Suspicious Icons on Desktop

Discussion in 'Computer Security' started by Sam, Apr 30, 2006.

  1. Sam

    Sam Guest

    A neighbor just called me concerning two Icons on the desktop of her
    computer. It is a Dell Dimension 8400 with windows XP Pro (SP2 and with the
    latest MS Security Updates). She also has Symantec Norton Internet
    Security, NAV 2006, and Adaware SE Plus installed.

    The two icons appeared yesterday on her computer and unfortunately she
    clicked on the first one and her computer registry was supposedly scanned
    and found some errors in her computer and recommended something to the
    effect of purchasing a registry program. I had her accomplish a properties
    on the first Icon named "Registry Cleaner" and read me the entry for the
    Target, and it was as follows:
    http:\\ad.double-click.net\clk;26983459;5531471. The second Icon named
    Registry Cleaner, had for properties, Target: C:/Program Files/Registry
    Cleaner Trial/Regclean.exe. I also had her run Adaware and it found 18
    tracking cookies and she put them in quarantine. Her NAV 2006 and Adaware
    definitions were up todate.

    At this point, I am reluctant to recommend the deletion of the Icons on the
    desktop and the removal of the Registry Cleaner Trial folder in windows
    explorer since I don't know what she has on her computer. I also ran a
    Google search but did not find any applicable information. Any suggestions
    would be very much appreciated, Sam.
    Sam, Apr 30, 2006
    #1
    1. Advertising

  2. From: "Sam" <samnewsgrp71@REMOVE THISsbcglobal.net>

    | A neighbor just called me concerning two Icons on the desktop of her
    | computer. It is a Dell Dimension 8400 with windows XP Pro (SP2 and with the
    | latest MS Security Updates). She also has Symantec Norton Internet
    | Security, NAV 2006, and Adaware SE Plus installed.
    |
    | The two icons appeared yesterday on her computer and unfortunately she
    | clicked on the first one and her computer registry was supposedly scanned
    | and found some errors in her computer and recommended something to the
    | effect of purchasing a registry program. I had her accomplish a properties
    | on the first Icon named "Registry Cleaner" and read me the entry for the
    | Target, and it was as follows:
    | http:\\ad.double-click.net\clk;26983459;5531471. The second Icon named
    | Registry Cleaner, had for properties, Target: C:/Program Files/Registry
    | Cleaner Trial/Regclean.exe. I also had her run Adaware and it found 18
    | tracking cookies and she put them in quarantine. Her NAV 2006 and Adaware
    | definitions were up todate.
    |
    | At this point, I am reluctant to recommend the deletion of the Icons on the
    | desktop and the removal of the Registry Cleaner Trial folder in windows
    | explorer since I don't know what she has on her computer. I also ran a
    | Google search but did not find any applicable information. Any suggestions
    | would be very much appreciated, Sam.
    |



    If neighbor is using any version of Sun Java that is prior to JRE Version 5.0,
    then you are strongly urged to remove any/all versions that are prior to JRE
    Version 5.0. There are vulnerabilities in them and they are actively being exploited.
    It is possible that is how you got infected with malware.

    Therefore, it is highly suggested that if there are any prior versions of Sun Java
    to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
    be installed ASAP.

    Simple check, look under...
    C:\Program Files\Java

    The only folder under that folder should be the latest version...

    C:\Program Files\Java\jre1.5.0_06


    http://www.java.com/en/download/manual.jsp





    For non-viral malware...

    Please download, install and update the following software...

    * SpyBot Search and Destroy v1.4
    http://security.kolla.de/
    http://www.safer-networking.org/microsoft.en.html

    * SuperAntiSpyware
    http://www.superantispyware.com/superantispywarefreevspro.html

    After the software is updated, I suggest scanning the system in Safe Mode.

    I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
    that may be on the PC.

    * BHODemon

    http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

    For viral malware...

    * Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode.
    This way all the components can be downloaded from each AV vendor's web site.
    The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file. http://www.ik-cs.com/multi-av.htm

    Additional Instructions:
    http://pcdid.com/Multi_AV.htm


    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Apr 30, 2006
    #2
    1. Advertising

  3. Sam wrote:
    [compromised system, some pseudo-security software]

    1. Where's the problem? The system was compromised, so it should be
    flattened and rebuilt.
    2. There is no such thing like "tracking cookies" with proper configuration.
    Sebastian Gottschalk, May 1, 2006
    #3
  4. Sam

    Sam Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:JPa5g.9063$Un3.8968@trnddc05...
    > From: "Sam" <samnewsgrp71@REMOVE THISsbcglobal.net>
    >
    > | A neighbor just called me concerning two Icons on the desktop of her
    > | computer. It is a Dell Dimension 8400 with windows XP Pro (SP2 and with
    > the
    > | latest MS Security Updates). She also has Symantec Norton Internet
    > | Security, NAV 2006, and Adaware SE Plus installed.
    > |
    > | The two icons appeared yesterday on her computer and unfortunately she
    > | clicked on the first one and her computer registry was supposedly
    > scanned
    > | and found some errors in her computer and recommended something to the
    > | effect of purchasing a registry program. I had her accomplish a
    > properties
    > | on the first Icon named "Registry Cleaner" and read me the entry for the
    > | Target, and it was as follows:
    > | http:\\ad.double-click.net\clk;26983459;5531471. The second Icon named
    > | Registry Cleaner, had for properties, Target: C:/Program Files/Registry
    > | Cleaner Trial/Regclean.exe. I also had her run Adaware and it found 18
    > | tracking cookies and she put them in quarantine. Her NAV 2006 and
    > Adaware
    > | definitions were up todate.
    > |
    > | At this point, I am reluctant to recommend the deletion of the Icons on
    > the
    > | desktop and the removal of the Registry Cleaner Trial folder in windows
    > | explorer since I don't know what she has on her computer. I also ran a
    > | Google search but did not find any applicable information. Any
    > suggestions
    > | would be very much appreciated, Sam.
    > |
    >
    >
    >
    > If neighbor is using any version of Sun Java that is prior to JRE Version
    > 5.0,
    > then you are strongly urged to remove any/all versions that are prior to
    > JRE
    > Version 5.0. There are vulnerabilities in them and they are actively
    > being exploited.
    > It is possible that is how you got infected with malware.
    >
    > Therefore, it is highly suggested that if there are any prior versions of
    > Sun Java
    > to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0
    > Update 6
    > be installed ASAP.
    >
    > Simple check, look under...
    > C:\Program Files\Java
    >
    > The only folder under that folder should be the latest version...
    >
    > C:\Program Files\Java\jre1.5.0_06
    >
    >
    > http://www.java.com/en/download/manual.jsp
    >
    >
    >
    >
    >
    > For non-viral malware...
    >
    > Please download, install and update the following software...
    >
    > * SpyBot Search and Destroy v1.4
    > http://security.kolla.de/
    > http://www.safer-networking.org/microsoft.en.html
    >
    > * SuperAntiSpyware
    > http://www.superantispyware.com/superantispywarefreevspro.html
    >
    > After the software is updated, I suggest scanning the system in Safe Mode.
    >
    > I also suggest downloading, installing and updating BHODemon for any
    > Browser Helper Objects
    > that may be on the PC.
    >
    > * BHODemon
    >
    > http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d
    >
    > For viral malware...
    >
    > * Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE to
    > go through your
    > FireWall to allow it to download the needed AV vendor related files.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in
    > Normal Mode.
    > This way all the components can be downloaded from each AV vendor's web
    > site.
    > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
    > Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files
    > or you can
    > download the files and perform a scan in Normal Mode. Once you have
    > downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into
    > Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want
    > to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal
    > Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more
    > comprehensive PDF help
    > file. http://www.ik-cs.com/multi-av.htm
    >
    > Additional Instructions:
    > http://pcdid.com/Multi_AV.htm
    >
    >
    > * * * Please report back your results * * *
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >


    David, thanks very much for your reply and information. I forgot about the
    Sun Java program updates!! Will get my neighbor to install the latest Sun
    Java program and install the additional malware programs. Will keep you
    posted. Thanks again, Sam.


    >
    Sam, May 1, 2006
    #4
  5. Sam

    Jim Watt Guest

    On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk
    <> wrote:

    >Sam wrote:
    >[compromised system, some pseudo-security software]
    >
    >1. Where's the problem? The system was compromised, so it should be
    >flattened and rebuilt.


    Nonsense

    >2. There is no such thing like "tracking cookies" with proper configuration.


    More nonsense

    Follow the advice of David Lipman he has a clue.

    Her computer has aquired some software that pretends to be
    anti-spyware / a registry 'cleaner' - get rid of it.

