Who’s Watching WinWhatWhere?

http://www.msnbc.com/news/728256.asp?0dm=C12NT&cp1=1

Trapware, that’s
                   who. And the folks at WinWhatWhere
                   don’t like it one bit.
                          “If someone’s trying to make money
                   trying to ruin my software, I have to take
                   appropriate action,” said Richard Eaton,
                   president of WinWhatWhere.
                          Snooper programs have been around
                   for years, but they’ve received heightened
                   attention since Sept. 11. The software can
                   be secretly installed on any machine —
                   even from afar — and quietly watch every
                   keystroke and mouse motion. Information
                   gleaned by the spy software can then be
                   remotely e-mailed to the real spy.
                          While companies that make the
                   software say they sell to law enforcement
                   agencies and corporations who use it as a
                   management tool, many suspect that much
                   of their revenue comes from suspicious
                   spouses. (Advantage: Spyware.)
                          That’s where Wes Austin comes in.
                   Last year he started selling Who’s
                   Watching Me on Trapware.com. Call it
                   counterintelligence: The program notices if
                   spy software is on any machine, and alerts
                   the user.
He offers free trials, and nearly 45,000
                   users have downloaded Who’s Watching
                   Me. He’s gotten plenty of e-mails (most
                   from angry spouses) with thanks for the
                   warning about the spy software that had
                   been secretly installed. (Advantage:
                   Anti-spyware)
                          But Austin recently ran tests on the
                   newest version of WinWhatWhere, released
                   last month. And he noticed something
                   funny: It broke his program.
                          “I discovered that their process was
                   opening up one of our files,” he said. And
                   he provided evidence to MSNBC.
                   Essentially, WinWhatWhere inserts some
                   stray characters into a file that’s critical to
                   Who’s Watching Me, disabling the anti-spy
                   program. (Advantage: Spyware)
                          Eaton didn’t confirm that exact
                   methodology, but he did admit his software
                   does what it has to in order to remain a
                   secret. In fact, WinWhatWhere disables five
                   other anti-spy programs, too.

                                            “Every time I
                                     find out about any
                                     of these programs,
                                     I will change our
                                     program to do
                                     whatever is
                                     necessary,” he
                                     said. “My
                                     reasoning behind it
                                     is I’m selling a
                                     security product
                                     that shouldn’t be
                                     detected.”
                                            Steven Haight,
                                     sales manager for
                                     SpectorSoft, was a
                                     bit more subtle in
                   his description of the situation.
                          “Yes, we can crash anti-spy software,”
                   he said. New advanced security features in
                   Spector Professional 3.0, released two
                   months ago, do the trick. But it’s not
                   intentional, he said.
                          “We’re not out there buying anti-spy
                   software and figuring out how to make
                   them crash. It’s nothing personal against
                   them,” Haight said. “It’s just the way the
                   security of our software works. It won’t
                   allow (anti-spy) software to run.”
                          Foul, cries Austin, who thinks his
                   software is a privacy advocate’s best friend.
                   SpectorSoft says its software is for
                   monitoring, not spying, and tells purchasers
                   to always advise computer users they are
                   being monitored.
“All we’re doing now is telling people
                   there is a monitoring program,” Austin
                   says. “So why break Who’s Watching Me
                   unless you are using the product illegally,
                   trying to hide something. ... They know
                   what people are using it for.”
                          Haight said he wasn’t familiar enough
                   with Who’s Watching Me to answer
                   specific questions about the program.
                          But Austin is hard at work
                   familiarizing himself with his competitors’
                   code, and he is studying
                   counter-countermeasure tactics.
“We’re trying to decide how to handle
                   it. We could get into code war where we
                   change our stuff then they change theirs,”
                   he said. He then offered a bit of a
                   programming swipe at his competitors. “It
                   would have been best if they had just taken
                   engineering challenge and designed
                   something that couldn’t be detected. but
                   instead they just decided to break our
                   program. That’s kind of lame.”

(Pete Note: They go out of their way here to make it hard to copy-and-paste their stuff  - that's about the best I could do with it. Couple of good screenshots in the article itself, I just put it here so that you wouldn't have to go there to read it).

