Who’s Watching WinWhatWhere?

Discussion in 'privacy technology' started by spy1, Mar 26, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    http://www.msnbc.com/news/728256.asp?0dm=C12NT&cp1=1

    Trapware, that’s
                       who. And the folks at WinWhatWhere
                       don’t like it one bit.
                              “If someone’s trying to make money
                       trying to ruin my software, I have to take
                       appropriate action,” said Richard Eaton,
                       president of WinWhatWhere.
                              Snooper programs have been around
                       for years, but they’ve received heightened
                       attention since Sept. 11. The software can
                       be secretly installed on any machine —
                       even from afar — and quietly watch every
                       keystroke and mouse motion. Information
                       gleaned by the spy software can then be
                       remotely e-mailed to the real spy.
                              While companies that make the
                       software say they sell to law enforcement
                       agencies and corporations who use it as a
                       management tool, many suspect that much
                       of their revenue comes from suspicious
                       spouses. (Advantage: Spyware.)
                              That’s where Wes Austin comes in.
                       Last year he started selling Who’s
                       Watching Me on Trapware.com. Call it
                       counterintelligence: The program notices if
                       spy software is on any machine, and alerts
                       the user.
    He offers free trials, and nearly 45,000
                       users have downloaded Who’s Watching
                       Me. He’s gotten plenty of e-mails (most
                       from angry spouses) with thanks for the
                       warning about the spy software that had
                       been secretly installed. (Advantage:
                       Anti-spyware)
                              But Austin recently ran tests on the
                       newest version of WinWhatWhere, released
                       last month. And he noticed something
                       funny: It broke his program.
                              “I discovered that their process was
                       opening up one of our files,” he said. And
                       he provided evidence to MSNBC.
                       Essentially, WinWhatWhere inserts some
                       stray characters into a file that’s critical to
                       Who’s Watching Me, disabling the anti-spy
                       program. (Advantage: Spyware)
                              Eaton didn’t confirm that exact
                       methodology, but he did admit his software
                       does what it has to in order to remain a
                       secret. In fact, WinWhatWhere disables five
                       other anti-spy programs, too.

                                                “Every time I
                                         find out about any
                                         of these programs,
                                         I will change our
                                         program to do
                                         whatever is
                                         necessary,” he
                                         said. “My
                                         reasoning behind it
                                         is I’m selling a
                                         security product
                                         that shouldn’t be
                                         detected.”
                                                Steven Haight,
                                         sales manager for
                                         SpectorSoft, was a
                                         bit more subtle in
                       his description of the situation.
                              “Yes, we can crash anti-spy software,”
                       he said. New advanced security features in
                       Spector Professional 3.0, released two
                       months ago, do the trick. But it’s not
                       intentional, he said.
                              “We’re not out there buying anti-spy
                       software and figuring out how to make
                       them crash. It’s nothing personal against
                       them,” Haight said. “It’s just the way the
                       security of our software works. It won’t
                       allow (anti-spy) software to run.”
                              Foul, cries Austin, who thinks his
                       software is a privacy advocate’s best friend.
                       SpectorSoft says its software is for
                       monitoring, not spying, and tells purchasers
                       to always advise computer users they are
                       being monitored.
    “All we’re doing now is telling people
                       there is a monitoring program,” Austin
                       says. “So why break Who’s Watching Me
                       unless you are using the product illegally,
                       trying to hide something. ... They know
                       what people are using it for.”
                              Haight said he wasn’t familiar enough
                       with Who’s Watching Me to answer
                       specific questions about the program.
                              But Austin is hard at work
                       familiarizing himself with his competitors’
                       code, and he is studying
                       counter-countermeasure tactics.
    “We’re trying to decide how to handle
                       it. We could get into code war where we
                       change our stuff then they change theirs,”
                       he said. He then offered a bit of a
                       programming swipe at his competitors. “It
                       would have been best if they had just taken
                       engineering challenge and designed
                       something that couldn’t be detected. but
                       instead they just decided to break our
                       program. That’s kind of lame.”

    (Pete Note: They go out of their way here to make it hard to copy-and-paste their stuff  - that's about the best I could do with it. Couple of good screenshots in the article itself, I just put it here so that you wouldn't have to go there to read it).
     