    A good commercial product to do this is Spyware Doctor from

    http://www.pctools.com/
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, May 1, 2006
    #5
  6. Sam

    Notan Guest

    Jim Watt wrote:
    >
    > On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk
    > <> wrote:
    >
    > >Sam wrote:
    > >[compromised system, some pseudo-security software]
    > >
    > >1. Where's the problem? The system was compromised, so it should be
    > >flattened and rebuilt.

    >
    > Nonsense
    >
    > >2. There is no such thing like "tracking cookies" with proper configuration.

    >
    > More nonsense
    >
    > Follow the advice of David Lipman he has a clue.
    >
    > Her computer has aquired some software that pretends to be
    > anti-spyware / a registry 'cleaner' - get rid of it.
    >
    > A good commercial product to do this is Spyware Doctor from
    >
    > http://www.pctools.com/


    This week, CompUSA is offering Spyware Doctor for $9.99 (with rebates).

    Notan
    Notan, May 1, 2006
    #6
  7. Notan wrote:
    > Jim Watt wrote:
    >> On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk
    >> <> wrote:
    >>
    >>> Sam wrote:
    >>> [compromised system, some pseudo-security software]
    >>>
    >>> 1. Where's the problem? The system was compromised, so it should be
    >>> flattened and rebuilt.

    >> Nonsense


    It's good that this troll is already filtered out.

    Anyway, even some guys at Microsoft know that old and ever-lasting mantra.

    <http://www.microsoft.com/technet/security/secnews/articles/gothacked.mspx>:
    | The only way to clean a compromised system is to flatten and rebuild.

    And with at least some common sense you'd understand why this is so.

    >>> 2. There is no such thing like "tracking cookies" with proper configuration.

    >> More nonsense


    Once again, stupidity is no argument.

    A "tracking cookie" is merely a cookie used for interdomain tracking by
    utilizing the "domain" attribute in HTTP Cookie header. Without
    interpretation the tracking doesn't work, and interpretation is
    controlled by the webbrowser.

    Even the common-as-such-misused webbrowser IE has disabled that by
    default (even though can be circumvented by a dishonest P3P policy file)
    and about any real webbrowser has disabled it as well without any
    circumvention.

    BTW, who would be so stupid and save any cookie permanently? Someone has
    seriously fucked up his settings!

    >> A good commercial product to do this is Spyware Doctor


    Hm... this shit doesn't even install. And if beaten to work it only
    produces a big load of false alarm and technical nonsense.
    Sebastian Gottschalk, May 1, 2006
    #7
  8. Sam

    Jim Watt Guest

    On Mon, 01 May 2006 14:29:51 +0200, Sebastian Gottschalk
    <> wrote:

    <garble snipped>

    >BTW, who would be so stupid and save any cookie permanently?


    Perhaps you should read about the purpose of cookies and you
    will find an answer to that question.

    >>> A good commercial product to do this is Spyware Doctor

    >
    >Hm... this shit doesn't even install. And if beaten to work it only
    >produces a big load of false alarm and technical nonsense.


    Ah a 'security expert' who does not understand cookies
    can't install a simple program, or write coherent English.

    Thank you for time.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, May 1, 2006
    #8
  9. Sam

    DRosen Guest

    Jim Watt wrote:

    > >BTW, who would be so stupid and save any cookie permanently?

    >
    > Perhaps you should read about the purpose of cookies and you
    > will find an answer to that question.


    What do you imagine you can accomplish with a permanent cookie that
    can't be acomplished in a more secure way with only a little more work,
    by only allowing cookies to exist temporarily?

    > >>> A good commercial product to do this is Spyware Doctor

    > >
    > >Hm... this shit doesn't even install. And if beaten to work it only
    > >produces a big load of false alarm and technical nonsense.

    >
    > Ah a 'security expert' who does not understand cookies
    > can't install a simple program, or write coherent English.


    I don't see where he said anything like that Jim. Sorry.
    DRosen, May 1, 2006
    #9
  10. DRosen wrote:
    > Jim Watt wrote:
    >
    >>> BTW, who would be so stupid and save any cookie permanently?

    >> Perhaps you should read about the purpose of cookies and you
    >> will find an answer to that question.

    >
    > What do you imagine you can accomplish with a permanent cookie that
    > can't be accomplished in a more secure way with only a little more work,
    > by only allowing cookies to exist temporarily?


    The purpose of permanent cookies is to _intentionally_ store
    credentials. There's absolutely no need to permanently store any random
    cookie.