 

Re: Who’s Watching WinWhatWhere?

lol by pasing web pg security  no copy or save files from web pages is my speachialty lol =)

oh what the lol
(Pete Note: They go out of their way here to make it hard to copy-and-paste their stuff  - that's about the best I could do with it. Couple of good screenshots in the article itself, I just put it here so that you wouldn't have to go there to read it).

thats strange i can copy and paste everything lol and there pictures i didnt even have to do my owen little bypass look.

http://www.msnbc.com/news/1426265.jpg
“All we’re doing now is telling people there is a monitoring program,” Austin says. “So why break Who’s Watching Me unless you are using the product illegally, trying to hide something. ... They know what people are using it for.”
      Haight said he wasn’t familiar enough with Who’s Watching Me to answer specific questions about the program.
      But Austin is hard at work familiarizing himself with his competitors’ code, and he is studying counter-countermeasure tactics.      
http://www.msnbc.com/news/1426263.jpg

      “We’re trying to decide how to handle it. We could get into code war where we change our stuff then they change theirs,” he said. He then offered a bit of a programming swipe at his competitors. “It would have been best if they had just taken engineering challenge and designed something that couldn’t be detected. but instead they just decided to break our program. That’s kind of lame.”

 

Re: Who’s Watching WinWhatWhere?

what the lol how did they do that lol

http://www.msnbc.com/news/1426265.jpg
All were doing now is telling people there is a monitoring program Austin says. So why break Who Watching Me unless you are using the product illegally, trying to hide something. ... They know what people are using it for.
      Haight said he wasnt familiar enough with Whos Watching Me to answer specific questions about the program.
      But Austin is hard at work familiarizing himself with his competitors code, and he is studying counter-countermeasure tactics.       
http://www.msnbc.com/news/1426263.jpg

re trying to decide how to handle it. We could get into code war where we change our stuff then they change theirs,he said. He then offered a bit of a programming swipe at his competitors.It would have been best if they had just taken engineering challenge and designed something that couldnt be detected. but instead they just decided to break our program. Thats kind of lame.

 

Re: Who’s Watching WinWhatWhere?

that was kinda a cuite attempt to stop the master of copy and paste Blaze i saw and i over came lol=)

 

Good stuff. This ran on MSNBC all day yesterday. Someone called me and did the old "Quick! turn to MSNBC!" thing after hearing the teaser before a commercial. After the commercial, I saw the report. I was going to mention it on the forum here yesterday but was kind of afraid it would turn into a thread on that old debate about employer/employee rights. But really, it's about SO MUCH MORE than that. As Bob Sullivan said on MSNBC, if the truth be known , most of these programs are being used clandestinely by spouses, boyfriends/girlfriends, roommates, friends, neighbors, etc. That kind of invasion of our personal space is more important to stop than anything as far as I am concerned.

This will be fascinating to watch, because basically what Austin discovered at WWM is that it doesn't matter what techniques are being used to detect the programs, when some of these larger spyware companies have the time, money and desire, to turn around and detect the anti-spyware programs and alter them. That's where I wish WWM/AKL/SpyCop could somehow get together and figure out some way to stop them cold. Anybody have any from-the-gut ideas?

This is one of those things (it seems like) if a companies with the $$$ of Win WhatWhere and Spector can afford to buy the anti-spyware tools with each release, go in and find just one piece of code to cripple it, and then the anti's have to respond each time, which they respond to; where does it end? Probably the courtroom.  The real story here is the full blown assault on one company by another. What each piece of software is actually used for is really secondary.


The story on the network yesterday visually made it clear how scary some of these products are becoming. It's not just keylogging and screen shots anymore. They are full blown pieces of spy software that go WAY beyond "monitoring" (as they like to market their products).


It was interesting to see the way the piece was edited for the story on MSNBC.com. One thing it doesn't get across in the printed word is the indignation on the part of Austin that companies are setting out to cripple software, period. The why and all of that doesn't matter.  If I run a legal product that I purchase (or evaluate) on my computer in my den, a program that somebody else and without my knowledge places on my PC should not be altering the files of my software, whatever the purpose. To me, that's an outrage of immense proportions.

