Welcome to the MacNN Forums.

atomised · Jun 13, 2002, 12:29 AM

a thought that i'd love clarification on...programs running in windows such as audiogalaxy and limewire dump spyware on your system, do the mac versions dump similarly sneaky spyware in osx? i mean i haven't seen them but that's why the're called spyware...

Detrius · Jun 13, 2002, 12:54 AM

and exactly what does this spyware do? alert other gnutella users of what files are available? or alert the authorities that you are running the file sharing programs?

because sharing with other gnutella (Limewire) users is just part of the program. It's not spyware. You turn it off in the preferences.

atomised · Jun 13, 2002, 01:54 AM

nope, what i mean are things like vx2 which was delivered with audiogalaxy and takes note of online forms. and the target advertising delivered through aureate/radiate in limewire which and trojan delivered through KaZaA. windows programs drop stuff all over your hard drive but do the mac versions play a similar role?

Ibson · Jun 13, 2002, 02:06 AM

Nope. Not continuing in one of Window's finest traditions, Mac OS X apps don't dump spywear on your hard drive. Speaking of advertising in LimeWire, you can remove all ads by deleting the /Applications/LimeWire/lib/ads folder.

waffffffle · Jun 13, 2002, 02:07 AM

well none of those companies have official Mac clients so there really isn't too much to worry about. With the Mac OS it wouldn't be too hard to find the spyware stuff anyway. Apple allows users to have much more control over you system. Also if spyware is every discovered in any OS X software I'm sure the great people on these boards will teach us all how to get rid of it.

Adam Betts · Jun 13, 2002, 03:04 AM

<blockquote>quote:<hr />Originally posted by waffffffle:
well none of those companies have official Mac clients so there really isn't too much to worry about. With the Mac OS it wouldn't be too hard to find the spyware stuff anyway. Apple allows users to have much more control over you system. Also if spyware is every discovered in any OS X software I'm sure the great people on these boards will teach us all how to get rid of it.<hr /></blockquote>Limewire is out for OSX already <img border="0" alt="[Hmmm]" title="" src="graemlins/hmmm.gif" />

dr. zoidberg · Jun 13, 2002, 04:25 AM

<blockquote>quote:<hr />Originally posted by Ibson:
Nope. Not continuing in one of Window's finest traditions, Mac OS X apps don't dump spywear on your hard drive. Speaking of advertising in LimeWire, you can remove all ads by deleting the /Applications/LimeWire/lib/ads folder.<hr /></blockquote>heeeeeh thanks for the info!! <img border="0" title="" alt="[Wink]" src="wink.gif" />

i haven�t heard of that one before, although it�s somewhat obvious *if* you happen to look around inside the limewire folder

me don�t like ads. (and spyware? it�s the most annoying thing since the iglesias-family!).

MrBS · Jun 13, 2002, 07:53 AM

<blockquote>quote:<hr />Originally posted by Detrius:
and exactly what does this spyware do? alert other gnutella users of what files are available? or alert the authorities that you are running the file sharing programs?

because sharing with other gnutella (Limewire) users is just part of the program. It's not spyware. You turn it off in the preferences.<hr /></blockquote>Spyware can do lots of different things. Here are some examples from the windows world:

*Some spyware programs just pop up ads whenever the user is online
*Some spyware uses your idle cpu time and bandwidth
*Some just track your online activity and reports back to a central server

Some spyware is much more insidious:
One program steals advertising revenue from the sites you visit. it does so by making it look like the banner ad you clicked on was displayed on their site, instead of the one you are actually patronizing.

Top Text is another pretty evil one. It charges a fee for advertisers to register a word or phrase. It then hijacks the users browser to make that word or phrase a hyperlink to the advertiser's site. While this would probably prompt lawsuits due to the sizes of the companies involved, if Microsoft wanted it could register "Apple" with top text. Then, any browser 'infected' with this spyware will link every instance of apple, be it on the MacNN forumns, apple's homepage, or Aunty Em's Orchrds .com to microsoft.com.

Pretty evil stuff.
~BS

Millennium · Jun 13, 2002, 10:46 AM

Theoretically, spyware for OSX could be written. But no one has done it yet.

