Oct 2001                                                                                                      

Web Master Wanderings
By Curt Potsic, Space Coast PC Users Group

Home Page

Current Issue

The Space Coast PC Journal 

SCPCUG Web Master Curt Potsic

We are in the information age. The Internet has brought home the true meaning of the term "global." On the Internet we have immediate access to information from around the world. But at what price?

We have all been made aware of the critical need to protect ourselves against viruses. There are many anti-virus programs available. Some are even free for personal use. Check the SCPCUG web site Virus and Net Hoax Information page (http://www.scpcug.com/vhlink.html) for links to anti-virus programs. There is just no excuse for not having anti-virus protection other than plain ignorance.

Virus protection is one thing. But what about the invasion of privacy lurking on your computer that you may not even be aware of? This can come in the way of cookies when visiting a web site or through the installation of some freeware program that includes a "spyware" component. These so called "freeware" programs are usually some useful utility. They are offered for free with the trade-off being that while the program is running you see an advertisement for something that is of interest to you. On the surface that does not sound bad as we see many ads on Internet web pages, so why not in a program. The rub comes when some of these marketing companies try to tailor the ads to your interests by having the program "phone home" (while you are connected to the Internet) with information about you and your Internet surfing habits. This profiling is usually done without your knowledge. In addition, even if you know this is happening, there is usually no way to tell exactly what information the company is receiving about you. What follows is my personal experience with spyware.

Last December I decided to download on to my old Gateway 233 MHz computer a free program from the ZDNet Software Library (http://www.zdnet.com/downloads/) called "Photocopier." The program's stated purpose was to turn my scanner and printer combination into a copy machine. By just placing a document on my scanner's glass, starting the Photocopier program, and pressing its Copy button I would have a printed copy in a few moments. It would take the hassle out of scanning by "eliminating difficult scanner settings" and therefore would be very user friendly.

Some new scanners already have this copy capability but my several year old Visioneer did not. The software placed a picture of a photocopier control panel on my monitor screen. There were buttons for copying (color, grayscale, or black & white), adjusting the brightness, number of copies, etc. After an initial glitch of getting negative images, i.e. trading black for white and white for black, the program worked fine. The program's ReadMe file said this negative image thing happened on some scanners and told me how to correct it. However, since Photocopier only allowed printing in two sizes, 100% and 70%, this little glitch caused me to waste a lot of black ink. Sure would have been nice to initially test the program with a 5% print size.

I originally thought the Photocopier program would be a real convenience and time saver. In reality this did not happen. For most of my scanning and copying needs I found it necessary to do some tweaking and thus reverted back to my scanner's original software. I actually used this Photocopier program a grand total of five times over the course of three months.

I was told up-front that Photocopier was Advertiser-Supported software and so I expected to see ads. What I was not told was that when the ads changed, the old ones were not removed from my hard drive. Therefore, they were using up my hard drive space. After only three months I had 150 files in 75 folders in a folder called Ads. This alone was taking up 1 MB of hard drive space on my old Gateway computer that was partitioned for a 4 KB cluster size. The wasted hard drive space would have been worse on my new 1 GHz computer which has 16 KB clusters because of it's unpartitioned 30 GB hard drive. Multiply that with a likely possibility of having several spyware programs on one's computer and much hard drive space could be wasted.

For those unfamiliar with cluster size a brief explanation is in order. Each physical hard drive has a cluster size that varies depending upon physical drive size, if it is partitioned, and how it is formatted. You can check your cluster size by running the Windows ScanDisk program. Smaller cluster size is better. The bottom line is if you have a cluster size of 16 KB (like on my 30 GB drive) then even a small file of less than 1 KB will use up that entire 16 KB block of hard drive space. So the reality is that if you have many small files (like desktop shortcuts that are usually 1 KB) you are wasting 15 KB of hard drive space for each 1 KB file. Not very efficient and one of the main reasons people partition their drives. Of course this argument is becoming less important as hard drive prices continue to fall.

In addition to the wasted hard drive space, I have no idea what information was being gathered about me by this Photocopier program. The program's ReadMe file claimed "We adhere to strict privacy guidelines and do NOT collect personally identifiable information unless it is voluntarily provided. Only information regarding the performance of advertising campaigns is aggregated and reported to advertisers and ad sales organizations." But how can I be sure this is true?

Checking paths on my hard drive showed things like:

C:\Program Files\TimeSink\ADGateway\Users\Curt\Sched.cdb
C:\Program Files\TimeSink\ADGateway\Profiles\copier5\Curt\ncuppen\Done.cdb (a 132 KB file)
C:\Program Files\TimeSink\ADGateway\Profiles\copier5\Curt\ncuppen\Pending.cdb (a 162 KB file)

The use of my name "Curt" and the word "Profiles" in these paths gave me cause for concern.

What finally called my attention to all of this behind-the-scenes stuff taking place on my hard drive without my knowledge was a program called "Ad-aware" available free from http://www.lavasoftUSA.com/.

Ad-aware Initial Screen

In March I downloaded Ad-aware and had it scan my Gateway computer. Ad-aware immediately informed me that the Photocopier program I had installed was actually "spyware." In addition to informing you of spyware on your system, Ad-aware is also a spyware removal utility. It will scan your computer's memory, registry, and drives for known spyware components. (Including the Photocopier program, Ad-aware had informed me that I had a total of 20 spyware references: 11 registry keys, 7 files, and 2 folders.) A wizard-style interface will guide you through the scanning process. The scanning is very fast and completed in a few minutes. You then have the option to selectively and safely remove offending entries. Selective removal is useful because the downside is some programs like GoZilla (a popular file download manager) will stop functioning once the advertising system is removed. Thus you can make a choice of either allowing the spyware to invade your privacy or forgo the computing convenience the free "ad supported" program offers. The Ad-aware Frequently Asked Questions page (http://www.lavasoftusa.com/faq.html) goes into more detail, explaining what types of spyware files might invade your computer and how Ad-aware can help.