Thanks for posting this Pete. It brings up a lot of legal, moral and ethical questions that are going to be tough.

And a BIG thanks to Wes Austin and TrapWare for coming forward and blowing the whistle on how far these spyware companies will go to accomplish their skullduggery.

John

 

Hey Blaze! Good job! Pete's a busy guy and I'm sure he will appreciate your taking the time to link the screenshots to the site.
You're a good guy!!

John

 

Good morning, everyone!

The article certainly does raise a lot of very interesting questions!

Should WWW be allowed to continue hacking other software manufacturers programs - just so that theirs will work as advertised?

I sincerely hope that WWW gets taken to court - quickly - over this one.

If they don't, it seems to me that we run the risk of having even more software developers going after each others' products - the chaos resulting from that would hurt everyone. Pete

 

IMO this activity is illegal under the new PATRIOT ACT, and WWW stands about a snowball's chance in Hell of successfully defending a lawsuit. However, the Feds might get involved because they certainly don't want their keyloggers detected.

 

Why is it that a company like the one that produces WWW can go out and ACTIVELY CRIPPLE (HACK!) other programs you might have on your computer and there's nary a whimper?

In case it hasn't occurred to anyone yet, this issue could have much more far-reaching and serious consequences for the average user (especially the HOME user who's trying to determine whether he's being keylogged without his knowledge or not) - try constantly having to update whatever program you're using to detect with - for instance, here's Mr. Hacker in court before the judge caught with his drawers down while CHANGING THE CONTENTS OF SOMEONE'S COMPUTER WITHOUT THEIR KNOWLEDGE OR CONSENT.

Here's his defense: "Why, your honor, I thought it was perfectly legal since WWW does it all the time to five different programs - what's the difference?"

And he'd be RIGHT - there IS no difference! WWW is hacking your computer just as surely as a hacker trying to get past an AV/AT/firewall program.

And if WWW is allowed to get by with this, what's to stop all the other software manufacturers from going after each others' products when the programs are at cross-purposes? Pete

 

Beware of loading Linux programs on a Windows machine...

 

First, Checkout - I'm lost, did you mean to post that in this thread? If so, enlighten us!!!!
------------
Pete has hit the target right in the bullseye!

I am very surprised there is so little outrage. Maybe it will take time to circulate as this is a recent development. TechTV did have a piece on it today I was told, so word will spread.

I'm surprised at so little reaction in this forum. This has much broader consequences than some other things we have talked about recently concerning software that does more than some users bargained for. As Pete said, this is nothing short of a major HACKING ISSUE! Except in this case, the hacker is a legitimate corporation chartered by the people in the State of Washington!

As far as reaction in this forum, maybe the thread title hasn't attracted interest or something. It needs to be posted under "Hacking Outrage" or something so that it will attract attention. Is there a way to do that Pete without it being considered a crosspost?

One thing all of us can do is let the company know how we feel:

WinWhatWhere Corporation
925 W Kennewick Ave
Kennewick WA 99336
509 585 9293  
888 239 5396
fax 509 585 9294
w3@winwhatwhere.com

John

 

Re: Who’s Watching WinWhatWhere?

John, yes.  All I meant (humorously) was a scenario where M$ and Linux slug it out by disabling or invading each other's code.  Maybe it wasn't humorous enough.

We're all just observers in a situation where the rules aren't clear.  I take a philosophical view that whatever can be done in software cannot be stopped or legislated against.  I take the same view in science about cloning and stem cells and the like.  I'm sick and tired of moralists, pro-lifers and religious zealots(1) saying that such-and-such shouldn't be allowed, etcetera, etcetera, ad nauseum, for entirely non-scientific reasons.  It's censorship, pure and simple, and I'm dead set against it.  In the same vein, you can't stop programmers using their imaginations, and any such barriers are artificial.  If the processor supports it, let it.

What comes out of code wars is competition, and thereby better products.  Look what the space race gave us, after all.  Look at the technical achievements derived from Reagan's Star Wars, even if the project itself ultimately failed.