The really annoying stuff could only affect Cocoa apps, as it currently stands. Carbon apps don't offer enough Services support for, say, something like IcECoffeE (a perfectly innocent Service which makes all URL's in your text commmand-clickable). The same mechanisms which make this work could make a "transform-all-instances-of-a-word-to-links" program, but Carbon apps would (at this point in time) be immune. If Apple gets full Services support into Carbon (and I hope they do; they haven't been pushing Services as much as they should be) then this slight advantage will disappear. It's a trade-off.

Mediaman_12 · Jun 13, 2002, 12:33 PM

<blockquote>quote:<hr />Originally posted by Millennium:
[QB]Theoretically, spyware for OSX could be written. But no one has done it yet.
[QB]<hr /></blockquote>But it would nead admin/root privaliges to be installed?

MrBS · Jun 13, 2002, 09:08 PM

<blockquote>quote:<hr />Originally posted by Mediaman_12:
 <blockquote>quote:<hr />Originally posted by Millennium:
[QB]Theoretically, spyware for OSX could be written. But no one has done it yet.
[QB]<hr /></blockquote>But it would nead admin/root privaliges to be installed?<hr /></blockquote>For some kinds I think so, not for some of the other things like the ones that steal cpu cycles/bandwidth or just report your internet activity back to a central server. At least I don't think so. Could someone more knowledgable answer that?

Also, maybe this deserves a seperate thread, but what kind of software is it reasonable to give it an admin password on instal? Anything besides the OS?
~BS

mrtew · Jun 13, 2002, 10:17 PM

<blockquote>quote:<hr />Originally posted by Ibson:
.... Speaking of advertising in LimeWire, you can remove all ads by deleting the /Applications/LimeWire/lib/ads folder.<hr /></blockquote>I used to do that and my CPU would go crazy and eventually lockup the entire GUI and I'd have to do a hard reboot. Since I stopped messing with new versions I haven't had the problem again. Coincidence?

Mactoid · Jun 13, 2002, 10:35 PM

<blockquote>quote:<hr />Originally posted by MrBS:
 <blockquote>quote:<hr />Originally posted by Mediaman_12:
 <blockquote>quote:<hr />Originally posted by Millennium:
[QB]Theoretically, spyware for OSX could be written. But no one has done it yet.
[QB]<hr /></blockquote>But it would nead admin/root privaliges to be installed?<hr /></blockquote>For some kinds I think so, not for some of the other things like the ones that steal cpu cycles/bandwidth or just report your internet activity back to a central server. At least I don't think so. Could someone more knowledgable answer that?<hr /></blockquote>Certainly something that runs in the background using your cpu or bandwidth wouldn't need to be run as root. Same goes for the IcECofFeE type application that Millennium spoke of (assuming that ~/Applications is checked for services). Those could all be installed as whatever user you are running as, and of course they would only run when you are logged in. They would not be able to affect anyone else who used the computer.

Something that tracked your network usage, I'm not so sure about. I presume that for reading local network traffic, root access isn't required, but I'm not sure. It wouldn't really surprise me if that was protected.

Hi I'm Ben · Jun 14, 2002, 01:28 AM

For those of you who do run KaZaA and limewire and such on your PC... there is a program called Ad-Aware that removes all the spyware from your computer.

it's great and you can set it almost as virus protection piece and start everytime.

Mediaman_12 · Jun 14, 2002, 05:00 AM

<blockquote>quote:<hr />Originally posted by John Tewksbury:
 <blockquote>quote:<hr />Originally posted by Ibson:
.... Speaking of advertising in LimeWire, you can remove all ads by deleting the /Applications/LimeWire/lib/ads folder.<hr /></blockquote>I used to do that and my CPU would go crazy and eventually lockup the entire GUI and I'd have to do a hard reboot. Since I stopped messing with new versions I haven't had the problem again. Coincidence?<hr /></blockquote>Did you edit the text file that sits in that folder, you have to remove the links to the add's and the number of ads.

Chuckit · Jun 14, 2002, 07:31 AM

<blockquote>quote:<hr />Originally posted by Millennium:
Theoretically, spyware for OSX could be written. But no one has done it yet.

