- This topic is empty.
-
AuthorPosts
-
June 7, 2004 at 4:55 pm #585547AnonymousInactive
Here is another scumware update by the lawyer Bejamin Edelman:
Greetings. Time for this week’s update on my spyware projects —
1) WhenU v Utah Case Documents. Oral argument is scheduled for this Thursday and Friday in Salt Lake City, in the matter of WhenU.com v. The State of Utah, WhenU’s challenge to Utah’s Spyware Control Act. I’ve prepared an expert declaration that, beyond the usual spyware overview, discusses exactly how WhenU can comply with the Act. I’ve also posted all the other relevant case documents, including WhenU’s complaint, Utah’s
response, and affidavits by all the witnesses and experts.WhenU.com, Inc., v. The State of Utah – Case Documents
<http://www.benedelman.org/spyware/whenu-utah>2) WhenU Security Flaw. WhenU uses an auto-updater to keep its users running the latest version of its software. But the auto-updater in some WhenU software has a serious security flaw that allows attackers to take over full control of users’ PCs. Vulnerable software was still available on WhenU’s own web site through mid-May of this year — mere weeks ago! — when I alerted WhenU to the problem. Details:
WhenU Security Hole Allows Execution of Arbitrary Software
<http://www.benedelman.org/spyware/whenu-security>3) WhenU Privacy Policy Violation. Just when users are asked to press the “accept” button to allow an installation, WhenU’s software promises that “Save! doesn’t collect or send your browsing activity anywhere.” This promise is demonstrably false. WhenU has known about this problem since I first mentioned it in an expert report in summer 2003, but WhenU still hasn’t corrected its false promises. Untrue statements remain in the installer screens, on WhenU’s web site, on the sites and installers of WhenU partners, and even in “readme” files on users’ disks. See the transmissions for yourself, along with numerous screen-shots and links to WhenU’s false promises:
WhenU Violates Own Privacy Policy
<http://www.benedelman.org/spyware/whenu-privacy>4) Over the years I’ve found some advertisers who seem like they should oppose spyware programs (and sometimes actively do so), but whose products are nonetheless advertised on Claria and WhenU. I’ll be writing about this more in the coming months; look for listings of major and big-name advertisers on both networks. Meanwhile, here are some pointers to existing research. (Note that not all this work is mine.)
Dell’s Spyware Puzzle
<http://www.benedelman.org/news/060404-1.html>Gator Advertisers (partial) (May 2003)
<http://cyber.harvard.edu/people/edelman/ads/gator/gator-customers.html>PC Pitstop Listing of Major Claria Advertisers (from on Claria S1 filing)
<http://www.pcpitstop.com/gator/advertisers.asp>PC Pitstop on the Yahoo-Claria Link
<http://www.pcpitstop.com/gator/yahoo.asp>Eric Howes’ Analysis of Yahoo Toolbar Spyware Remover
<http://www.dslreports.com/forum/remark,10399574~mode=flat>More to come. Keep in touch.
Benjamin Edelman
http://www.benedelman.org -
AuthorPosts