keep your security updates up to date. Don't install software for the sake of it, but research it first. Also it's best to keep active-x on prompt and only OK it if you really want the item.

    SpyBot is better than adaware. It picks up the residual stuff from Alexa for example.

  10. #10
    LineResearch is offline Private Member
    Join Date
    July 2002
    Posts
    401
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    These are some great points, baraucs. You are definitely on the right track. Scumware companies have had two primary weaknesses in their case which are the central points of most lawsuits against them (1) the trademark/copyright issues, and (2) the consumer permission issue.

    This anti-virus statute line of attack focuses on the second point and it's a good attack. The scumware companies know they are weak in defending this attack which is why they spend so much PR money promoting the theme that they get people's permission for the downloads. We know its not true, but sometimes if you repeat something often enough you get people to believe black is white. To counter this, it would be nice to get even one AV company to include scumware for removal as that would re-shape public opinion into recognizing this for what it is.

    The key to any case is going to be compiling evidence of (i) actual downloads without permission and (ii) showing that when people do click to "give permission" that the scumware company has not fully disclosed everything and disclosed in a way that is realistically going to inform the consumer of what is being disclosed. Do that, and you have the potential to take the attack to the criminal level using the anti-virus statutes, fraud statutes, and destruction of property statutes. Then, all you need is a state Attorney General who wants to make a name for himself.

  11. #11
    Ace Fun's Avatar
    Ace Fun is offline Public Member
    Join Date
    May 2003
    Location
    England
    Posts
    373
    Thanks
    8
    Thanked 17 Times in 16 Posts

    Default

    There is a massive difference between self replicating malware (viruses) and programs that a user elects to install such as the Alexa toolbar. I think it would do anti-virus protection a great deal of harm if non-viral threats were thought of as viruses. Would you include as viruses server based programs that search for open ports on your computer and enter that way when they find one.

    There are already people that remove anti-virus software because they think it slows down their computer. This sort of attitude helps the spread of viruses.

  12. #12
    baraucs is offline Private Member
    Join Date
    June 2002
    Posts
    639
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    There are already people that remove anti-virus software because they think it slows down their computer. This sort of attitude helps the spread of viruses.
    Were it up to me - I would include in my virus definitions any items installed without permission that were generally accepted as having no benefit to the end user; provided most end users agreed said programs were 'virus-like'. It would seem that appeasing the majority of my customers in that case would make good business sense, no?

    I don't see how this relates to Alexa.

    The key to any case is going to be compiling evidence of (i) actual downloads without permission and (ii) showing that when people do click to "give permission" that Gator has not fully disclosed everything and disclosed in a way that is realistically going to inform the consumer of what is being disclosed. Do that, and you have the potential to take the attack to the criminal level using the anti-virus statutes, fraud statutes, and destruction of property statutes. Then, all you need is a state Attorney General who wants to make a name for himself.
    Ok then Ed, you're the law guy - is this really a stretch, or in your opinion are these 'scumware' providers already violating the statutes? I'm guessing there's got to be a bored Attorney General or two.
    Why not check out some non-gaming Affiliate Programs too?

  13. #13
    Ace Fun's Avatar
    Ace Fun is offline Public Member
    Join Date
    May 2003
    Location
    England
    Posts
    373
    Thanks
    8
    Thanked 17 Times in 16 Posts

    Default

    First off an apology. I've arrived on your boards as a newbie, and already I'm giving forth on one of my pet hates.

    My position on this is that I hate all methods of changing computer settings or software without the surfers knowledge. This includes everything from the notorious back orifice (and Microsofts eyedog trapdoor) to javascript that changes a users homepage. I've even set up a few sites to try to alert/help users, but most don't seem to care until their files get deleted by a virus.

    The term "virus" refers to malware that is distributed in a particular fashion, and sophisticated AV software doesn't look for specific files but looks for viral behaviour in the computer. This helps to detect viruses that have not been reported yet. It also detects polymorphic viruses which are able to slip past some other detection systems. To give an idea of the symbiotic relationships between viruses, the installation of the infamous Klez virus is first preceeded by the installation of the ElKern virus to disable anti-virus software.

