I have been trying to avoid this discussion, but I am being pulled into
it because I have a problem with people spreading false information for
the sake of attention. If you would like to debate if Audiogalaxy should
also install the webHancer software automatically, please do, but debate
it knowing the facts. If you have questions about how Audiogalaxy works I
will be glad to discuss this with you. Please talk to Bruce Linton at
webHancer and I am sure he will be glad to give you the facts on how
webHancer works. webHancer security policies have been verified by a
3rd party - Deloitte & Touche. More information is available at:
http://www.webhancer.com/site/products/privacy/index.asp
When you download the Audiogalaxy Satellite it is clearly stated what
webHancer does and that webHancer is installed on your system along with
the Audiogalaxy Satellite. If you do not wish this to happen do not
install the Audiogalaxy Satellite.
It looks like you have not even bothered to download the latest version
(0.605) which has been out since
the end of March. Quoted from the readme.txt file:
"Quick break down of the install process:
*webHancer is installed on everyone's machine - it can be uninstalled by
going to
control-panel add/remove programs (webHancer reports network
latency about
websites you visit - they throw away your IP address BTW so its
anonymous)"
.
.
."
I invite you all to go and download the Audiogalaxy Satellite at
http://www.audiogalaxy.com/satellite instead of spreading rumors on this
list.
Here is an example of a company that spreads grossly false information.
If I were a client of Global Integrity I would cancel my subscription since they do
not post the facts, but send over-dramatic warnings that are not thought
through nor even researched in hopes of seeming valuable to their
customers by scaring them.
To start off - webHancer and the Audiogalaxy Satellite DOES not even
install on a Win 3.x platform. WebHancer does not even install on a Win95
platform as I am told (Bruce this is correct?).
The statement "email addresses and other information is shared with an
information collector" is flat out false. Audiogalaxy does not share the
email addresses it gets from the Audiogalaxy sign up process, nor has
Audiogalaxy ever used the email addresses to send any kind of mail to
those accounts. The WebHancer software is completely separate from the
Audiogalaxy Satellite software and the two products have zero interaction
and do not exchange any kind of data.
Where does one get "read files from your hard drive and send them to its
parent company"? This is completely untrue. To see exactly what the
Audiogalaxy Satellite is doing in a very detailed fashion enable logging
and read the generated logv605.txt file.
The REACT advisory then continues to quote webHancer end-product
information selectively quoting specific parts. Little known to
Global Integrity that webHancer offers several services to its clients
which utilize client data (websever logs) that is implied to
originate solely from the webHancer client data (Bruce maybe you can step
in here with more details).
I do not mind Global Integrity issuing a statement about Audiogalaxy and
WebHancer, but it better contain facts instead of random BS meant to seem
like a valuable alert. I think this alert brings into question the
integrity of Global Integrity itself as a company and its many "alerts".
We did not even receive a phone call from Global Integrity to discuss this
before they posted it.
REACT Advisory 2001-04-10, Trojanized program violates user privacy.
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ _______
______ _______ _______ / / / /\ \ \ / / / / \ \ \ /______ / /____ /____\ \
\ / \ / / \ \ \ / \ / / \ \ \ / \ /______ / \ \_______ \ Predictive
Systems Rapid Emergency Action Crisis Team SECURITY ADVISORY This is an
automated advisory from the Predictive Systems REACT advisory service.
