PREVIOUS PAGE • SUBSCRIBE TO THE NEWSLETTER • CLIENT LOGIN
Don't just HIT the monkey
KILL the monkey
5TH IN A SERIES OF 5
An entire class of programs has been tarred, inaccurately, with the sobriquet
"spyware". These programs are really "adware" and there's
nothing wrong with adware if the publisher is up front about it. Unfortunately,
many of them are not.
Adware is a program that displays an advertisement whenever the program is
running. Qualcomm's Eudora is one of these programs. The application occasionally
polls an Internet site for a new ad and displays it. Some people inaccurately
call programs like this "spyware".
Spyware, on the other hand, examines files on your computer and can transmit
information to someone you don't know. An example of this kind of program is
"Back Orifice". Someone must trick you into installing the BO server
application, but that can be accomplished with surprising ease.
In my opinion adware is OK if you're told the details in advance. Spyware is
not OK under any circumstances.
A personal firewall such as Zone Alarm from ZoneLabs (http://www.ZoneLabs.com/)
can eliminate the Back Orifice threat and can shut down some of the other annoyances.
Symantec's Norton Internet Security includes a firewall but also offers the
ability to block banner advertisements that appear on Web sites.
I'm not a foe of advertising. In fact, I spend some of my time creating
direct-mail ads, commercial Web sites, and other forms of advertising. I
am a foe of annoying advertising. Banner ads annoy me, particularly the
ones that include something that never stops moving. Some of these ads are provided
by companies that attempt to track your travels on the Internet and to match
your e-mail address with your physical address.
Depending on your point of view, this might be all right or it might not. The
fact that it happens without your knowledge makes it at least suspect.
The annoying monkey
One company's banner ad shows a monkey running left and right across the screen.
I hate this ad. I've told Web masters of sites that display the ad. I once even
paid enough attention to find out who the ad was for (I've since forgotten,
which may illustrate how "effective" this technique is) and complained
to the administrator of the organization that uses the monkey. Nobody even bothered
to reply.
Surprised? Neither was I.
Another company uses an ad that looks like an official Windows message. The
banner says your Internet connection is not optimized and asks if you want to
fix it. Needless to say, this is an ad that works. Is it honest? No! But it
works and ethics be damned.
Copycat advertisers are using the same trick now.
Side note to advertisers: Let's say you're walking down the street and,
as you pass a store, the proprietor, who's standing in the doorway, says, "Hey!
Your hair's on fire. Come in here QUICK and I'll get some water!"
You rush inside, the guy slams the door shut and locks it, then says, "Oh,
your hair wasn't really on fire, but look at all the HOT DEALS I have here in
the store."
Would you be likely to buy from this person?
The answer is so obvious that there's no reason to even ask, but some Web marketers
seem to think that this is a good business model to follow. It's one of the
reasons that I use some tricks of my own to eliminate all banner ads.
You've probably seen the one that looks like a Windows error message. It tells
you that you computer isn't optimized for the Internet and displays what looks
like a standard Windows button. But it's just an advertising banner.
Click on it and you'll find that you've been "mousetrapped". Extra
windows will open and you may have to shut down the browser to make it stop.
Advertisers, people will not buy from companies they don't trust and the company
that pulls a trick like this is not to be trusted.
Be an ad killer
You can defeat these ads without having to shell out even one cent. If you
have a standard modem connection, it may make connecting with some sites a bit
slower, but at least you won't have to watch that idiotic monkey!
Mac users please note: See the sidebar for information on how to do this.
When a Web browser, telnet, or FTP client want to connect to a server, it has
to translate the English name of the site (www.Blinn.com, for example) to an
IP address (www.Blinn.com evaluates to 209.15.99.71). It's this IP address that
the Internet protocols use to make the connection.
To convert the English address to an IP address, the PC first checks to see
if a "hosts" file resides on the local computer ("localhost").
If localhost has a hosts file, the system will look there to see if it can find
a match. If so, it uses the IP address supplied in the hosts file. If not, it
makes a request with the domain name service (DNS) server that your ISP provides.
These machines typically have names like ns1.somedomain.com and ns2.somedomain.com
- a primary server and a backup server. If the English name is found there,
the connection is made. If not, you get a "no DNS entry" error message.
(As you might suspect, the actual process is a little more complex.)
The important point is that the localhost hosts file takes precedence.
Next you need to know where the ads are coming from. The easiest way to discover
this is to download a hosts file from either www.smartin-designs.com/ or www.accs-net.com/hosts/.
Keep these addresses because you'll need to download a new file occasionally.
This new hosts file will point all known ad servers to "localhost"
- 127.0.0.1 - and this is true whether you have a PC, a Mac, or a Unix/Linux
machine.By telling hosts that "goofy.ads.com" is at 127.0.0.1 instead
of its real address, you tell the system to look on YOUR computer for the ad.
It won't find the ad there, of course, so you won't see the ad.
This approach seems to cause delays on some systems and one of my sources suggests
using 0.0.0.0 instead. This, the source says, can significantly speed browser
access. When I tried the technique on a Windows 2000 machine, the ads returned.
It may be that Windows 2000 is smart enough to know that 0.0.0.0 is a bogus
address, bypass it, and ask a DNS server for the real address. One or the other
should work for you.
This is of CRITICAL importance
Read this section carefully and make sure you understand exactly what you're
supposed to do. If your system is already using a "hosts" file,
replacing it could cause your current connections to stop working. If you create
the file with anytihng other than a plain text editor (Ultra Edit or Notepad,
for example) the results will not be good.
If you're not comfortable tinkering with critical files, STOP NOW! Search
your computer for "hosts.*". If
you find an existing "hosts" file (no extension), make sure that you
save a copy of it. The hosts file might be in use and you don't want to wipe
out any existing entries.
Hosts is a plain ASCI text file, so you can open it with Notepad.exe or with
Word or WordPerfect. If you use a word processor, be CERTAIN that you save the
file as a text file. And be certain that the file's name is "hosts"
with no extension.
If you've chosen to download a new hosts file instead of making your own, just
replace the existing hosts file after backing up the existing file. You
may have to reboot the system. The ads just disappear.
When you look for the hosts file, you'll find it in:
- C:\WINNT\SYSTEM32\DRIVERS\etc (NT)
- C:\WINDOWS\ (9x)
- C:\WINDOWS\SYSTEM32\DRIVERS\etc (2000)
- C:\WINNT\SYSTEM32\DRIVERS\etc (2000)
Why this is a security issue
Things are not always what they seem. Some banner ads are for legitimate companies,
while others are designed to entice you down one of the Internet's dark alleys.
Down that dark alley you might encounter someone who wants to infect your computer
with a virus, install a program such as SubSeven or BackOrifice, or simply trick
you into buying something that will never be shipped.
These precautions are particularly important if your children use the Internet
unsupervised. It won't keep them from all the threats, but it will eliminate
some.
The Internet is no different from the "real world". It's populated
by many friendly people and by a some who appear friendly, but aren't. Besides
the techniques presented here and in the other reports in my security series,
you'll be well served on the Internet by a healthy sense of skepticism.
Useful sites
Steve Gibson's site (http://www.GRC.com/)
includes useful information on spyware, various other threats, and firewalls.
Steve may be a little paranoid, but it never hurts to be safe.
Thanks to Ian Kingston, who provided some of the background information and
to Jane Lyle at Indiana University for forwarding one of Ian's reports.
Another way to get rid of ads is to use a free German program called WebWasher
from http://www.Webwasher.com/.
|
