New Hampshire Real Estate & Consumer Resources
Archive for November, 2005
From lambasting Sony, to praising Google. What’s up with that?
Well, I am hearing rumors from the webmaster and Internet marketing circles that Google is taking aggressive steps to remove web pollution sites from their index. These sites are also known as spam sites and other less-than-flattering names.
I’ve railed against these garbage sites in the past, and it is quite refreshing to see some of these sites getting thrown out with the trash where they belong. There are reports of website operators that were once making tens of thousands of advertising dollars per month dropping down to hundreds of dollars per month practically overnight.
How is this possible? Once Google wises up to a particular web pollution site and throws it out of their index, the thousands (or perhaps even millions) of people who had been searching on Google for topics that these web pollutions sites are designed around are no longer finding links to the web pollution sites. No links in the Google search results means a lot fewer visitors and as a result, a lot less money being generated!
Apparently, some of the webmaster-related forums are buzzing with complaints from webmasters that their spammy, no-content web sites are no longer showing up in the Google search results.
Google is also catching on to sneaky redirect sites. A sneaky redirect site is when someone registers a domain name and then just uses that name to set up a site that has absolutely no content and just redirects visitors to another site. Let’s use a real life example to demonstrate.
Someone registered a domain called www.crochet-pattern-free.com. Now, you might reasonably suspect that this particular site would provide some information having to do with free crochet patterns, and would be of interest to people who enjoy crocheting. Well, in this case you would be mistaken.
As of this writing, attempting to visit www.crochet-pattern-free.com will actually land you on a site called www.loan-money-usa.info.
That happens because the owner of that site has placed a bit of code on the www.crochet-pattern-free.com site or used some other trick that simply transfers you to the www.loan-money-usa.info as soon as you arrive there.
The idea, of course, is to get as many visitors as possible to the loan-related site so the web site owner can make some money from all the advertising on the site.
I don’t know about you, but if I was searching the net for crochet patterns and visited a site called www.crochet-pattern-free.com only to be redirected to a site about loans, I surely wouldn’t stick around long even if I did happened to be looking for a loan!
It’s good news that the search engines are starting to develop techniques to detect and eliminate these sites from their search results. Hopefully, it will go a long way towards cleaning up these web pollution sites that have become so numerous lately.
There’s a very interesting story that has been circulating on the web for the last few days regarding some software that is being installed on people’s computers by a copy-protected music CD from Sony BMG music.
This particular music CD uses copy-protection technology to limit the number of copies that can be made of the CD in an effort to make it more difficult for people to copy the music and distribute it to others.
That in itself is not a bad thing. I believe content producers have every right to protect their content from illegal distribution. I also believe ‘ just as strongly ‘ that the methods used to protect content must be reasonable and not intrusive or harmful to a customer’s personal property.
This, unfortunately, is where Sony crossed the line.
First, I would like to make it known that Sony has always been my manufacturer of choice for consumer electronics. I have owned numerous Sony consumer electronic products through the years and can’t think of a single product I have not been happy with. Currently, I own a Sony VCR, CD player and digital camera and I am very satisfied with all three products.
I can also remember my Dad owning Sony products going back many years, starting with a reel-to-reel tape deck that he purchased when I was a kid. If memory serves, it was a model TC-630 and it gave my Dad many years of good service. As you can see, being a Sony fan runs in my family!
I’m never happy to hear about incidents of bad behavior on the part of companies or organizations I have always held in high regard. As a result, I am quite disappointed to hear this news regarding Sony.
It all started when a gentleman by the name of Mark Russinovich was testing some of his software. You need to understand that Mark is what you might call a computer expert. He’s the kind of guy that is able to dig deeply down into the dark recesses of a computer operating system like Windows XP and actually make sense out of it!
Utilizing his extensive knowledge, he dedicates a lot of his time to creating useful programs that are freely available for download by just about anyone who would like to use them. In other words, he’s one of the good guys (***).
Recently, Mark has been working on a program called RookKitRevealer or RKR for short. It was during his testing of RKR that Mark discovered a little problem that had invaded his computer, courtesy of Sony BMG music.