    >> can't install a simple program


    I could, but as the program demands file access beyond reasonablity, I
    won't do so. A wonderful 'security program' that needs to break security
    to start operating...

    > or write coherent English.


    English is not my native language.

    > I don't see where he said anything like that Jim. Sorry.


    There's no need to discuss, Jim is a moron that ended up in my killfile
    a long time ago. For stupidities as seen above.
    Sebastian Gottschalk, May 1, 2006
    #10
  11. Sam

    DRosen Guest

    Sebastian Gottschalk wrote:

    > >>> BTW, who would be so stupid and save any cookie permanently?
    > >> Perhaps you should read about the purpose of cookies and you
    > >> will find an answer to that question.

    > >
    > > What do you imagine you can accomplish with a permanent cookie that
    > > can't be accomplished in a more secure way with only a little more work,
    > > by only allowing cookies to exist temporarily?

    >
    > The purpose of permanent cookies is to _intentionally_ store
    > credentials. There's absolutely no need to permanently store any random
    > cookie.


    There's no valid reason for permanently storing credentials, in fact by
    doing so those credentials are invalidated. The whole idea behind
    supplying credentials is to verify your identity, and by having them
    stored so that they can be used by anyone that validation no longer
    exists.

    > >> can't install a simple program

    >
    > I could, but as the program demands file access beyond reasonablity, I
    > won't do so. A wonderful 'security program' that needs to break security
    > to start operating...


    This would not be a cookie problem, but a browser or some problem with
    other software. You'd first have to install the program, which isn't
    difficult at all. But getting it to run is another story. Not possible
    unoless you've compromised something else and managed to take over the
    flow of instruction execution and pointed it to the "cookie" you
    installed. The exact same thing could be done with a "graphic" file
    that's really a renamed executable, or any other file you could get
    placed on the machine in a cache or temp directory.
    DRosen, May 1, 2006
    #11
  12. DRosen wrote:

    > There's no valid reason for permanently storing credentials, in fact by
    > doing so those credentials are invalidated. The whole idea behind
    > supplying credentials is to verify your identity, and by having them
    > stored so that they can be used by anyone that validation no longer
    > exists.


    The cookies are stored in the local user's account profile, so no one
    else (except for the admin if the machine isn't yours, but then you're
    fucked anyway) can use them.

    >>>> can't install a simple program

    >> I could, but as the program demands file access beyond reasonablity, I
    >> won't do so. A wonderful 'security program' that needs to break security
    >> to start operating...

    >
    > This would not be a cookie problem, but a browser or some problem with
    > other software.


    This was about intentionally installing a pseudo-legitimate "spyware
    scanner" for auditing the user's account. As the user has full read
    access to all relevant data, there'd be no need for this program to
    demand any additional privileges - but even the installer does! This is
    a LUA problem, a big disgrace for a so-called security software.
    Sebastian Gottschalk, May 1, 2006
    #12
  13. Sam

    Jim Watt Guest

    On Mon, 01 May 2006 17:37:12 +0200, Sebastian Gottschalk
    <> wrote:

    >The purpose of permanent cookies is to _intentionally_ store
    >credentials. There's absolutely no need to permanently store any random
    >cookie.


    Nonsense.

    A cookie is a means of providing state to a web server which is
    essentially a stateless environment. Thats what it does, They are
    either valid for a session, for a time or permanent.

    >>> can't install a simple program

    >
    >I could, but as the program demands file access beyond reasonablity,


    Absolute nonsense.

    >I won't do so.


    Your choice, its a good program. If you have any complaints take it
    up with the authors. I just use it - regularly and successfully.

    >A wonderful 'security program' that needs to break security to start operating...


    So you say.

    >> or write coherent English.

    >
    >English is not my native language.


    That pretty clear. And computers are not your subject either

    But when you can't answer questions properly don't post missleading
    rubbish that confuses those who ask for help.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, May 1, 2006
    #13
  14. Sam

    DRosen Guest

    Jim Watt wrote:
    > On Mon, 01 May 2006 17:37:12 +0200, Sebastian Gottschalk
    > <> wrote:
    >
    > >The purpose of permanent cookies is to _intentionally_ store
    > >credentials. There's absolutely no need to permanently store any random
    > >cookie.

    >
    > Nonsense.
    >
    > A cookie is a means of providing state to a web server which is
    > essentially a stateless environment. Thats what it does, They are
    > either valid for a session, for a time or permanent.


