Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Fwd: FC: More on Microsoft products tracking users


Interesting. With the revelation that Microsoft's software is
covertly tracking users and reporting back to Redmond, comes
reports of Windows software that stops such nasty activities
as the source.

The software detects network requests being generated by software
(not the user) and alerts the hapless user to the vile situation.

Sluggers: is there any similar software for Linux? I know a firewall
might go part of the way, but what is really needed is software that
detects even outgoing request on, say, port 80 that are not generated
by the user ... however that is defined! Prolly a config file listing
just those apps that are allowed to make net connections.

Rgds
Rick W



-------- Original Message --------
Subject: FC: More on Microsoft products tracking users
Date: Fri, 01 Sep 2000 14:55:10 -0700
From: Declan McCullagh <declan@xxxxxxxx>
Reply-To: declan@xxxxxxxx
To: politech@xxxxxxxxxxxxxxx


************

>From: "D Whitehorn-Umphres" <dawumail@xxxxxxxxxxxx>
>To: <declan@xxxxxxxx>, <rms@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Microsoft Word and Excel track users, invade privacy
>Date: Thu, 31 Aug 2000 16:01:28 -0600
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>Importance: Normal
>
>Great. And then *their* demo violates your privacy by posting your
>hostname/IP address, along with a list of the previous nine visitors, to the
>demo page site.
>
>-D Whitehorn-Umphres


************

>From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxxx>
>To: "D Whitehorn-Umphres" <dawumail@xxxxxxxxxxxx>, <declan@xxxxxxxx>
>Cc: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Microsoft Word and Excel track users, invade privacy
>Date: Thu, 31 Aug 2000 18:10:14 -0400
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>Importance: Normal
>
>We are now fixing the demo to remove this issue.
>Thanks.
>
>Richard


************

From: "Jonathan Zuck" <jzuck@xxxxxxxxxxxxx>
>To: <declan@xxxxxxxx>
>Subject: RE: Microsoft Word and Excel track users, invade privacy
>Date: Wed, 30 Aug 2000 14:47:41 -0400
>X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
>Importance: Normal
>
>Of course the other side of this is that people might actually want to place
>an IMG tag in a document for legitimate reasons and there's no way for the
>software to distinquish them.

************

>Date: Thu, 31 Aug 2000 10:49:29 -0400
>From: "H. Morrow Long" <morrow.long@xxxxxxxx>
>Organization: Yale Univ. ITS Information Security
>X-Mailer: Mozilla 4.75 [en] (WinNT; U)
>X-Accept-Language: en
>To: eoghan.casey@xxxxxxxx
>CC: information.security@xxxxxxxx, aimee.kanzler@xxxxxxxx, declan@xxxxxxxx,
>         rms@xxxxxxxxxxxxxxxxxxxxx, daniel.updegrove@xxxxxxxx
>Subject: Re: [Fwd: FC: Microsoft Word and Excel track users, invade 
>privacy](fwd)
>
> > Declan McCullagh wrote:
> > > [This is a good reason not to use Microsoft Word or other snoopable
> > > software. I wonder if there's a way to turn this off (short of
> > > unplugging your network connection), or if not, whether Microsoft will
> > > release a fix for those of us who aren't thrilled about this feature. 
> --Declan]
>
>
>Declan -- One way to block applications (esp. some of the new 'spyware' 
>software --
>           freeware or shareware which may report information back to various
>           marketing research firms) from opening up network connections 
> back across
>           the Internet is to run a personal firewall product which can 
> block outgoing
>           network connections opened by applications.
>
>           ZoneLabs ZoneAlarm personal PC firewall is one such product and 
> has been
>           free for personal use ( www.zonelabs.com ).  I have nothing to 
> do with the
>           product other than having evaluated it.
>
>           I tested out the demo MS Word doc with 'webbugs' and ZoneAlarms 
> did indeed
>           'trap' the outgoing connections to the web, temporarily blocked 
> them and
>           popped up a dialog box asking me if I wanted to allow MS Word 
> to open a
>           connection to the Internet.  I clicked on no.  ZoneAlarm then 
> asked if I
>           would allow MS Word to open up a connection on the local 
> intranet network
>           (e.g. to do a DNS lookup against a local server).  I said 
> no.  It worked.
>
>           There are probably other personal PC firewall products which 
> can block
>           (conditionally or unconditionally) network connections from 
> being opened
>           by local applications to Internet sites.  However most of these 
> products
>           generally concentrate on blocking incoming network connections 
> & packets.
>           Some privacy minded individuals would likely be interested in a 
> survey of
>           such products (in addition to products such as 
> privacy-protecting local PC
>           web browser proxies, etc).
>
>- H. Morrow Long
>   University Information Security Officer
>   Yale University, ITS, Dir. InfoSec Office