  2. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: Who’s Watching WinWhatWhere?

    lol by pasing web pg security  no copy or save files from web pages is my speachialty lol =)

    oh what the lol
    (Pete Note: They go out of their way here to make it hard to copy-and-paste their stuff  - that's about the best I could do with it. Couple of good screenshots in the article itself, I just put it here so that you wouldn't have to go there to read it).

    thats strange i can copy and paste everything lol and there pictures i didnt even have to do my owen little bypass look.

    http://www.msnbc.com/news/1426265.jpg
    “All we’re doing now is telling people there is a monitoring program,” Austin says. “So why break Who’s Watching Me unless you are using the product illegally, trying to hide something. ... They know what people are using it for.”
          Haight said he wasn’t familiar enough with Who’s Watching Me to answer specific questions about the program.
          But Austin is hard at work familiarizing himself with his competitors’ code, and he is studying counter-countermeasure tactics.      
    http://www.msnbc.com/news/1426263.jpg

          “We’re trying to decide how to handle it. We could get into code war where we change our stuff then they change theirs,” he said. He then offered a bit of a programming swipe at his competitors. “It would have been best if they had just taken engineering challenge and designed something that couldn’t be detected. but instead they just decided to break our program. That’s kind of lame.”
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: Who’s Watching WinWhatWhere?

    what the lol how did they do that lol

    http://www.msnbc.com/news/1426265.jpg
    All were doing now is telling people there is a monitoring program Austin says. So why break Who Watching Me unless you are using the product illegally, trying to hide something. ... They know what people are using it for.
          Haight said he wasnt familiar enough with Whos Watching Me to answer specific questions about the program.
          But Austin is hard at work familiarizing himself with his competitors code, and he is studying counter-countermeasure tactics.       
    http://www.msnbc.com/news/1426263.jpg

    re trying to decide how to handle it. We could get into code war where we change our stuff then they change theirs,he said. He then offered a bit of a programming swipe at his competitors.It would have been best if they had just taken engineering challenge and designed something that couldnt be detected. but instead they just decided to break our program. Thats kind of lame.
     
  4. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: Who’s Watching WinWhatWhere?

    that was kinda a cuite attempt to stop the master of copy and paste Blaze i saw and i over came lol=)
     
  5. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Good stuff. This ran on MSNBC all day yesterday. Someone called me and did the old "Quick! turn to MSNBC!" thing after hearing the teaser before a commercial. After the commercial, I saw the report. I was going to mention it on the forum here yesterday but was kind of afraid it would turn into a thread on that old debate about employer/employee rights. But really, it's about SO MUCH MORE than that. As Bob Sullivan said on MSNBC, if the truth be known , most of these programs are being used clandestinely by spouses, boyfriends/girlfriends, roommates, friends, neighbors, etc. That kind of invasion of our personal space is more important to stop than anything as far as I am concerned.

    This will be fascinating to watch, because basically what Austin discovered at WWM is that it doesn't matter what techniques are being used to detect the programs, when some of these larger spyware companies have the time, money and desire, to turn around and detect the anti-spyware programs and alter them. That's where I wish WWM/AKL/SpyCop could somehow get together and figure out some way to stop them cold. Anybody have any from-the-gut ideas?

    This is one of those things (it seems like) if a companies with the $$$ of Win WhatWhere and Spector can afford to buy the anti-spyware tools with each release, go in and find just one piece of code to cripple it, and then the anti's have to respond each time, which they respond to; where does it end? Probably the courtroom.  The real story here is the full blown assault on one company by another. What each piece of software is actually used for is really secondary.


    The story on the network yesterday visually made it clear how scary some of these products are becoming. It's not just keylogging and screen shots anymore. They are full blown pieces of spy software that go WAY beyond "monitoring" (as they like to market their products).


    It was interesting to see the way the piece was edited for the story on MSNBC.com. One thing it doesn't get across in the printed word is the indignation on the part of Austin that companies are setting out to cripple software, period. The why and all of that doesn't matter.  If I run a legal product that I purchase (or evaluate) on my computer in my den, a program that somebody else and without my knowledge places on my PC should not be altering the files of my software, whatever the purpose. To me, that's an outrage of immense proportions.

    Thanks for posting this Pete. It brings up a lot of legal, moral and ethical questions that are going to be tough.

