ALERT! Google Toolbar STEALTH Autoupdate!

Discussion in 'other security issues & news' started by yorkdale, Aug 21, 2003.

Thread Status:
Not open for further replies.
  1. yorkdale

    yorkdale Registered Member

    Joined:
    Jun 16, 2002
    Posts:
    38
    Location:
    United Kingdom
    I noticed a sudden change in my Google toolbar a few minutes ago. What was v. 1.1.70 in the one wndow has become v. 2.0.95 in a second one. Not a flicker from the firewall for this stealth update.

    The new version changes configuration by adding a new Options button. This launches a dialog listing all the toobar.google.com setting options, plus claims most features from the old Google button, like the clear history.

    It does retain the options you selected at the web site, but adds a new Popup Stopper feature, a Form Autofill feature (left blank by default), and a Fix PageRank by Proxies (that's the trackare component if you enable it). It also has a drop list of all Google search sites so you can choose whichever you prefer (local or the universal .com).

    This is a neat layout, but the concern has to be the automated stealth by which this update occured. :(
     
  2. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    That happened to mine too. I was running the beta version and now have the full released version and never saw a firewall alert using LookNStop.

    How and why?
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I don't know this toolbar (don't use IE), but is it installed locally or is it fetched form the internet every time that you connect?
    In the latter case it's normal that there's no alert. The web application changes, that's all.
     
  4. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Hi,

    It's installed locally.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    I was under the impression that it was an ActiveX install, but I could be wrong. Check your Downloaded Program Files folder.

    Regards,

    Pieter
     
  6. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Yep you're right it is ActiveX. Too long with too little sleep.

    Does that mean (ActiveX security is something I need to brush up on) that it can "call home" at any time without going through the firewall? I know that it sends page tracking information to Google (I want it to) without firewall alerts.

    Thanks.
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Here is a good start for brushing up: http://outpostfirewall.com/guide/faq/activex.htm
    I'm sure our firewall experts can tell you more.

    Regards,

    Pieter
     
  8. yorkdale

    yorkdale Registered Member

    Joined:
    Jun 16, 2002
    Posts:
    38
    Location:
    United Kingdom
    The toolbar is installed locally, and until this time, you had to manually check for updates at the Google web site. This is the first time it has auto'd. There is an ActiveX control goes in the Downloads folder to keep the whole thing together, including storing configuration settings.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Yorkdale,

    This is not acceptable in my view. I for one would ditch it for that reason on the spot.

    regards,
    paul
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    We're not the only ones thinking along these lines.
    http://www.spywareinfoforum.com/forums/index.php?act=ST&f=15&t=9848&st=0

    Regards,

    Pieter
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    It is described that it does. Thought there should be an option to allow auto-updaet or not.
    Who knows what's next they would load on our systems?
    Fortunately we can check with the autostartviewer and such, but the feeling is uncomfortable.
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Well, if we let them know how we all feel about it - maybe they will change it.

    So what I did was, I sent an email to this address: mailto:toolbar-support@google.com that included the entire text of Mike Healan's article here: http://www.spywareinfoforum.com/articles/googleupdater/.

    I would suggest that everyone else with concerns do the same - how else are they going to know exactly how un-popular this is? Pete
     
  13. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    The whole problem is that the Google toolbar is quite useful for people trying to do online business. Besides this feature it's not evil.

    Kind of like the Alexa bar which is very useful being seen by Spybot as spyware. Technically it may be spyware but it serves a useful purpose and doesn't really do anything malicious.

    Mark
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    That may be so, Mark - but the fact remains something is installed (and a software update is an install) without the consent from the system owner. In principal, that's at the very least unethical - if not evil indeed. There should be at minimum a pop up, asking wether or not the system owner wants the install and has a choice.

    regards.

    paul
     
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Paul,

    If Google makes it known about the autoupdate via their Toolbar Privacy Policy before the user downloads the Initial Toolbar software....IMO
    1)Consent....has been given by the user if they choose to install the initial software
    2)Google then has been about as ethical as one can be.
    3)If user chooses to NOT read Privacy policies that's their choice and should then NOT holler about unethical practices.

    Toolbar Privacy Software....http://toolbar.google.com/privacy.html
    Regards,
    OzarkMan
     
  16. libbo1

    libbo1 Registered Member

    Joined:
    May 28, 2003
    Posts:
    123
    Location:
    florida
    'caveat emptor'! :cool:
     
  17. yorkdale

    yorkdale Registered Member

    Joined:
    Jun 16, 2002
    Posts:
    38
    Location:
    United Kingdom
    Exactly my own thoughts, Paul. That's why I felt it needed a security alert.
     
  18. yorkdale

    yorkdale Registered Member

    Joined:
    Jun 16, 2002
    Posts:
    38
    Location:
    United Kingdom
    I disagree. There was no autoupdate for many of us who installed the original software. Since that was introduced later on, it constitutes a considerable change in the relationship between the user and the supplier. To me it is such a major shift in policy they had a duty to include an "on first run" notice with the version which first had autoupdate, advising of this significant change.

    As I see it, these are UPDATES of an existing version, and not full replacement upgrades. As such, the original contractual relationship is in force, and any substantial variance needs the real consent of both parties. This could have been achieved by the method I described, using a dialog notification with a 'Continue To Install' click signifying consent.
     
  19. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hmmm....how then did the update that allows the autoupdater get installed ?

    While I agree with SOME of what you say....I dis-agree it was a MAJOR change....but that's what makes the world go round :) As it is with some Companies....they do change their policy from time to time an usually state that on their sites.

    "Google may decide to change this Privacy Policy from time to time. "
     
  20. Mint Chip

    Mint Chip Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    4
    I have Zone Alarm and it did not detect the update. It is kind of scarry. I have had ZA for years and it is right on target. If Google can do it any software maker can install stuff we are not aware of. :eek:
     
  21. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Well, yes and no. You installed the Google toolbar and since it runs under your browser, which you gave permission to in your firewall, it simply used that permission to get it's update. (Basically, you preapproved it when you installed it into your browser.)
     
  22. Rickster

    Rickster Guest

    Hi Chip Mint. Doubt ZA would or should catch it. All a FW does is help you manage permission for your OS to interact (inbound or outbound) the internet. Once you give it permission to connect, you're pretty much on your own aren't you?

    Regards, Rick
     
Loading...
Thread Status:
Not open for further replies.