Thread: SPYWARE: PRO AND CON -- know the history before you download it
View Single Post
  #7 (permalink)  
Old February 8th, 2002
gratis
Guest
  
Posts: n/a
Default
Regarding CyDoor, a non-optional install:

Cydoor has cleaned up it's act in the current version of the software, 3.2 (I assume this is the one limewire bundles). It is no longer as much of a cause for concern as the other bundled software:

"In our test installation, Cydoor's CD_CLINT.DLL downloaded executable code to the test system [log]. While the code (a Visual C++ library, ATL.DLL) was not malicious, the program's ability to silently load executable code presents a potential security vulnerability to the user."

-- cexx.org/cydoor.htm
________________________
Regarding the cilcktillyouwin issue:

ClickTillYouWin which was distributed by CyDoor, was never a "malicious" trojan, as shown in Adam's link. This means that the ClickTillYouWin company was not using it to hack (break in to), crack (do damage to), or control its users' computers.

It does, however function and look like a trojan, which is why anti-virus companies classified it as such.

Despite ClickTillYouWin's non-malicious intent, their software (masquerading as an online gambling game) is in fact a potentially harmful trojan that submits data about the user without the user's permission.

"This two-component spyware-trojan was discovered in the end of December 2001. The DlDer spyware-trojan was supposed to be an on-line lottery game with an adware component that had to display advertisement and offers. But the way it was implemented and dropped to users' systems made anti-virus vendors consider it a spyware-trojan. Do note that DlDer is NOT a virus, as it doesn't spread.

The trojan being installed on a user's system downloads or upgrades its main component that connects to a website and reports user's ID (unique for each computer), IP address, web browser a user is using and URLs that a web browser opens."

-- http://www.europe.f-secure.com/v-descs/dlder.shtml


After removing this software from free limewire, limewire commented:

"We rely on Cydoor to deal with our ad deals and bundled software. We assumed that they did their homework on this package but that does not seem to be the case," said Bildson [chief technical officer at LimeWire].

-- http://www.wired.com/news/privacy/0,1848,49430,00.html


The two main points in this particular issue are:

1. When you use controversial methods to make money, you are walking a fine line. Some people and companies you deal with will be just on the honest-side of this line, and some will have crossed the line into dishonesty or even illegality (violation of privacy acts).

2. LimeWire "assumed that [CyDoor] did their homework on this [ClickTillYouWin] package." Similarly, limewire users EXPECT that limewire does it's homework on the software it includes in its filesharer.