| Home |
| Search |
| Today's Posts |
|
#11
September 4th 03, 07:16 PM
|
|||
|
|||
On Thu, 04 Sep 2003 12:28:35 -0400, kh2d wrote:
On Wed, 03 Sep 2003 23:58:24 GMT, (Phil) wrote: It listed this as a browser hijacker in the TrustedQSL portion of the LOTW beta software I had installed earlier. Is the ARRL loading our computers with spyware now? Probably not. The ARRL is loading your computer with software that is designed to communicate with other software via the internet. No, that's not how it works. The TrustedQSL software simply prepares files to be sent to LoTW. The sending is done by the user with an email program or a Web browser file-upload. The TrustedQSL software has no ability to communicate via the network at all. Then again, maybe you should verify your checking account balance, maybe LOTW is making automatic contributions to the ARRL's BPL account in the middle of the night :-) Any software that's on your computer that is allowed to play the ET PHONE HOME game has the potential of being "spyware". The fact that your ARRL logbook software has the function of contacting the ARRL's computer is probably why it got tagged. I don't know what caused the false positive. My guess -- and it's only a guess -- is that libexpat.dll was also used in a product that *is* spyware. Since libexpat.dll is freely available, that wouldn't be too surprising. The clean it up software you installed is probably just looking for anything that makes certain system calls, i.e., does things that have the potential to be "bad". I can't imagine what system calls a text-parsing library might do that anyone would consider potentially "bad." Just because it got tagged doesn't mean it's doing anything bad. It just means it has the potential to do things bad. If it is doing anything bad, it wouldn't be the first time that "trusted" software got caught. It's also worth noting that the spyware-detection software in question has a "whitelist" capability so the user can tell it to skip a particular file or files. Clearly, TrustedQSL isn't the only false positive they detect! Anytime you load any application that's capable of communicating over the internet with other machines, you should be very sure it's NICE software. Trouble is, that's very hard to be sure of unless you sit and monitor packets going in and out of your box........ And then there's the bigger problem. Not only do you need to trust the ARRL not to intentionally do anything bad, you need to trust that their programmer is smart enuff so that he didn't build in some more security holes on your box so that somebody else who is bad can use your ARRL software to do bad things. True but moot since the TrustedQSL software is completely network unaware. Personally, I would never install any (especially FREE) software that claims to be a trojan finder - who knows more about how to make a good trojan than the guys who write software to find them. Other than Bill Gates that is....... I think your best protection is a firewall. One that requires you to give specific permission to each program that requires internet access. That way NOBODY can phone home unless you let them. That, plus using a mail client not known to be a virus magnet. (There was an article in the local paper just today stating that and listing alternative mail clients such as Eudora and Pegasus.) Or the ultimate protection scheme. Eventually, we are going to all need to have at least two computers. One named GARBAGE, which we hook to the internet, and another with the mission critical important stuff on it which is NOT hooked to the internet. I leave my Linux box hooked to the 'Net all the time, with both an external firewall and its internal one configured to expose only what needs to be exposed. And my mail client just does text unless I explicitly ask it to open something. And I do regular security updates of the system. So far, so good. Jon, KE3Z |
Linear Mode