I offer this thought:  why the hell bother stifling commercial companies with laws when legislation is totally, absolutely, completely and utterly pointless and useless when it comes to hackers and crackers?

In the meantime, we will continue our self-appointed jobs as watchers and analyzers, alerting each other and the public to the dangers, whenever and wherever they appear.

Business as usual, in fact.  It's all kind of evolutionary.  Especially in a society where Justice goes to those with the biggest purses and doesn't give a blind **** to fairness.  Let business use the courts as commercial tools - 'cause they will anyway.

(1) I have strong views.  They are my own views only and others are entitled to theirs.  In case anyone is confused, there is no humorous content in this post whatsoever.

 

Believe it or not, it is 2:25 a.m. and I am still up and just got through having a long conversation with a friend of mine who called me about this. Checkout, I get the joke now, I'm sorry, I'm a little slow today.

Checkout, give this one some thought. I agree with much of what you said about those who would impose values on those who don't agree. I have to disagree, strongly, that there is a valid analogy here. I don't see this software hacking issue in the same vein at all. Let's just change industries a minute and see if you agree that imagination should never be stopped on legal grounds and to do so would create an "artificial barrier."

Suppose Wal-Mart or some other big discount chain went in to a new neighborhood, but didn't like the competition down the street. So Wal-Mart technicians break-in in the middle of the night at Brand X down the road and hotwire the light switches so that when they are turned on in the morning by Brand X employees, the whole place suffers an electrical short and the place is left in a blacked-out state, with wiring that is totally crippled and will need to be replaced. By so doing, Wal-Mart has effectively "broke into" Brand X, (using their "imaginations") and simply came up with a brilliant new way of eliminating the competition for a week or two. Now, using your logic, Wal-Mart has done nothing wrong! It's just good old-fashioned competition!

I am anticiapting the defense of your logic by inserting your quote here. You believe the "rules aren't clear." They're not? This would be a crime anywhere! If you truly take a philosophical view that anything goes in competition among software makers, than why not be consistent and say anything goes with retail competition? Or anything else? What you are really proposing, (and I don't mean to be harsh or anything, just arguing my point that surely you don't really believe this), is some sort of digital anarchy. I go to put a Barbie software game by Mattel on my daughter's computer and Disney is just using their "imagineers" if we install a Mickey Mouse game that turns out to disable Mattel games; or makes Barbie do or say things she doesn't really do or say? This is where Pete was so right. There is no end to the scenarios for chaos that would hurt all of us.

I hope you'll think twice about this. It's a different issue all together than just a "code war" or one-upping a competitor with something better. This is about criminal acts, and the destruction of one legal product by another, by covert and clandestine activity that rivals the ethics of the boys from Enron. Should we let them get away with their nine hundred phony shell companies and their fooling stockholders and pocketing millions in cash? Is that just being imaginative in business? Or - is it criminal? Some things are just wrong whether it be in the energy business, the software business, the retail business, pick your industry. Software makers shouldn't be given a free ride to break-in, cripple competing products, and ride off with the cash as "winners" in a "code war" amidst an air of anarchy claiming the "rules aren't clear."

I hope you'll truly reconsider Checkout. This is not just about immoral, unethical and illegal business practices. This is also about something that I know you are concerned about, and that's a blatant invasion of an individuals space and privacy.

I'm off to bed for a short night.

John  

 

Re: Who’s Watching WinWhatWhere?

John, I'm defintely not saying anarchy should rule and that we should have no laws.  I do not believe your analogy is in context with prgramming or research, which is where I was focused in my post.

There are viruses which hunt and kill AV software.  AV software actively tries to prevent this.  Anti-keyloggers report and delete "legitimate" commercial keyloggers.  Anti-spyware detects and deletes "legitimate" spyware (as well as illegitimate, or ****ard spyware).

For commercial keyloggers to to disable commercial anti-keyloggers is no different, and in fact can't serve the purpose for which they were purchased otherwise.

You've taken the argument outside the bounds for which it was intended, John.  But I won't break into your house and wake you up to tell you that!

Sleep well.  Oh, and here's a smiley just to show that I'm calm...peaceful...Omm...Omm....

[hr]
Small edit:  I don't believe there should be any intellectual boundaries.