    And a BIG thanks to Wes Austin and TrapWare for coming forward and blowing the whistle on how far these spyware companies will go to accomplish their skullduggery.

    John
     
  6. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hey Blaze! Good job! Pete's a busy guy and I'm sure he will appreciate your taking the time to link the screenshots to the site.
    You're a good guy!!

    John
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Good morning, everyone!

    The article certainly does raise a lot of very interesting questions!

    Should WWW be allowed to continue hacking other software manufacturers programs - just so that theirs will work as advertised?

    I sincerely hope that WWW gets taken to court - quickly - over this one.

    If they don't, it seems to me that we run the risk of having even more software developers going after each others' products - the chaos resulting from that would hurt everyone. Pete
     
  8. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    IMO this activity is illegal under the new PATRIOT ACT, and WWW stands about a snowball's chance in Hell of successfully defending a lawsuit. However, the Feds might get involved because they certainly don't want their keyloggers detected.
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Why is it that a company like the one that produces WWW can go out and ACTIVELY CRIPPLE (HACK!) other programs you might have on your computer and there's nary a whimper?

    In case it hasn't occurred to anyone yet, this issue could have much more far-reaching and serious consequences for the average user (especially the HOME user who's trying to determine whether he's being keylogged without his knowledge or not) - try constantly having to update whatever program you're using to detect with - for instance, here's Mr. Hacker in court before the judge caught with his drawers down while CHANGING THE CONTENTS OF SOMEONE'S COMPUTER WITHOUT THEIR KNOWLEDGE OR CONSENT.

    Here's his defense: "Why, your honor, I thought it was perfectly legal since WWW does it all the time to five different programs - what's the difference?"

    And he'd be RIGHT - there IS no difference! WWW is hacking your computer just as surely as a hacker trying to get past an AV/AT/firewall program.

    And if WWW is allowed to get by with this, what's to stop all the other software manufacturers from going after each others' products when the programs are at cross-purposes? Pete
     
  10. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Beware of loading Linux programs on a Windows machine...
     
  11. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    First, Checkout - I'm lost, did you mean to post that in this thread? If so, enlighten us!!!!
    ------------
    Pete has hit the target right in the bullseye!

    I am very surprised there is so little outrage. Maybe it will take time to circulate as this is a recent development. TechTV did have a piece on it today I was told, so word will spread.

    I'm surprised at so little reaction in this forum. This has much broader consequences than some other things we have talked about recently concerning software that does more than some users bargained for. As Pete said, this is nothing short of a major HACKING ISSUE! Except in this case, the hacker is a legitimate corporation chartered by the people in the State of Washington!

    As far as reaction in this forum, maybe the thread title hasn't attracted interest or something. It needs to be posted under "Hacking Outrage" or something so that it will attract attention. Is there a way to do that Pete without it being considered a crosspost?

    One thing all of us can do is let the company know how we feel:

    WinWhatWhere Corporation
    925 W Kennewick Ave
    Kennewick WA 99336
    509 585 9293  
    888 239 5396
    fax 509 585 9294
    w3@winwhatwhere.com

    John
     
  12. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Who’s Watching WinWhatWhere?

    John, yes.  All I meant (humorously) was a scenario where M$ and Linux slug it out by disabling or invading each other's code.  Maybe it wasn't humorous enough.
    We're all just observers in a situation where the rules aren't clear.  I take a philosophical view that whatever can be done in software cannot be stopped or legislated against.  I take the same view in science about cloning and stem cells and the like.  I'm sick and tired of moralists, pro-lifers and religious zealots(1) saying that such-and-such shouldn't be allowed, etcetera, etcetera, ad nauseum, for entirely non-scientific reasons.  It's censorship, pure and simple, and I'm dead set against it.  In the same vein, you can't stop programmers using their imaginations, and any such barriers are artificial.  If the processor supports it, let it.

    What comes out of code wars is competition, and thereby better products.  Look what the space race gave us, after all.  Look at the technical achievements derived from Reagan's Star Wars, even if the project itself ultimately failed.

    I offer this thought:  why the hell bother stifling commercial companies with laws when legislation is totally, absolutely, completely and utterly pointless and useless when it comes to hackers and crackers?