    This is made up rubbish. Cookies and statefulness are about as related
    as a stop light is related to the whole of traffic law. Sure that
    traffic light is a subset (and stateful), but there's a whole world of
    ideas and possibilities that "stateful" doesn't cover.

    Cookies CAN provide state, but they can also hold working snippits of
    code, raw data that's entirely stateless, and just about anything a web
    browser can know about you or calculate from that information.

    Also, cookies don't necessarily have to live for an entire session
    either.

    RE: Jim's statement concerning cookies and installing programs:
    > >>> can't install a simple program

    > >
    > >I could, but as the program demands file access beyond reasonablity,

    >
    > Absolute nonsense.


    It's entirely possible to store working code in a cookie as data. You
    can even read that code back and execute it, or retransmit that code to
    the browser and have it executed on the user end assuming the user
    allows it.

    Executing it outside those guidelines would be another matter.
    DRosen, May 1, 2006
    #14
  15. DRosen wrote:

    > Cookies CAN provide state, but they can also hold working snippits of
    > code, raw data that's entirely stateless, and just about anything a web
    > browser can know about you or calculate from that information.


    All right, but the main purpose is to provide a state beyond session and
    domain. And the few useless application from the view of a user are
    login states and sometimes configuration data. Anything else can and
    should be done without cookies, f.e. per-session-tracking using a
    session-id in the URL.

    > RE: Jim's statement concerning cookies and installing programs:
    >>>>> can't install a simple program
    >>> I could, but as the program demands file access beyond reasonablity,

    >> Absolute nonsense.

    >
    > It's entirely possible to store working code in a cookie as data.


    This part of the discussion is not related to cookies. It's related to a
    certain stupid spyware scanner that has a LUA problem.
    Sebastian Gottschalk, May 1, 2006
    #15
  16. Sam

    Jim Watt Guest

    On 1 May 2006 11:34:44 -0700, "DRosen" <> wrote:

    >
    >Jim Watt wrote:
    >> On Mon, 01 May 2006 17:37:12 +0200, Sebastian Gottschalk
    >> <> wrote:
    >>
    >> >The purpose of permanent cookies is to _intentionally_ store
    >> >credentials. There's absolutely no need to permanently store any random
    >> >cookie.

    >>
    >> Nonsense.
    >>
    >> A cookie is a means of providing state to a web server which is
    >> essentially a stateless environment. Thats what it does, They are
    >> either valid for a session, for a time or permanent.

    >
    >This is made up rubbish.


    No, you just don't understand.

    Buy the book 'Cookies' by Simon St Laurent and you might

    ISBN 0-07-050498-9

    http://www.amazon.com/gp/product/0070504989

    available for only $2.24 although it cost me $34.95

    Introduction:

    The Importance of Maintaining State

    Cookies address a major deficiency in the structure of the World
    Wide Web.

    When the Web first arrived, it seemed like a glorious new way to
    communicate. Hypertext Markup Language (HTML) was simple, clean,
    and easy to learn.

    Setting up a Web server was a minor challenge for a UNIX system
    administrator, but creating sites was easy. Hyperlinks gave
    developers a new way to connect and organize information cleanly,
    without layered menuing systems or difficult lookups.

    Documents could cross international boundaries with ease, without
    the need for onerous password systems, expensive application
    programs, and impossible file directory structures. It was all
    amazingly easy, deliberately simplified to the point that the
    average high school student could create an extensive site in a
    weekend.









    Cookies and statefulness are about as related
    >as a stop light is related to the whole of traffic law. Sure that
    >traffic light is a subset (and stateful), but there's a whole world of
    >ideas and possibilities that "stateful" doesn't cover.
    >
    >Cookies CAN provide state, but they can also hold working snippits of
    >code, raw data that's entirely stateless, and just about anything a web
    >browser can know about you or calculate from that information.
    >
    >Also, cookies don't necessarily have to live for an entire session
    >either.
    >
    >RE: Jim's statement concerning cookies and installing programs:
    >> >>> can't install a simple program
    >> >
    >> >I could, but as the program demands file access beyond reasonablity,

    >>
    >> Absolute nonsense.

    >
    >It's entirely possible to store working code in a cookie as data. You
    >can even read that code back and execute it, or retransmit that code to
    >the browser and have it executed on the user end assuming the user
    >allows it.
    >
    >Executing it outside those guidelines would be another matter.