 

Hark! What's this?

"In the latest chapter of Spyware vs. Anti-spyware, the maker of snooping program WinWhatWhere backed away from evasive programming tactics Wednesday. Richard Eaton, president of WinWhatWhere Corp., said his software would no longer insert stray code into Anti-spyware program Who’s Watching Me to break the program. The announcement comes after MSNBC.com revealed WinWhatWhere and competitor SpectorSoft Corp. both intentionally break the anti-Spyware program."

http://www.msnbc.com/news/730650.asp?cp1=1

 

Re: Who’s Watching WinWhatWhere?

They both realised that they love each other, and that hatred is a bad, bad thing.  Aren't ethics - and the horrendous cost of litigation - wonderful things?

 

Re: Who’s Watching WinWhatWhere?

err.. something like that  

(now u guys know someone else was reading this thread too, just didn't really have much to say!)

 

Checkout,  I really know how you feel about this kind of thing. I realized that when I posted. But, those analogies, again, are wrong. AT/AV's are detecting things invading YOUR space without YOUR approval. To reverse that, you have things that you have NOT given approval that is wrecking havoc (silently) on YOUR computer. That's the difference.

Pete, I hadn't heard that! That's VERY good news. I think it is pretty obvious the company attorney got involved with a "WHAT ARE YOU DOING?"

I will say this as a final thought to Checkout - IMHO we tread very, very, dangerous waters when we start singling out certain industries that are not expected to follow the laws, all in the name of intellectual advancement and progress. If that is what we should do, then I will side with the luddites while we still have at least some civilized pockets of sensibilities on our one and only planet.

Checkout, I'm off to Yoga class. <jk>
Keep up your ommmm's because everything will be all right. I promise. DEEP breath, John. DEEP breath Checkout.

"The muddy waters of our day make even me long for the clear streams of yesteryear." --  Bertrand Russell

See 'ya,

John

 

Re: Who’s Watching WinWhatWhere?

i algree makeing software like that is evill and just downt not right.

we all were born with some ethical understanding from right and wrong and they know better my god.

if you going to spy on some one do it on your owen companys that are legit shouldnt do such things.

the way those guys do things like that i might as will higher me a hacker and pay them to disable peoples privacy software and have him break into peoples computers.

isnt this what this company is perty much doing?

 

Very perceptive, Blaze. That's exactly what they're doing (or were doing if you can believe what they're saying now). They were just doing it in a high-tech ambush. But you're right, it's no different than hiring a hacker to go in and disable an individual's legally purchased software.

John

 

Re: Who’s Watching WinWhatWhere?

i say we slam them anyway privacy software shouldnt go hand and hand with there  evill software.

There software is used to basic;y do illegal intrustion stuff right so i say privacy software take a stand and take out that mofo.

NOW YOU ALL MIGHT THINK IM ALL  A BIT TO QUICK ON THE GUNS BUT  LOOK AT THIS WAY.

You buy privacy software like tds and zone alarn and Nod and other privacy software and you find out none of it works cause its been disabled.

cause some one wantsto spy on you can some one pleas explaine the mentality of these people to me.

How can any one justifie that and say it ok .

 

Blaze: As usual, I think your simple and to the point analysis is right. It makes no sense at all. As far as the mentality of the people doing this. I think it's an attempt to stay a step-ahead and make more $$$ using tactics that just won't wash.

John

 

Re: Who’s Watching WinWhatWhere?

I like this place.  Arguments and counter-arguments don't lead to flames.  What a relief!  

 

Re: Who’s Watching WinWhatWhere?

I agree with you too Blaze, but I think if those guys had gone through with their "tactics" it would likely cause an "escalating hostility" issue and the people overall would be on the side of the security/privacy folks... In other words I think there would be decent movement to make WinWhatWhere a useless program to buy... Don't you think if they started disabling privacy proggies that there would be a FREE WinWhatWhere detection/removal tool circulating pretty fast??


oh, btw..

(enter pointless, poorly spelled, elementary-level flame directed at Checkout here)

 

Re: Who’s Watching WinWhatWhere?

Perhaps this would be a good time to take a holiday...