    In the meantime, we will continue our self-appointed jobs as watchers and analyzers, alerting each other and the public to the dangers, whenever and wherever they appear.

    Business as usual, in fact.  It's all kind of evolutionary.  Especially in a society where Justice goes to those with the biggest purses and doesn't give a blind **** to fairness.  Let business use the courts as commercial tools - 'cause they will anyway.

    (1) I have strong views.  They are my own views only and others are entitled to theirs.  In case anyone is confused, there is no humorous content in this post whatsoever.
     
  13. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Believe it or not, it is 2:25 a.m. and I am still up and just got through having a long conversation with a friend of mine who called me about this. Checkout, I get the joke now, I'm sorry, I'm a little slow today.

    Checkout, give this one some thought. I agree with much of what you said about those who would impose values on those who don't agree. I have to disagree, strongly, that there is a valid analogy here. I don't see this software hacking issue in the same vein at all. Let's just change industries a minute and see if you agree that imagination should never be stopped on legal grounds and to do so would create an "artificial barrier."

    Suppose Wal-Mart or some other big discount chain went in to a new neighborhood, but didn't like the competition down the street. So Wal-Mart technicians break-in in the middle of the night at Brand X down the road and hotwire the light switches so that when they are turned on in the morning by Brand X employees, the whole place suffers an electrical short and the place is left in a blacked-out state, with wiring that is totally crippled and will need to be replaced. By so doing, Wal-Mart has effectively "broke into" Brand X, (using their "imaginations") and simply came up with a brilliant new way of eliminating the competition for a week or two. Now, using your logic, Wal-Mart has done nothing wrong! It's just good old-fashioned competition!

    I am anticiapting the defense of your logic by inserting your quote here. You believe the "rules aren't clear." They're not? This would be a crime anywhere! If you truly take a philosophical view that anything goes in competition among software makers, than why not be consistent and say anything goes with retail competition? Or anything else? What you are really proposing, (and I don't mean to be harsh or anything, just arguing my point that surely you don't really believe this), is some sort of digital anarchy. I go to put a Barbie software game by Mattel on my daughter's computer and Disney is just using their "imagineers" if we install a Mickey Mouse game that turns out to disable Mattel games; or makes Barbie do or say things she doesn't really do or say? This is where Pete was so right. There is no end to the scenarios for chaos that would hurt all of us.

    I hope you'll think twice about this. It's a different issue all together than just a "code war" or one-upping a competitor with something better. This is about criminal acts, and the destruction of one legal product by another, by covert and clandestine activity that rivals the ethics of the boys from Enron. Should we let them get away with their nine hundred phony shell companies and their fooling stockholders and pocketing millions in cash? Is that just being imaginative in business? Or - is it criminal? Some things are just wrong whether it be in the energy business, the software business, the retail business, pick your industry. Software makers shouldn't be given a free ride to break-in, cripple competing products, and ride off with the cash as "winners" in a "code war" amidst an air of anarchy claiming the "rules aren't clear."

    I hope you'll truly reconsider Checkout. This is not just about immoral, unethical and illegal business practices. This is also about something that I know you are concerned about, and that's a blatant invasion of an individuals space and privacy.

    I'm off to bed for a short night.

    John  
     
  14. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Who’s Watching WinWhatWhere?

    John, I'm defintely not saying anarchy should rule and that we should have no laws.  I do not believe your analogy is in context with prgramming or research, which is where I was focused in my post.

    There are viruses which hunt and kill AV software.  AV software actively tries to prevent this.  Anti-keyloggers report and delete "legitimate" commercial keyloggers.  Anti-spyware detects and deletes "legitimate" spyware (as well as illegitimate, or ****ard spyware).

    For commercial keyloggers to to disable commercial anti-keyloggers is no different, and in fact can't serve the purpose for which they were purchased otherwise.

    You've taken the argument outside the bounds for which it was intended, John.  But I won't break into your house and wake you up to tell you that!

    Sleep well.  Oh, and here's a smiley :) just to show that I'm calm...peaceful...Omm...Omm....

    [hr]
    Small edit:  I don't believe there should be any intellectual boundaries.
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hark! What's this?