    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, May 1, 2006
    #16
  17. Sam

    Jim Watt Guest

    On Mon, 01 May 2006 22:33:41 +0200, Sebastian Gottschalk
    <> wrote:

    >This part of the discussion is not related to cookies. It's related to a
    >certain stupid spyware scanner that has a LUA problem.


    I suggest you communicate your thoughts with PCtools so they can help
    make their products idiot proof.

    For the rest of us it works fine, comes with regular updates and
    gets rid of Spyaxe, which is why I bought it.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, May 1, 2006
    #17
  18. Jim Watt wrote:

    > On Mon, 01 May 2006 14:29:51 +0200, Sebastian Gottschalk
    > <> wrote:
    >
    > <garble snipped>
    >
    >>BTW, who would be so stupid and save any cookie permanently?

    >
    > Perhaps you should read about the purpose of cookies and you will find
    > an answer to that question.


    Perhaps YOU should back up your own blathering for a change. Why don't
    you start with "Amazon" and see just how fast you get shot to hell.

    <LAUGHING>

    Comeon Jimmykins, tell the class all about how it's so much BETTER to have
    permanent cookies laying around when you can accomplish the same thing by
    allowing them temporarily then deleting them. Oh wait..... that means you
    have to ***gasp!*** type in things like your user names and stuff, huh?

    Go ahead and be a lazy sot. See if anyone but the bad guys really cares.

    >
    >>>> A good commercial product to do this is Spyware Doctor

    >>
    >>Hm... this shit doesn't even install. And if beaten to work it only
    >>produces a big load of false alarm and technical nonsense.

    >
    > Ah a 'security expert' who does not understand cookies can't install a
    > simple program, or write coherent English.


    Who in the HELL said anything about cookies "installing" anything you
    illiterate halfwit?

    Gottschalk might be a loud mouthed prat whose completely full of shit
    about 2/3 of the time, but even though English is obviously a second
    language for him he can follow a simple conversation better than you.

    Not to mention he has the courage to defend his idiocy rather that
    tuck tail and running like a coward when he's smacked in the head with
    common sense. Isn't that right Mr "I got a phishing email so the only
    POSSIBLE answer is Amazon is OWNED!"?

    Whata friggin moron......
    Borked Pseudo Mailed, May 2, 2006
    #18
  19. Sam

    zadoc Guest

    On Mon, 01 May 2006 10:14:44 +0200, Jim Watt <_way>
    wrote in <> :

    |>On Mon, 01 May 2006 01:40:24 +0200, Sebastian Gottschalk
    |><> wrote:
    |>
    |>>Sam wrote:
    |>>[compromised system, some pseudo-security software]
    |>>
    |>>1. Where's the problem? The system was compromised, so it should be
    |>>flattened and rebuilt.
    |>
    |>Nonsense
    |>
    |>>2. There is no such thing like "tracking cookies" with proper configuration.
    |>
    |>More nonsense
    |>
    |>Follow the advice of David Lipman he has a clue.
    |>
    |>Her computer has aquired some software that pretends to be
    |>anti-spyware / a registry 'cleaner' - get rid of it.
    |>
    |>A good commercial product to do this is Spyware Doctor from
    |>
    |>http://www.pctools.com/

    I have heard some good reports on this product.

    On the other hand, I see some difficulties with it, some of which
    I would rate as severe difficulties.

    Firstly, and most obviously, the "trialware" program claims to
    spot many potential difficulties, yet requires "registration" to
    download the program and clear those problems.

    This is highly, even terminally, illogical, of course! How can
    I, in Australia, order the program on the net when one of the
    unidentified problem infections might be a keylogger?

    Which means that if I download the program and pay for it with
    credit card one of the potential problem programs can
    automatically steal all of these details?

    .....And, of course, identity theft is one of the rapidly
    increasing problems on the net.

    So the first problem, for me, is how do I know which of the
    "problem programs" listed might be a keylogger.


    Secondly, although they do list an Australian representative
    there is no phone number contact, so cannot order or pay for
    "Spyware Doctor" over the phone without making an international
    call to the USA.

    Thirdly, once call up info on the product, there doesn't seem to
    be any way to close down the contact to their website.

    Why should this be the case?

    Fourthly, although their "network administrator" [---or team---]
    invites questions on the product, they apparently require name,
    email address, and country.