**************

>From: "Jay Holovacs" <holovacs@xxxxxxx>
>To: <declan@xxxxxxxx>, <politech@xxxxxxxxxxxxxxx>
>Cc: <rms@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Microsoft Word and Excel track users, invade privacy
>Date: Wed, 30 Aug 2000 15:00:48 -0400
>X-Mailer: Microsoft Outlook Express 5.00.2615.200
>
>This calling back, and text source traceablility aspect was a 'feature' of
>Ted Nelson's Xanadu.
>
>It's a good idea to pass stuff thru a pure ASCII file before pasting or
>redistributing.
>
>jay

************

>From: terry.s@xxxxxxxx
>To: declan@xxxxxxxx
>Cc: rms@xxxxxxxxxxxxxxxxxxxxx
>Date: Wed, 30 Aug 2000 17:49:41 -0400
>Subject: Re: FC: Microsoft Word and Excel track users, invade privacy
>X-Mailer: Juno 4.0.11
>
>Hi Declan!
>
>On Wed, 30 Aug 2000 14:47:01 -0400 Declan McCullagh <declan@xxxxxxxx>
>writes:
> > [This is a good reason not to use Microsoft Word or other snoopable
> > software. I wonder if there's a way to turn this off (short of
> > unplugging your network connection), or if not, whether Microsoft
> > will release a fix for those of us who aren't thrilled about this
> > feature. --Declan]
>
>Yes, sort of, subject to annoyance.
>
>McAfee Guard Dog, a program I dislike because of poor hook modules that
>conflict with HP & Lexmark printer drivers and some other software, did
>very well catching outbound connection attempts by Word or Excel, and
>prompting to manually allow or block a net connect.
>
>Pre-Norton AtGuard 3.22 caught the connect attempts, but didn't do as
>well catching outbound links before they polled for the embedded images.
>
>
>I've got the ZoneAlarm, Conseal, and McAfee firewalls on other machines
>not yet tested, and Black Ice on an associate's machine.  ZoneAlarm I'd
>guess would catch this well, based on its focus of trapping unauthorized
>outbound data.  Guard Dog's alert messages (unlike protocol/rule based
>firewall user interfaces) are almost simple enough for office worker
>types to manage, if they had a clue about the larger issues.
>
>I sometimes see Windows Explorer being blocked from a supposed net
>connect attempt during Win98 bootups.  It might be interesting to do some
>sniffing to see if it's trying to send unauthorized data for real, or if
>it just has typical uSoft design flaws such that it can false trigger a
>firewall.
>
>As Richard's alert stated, it's not practical to block Office modules
>from being able to link to URLs to gather embedded images.  It seems that
>a firewall with outbound data blocking which defaults to no connects by
>Office (or most other) applications, but allows per-attempt manual enable
>when attempted, is about the only real way to control this.  Of course
>that assumes informed users, and a default that files from untrusted
>sources shouldn't be allowed to open external links.
>
>
>Terry


************

>X-Sender: jda-ir@xxxxxxxxxxxx
>X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
>Date: Wed, 30 Aug 2000 22:30:06 -0700
>To: declan@xxxxxxxx
>From: "J.D. Abolins" <jda-ir@xxxxxxxx>
>Subject: Re: FC: Microsoft Word and Excel track users, invade privacy
>Cc: rms@xxxxxxxxxxxxxxxxxxxxx
>
>Declan and Mr. Smith,
>
>FWIW: In testing the Web bugged Office docs via a paid Anonymizer account, 
>I found that the documents were able to see my real IP address. Didn't 
>surprise me because I know that one trick to blowing Anonymizer and 
>similar services' cover is to get something on the user's system that does 
>direct communications with the site. Apparently, that's another extension 
>of the risks presented by Web bugged Office documents.
>
>Scenario: Somebody is using an anon remailer or other identity hiding 
>resource. The investigator wanting to know who this anon ID is puts out a 
>Web bugged document so that it goes back to the anon user. The bug phones 
>home and the anon cover is blown. Possible to make links to other 
>activities from that anon ID. If these methods were around a few years 
>ago, perhaps the CoS incursion on anon.penet.fi would have taken this 
>route instead using manipulations to get the Finnish police to do the 
>dirty work.
>
>J.D. Abolins
>




-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------