The really annoying stuff could only affect Cocoa apps, as it currently stands. Carbon apps don't offer enough Services support for, say, something like IcECoffeE (a perfectly innocent Service which makes all URL's in your text commmand-clickable). The same mechanisms which make this work could make a "transform-all-instances-of-a-word-to-links" program, but Carbon apps would (at this point in time) be immune. If Apple gets full Services support into Carbon (and I hope they do; they haven't been pushing Services as much as they should be) then this slight advantage will disappear. It's a trade-off.<hr /></blockquote>Correct me if I'm wrong, but I think that's just a matter of [i]different]/i]support in the two environments. IcECoffeE apparently uses Services, which come from Cocoa's Yellow Box heritage. Carbon takes a different tack, inherited from the Macintosh side of the family tree--Carbon Events. I'm not all that intimate with the Carbon API, but it looks to me like Carbon apps are actually more open with their information than their Cocoa counterparts, at least on their side of the bridge.
Think about it: If Unsanity can use Carbon Events to give us sounds and windowshading, I don't imagine it would be too hard for some unscrupulous developer to make a program that spies on your computer-using habits and reports them to Bill G--er, some dishonest corporation.

Millennium · Jun 14, 2002, 10:54 AM

<blockquote>quote:<hr />Originally posted by MrBS:
 <blockquote>quote:<hr />Originally posted by Mediaman_12:
 <blockquote>quote:<hr />Originally posted by Millennium:
[QB]Theoretically, spyware for OSX could be written. But no one has done it yet.
[QB]<hr /></blockquote>But it would nead admin/root privaliges to be installed?<hr /></blockquote>For some kinds I think so, not for some of the other things like the ones that steal cpu cycles/bandwidth or just report your internet activity back to a central server. At least I don't think so. Could someone more knowledgable answer that?

Also, maybe this deserves a seperate thread, but what kind of software is it reasonable to give it an admin password on instal? Anything besides the OS?
~BS<hr /></blockquote>Actually, it depends. To spy on only one specific user, one might not need to hsve root/Admin privs. However, most spyware would want to spy on the whole machine, rather than just one or two users. This would require root privs to install and run.

It is theoretically possible to hide this behind a drag-and-drop install, by simply having the app check for the spyware every time it launches and either reinstalling it or refusing to run if the spyware isn't found. However, even in this case, it would still have to ask for an Admin password in order to install the stuff; it can't get around that (unless, of course, you're logging in as root, in which case it can do so utterly invisibly).

Of course, it's also possible to use a traditional installer, have it install the software, and then simply check for the spyware and refuse to run. This would eliminate the need for the app to ask for root privs to install the software, and most people will provide the proper authorization to installers without thinking. So be wary of apps which use these; if it doesn't look like they should need anything more than a simple drag-and-drop, they may very well not. You can check .pkg installers using CharlesS' excellent program Pacifist, but I don't know of anything like that for other installer types.

WildZero · Jun 14, 2002, 11:13 AM

<blockquote>quote:<hr />Originally posted by Hi I'm Ben:
For those of you who do run KaZaA and limewire and such on your PC... there is a program called Ad-Aware that removes all the spyware from your computer.

it's great and you can set it almost as virus protection piece and start everytime.<hr /></blockquote>Ad-aware is essential if you're running a PC. Also check out Kazaa Lite, a hacked version of Kazaa that's missing the spyware and advertising components.

macmike42 · Jun 14, 2002, 12:52 PM

<blockquote>quote:<hr />Originally posted by Mactoid:
Something that tracked your network usage, I'm not so sure about. I presume that for reading local network traffic, root access isn't required, but I'm not sure. It wouldn't really surprise me if that was protected.<hr /></blockquote>You _must_ effictively be root in order to read network traffic (including your own). That is one of the wonderful security features we picked up from BSD. Just remember that anything you enter your admin password for can easily install itself setuid root, which means it runs as root no matter what user runs it.

Yet another reason why Installer.app is evil.

Also remember that no application can open a TCP/IP port below 1000 (or 1024 or somewhere around that), unless it is root.

As for the services thing, this sounds like a tremendous security problem (maybe even worse than "nidump passwd ."). I wonder how hard it would be to write an nice Cocoa keyboard logger service? Could it then open a port that a would-be cracker can connect to and retrieve the logs? Would /Applications/.Evil.app register as a service?

I think I'm starting to see why NeXTStep was such a commercial bomb.