    Were I to purchase their product, which does look pretty good on
    reports I have heard, I would obviously have to provide actual
    name, address, account name, credit card number, expiry date,
    etc.

    .....But, again logically, if their sample product indicates four
    infections, there is no way I am going to provide the above over
    the net even on a supposedly "secure" connection, as a keylogger
    can provide all of this info _en clair_ [in clear] no matter how
    good my security or their security.

    Just as clearly as if some stranger were looking over my shoulder
    if slowly entered the data.

    Fifthly, they don't say what the difference is between the
    supposedly "full featured" program and the "lite version".

    [Is "lite" supposed to mean "light"? Perhaps have been away from
    the US too long. :)]

    Sixthly, although an Australian dealer is listed, there is no
    phone number listed. [Or even a fax or email address, both of
    which would be pretty useless for reasons listed above.]

    Seventhly, even if decide to take the risks and download the
    "full featured" version of the program, will obviously have to
    provide actual name, email address, credit card number, expiry
    date, and so on.

    However, why should I have to provide any other personal details
    if can find some local retail outlet? Nearest one who _might_
    stock it is around 60 miles up the track.

    Seldom deal with them these days, as even when get over there
    they apparently not satisfied with my international credit card
    details.

    Name, card number, expiry date, signature. Which all my credit
    cards have.

    No address, no phone number, no personal details, no photo, and
    so on.

    Now if that isn't good enough for them, and it is with most other
    retailers, personally or online, why should I bother to deal with
    them at all?

    For anything??? If they don't trust me, why should I trust
    them???

    Same seems to apply to "Spy ware Doctor". I don't know what info
    they will demand if I order their product, but I don't consider
    it any of their damned business to ask for other information.

    However, have written an even longer post to their "network
    administrator" and/or "sales team.

    If anyone on this group is interested, they should feel free to
    post messages on the group and we can all discuss such security
    risks as companies demanding names and addresses before the
    product is even purchased.

    All replies to group, please, at least initially.
    zadoc, May 2, 2006
    #19
  20. Sam

    zadoc Guest

    On Mon, 01 May 2006 23:58:57 +0200, Jim Watt <_way>
    wrote in <> :

    |>On 1 May 2006 11:34:44 -0700, "DRosen" <> wrote:
    |>
    |>>
    |>>Jim Watt wrote:
    |>>> On Mon, 01 May 2006 17:37:12 +0200, Sebastian Gottschalk
    |>>> <> wrote:
    |>>>
    |>>> >The purpose of permanent cookies is to _intentionally_ store
    |>>> >credentials. There's absolutely no need to permanently store any random
    |>>> >cookie.
    |>>>
    |>>> Nonsense.
    |>>>
    |>>> A cookie is a means of providing state to a web server which is
    |>>> essentially a stateless environment. Thats what it does, They are
    |>>> either valid for a session, for a time or permanent.
    |>>
    |>>This is made up rubbish.
    |>
    |>No, you just don't understand.
    |>
    |>Buy the book 'Cookies' by Simon St Laurent and you might
    |>
    |>ISBN 0-07-050498-9
    |>
    |>http://www.amazon.com/gp/product/0070504989
    |>
    |>available for only $2.24 although it cost me $34.95
    |>
    |>Introduction:
    |>
    |>The Importance of Maintaining State
    |>
    |>Cookies address a major deficiency in the structure of the World
    |>Wide Web.
    |>
    |>When the Web first arrived, it seemed like a glorious new way to
    |>communicate. Hypertext Markup Language (HTML) was simple, clean,
    |>and easy to learn.
    |>
    |>Setting up a Web server was a minor challenge for a UNIX system
    |>administrator, but creating sites was easy. Hyperlinks gave
    |>developers a new way to connect and organize information cleanly,
    |>without layered menuing systems or difficult lookups.
    |>
    |>Documents could cross international boundaries with ease, without
    |>the need for onerous password systems, expensive application
    |>programs, and impossible file directory structures. It was all
    |>amazingly easy, deliberately simplified to the point that the
    |>average high school student could create an extensive site in a
    |>weekend.
    |>
    |>>
    |>Cookies and statefulness are about as related
    |>>as a stop light is related to the whole of traffic law. Sure that
    |>>traffic light is a subset (and stateful), but there's a whole world of
    |>>ideas and possibilities that "stateful" doesn't cover.
    |>>
    |>>Cookies CAN provide state, but they can also hold working snippits of
    |>>code, raw data that's entirely stateless, and just about anything a web
    |>>browser can know about you or calculate from that information.