Please do not reply to this message as it was sent from an automated
mailbox. Comments or questions about this specific advisory should be
addressed to [EMAIL PROTECTED] 2001-04-10
/////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
SUBJECT: Trojanized program violates user privacy. RISK FACTOR: 3 RISK
FACTOR EXPLANATION: Information on users surfing habits, server ID, OS,
platform, Email addresses and other information is shared with an
information collector. IMPACT: Release of this type of information could
contribute to a loss of corporate and personal information that could then
be used for other purposes. SUMMARY: The AudioGalaxy Satellite is a small
and simple program that allows you to share your music with friends and
other users on AudioGalaxy. Part of the install program is an additional
tool called WebHancer this program tracks the user's usage of the
Internet. PLATFORMS AFFECTED: Workstations,Web Clients Hardware: Operating
Systems: Windows NT,Windows 3.x,Windows 9x,Windows 2000,Windows Millenium
Edition Applications: BACKGROUND: Installing AudioGalaxy automatically
installs a small tracking or "spy" program called WebHancer. This program
not only tracks where you go on the Internet but also reads files on your
hard drives and sends info to its parent company. Even after completing
AudioGalaxy Satellite's rudimentary recommended uninstall method which
involves manually deleting it's file folder, WebHancer was still present
in the computer and running in the background. Webhancer's main goal as
the program's authors tell it is: webHancer e-Business View™, the only
performance measurement tool that measures and analyzes data collected
real-time from Internet users. Unlike machine- generated simulations,
e-Business View provides business and IT managers the critical insight
needed to determine the Web infrastructure and site optimization
strategies necessary to improve users' satisfaction. "Organizations have
spent millions of dollars to provide their customers with a superior
online experience, but the majority don't know whether or how much those
investments have paid off," said Bruce Linton, president of webHancer. "We
developed e-Business View as a looking glass through which these companies
can see exactly how quickly their Web site delivers content and reacts to
user activities, while identifying potential infrastructure and
performance bottlenecks. This capability provides a bridge between
marketing and IT departments that will bring discussions of Web site
optimization strategies to a whole new level." "Web servers. Application
servers. Load balancers. Local ISPs. Regional ISPs. Backbone providers. Ad
banner servers. Content distribution networks. Proxy Servers. Each and
every one of these components influence the end user's performance
experience of a web site. To truly understand how a web site is
performing, online property owners must see the performance picture from
one end to the other. This picture must include the last mile to the end
user's desktop and all the networks and content providers that lie between
that desktop and the online destination.... " RECOMMENDATIONS: The program
can be spotted by looking for outbound TCP connections to a1.webhancer.com
to port 80 (web). Using a program such as Zone Alarm or Intruder Alert
will assist individual users with the identification of the program
attempting to connect through port 80 to the remote server. The program
must be manually uninstalled and the registry entries deleted.
VENDOR-SUPPLIED INFORMATION: As identified above Voice Phone Number -
1-888-REACT-1-2 (within US) or 1-703-375-2910 E-mail -
[EMAIL PROTECTED] FAX 703-375-2497 Website -
http://www.globalintegrity.com
----------------------------------------------------------------
BTW (I believe this has been posted before on BugTraq): The Audiogalaxy
Satellite sends its logon/password information as clear text via TCP (oh
no!).
Your user account cookie generated by Audiogalaxy to automatically log you
in the website is also clear text. We at Audiogalaxy do not believe this
presents a security risk unless you use the same password for everything
and your computer gets hacked. The worst thing that can happen if
somebody discovers your password is login as you and fill up your hard
disk with files having the .mp3 & .temp extension (mandatory) that you did
not request. The Audiogalaxy Satellite does not keep ports open, but only
opens a port when there is a pending transfer, unlike other file-sharing
programs who always keep a port open. To get a good glimpse of how it
works enable logging on the AGS and read the logfile. I wrote most of the
core executable - AGSatellite.exe so I know what it does.
I hope this helps put the facts on the table. I honestly believe this
discussion does not belong on BugTraq, but this is of course a matter of
opinion.
Derek,
You are correct - the early version of 0.601W did state as you described
because the Audiogalaxy Satellite does not modifiy any registry entries.
You can copy all AGS files to a floppy disk and fire up the program w/o
installing it. We even have provided the source code for the ui.dll file
included which can be found by installing the new version. Version 0.601
was still VERY clear during the install process that webHancer would be
installed. Three screens discussed webHancer where each one requires you
to click Next/Back/Cancel.
Hope this helps!
Sincerely,
--Michael
On Tue, 10 Apr 2001, Derek Reynolds
wrote:
> What's funny is in the readme.txt that is shipped with it and what is
> presented to the user after the install states the following:
>
>
> <BEGIN QUOTE>
> Notes:
>
> *If you wish to uninstall just delete this all the files in your AG Satellite
>directory and the menu shortcuts. No windows
> registry changes are made nor are any DLLs copied to directories outside the AG
>Satellite.
> <END QUOTE>
>
>
> No windows registry entries added? No DLLS copied to directories outside of
> AG Satellite? What is this a joke?
>
>
>