Scrod · Jun 16, 2002, 02:48 AM

<blockquote>quote:<hr />Originally posted by macmike42:

I think I'm starting to see why NeXTStep was such a commercial bomb.<hr /></blockquote>Then you're starting to think incorrectly. NeXT bombed because they made machines that cost ten-thousand freakin' dollars a piece. Oh but maybe you are right: they went bankrupt because of the mere POSSIBILITY that someone could have used their ultra-advanced development environment to capture and record keystrokes and user-events from other applications--something that we know is clearly impossible on any other computing platform. Yes, yes, that must have been it, because obviously the trivial topic of the day that catches your interest is somehow linked to another completely distant event of which you learned about in your casual, uncritical reading. Web discussion forums everywhere are infested with people like you, who can do nothing other than, in some cases, parrot things that others have said wherever it seems appropriate, and in others, completely distort those facts while using them to support their completely misguided, malformed ideas. So many people here are like that. You're all stupid. The MacNN forums are filled with sheer idiocy.

Edit: macmike42, you're one of the less-stupid people here and actually raised intelligent security concerns, while everyone else propagated vague, unthinking FUD. My remarks still apply to virtually everyone at MacNN, and I want you all to know that I know how stupid you are.

[ 06-16-2002, 02:59 AM: Message edited by: Scrod ]

KellyHogan · Jun 16, 2002, 04:29 AM

<blockquote>quote:<hr />Originally posted by Ibson:
Nope. Not continuing in one of Window's finest traditions, Mac OS X apps don't dump spywear on your hard drive. .<hr /></blockquote>Adobe apps do.

Chuckit · Jun 16, 2002, 04:29 AM

<blockquote>quote:<hr />Originally posted by Scrod:
Edit: macmike42, you're one of the less-stupid people here and actually raised intelligent security concerns, while everyone else propagated vague, unthinking FUD. My remarks still apply to virtually everyone at MacNN, and I want you all to know that I know how stupid you are.<hr /></blockquote>Bah. I did no such thing. All I said was that people were giving Cocoa a bum rap as somehow being more vulnerable, when in actuality it's just a new way of doing something that people have been able to do for some time. To my knowledge, I said nothing inaccurate, and I think you're being a bit liberal with your venom.

FXOLeary · Jun 16, 2002, 11:37 AM

<blockquote>quote:<hr />Originally posted by Scrod:
My remarks still apply to virtually everyone at MacNN, and I want you all to know that I know how stupid you are.<hr /></blockquote>Duh, ummmmmm, der, duh, huhuh, ummmmm, what?

macmike42 · Jun 16, 2002, 02:59 PM

<blockquote>quote:<hr />Originally posted by Scrod:
Then you're starting to think incorrectly. NeXT bombed because they made machines that cost ten-thousand freakin' dollars a piece. Oh but maybe you are right: they went bankrupt because of the mere POSSIBILITY that someone could have used their ultra-advanced development environment to capture and record keystrokes and user-events from other applications--something that we know is clearly impossible on any other computing platform. Yes, yes, that must have been it, because obviously the trivial topic of the day that catches your interest is somehow linked to another completely distant event of which you learned about in your casual, uncritical reading. Web discussion forums everywhere are infested with people like you, who can do nothing other than, in some cases, parrot things that others have said wherever it seems appropriate, and in others, completely distort those facts while using them to support their completely misguided, malformed ideas. So many people here are like that. You're all stupid. The MacNN forums are filled with sheer idiocy.<hr /></blockquote>Man. You have issues. I understand that price was an issue, but if your product (or marketing department) is good enough, you can sell it at almost any price. Macs still cost anywhere between $3000-$7000 in that time period, and they sold pretty well considering Apple was "dead".

<blockquote>quote:<hr />Edit: macmike42, you're one of the less-stupid people here and actually raised intelligent security concerns, while everyone else propagated vague, unthinking FUD. My remarks still apply to virtually everyone at MacNN, and I want you all to know that I know how stupid you are.<hr /></blockquote>Whoa. I don't know what to say.

I was suggesting that perhaps people were happier developing software with an OS that was a bit more difficult, although free, familiar, and known to be relatively secure (BSD or Linux).

NeXT was suggesting that you pay a _lot_ for something that was much easier to use (although you still have learn it), built on top of a secure OS, but without any track record for security itself.

So, no, I was not saying that they weren't commercially successful because of one possible "feature" within a "feature". I was saying that perhaps all these surprise "features" are a bit much to pay for if you already have something that works fine.

But once again here I am explaining something to someone who thinks that I, along with everyone else in these forums, is a drooling moron. I much prefer to explain myself to someone who hasn't immediately written me (and everyone else in a certain group) off as someone who has no idea what they are talking about.

Thanks for playing, sorry for being off-topic.