Before we go any further, you may want to read the article I posted just previous to this one. It will help you understand what a ‘root kit’ actually is.
Using root kit techniques to hide the presence of software that is installed for the purposes of protecting music on a CD is stepping way over the line on Sony’s part.
Also consider the fact that the presence of this software could also make it easier for creators of other malicious software to hide their programs from the computer’s owner by using names for their programs that will automatically be hidden as a result of the root kit-style modifications made simply by using this copy-protected music CD from Sony BMG.
As Mark pointed out, nowhere in the EULA (‘End User License Agreement’) does it reveal their use of this sneaky technique. They are making potentially harmful modifications to customer’s computers and then taking extraordinary lengths to hide these modifications from the customer!
What Sony, or their foolhardy partner who actually created the sneaky technique in question do not seem to realize is that there are people like Mark Russinovich out there who have the ability to uncover their dirty work and shine the harsh light of daylight on it for all to see.
From what I understand, news of this dirty little trick perpetrated by Sony BMG and their partner in crime is circulating on the Internet like wildfire, and it sure isn’t going to do much good for Sony’s image.
I sincerely hope they learn a valuable lesson from this incident and that Sony BMG decides to fire whatever idiot it was that decided that using rotten tricks like this was a good idea.
How they imagined they would get away with this is beyond me. With literally millions of copies of Microsoft Windows in the world and no shortage of people who really understand how these systems work, it was just a matter of time before some clever techie uncovered this.
Sony is surely sporting a well-earned black eye as a result of this incident, and it certainly has taken my opinion of them down a few notches. It’s clearly time for them to do the right thing by apologizing for this, disassociating themselves with the company that actually came up with this scheme, and promising to never use these tactics again.
Apparently Sony has already made a program available to remove these root kit-style modifications from computers that have been infected (yes, I am using that term quite intentionally!). This is a good first step, but I think more needs to be done.
Allowing purchasers of CDs using these root kit techniques to return them for a refund or exchange would also not be a bad idea. I hope Sony has the sense to do the right thing.
If you care to read Mark’s full account of this incident and how he discovered this you can click here. Be warned however, that much of the language is very technical and may be a hard read for those that are not technically inclined.
There’s a new kid on the block, and he’s a particularly tough and nasty bully. He goes by the name Root Kit, and he’s changing the rules of the game where malicious programs are concerned.
In the good old days, computer virus creators would create a new virus and unleash it on the world. It wouldn’t take long for anti-virus companies to get a copy of the new virus, analyze it and then add the required code to their programs in order to recognize the new virus program and eliminate it.
This was how the virus/anti-virus war played itself out for many years. Sure, some virus authors were more creative than others and would use techniques to change the code contained in their virus programs on-the-fly, but the anti-virus companies would usually figure out a way to detect and remove them anyway.
For the most part, the anti-virus companies were able to stay one step ahead of the virus creators.
Recently however, it is becoming more difficult for the good guys to stay ahead of the bad guys, and it’s all because of this nasty bully known as Root Kit.
A ‘root kit’ is a technique that is starting to be put into use by people who create computer viruses or other malicious software such as spyware.
The numerous anti-virus and anti-spyware programs available have been very effective for the most part. These programs have probably saved computer users an unimaginable quantity of time and money by detecting and removing malicious software before it has had a chance to do its dirty work.
In order to detect and remove malicious programs, anti-virus, anti-spyware and other malicious software detection programs must first be able to detect the presence of the malicious programs. This is where the root kit comes into play.
There is certain functionality built into computer operating systems that allow the computer user to monitor the types of programs and files that currently reside on their computer. A good example of this would be the Windows Explorer.
If you have a Windows computer, you can right-click on the ‘Start’ button and then select ‘Explore.’ This will launch the Windows Explorer program and allow you to view the contents of your computer hard drive. This will allow you to see all the files and programs that currently reside on your hard drive.
In a way, using Windows Explorer is kind of like ‘lifting the hood’ on your PC and taking a peek inside. It goes a bit beyond just clicking ‘Start’ and then selecting ‘Programs’ to launch whatever programs you want to use at the moment. Many computer users have probably never used Windows Explorer and may not ever have a reason to do so. But it is there if the need should arise.