    Well, Jim, anyone who is concerned in any way with "security"
    issues, is likely to be concerned about "cookies".

    Sorry, but, that is just the way it is.

    When the Pentium chips 3 & 4 came out it was eventually revealed
    that the chips themselves contained a unique and transmissible
    security code.

    I can see the need for this in some ways, if the supplier of my
    current system explains it.

    However, just as no one bothered to explain the need [or even
    desirability!!] of "cookies", suppliers were very quiet about the
    "need" for a unique identifier on a Pentium Chip.

    Already had one of my systems ordered when a newspaper article
    alerted me to the risk and assured me that Dell had "turned off"
    the option on the current issue of their systems.

    Personally, was highly upset that they hadn't even mentioned the
    point in their advertising.

    Called the company, insisted to speak to a senior engineer,
    raised hell about unauthorized identification of any poster to a
    newsgroup, told him that unless he could assure me that the
    option was indeed "off" in all programs then they could cancel
    the order and would get another system from another supplier.

    From my point of view, the objection is _NOT_ that an individual
    computer or individual user can be identified.

    That is almost as obvious as balls on a kangaroo.

    How long do you think that ISPs maintain records for law
    enforcement applications?

    My guess would be around seven years.

    Do I care? Nope, am not breaking any laws.

    What I _DO_ care about is "data mining". What I buy, what books
    I read, what programs or electronic bits I order, or anything
    that indicates anything about my wife and I. It is simply none
    of their damned business.

    Especially when just inquiring about their product, as in the
    case of

    Even something so harmless as ordering tomato juice by the
    case....which we don't, incidentally.

    When I am interested in a program, I may seek more info on it,
    but it irritates the hell out of me if when I ask a question they
    demand my actual name and email address, let alone further info
    such as postal address, phone number, and so on.

    Hell, when I left the US, it was possible to meet someone without
    providing a multitude of personal details.

    Meeting fellow Americans for the past few years seems to involve
    such intimate details as "What do you do for a living?" "How
    much money do you make?" "Married or single?" If married, names
    and ages of kids. Names and ages of kids pets. What brand of
    dog, cat, bird food [etc] they eat.... and so on.

    What I find interesting is that only seem to get such questions
    from Americans or Germans.

    In Australia, people are only interested in your personality,
    basically. Not, as in England, which school you attended. Not,
    as in the USA how much money you make.

    If computer suppliers, program suppliers, etc. had been more "up
    front" about the supposed reason for "cookies" or "unique chip
    ID" then perhaps some of us wouldn't have minded.

    A few years ago, if you, or another visitor, were a personal
    guest in my home, or even a visitor, and I was on the phone, you
    might have asked that I toss you my wallet so you could see the
    latest picture of my [non-existent] cocker spaniel pup.

    Or wanted to go out to buy some cigarettes and wanted my keys to
    the door, or even a small loan to buy the cigs.

    Ten or twenty years ago, maybe. Not today.

    Could trust retailers 20 years ago too, but not today.

    Things clearer now?

    Cheers,







    |>>
    |>>Also, cookies don't necessarily have to live for an entire session
    |>>either.
    |>>
    |>>RE: Jim's statement concerning cookies and installing programs:
    |>>> >>> can't install a simple program
    |>>> >
    |>>> >I could, but as the program demands file access beyond reasonablity,
    |>>>
    |>>> Absolute nonsense.
    |>>
    |>>It's entirely possible to store working code in a cookie as data. You
    |>>can even read that code back and execute it, or retransmit that code to
    |>>the browser and have it executed on the user end assuming the user
    |>>allows it.
    |>>
    |>>Executing it outside those guidelines would be another matter.
    zadoc, May 2, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. boris
    Replies:
    16
    Views:
    752
    Andrew Clover
    Oct 18, 2004
  2. Joe

    Suspicious script

    Joe, Sep 9, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    570
  3. wgreene
    Replies:
    5
    Views:
    600
    Plato
    Jul 31, 2004
  4. John Black

    suspicious application in task manager?

    John Black, Jun 29, 2005, in forum: Computer Security
    Replies:
    3
    Views:
    525
    Winged
    Jul 1, 2005
  5. JoAnna
    Replies:
    15
    Views:
    4,175
    tandersten
    Mar 10, 2009
Loading...

Share This Page