I noticed a sudden change in my Google toolbar a few minutes ago. What was v. 1.1.70 in the one wndow has become v. 2.0.95 in a second one. Not a flicker from the firewall for this stealth update.

The new version changes configuration by adding a new Options button. This launches a dialog listing all the toobar.google.com setting options, plus claims most features from the old Google button, like the clear history.

It does retain the options you selected at the web site, but adds a new Popup Stopper feature, a Form Autofill feature (left blank by default), and a Fix PageRank by Proxies (that's the trackare component if you enable it). It also has a drop list of all Google search sites so you can choose whichever you prefer (local or the universal .com).

This is a neat layout, but the concern has to be the automated stealth by which this update occured. :(

That happened to mine too. I was running the beta version and now have the full released version and never saw a firewall alert using LookNStop.

How and why?

I don't know this toolbar (don't use IE), but is it installed locally or is it fetched form the internet every time that you connect?
In the latter case it's normal that there's no alert. The web application changes, that's all.

Hi,

It's installed locally.

I was under the impression that it was an ActiveX install, but I could be wrong. Check your Downloaded Program Files folder.

Regards,

Pieter

Yep you're right it is ActiveX. Too long with too little sleep.

Does that mean (ActiveX security is something I need to brush up on) that it can "call home" at any time without going through the firewall? I know that it sends page tracking information to Google (I want it to) without firewall alerts.

Thanks.

Here is a good start for brushing up: http://outpostfirewall.com/guide/faq/activex.htm
I'm sure our firewall experts can tell you more.

Regards,

Pieter

-{ Quote: " quoting: meneer link=board=18;threadid=12730;start=0#msg81710 date=1061539741]
I don't know this toolbar (don't use IE), but is it installed locally or is it fetched form the internet every time that you connect?
In the latter case it's normal that there's no alert. The web application changes, that's all.
" }-

The toolbar is installed locally, and until this time, you had to manually check for updates at the Google web site. This is the first time it has auto'd. There is an ActiveX control goes in the Downloads folder to keep the whole thing together, including storing configuration settings.

Yorkdale,

-{ Quote: "...the concern has to be the automated stealth by which this update occured." }-

This is not acceptable in my view. I for one would ditch it for that reason on the spot.

regards,
paul

We're not the only ones thinking along these lines.
http://www.spywareinfoforum.com/forums/index.php?act=ST&f=15&t=9848&st=0

Regards,

Pieter

It is described that it does. Thought there should be an option to allow auto-updaet or not.
Who knows what's next they would load on our systems?
Fortunately we can check with the autostartviewer and such, but the feeling is uncomfortable.

Well, if we let them know how we all feel about it - maybe they will change it.

So what I did was, I sent an email to this address: mailto:toolbar-support@google.com that included the entire text of Mike Healan's article here: http://www.spywareinfoforum.com/articles/googleupdater/.

I would suggest that everyone else with concerns do the same - how else are they going to know exactly how un-popular this is? Pete

The whole problem is that the Google toolbar is quite useful for people trying to do online business. Besides this feature it's not evil.

Kind of like the Alexa bar which is very useful being seen by Spybot as spyware. Technically it may be spyware but it serves a useful purpose and doesn't really do anything malicious.

Mark

-{ Quote: " quoting: msingle link=board=18;threadid=12730;start=0#msg81793 date=1061569321]
The whole problem is that the Google toolbar is quite useful for people trying to do online business.
Besides this feature it's not evil." }-

That may be so, Mark - but the fact remains something is installed (and a software update is an install) without the consent from the system owner. In principal, that's at the very least unethical - if not evil indeed. There should be at minimum a pop up, asking wether or not the system owner wants the install and has a choice.

regards.

paul

-{ Quote: " quoting: Paul Wilders link=board=18;threadid=12730;start=0#msg81849 date=1061581600]
but the fact remains something is installed (and a software update is an install) without the consent from the system owner. In principal, that's at the very least unethical - if not evil indeed. There should be at minimum a pop up, asking wether or not the system owner wants the install and has a choice.

regards.

paul
" }-

Paul,

If Google makes it known about the autoupdate via their Toolbar Privacy Policy before the user downloads the Initial Toolbar software....IMO
1)Consent....has been given by the user if they choose to install the initial software
2)Google then has been about as ethical as one can be.
3)If user chooses to NOT read Privacy policies that's their choice and should then NOT holler about unethical practices.

Toolbar Privacy Software....http://toolbar.google.com/privacy.html
-{ Quote: "said by Google:
More Information

Periodically, the Google Toolbar contacts our servers to see if you are running the most current version. If necessary, we will automatically provide you with the latest update to the Google Toolbar." }-

Regards,
OzarkMan

'caveat emptor'! 8)

-{ Quote: " quoting: Paul Wilders link=board=18;threadid=12730;start=0#msg81733 date=1061551990]
Yorkdale,

-{ Quote: "...the concern has to be the automated stealth by which this update occured." }-

This is not acceptable in my view. I for one would ditch it for that reason on the spot.

regards,
paul
" }-

Exactly my own thoughts, Paul. That's why I felt it needed a security alert.

-{ Quote: " quoting: OzarkMan link=board=18;threadid=12730;start=0#msg81888 date=1061591013]
Paul,

If Google makes it known about the autoupdate via their Toolbar Privacy Policy before the user downloads the Initial Toolbar software....IMO
1)Consent....has been given by the user if they choose to install the initial software
2)Google then has been about as ethical as one can be.
3)If user chooses to NOT read Privacy policies that's their choice and should then NOT holler about unethical practices.

Toolbar Privacy Software....http://toolbar.google.com/privacy.html
-{ Quote: "said by Google:
More Information

Periodically, the Google Toolbar contacts our servers to see if you are running the most current version. If necessary, we will automatically provide you with the latest update to the Google Toolbar." }-

Regards,
OzarkMan
" }-

I disagree. There was no autoupdate for many of us who installed the original software. Since that was introduced later on, it constitutes a considerable change in the relationship between the user and the supplier. To me it is such a major shift in policy they had a duty to include an "on first run" notice with the version which first had autoupdate, advising of this significant change.

As I see it, these are UPDATES of an existing version, and not full replacement upgrades. As such, the original contractual relationship is in force, and any substantial variance needs the real consent of both parties. This could have been achieved by the method I described, using a dialog notification with a 'Continue To Install' click signifying consent.

-{ Quote: "There was no autoupdate for many of us who installed the original software. Since that was introduced later on" }-Hmmm....how then did the update that allows the autoupdater get installed ?

While I agree with SOME of what you say....I dis-agree it was a MAJOR change....but that's what makes the world go round :) As it is with some Companies....they do change their policy from time to time an usually state that on their sites.

"Google may decide to change this Privacy Policy from time to time. "

I have Zone Alarm and it did not detect the update. It is kind of scarry. I have had ZA for years and it is right on target. If Google can do it any software maker can install stuff we are not aware of. :o

-{ Quote: " quoting: Mint Chip link=board=18;threadid=12730;start=15#msg85759 date=1062877950]I have Zone Alarm and it did not detect the update. It is kind of scarry. I have had ZA for years and it is right on target. If Google can do it any software maker can install stuff we are not aware of. :o " }-

Well, yes and no. You installed the Google toolbar and since it runs under your browser, which you gave permission to in your firewall, it simply used that permission to get it's update. (Basically, you preapproved it when you installed it into your browser.)

Hi Chip Mint. Doubt ZA would or should catch it. All a FW does is help you manage permission for your OS to interact (inbound or outbound) the internet. Once you give it permission to connect, you're pretty much on your own aren't you?

Regards, Rick