Need for education regarding 'global hooks'

Discussion in 'other security issues & news' started by dionisiog, Feb 13, 2009.

Thread Status:
Not open for further replies.
  1. dionisiog

    dionisiog Registered Member

    Joined:
    Oct 30, 2003
    Posts:
    57
    My firewall likes to inform me that my Callwave software wants to install a 'global hook' into the default browser each time that Callwave is activated. In order to utilize Callwave I assume that I have to comply with this request.

    What does this mean? Why is it necessary? Is it advisable to use softwares that insist upon installing global hooks into my current browser connections?

    I find myself thinking that this would make me vulnerable to data gathering for Callwave of my internet activities that have no relationship to my interest in using Callwave. I have already attempted to communicate with Callwave regarding this but this is the type of subject that they never reply to, which certainly doesn't deepen my trust of their enteprise.
     
  2. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I don't know the software, so I can't say much about it, but isn't it possible to place the 'global hook' on one browser, and to use a different browser for regular internet access ?

    If not, I wouldn't do it, unless it this Callwave thing is very important to you.
    If it's hooked up to the browser they can more or less do whatever they want with it. Then it's a trust issue.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What is your FireWall BTW?
     
  4. dionisiog

    dionisiog Registered Member

    Joined:
    Oct 30, 2003
    Posts:
    57
    Callwave is software for people using dialup services. It allows the user to receive a notification and an audio message when they receive a phone call while being on line. It also allows the user to temporarily suspend online activities to answer that telephone call and then return to internet activity. It is also linked to a message box where it will store a message from callers to pick up by telephone if they want to do so.

    My firewall is the Comodo Firewall, various versions depending on the computer which I am using, and I am working with Windows XP Pro or XP Home. I have Avast Anti-Virus and use Malwarebytes and SpywareBlaster.

    I have several browsers (IE7, IE6, Mozilla Firefox, Flock and Opera.) with Firefox and Opera being utilized most frequently. Firefox is my secure choice.

    Here is a detail which makes me think that Callwave, in spite of the fact that I pay $8 a month to use it, is tracking my browsing information when it is active. It not only puts in a global hook into the current browser that is active when it is opened, but any subsequent browser that is opened after it has been activated. This continues for the current session, even if you kill the Callwave application with the task manager or Winpatrol. Like all of the global hooks which I have encountered, it stops you from browsing in any window if you deny it's request (by way of Firewall blocking) to insert itself into your activities. I sort of find it hard to believe that any of these operations are even legal in this day and age, if in fact this appendage is doing more than insuring that it can connect to the net to do it's paid for activity. I don't understand why it would need to go through my browser, but technically speaking, I think the browser being referred to could simply be a software interface for other internet software. In this manner it might look more serious to see a message saying that legitimate software is utilizing your browser as an interface (anymore than it might be using WIndows as an interface.) But I really don't know what is actually happening, and I can tell you that Callwave won't say a thing to me regarding this, and have yet to ever reply to any emails or phone calls which have asked about this detail. My recent conclusion has been to not load the software at all while I am browsing. This defeats one of the purposes that I paid to use it for in the first place, but still allows me to take messages from callers while I am online via my remote Callwave message box.

    It's kind of annoying, sometimes you would just like to know what is actually going on with your software, right? And I am admitting that I don't. It seems like a security threat to have any software capable of inserting itself into your browser in these days when we tend to do more than read newspapers or listen to radio on line. We use our internet for business. For the additional cost of Callwave I could probably dump their service and get low-speed dsl. The reason I haven't done that is that ATT (etc) seems to keep offering bait and switch offers that start with no contract etc, and when you follow through to sign up the offer always seems to change to a year or more contract with other charges. Anyway, not to get off the subject, I still would like to know if anyone has any insight into this Callwave activity. Perhaps my concern over the global hooks is not necessary? Or perhaps I am doing exactly what I should be doing by only using Callwave to take messages while I am on line and refusing to use it's active application while I browse.
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    dionisiog, unfortunately, when you signed up with CallWave, whether you knew it or not, you agreed to their Terms of Service and Privacy Policy, which includes tracking and monitoring. Here are several excerpts from both and there are more:
    We all need to read the TOS and Privacy Policies from any vendor, before entering into an agreement with them.
     
