denolth2
11-11-02, 02:39 PM
taken from infoworld:
SITES AGAINST PARASITES
Posted November 8, 2002 01:01 PM Pacific Time
LAST WEEK, I wrote that millions of Windows users
unwittingly installed "parasites" when setting up
music-sharing programs or other free marketing
gimmicks. Some parasite programs harvest fake sales
commissions from e-commerce sites. They can also make
your PC unreliable and crash-prone. (See
http://www.infoworld.com/articles/op/xml/02/11/04/021104opwinman.xml
.)
Many companies have banned employees from using
music-sharing programs, not just due to copyright
concerns. According to John Thornton, editor of
Hacker's Digest, 6 percent of one peer-to-peer
network's files are actually viruses. Downloads such
as Pink.mp3.vbs are displayed by the music-sharing
program without the .vbs extension, which indicates a
Visual Basic Script virus (
http://www.theregister.co.uk/content/55/22119.html ).
Merely having a policy against peer-to-peer, however,
doesn't clear up the mess that these programs quietly
added to users' hard drives. A clean sweep requires
new tools.
One of the most intriguing approaches to the problem
has been initiated by a Web site developer named
Andrew Clover. A British programmer who's fluent in
Python, PHP, and Java, Clover divides his time between
work in Germany and the United Kingdom.
Without installing anything, you can automatically test
your PC for dozens of different parasite programs at
his personal site ( http://and.doxdesk.com/parasite ).
The test requires JavaScript, which is currently
enabled in about 88 percent of browsers, according to
http://www.thecounter.com/stats . Clover encourages
visitors to copy and use the script on their own
sites, perhaps modifying it to blend with their own styles.
The script works by querying your PC for character
strings that various parasite programs insert into the
Windows Registry. Each string, known as a Class ID or
CLSID, is a globally unique hex number identifying a
single program. These numbers are generated by
GUIDgen.exe, a utility included with Microsoft Visual
C++ 4.0 and later.
Many parasites use these strings to register themselves
with Internet Explorer as a so-called Browser Helper
Object. Microsoft designed IE to allow programs such
as these to manipulate the keystrokes and activities
of the browser. This is one way parasites transmit
false e-commerce codes.
Unfortunately, Clover's test doesn't identify all
worrisome parasites. Interviewed by telephone while he
was visiting Bristol, England, Clover said, "There are
lots of parasites that don't use a Class ID at all,
and my script can't detect them."
It's my hope that a Web service can be developed that's
truly comprehensive. Users could learn valuable info
-- such as the symptoms and diagnoses Clover's site
provides on 49 parasites -- even if their machines
test clean.
Meanwhile, run the free Ad-Aware program, which
searches for and allows you to remove almost all
parasites. A helpful download page is at
http://www.pcworld.com/downloads/file_description/0,fid,7423,00.asp
. I'll have more on this next week.
Brian Livingston is a contributing editor at InfoWorld.
Send tips to brian@secretspro.com. Subscribe to Window
Manager and E-Business Secrets at www.iwsubscribe.com/newsletters.
SITES AGAINST PARASITES
Posted November 8, 2002 01:01 PM Pacific Time
LAST WEEK, I wrote that millions of Windows users
unwittingly installed "parasites" when setting up
music-sharing programs or other free marketing
gimmicks. Some parasite programs harvest fake sales
commissions from e-commerce sites. They can also make
your PC unreliable and crash-prone. (See
http://www.infoworld.com/articles/op/xml/02/11/04/021104opwinman.xml
.)
Many companies have banned employees from using
music-sharing programs, not just due to copyright
concerns. According to John Thornton, editor of
Hacker's Digest, 6 percent of one peer-to-peer
network's files are actually viruses. Downloads such
as Pink.mp3.vbs are displayed by the music-sharing
program without the .vbs extension, which indicates a
Visual Basic Script virus (
http://www.theregister.co.uk/content/55/22119.html ).
Merely having a policy against peer-to-peer, however,
doesn't clear up the mess that these programs quietly
added to users' hard drives. A clean sweep requires
new tools.
One of the most intriguing approaches to the problem
has been initiated by a Web site developer named
Andrew Clover. A British programmer who's fluent in
Python, PHP, and Java, Clover divides his time between
work in Germany and the United Kingdom.
Without installing anything, you can automatically test
your PC for dozens of different parasite programs at
his personal site ( http://and.doxdesk.com/parasite ).
The test requires JavaScript, which is currently
enabled in about 88 percent of browsers, according to
http://www.thecounter.com/stats . Clover encourages
visitors to copy and use the script on their own
sites, perhaps modifying it to blend with their own styles.
The script works by querying your PC for character
strings that various parasite programs insert into the
Windows Registry. Each string, known as a Class ID or
CLSID, is a globally unique hex number identifying a
single program. These numbers are generated by
GUIDgen.exe, a utility included with Microsoft Visual
C++ 4.0 and later.
Many parasites use these strings to register themselves
with Internet Explorer as a so-called Browser Helper
Object. Microsoft designed IE to allow programs such
as these to manipulate the keystrokes and activities
of the browser. This is one way parasites transmit
false e-commerce codes.
Unfortunately, Clover's test doesn't identify all
worrisome parasites. Interviewed by telephone while he
was visiting Bristol, England, Clover said, "There are
lots of parasites that don't use a Class ID at all,
and my script can't detect them."
It's my hope that a Web service can be developed that's
truly comprehensive. Users could learn valuable info
-- such as the symptoms and diagnoses Clover's site
provides on 49 parasites -- even if their machines
test clean.
Meanwhile, run the free Ad-Aware program, which
searches for and allows you to remove almost all
parasites. A helpful download page is at
http://www.pcworld.com/downloads/file_description/0,fid,7423,00.asp
. I'll have more on this next week.
Brian Livingston is a contributing editor at InfoWorld.
Send tips to brian@secretspro.com. Subscribe to Window
Manager and E-Business Secrets at www.iwsubscribe.com/newsletters.