Another useful method of checking what your computer is up to is to check the currently running processes. This shows you the programs that are currently running on your PC, many of which are background processes that are always running when your computer is turned on. Most of these background processes are essential to the proper operation of your computer and allow you to do things like connect to the Internet or be notified if you receive a new e-mail message.
To check out the programs currently running on your Windows PC, you can hold down the ‘Ctrl’ and ‘Alt’ keys, and then, while still holding them down, hit the ‘Delete’ key. You should then see a box appear in the middle of your screen with some choices. Click on ‘Task Manager’ and then select ‘Processes’ to see a list of every program that is currently running on your PC.
If you are not a ‘techie’ type person to some degree, the list of processes is probably not going to be very meaningful or informative. But it is a good example of how one might begin their search if they suspected that their computer had become infected with a malicious program, because it shows you everything that is currently going on with the computer and it should be easy for an experienced computer user to identify a program that should not be there.
Here’s how the scenario might play out. In fact, I’ve been through this exercise a few times myself, so I can tell you exactly how I would approach this and how a root kit can stay one step ahead of me.
Let’s say I notice that my computer is running slower than normal one day. I also notice that there appears to be a lot more hard disk activity than I would normally expect. This makes me wonder if there is a malicious program running on my PC that is doing things in the background and causing my PC to slow down.
The first thing I do is run the Task Manager so I can see the list of processes that are running on my computer at the moment. Sure enough, I spot a very suspicious program running in my computer called ‘EvilSpyware.’ No creator of spyware would ever use a name like that, but you get the point.
I then use Task Manager to terminate the program and I notice that the hard drive activity on my PC dies down and the speed of my PC returns to normal.
I then call up Windows Explorer and do a search of my hard drive for any file or program called EvilSpyware. I soon locate the EvilSpyware.exe program in a directory called C:\Evilspyware on my hard drive and delete it.
I then use the registry editor to remove the command from the system registry that starts up the EvilSpyware program every time I turn on my PC. The vast majority of malicious software use this technique to make sure their program is running each and every time the PC is turned on.
You should be aware that this was a pretty simplistic example of how a malicious program might be detected and eliminated from my PC. It is usually never that simple these days, but it does give you an idea how one might use the functionality that is built into Windows to track down a malicious program.
What a root kit does that is different from the usual types of malicious software is that it actually changes the functionality of the Windows operating system itself.
For example, let’s say a malicious program makes its way onto your computer. This, in itself, is bad news. However, this particular malicious program uses root kit techniques to hide itself.
In this hypothetical example, the root kit re-writes part of the code that makes up Windows Explorer. It re-writes it in such a way that Windows Explorer will no longer display the names of any programs that begin with $spy$ that may be residing on your computer’s hard drive.
So, when you bring up Windows Explorer to search for any malicious programs that might be residing on your PC, you will not see any programs whose names begin with $spy$. So guess what the name of the program is that is delivered to your PC as part of this malicious package. You guessed it! A name that starts with $sys$.
This ensures that you will never find this malicious program if you are searching for it with Windows Explorer!
A malicious program using root kit techniques can change pretty much anything it wants to on your PC. It could also easily change the code for the Task Manager program and just as easily prevent it from displaying the names of any running programs that start with $sys$ or any other name the malicious software author chooses.
Root kit techniques can also be used to change the code of anti-virus or anti-spyware programs. A malicious software program could be programmed to seek out any of the well-known anti-virus or anti-spyware programs that may be installed on your PC and change the code in order to hide the malicious program from the anti-virus or anti-spyware program.
As you can see, root kit techniques can be used to make malicious software very difficult to detect. And for most computer users, who are not technically inclined, nearly impossible to detect.
Fortunately, the good guys are out there and they are quite determined to make life as difficult as possible for the creators of malicious software.
New programs and techniques such as RootKitRevealer and BartPE are indeed making things a bit tougher for the creators of malicious software. My hat is off to the good guys who are spending many hours of their time developing tools that make computing safer for all of us. I encourage you to visit their sites, use their tools and support them however you can.