  6. dionisiog

    dionisiog Registered Member

    Joined:
    Oct 30, 2003
    Posts:
    57
    Thanks for putting much effort into your reply. I of course would assume that there would be some type of contractual data available. After reading what you did post for me I see that none of that data gathering seems to involve tracking my web browsing unrelated to my use of the Callwave software or website, be it passing through The A.P.News Website or possibly the Naughty Babes From Mars Homepage. (Sorry, that second page is a fictional webpage, so don't go looking for it.)
    This should be a relief but still leaves me unable to explain why Callwave software tries to insert a global hook through any of my internet software, no matter what purpose it has or where it is going.
    This in as much should mean almost never since I only vist the Callwave website when I install the software. I have rarely been there for any other purpose. But certainly would not explain the global hook behavior spotted by Comodo Firewall. (Today I opened a-squared HiJackFree and Callwave attempted to hook through it.)
    I am not horribly concerned. I am simply a computer user that believes it to be in my interest to know more about such affairs.
    I think I will try to research this 'global hook' function a bit more on the web to see what I can see.
    Thank you again very much. I will certainly return here to follow up on any intelligent entries regarding this subject. It is quite interesting.
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    Yes, it does seem that several TOS terms relate to their software or Web site, however, their statement: CallWave uses various technical information about a Member's computer's operating environment... suggests IMO that they might be going deeper than just software or site. "Computer's operating environment" sounds like a really broad term to me.

    By all means, do more research and please post back if you find something interesting.
     
  8. dionisiog

    dionisiog Registered Member

    Joined:
    Oct 30, 2003
    Posts:
    57
    I am looking around a little bit. I'm not certain what it's worth. Here are a few items which I have come up with.
    From a DiamondCS page:
    https://www.wilderssecurity.com/newreply.php?do=newreply&noquote=1&p=1408223

    Attack Method: Hooks
    Description: Hooks are mechanisms that allow processes to intercept data intended for other processes, such as messages, keyboard strokes, mouse movements and so on. To do this, the process wanting to apply the hook calls the SetWindowsHookEx function in user32.dll, which in turn loads the DLL into all other processes that use the user32.dll file (which is most, but not all of the processes on your system). This allows for extra functionality, but also can be abused by malicious software such as trojans.

    Admittedly DiamondCS's information regarding global hooks is going to have a certain bias since they are interested in selling security software. From my point of view in regards to Callwave, I'm not certain why they would need to set a hook to use my browser when it works completely independently without having any browser open. That puts their use of global hooks as a number one question of interest for me.

    And perhaps if you know the application and that they are simply gathering information in an anonymous manner ("Trust me, I won't abuse your confidence!") you should be following the 'unlax strategy because there are indeed bigger fish to fry.

    Ok. So let's say that a trusted application is utilizing a global hook to follow your use of your computer and internet travels. You decide to give it a pass and say, that's just Callwave. They are the good guys who take my phone calls. Would it perhaps be a lot easier to create a type of trojan or such that might be able to utilize Callwave's non-malitious use of a global hook maliciously? How secure is this Callwave software in that respect?

    Unfortunately this starts to sound like the gathering of lint to build the world's largest lint ball and reporting it to Ripleys. Perhaps that is what this is.

    The annoying fact is that the internet has brought a kind of conciousness (or lack there of) to business which implies that anyone has the right to track you in the most trivial of ways. This behavior seems more likely to appear with lower cost services. My recent purchase of bluetooth gear brought with it Blue Soeil
    software which was always trying to connect to the internet through any software I used. After I added it to my firewall as a banned application, it then attempted to connect through a shortcut on my desktop for the national weather service webpage. I started to feel like a big city dweller with rats trying to chew their way through the wall.

    I think that anyone knows that what has followed this internet trend is that businesses outside the internet world have adopted this new standard of non-privacy. And they promptly adopted these new standards when they realised that no one was going to do anything to stop internet businesses from utilizing this behavior.

    I personally am coming to the conclusion that Callwave is not worth that much attention, in and of itself. The problem is deciding when a business is crossing the line... who is supervising this? And how are we supposed to know when to be concerned about this? I cannot imagine how businesses on the internet can need to know more about what you are thinking when you view webpages then what they can already find out. The simple act of navigation tells them more than any newspaper page probably ever could. Perhaps this has more to do with the closing of newspaper publications (on paper) than anything else. After all, if you follow the news, you will rapidly learn that many of the newspapers closing were very profitable. Who closes a business which is making money?

    Please excuse me if I seem to have gone way off track but I think that the issue of tracking clients on the internet continues to bring up a lot of questions which seem to need to be answered.

    I appreciate the attention and patience of WSF and it's users for offering feedback and allowing me to post in regards to this subject.
     
  9. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    IMO, from a consumer's viewpoint, Caveat Emptor has to be our number one rule, when dealing with any business, on the Internet or not. However, the beauty of the Internet is our ability to find pro & con information about a product and/or company so we can make an intelligent decision whether to buy or not.
     
Loading...
Thread Status:
Not open for further replies.