I Spy

by Wayne M. Krakau - Chicago Computer Guide, October, 2000
Just as a pair of spies masquerading as a professional tennis player and his coach could once travel the world, reporting all sorts of valuable information back to their superiors without engendering suspicion (at least on TV), various types of seemingly innocuous utility software are now infiltrating computers around the world, surreptitiously spying on the users’ activities, and reporting back to their creators.

In my recent review of Go!Zilla (I thought I was finished trying to type this!), I was somewhat apprehensive about recommending the program due to its use of what’s being called SpyWare. That’s becoming the common name for software that gathers information about the PC it runs on and sends that information back to some central database. Apple thought that IBM was Big Brother. Little did they know that small, innovative software companies would take on that role.

The main proponent of caution in using SpyWare is Steve Gibson (of Gibson Research Corporation, www.grc.com), formerly a columnist for InfoWorld, but perhaps better known as the author of SpinRite, the amazing disk diagnosis and repair program. He has started a Don Quixote-like quest to track down the culprits and to absolutely prove his case.

Gibson is a true craftsman of the old school. His main skill is in writing carefully handcrafted Assembler-language-based utility programs. He is so dedicated to his work that he gave up his column and miscellaneous writing in order to spend more time programming.

My only in-person encounter with Gibson happened a few years ago when I had the privilege of attending a seminar on SpinRite at a distributor show for resellers a few years ago. In explaining his product, Gibson animatedly acted out the parts of the various components of a disk drive. It was both hilarious and enlightening. This guy has an exhaustive knowledge of what makes a PC tick.

Gibson’s SpyWare quest started when he heard rumors about the RealDownload download manager from RealNetworks and it’s derivatives, Netscape’s Smart Download and NetZip’s Download Demon. As usual, he wrote his own utility programs as necessary to use in this investigation in addition to various sophisticated diagnostic tools. His account of what followed reads more like a detective novel than a technical treatise.

First, he discovered that the full addresses of all files downloaded using these managers were going out over his Internet connection. In what would become a repeating pattern, his published results were immediately met with rebuke and denial by the software companies. They portrayed him as a poor, misguided soul, tilting at windmills.

Rather than either backing down or engaging in some type of reflexive trading of denials (Yes they do - No they don’t - Yes, they do, etc.), Gibson reexamined and reran his own research. He didn’t want to accidentally accuse an innocent party. (We are talking about a serious ethical decision here. Bill Gates, are you listening?)

His additional research uncovered the fact that, along with the downloaded file information, a unique identifying field was also transmitted. On computers with an Ethernet card, half of the ID was the card’s address while the other half was a part of Windows. On computers without an Ethernet card, that half of the ID was generated by some as yet unrevealed formula built into Windows. Now the software companies could identify his machine along with his activity, though they couldn’t yet tie him personally to his machine.

Even more research, paralleled by further denials and some threats of legal action, followed. Gibson discovered some suspicious activity during Web-based purchases from the associated software companies. He tracked that activity down and found that the same unique-to-his-PC ID was uploaded along with his personal information. This was then encoded and saved on his PC as a "cookie" so that every time he downloaded a file, critical portions of his personal information, including his name and his private (for online transactions only) e-mail address, were uploaded. So much for online privacy statements!

To this day, RealNetworks and their associated software partners deny that they are any threat to users privacy. This is in spite of the fact that Gibson has thoroughly documented and published all of his research in a format that is readily understood. (Do they have a corporate position entitled "Propaganda Minister" or something similar?) Just go to www.grc.com if you want to examine it yourself.

While you are there, you may also want to check out his free program, OptOut which allows you to detect and, optionally, remove SpyWare from your system. He also has written various other free and commercial programs (in addition to the aforementioned SpinRite), including a handy Zip Drive diagnostic tool and an Internet connection security tester.

I know that I’ll be the first in line when Mr. Gibson announces the world tour of his one-man show in which he acts out the parts of the software and hardware involved in his battle against SpyWare.

�2000, Wayne M. Krakau