    "In the latest chapter of Spyware vs. Anti-spyware, the maker of snooping program WinWhatWhere backed away from evasive programming tactics Wednesday. Richard Eaton, president of WinWhatWhere Corp., said his software would no longer insert stray code into Anti-spyware program Who’s Watching Me to break the program. The announcement comes after MSNBC.com revealed WinWhatWhere and competitor SpectorSoft Corp. both intentionally break the anti-Spyware program."

    http://www.msnbc.com/news/730650.asp?cp1=1
     
  16. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Who’s Watching WinWhatWhere?

    They both realised that they love each other, and that hatred is a bad, bad thing.  Aren't ethics - and the horrendous cost of litigation - wonderful things?
     
  17. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Re: Who’s Watching WinWhatWhere?

    err.. something like that  :D

    (now u guys know someone else was reading this thread too, just didn't really have much to say!)
     
  18. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Checkout,  I really know how you feel about this kind of thing. I realized that when I posted. But, those analogies, again, are wrong. AT/AV's are detecting things invading YOUR space without YOUR approval. To reverse that, you have things that you have NOT given approval that is wrecking havoc (silently) on YOUR computer. That's the difference.

    Pete, I hadn't heard that! That's VERY good news. I think it is pretty obvious the company attorney got involved with a "WHAT ARE YOU DOINGo_Oo_O?"

    I will say this as a final thought to Checkout - IMHO we tread very, very, dangerous waters when we start singling out certain industries that are not expected to follow the laws, all in the name of intellectual advancement and progress. If that is what we should do, then I will side with the luddites while we still have at least some civilized pockets of sensibilities on our one and only planet.

    Checkout, I'm off to Yoga class. <jk>
    Keep up your ommmm's because everything will be all right. I promise. DEEP breath, John. DEEP breath Checkout.

    "The muddy waters of our day make even me long for the clear streams of yesteryear." --  Bertrand Russell

    See 'ya,

    John
     
  19. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: Who’s Watching WinWhatWhere?

    i algree makeing software like that is evill and just downt not right.

    we all were born with some ethical understanding from right and wrong and they know better my god.

    if you going to spy on some one do it on your owen companys that are legit shouldnt do such things.

    the way those guys do things like that i might as will higher me a hacker and pay them to disable peoples privacy software and have him break into peoples computers.

    isnt this what this company is perty much doing?
     
  20. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Very perceptive, Blaze. That's exactly what they're doing (or were doing if you can believe what they're saying now). They were just doing it in a high-tech ambush. But you're right, it's no different than hiring a hacker to go in and disable an individual's legally purchased software.

    John
     
  21. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: Who’s Watching WinWhatWhere?

    :Di say we slam them anyway privacy software shouldnt go hand and hand with there  evill software.

    There software is used to basic;y do illegal intrustion stuff right so i say privacy software take a stand and take out that mofo.

    NOW YOU ALL MIGHT THINK IM ALL  A BIT TO QUICK ON THE GUNS BUT  LOOK AT THIS WAY.

    You buy privacy software like tds and zone alarn and Nod and other privacy software and you find out none of it works cause its been disabled.

    cause some one wantsto spy on you can some one pleas explaine the mentality of these people to me.

    How can any one justifie that and say it ok .
     
  22. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Blaze: As usual, I think your simple and to the point analysis is right. It makes no sense at all. As far as the mentality of the people doing this. I think it's an attempt to stay a step-ahead and make more $$$ using tactics that just won't wash.

    John
     
  23. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Who’s Watching WinWhatWhere?

    I like this place.  Arguments and counter-arguments don't lead to flames.  What a relief!  :)
     
  24. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Re: Who’s Watching WinWhatWhere?

    I agree with you too Blaze, but I think if those guys had gone through with their "tactics" it would likely cause an "escalating hostility" issue and the people overall would be on the side of the security/privacy folks... In other words I think there would be decent movement to make WinWhatWhere a useless program to buy... Don't you think if they started disabling privacy proggies that there would be a FREE WinWhatWhere detection/removal tool circulating pretty fast??


    oh, btw..

    (enter pointless, poorly spelled, elementary-level flame directed at Checkout here)

    :p :p :p
     
  25. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Who’s Watching WinWhatWhere?

    Perhaps this would be a good time to take a holiday... :)
     
Thread Status:
Not open for further replies.