Some of the advertising systems that Ad-Aware detects include spyware files from Adware, Alexa v1.0-5.0, Aureate v1.0-3.0, Comet Cursor v1.0-3.0, Cydoor, DSSAgent, EverAd, Gratisware, OnFlow, Gator, Hotbar, NewDotNet, SafeNow, TimeSink v1.0, 2.0, & 5.0, Web3000, and Webhancer. Suspicious cookies from Doubleclick and FlySwat are also detected. Bet you did not know there were so many companies trying to invade your privacy!

My story does not end here. As many of you know I bought a new 1 GHz computer from ABS Computer Technologies (http://www.buyabs.com) at the end of March (read my June 2001 Wanderings article at http://www.scpcug.com/wmwand26.html). In August I decided to download the latest version of Ad-aware and test it on my new computer. I thought I had been careful but was curious to see if I had picked up any spyware in the preceding four months.

I installed Ad-aware version 5.5 on my new ABS computer. After configuring Ad-aware with my preferences and selecting my drives and memory to scan, I did a scan. It found 3 spyware components.

Ad-aware Spyware Detection Screen

One was a zipped file called "Netsonic" in my downloads folder. Netsonic is a program that is supposed to accelerate your Internet browsing by loading previously visited web pages quickly. I had downloaded this program (in zipped form) on to my old Gateway computer back in December of 1999 but never installed it. Subsequently, I copied the downloads folder to my new computer for backup, but again never installed the Netsonic program. Well the latest version of Ad-aware caught this spyware, even in its uninstalled (zipped) form. That was impressive as the earlier version 4.5 I had used on my Gateway computer in March had not detected the uninstalled Netsonic on the Gateway's hard drive.

I used Ad-aware to delete the Netsonic file. In this case Ad-aware only deleted the offending file and not the folder containing it since I had created the containing folder. I had noted the file path so it was no problem to manually delete the containing folder.

The two other files Ad-aware caught were cookies from Doubleclick that I received while using Internet Explorer (IE) 5.50. How do I know it was in IE? Because the file location is C:\WINDOWS\Cookies which is the folder where IE stores it's cookies as separate text files. You can open and read them in WordPad. Netscape stores all cookies in one text file called cookies.txt which is usually located in C:\Program Files\Netscape\Users\(User's Profile name).

I wondered why Ad-aware showed two Doubleclick cookies as both appeared to be identical. When I did a search using the Windows "Search for Files and Folders" function, it showed only one Doubleclick cookie on my hard drive. It was in C:\WINDOWS\Cookies and was dated 9 March 2001. That was a time soon after I purchased my new computer and before I realized that by default Microsoft's Internet Explorer was accepting all cookies.

I was still curious as to why Ad-aware showed the Doubleclick cookie twice. So rather than having Ad-aware immediately delete it, I did some browsing of my hard drive. Guess what? The same cookie appeared in my "Temporary Internet Files" folder. I had told Windows ME (Millennium Edition) via Programs/Accessories/System Tools/Disk Cleanup a number of times since March to empty my "Temporary Internet Files" folder. But what I have since discovered is the Windows Disk Cleanup utility does not remove the cookie files. Guess I can't trust Windows to always do what I think it should be doing. In the end I went directly to my "Temporary Internet Files" folder and deleted the cookie from within the folder by right clicking the file and selecting "Delete." I then reran Ad-aware. The rescan showed both of the Doubleclick cookie spyware files noted in the scanlog were gone confirming that in fact there had been only a single cookie. A visual recheck of the Cookies folder in C:\WINDOWS also showed the Doubleclick cookie gone.

As you can see from the above, for offending files or cookies you have a choice of either deleting them manually at their location or allowing Ad-aware to do the deletion. If the spyware component turns out to be a Windows registry entry you are most likely better off allowing Ad-aware to do the deletion unless you are quite comfortable editing the registry. To protect you from a remote but possible disaster, such as registry corruption, Ad-aware allows you to make a backup of the spyware components to be removed prior to removal. In the unlikely event that something does go wrong with the removal, you would then have restore capability.

Ad-aware is similar to an anti-virus program in that it requires a signature update periodically to stay up with the latest spyware being introduced. Therefore, when you go to download Ad-aware (http://www.lavasoftUSA.com/downloads.html) be sure to also download the latest signature file.Ad-aware Download Files Both Ad-aware and the signature file are downloaded as zipped files. After Ad-aware is unzipped and installed the unzipped latest signature file (reflist.sig) replaces the original reflist.sig file that installed with Ad-aware. Unlike most anti-virus programs which do automatic program updates with the download, this operation must be done manually by copying over the original with the new "reflist.sig" file.

If you would like a better understanding of all Ad-aware does and how it operates, I recommend that you first download the Ad-aware Help file (hlpHTML.zip). Once unzipped it consists of an "index.html" page and a number of images in JPEG format. Simply open the "index.html" page in your favorite browser (such as MS Internet Explorer or Netscape Navigator) and read the Help file. No connection to the Internet is necessary as the complete Help file is on your hard drive.

In conclusion, my privacy is important to me and I am thankful to have a program like Ad-aware which gives me some degree of control as to who invades my hard drive space.

Note: Web Master Wanderings articles contain links to external web sites. Web addresses are constantly changing. There is no guarantee that the information links provided in this article will remain unbroken or up-to-date beyond the date that this article is originally published.