    My Alexa reference was to a routine that was left in my computer after I had run the Alexa removal program. It tried to establish an internet connection on power up and was not detected by adaware. It was removed by spybot however.

    I think what I am trying to say is that you can't fix a broken leg by using anti-biotics, but you may want to use anti-biotics to prevent an infection setting in.

  14. #14
    techwoman's Avatar
    techwoman is offline Private Member
    Join Date
    November 2002
    Location
    nowhere
    Posts
    4,428
    Thanks
    11
    Thanked 41 Times in 31 Posts

    Default

    Ace,
    I understand how you feel

    most of my side jobs are removing these viruses and explaining to people how their home pages get changed. My biggest hate is AOL, I always try so hard to get people to get rid of it. Most of the viruses I have removed were from people who had aol. The AV tools can't scan the incomming or out going emails. I have to warn about opening emails with attachments if they are not expecting them. As well as when they say, how come my computer keeps trying to access the internet? And why is my computer running so slowly? Then when I check their system, they have spyware, as well as some usual slow downs, startup progs, defrag files and sometimes only 500mb of disk space left

    It truly is hard to educate people who have no tech expertise or savy at all so I hope that Kevin is on to something. I call it a virus too because I have seen it in action myself. My children are very tech savy, I taught them everything. They know what not to download or open and even with that, Gator got onto my computer and my daughter told me there was never even a popup asking for permission. I totaly believe her, she knows her stuff
    Techwoman

    Techwomans Casino Links
    http://www.techwomanscasinolinks.com
    Online Casino Island
    http://www.online-casino-island.com
    Real Poker Rooms
    http://www.real-poker-rooms.com
    Techwomans AllStar Casinos
    http://www.techwomans-allstarcasinos.com

  15. #15
    LineResearch is offline Private Member
    Join Date
    July 2002
    Posts
    401
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    It's not a stretch. It's all in the evidence. Everyone that runs into this stuff needs to document as much as possible even if it is just making a memo to yourself about what happend and what you saw. ID the sucmware if you can, and see if you can figure out when and how it was downloaded. Take screenshots of as much as possible. If enough people do this, patterns emerge and legal cases are made.

  16. #16
    Ace Fun's Avatar
    Ace Fun is offline Public Member
    Join Date
    May 2003
    Location
    England
    Posts
    373
    Thanks
    8
    Thanked 17 Times in 16 Posts

    Default

    Most people seem to think that viruses and trojans just come via email. A lot do still and modern viruses have their own SMTP servers. There are a lot of other transports though. ICQ, Winamp, Kazaa, Flash are just a few ot them.

    Have you tried deep deletion of temp files by the way (using deltree). I've freed off massive amounts of space like this - over 600Mb in a couple of cases and this is after windows has deleted all the files. I always wonder why Bill Gates wants to save all that stuff.

  17. #17
    VPJunkie is offline Private Member
    Join Date
    December 1969
    Posts
    21,916
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by LineResearch
    It's not a stretch. It's all in the evidence. Everyone that runs into this stuff needs to document as much as possible even if it is just making a memo to yourself about what happend and what you saw. ID the sucmware if you can, and see if you can figure out when and how it was downloaded. Take screenshots of as much as possible. If enough people do this, patterns emerge and legal cases are made.
    Thank you, Ed! k:

  18. #18
    Proper is offline Public Member
    Join Date
    October 2002
    Location
    United Kingdom
    Posts
    288
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    baraucs: cheers for clearing that up.

    Truely if norton/Mcafee was involved, 'gator' would need surgery to remove the boot!

  19. #19
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    27,839
    Thanks
    2,181
    Thanked 7,878 Times in 4,967 Posts

    Default

    If any anti-virus companies are approached....also please consider F-Prot by Frisk Software.

    I'm not sure if they would be interested in any way,, but I can vouch for their product. I run it on some of my machines, and am moving almost all of my servers to it. (They have really attractive licensing- I can license 10 boxes for less than $50- Norton for a Sever is over $800)

  20. #20
    Mary is offline Public Member
    Join Date
    June 2002
    Posts
    92
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I ran across this and thought you guys might find this interesting.

    Mary

    http://www.acts-consulting.com/spyware.pdf

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •