Page 1 of 3

Re: SpyWare

Posted: Fri May 31, 2002 5:24 pm
by Big-O Mark
AIM+ has reportedly been classified as SpyWare.

First, I would like to report that the fact that AIM+ returns information to the Big-O Software servers has never been hidden from the users. Moreover, it has been brought to the attention of the users BY the users, in the following thread from our forums. Big-O Software's original repsonse to this concern is also included in the thread.

http://discuss.big-o-software.com/viewtopic.php?t=69

I truly believe that any concerns users have about AIM+ sending information have been answered in this original thread. Any new concerns could have been brought up there, discussed, and dealt with, rather than having it come to this.

AIM+ as SpyWare Report Information
Users of AIM+ are unwittingly sharing information about themselves every time they connect to AOL. Aside from the spyware, AIM+ in my opinion is an excellent AOL instant messenger wrapper.
The fact that information being sent back to the Big-O Software servers was never hidden from the users, and has been available here in the forums for quite some time. Our original reponse to this issue can be read in the forum thread posted above.
I noticed some odd traffic which upon examination became immediately identifiable as belonging to AIM+. In version 2.1.1 build 59 (as well as the latest release 2.2 build 63 and probably earlier releases) an HTTP connection is made to www.big-o-software.com (63.242.135.29) referencing a PHP script which stores the following information:

- AOL instant messenger screen name
- AIM+ information:
- all your AIM+ settings
- AIM+ version
- AIM+ paths
- OS and version
- Computer network name
- CPU and RAM information
- Screen resolution
- Current UID (NT)
All of this information is in fact returned to our servers. It was implemented as a debugging tool, back when some AIM+ users were having trouble with the newly implemented cloning option. For more information on this debate, from the original thread, click here. Specifically, we wanted to know what percentage of AIM+ users were having this problem to the extent that they chose to disable cloning from the AIM+ Preferences menu.

As for the rest of the information returned, it is simply ignored and then deleted. You have been harmed in no way.

The cost of gathering these statistics has been enormous and most definitely not worthwhile. Although AIM+ is currently set up to send this information, the Big-O Software servers have been ignoring this data for quite some time now. As you may have noticed, our servers had been EXTREMELY lagged during most hours of the day lately. Because the servers are currently ignoring statistics data, this situation has improved, however, because of the number of regular hits the servers are still quite slow.

Please keep in mind that the only reason this information was ever sought out was to constantly improve AIM+ with new and better versions released, taylored not only to what WE want, but to also what YOU, the users want. The statistics were gathered with only this goal in mind.
I wrote the author about this issue on 5.6.2002
and have received no response to date.
Big-O Software receives hundreds of emails daily, to the extent that our two man team cannot possibly read and respond to them all in a timely fashion. The forums were set up as a better means for us to communicate with the users. If one person asks a question, everyone can view it, and our response, making it much more time effective than email. Some users have been participating in the forums for so long that they can answer many questions just as well as we can. We are currently working on answering as many emails as we can each day, and we would like to apologize to anyone still waiting for a response.

Finally, AIM+ is not alone in collecting usage statistics and information from its users. The majority of today's internet-enabled programs, including but not limited to instant messaging programs, music players, and operating systems, collect usage statistics for various reasons. Most simply want to know how many people are using their software, and how they are using it. If you are truly concerned about the gathering of statistics of this type, you should probably uninstall many of the programs you currently run, as they too return information to their creators.

As a final response to the concerns of AIM+ users, in the next version of AIM+, the statistic gathering code will be completely removed. The Upgrade Monitor may also be removed, as by its very nature it must have information gathered and returned to inform users of new releases. A future release of AIM+ may include an "Allow anonymous usage information" option so that users can decide for themselves whether or not to share some of the information about how they use AIM+, in order to aid future development. However, please bear in mind that Big-O Software releases free software at an already great cost to us. The additional cost of statistic gathering may not be feasable.

The statistics counter, like the AIM+ preferences, are stored in the system registry. If you want to stop sending usage information NOW, we have created a registry fix to do this for you automatically. You can download it here, then double click to install. No more information will be sent to the Big-O Software servers.

Statistics Registry Fix Contents
[HKEY_CURRENT_USER\Software\Big-O\AIM+]
@="C:\\Program Files\\AIM+"
"Statistics"=dword:00000000
Feel free to reply in this thread, but please note that offensive, vulgar, inappropriate, etc. posts will be removed.

Posted: Fri May 31, 2002 7:24 pm
by Big-O Mark
The statistics counter, like the AIM+ preferences, are stored in the system registry. If you want to stop sending usage information NOW, we have created a registry fix to do this for you automatically. You can download it here, then double click to install. No more information will be sent to the Big-O Software servers.

Statistics Registry Fix Contents
[HKEY_CURRENT_USER\Software\Big-O\AIM+]
@="C:\\Program Files\\AIM+"
"Statistics"=dword:00000000

Ad-aware

Posted: Fri May 31, 2002 7:45 pm
by Guest
Use this tool (just updated) to check if you have spyware or suspected spyware.

This includes:
doubleclick cookies
fastclick cookies
RealNetwork
Cometcurser
Gator
sexlist
sextracker
And many more, but not AIM+!

You can download from here:

http://www.majorgeeks.com/article.php?sid=506

Posted: Fri May 31, 2002 8:41 pm
by dkratter
I'm not sure why my earlier post was deleted from the 'AIM+ Phonehome' thread (http://discuss.big-o-software.com/viewtopic.php?p=2696). This is a forum, posts shouldn't be deleted unless they contain personal insults or perhaps inappropriate language. Anyway...

First, for the anonymous user who keeps posting that AIM+ is not listed in Ad-aware, what is your point? Perhaps the extent to which AIM+ is gathering information has only just been determined and therefore hasn't made it into Ad-aware's list? I only found out about this issue today and posted it on the forum this afternoon (in the post that was subsequently deleted).

There is absolutely nothing wrong with collecting usage statistics that are relevant to improving the application. Software version and OS version are important information for the developers. Installation path, CPU type, RAM amount and screen resolution might be relevant too (although that's debatable). But under no circumstances should the user's screen name, Windows username, hostname or IP address be collected. This is a clear violation of users' privacy and could be considered illegal in many countries (especially in Europe). Nowhere in the documentation on this website or with the software itself is it stated that such personally identifiable information is transmitted back to the authors.

Removing the statistics-gathering code in the next version is a step in the right direction. I think AIM+ is an excellent (and necessary) program that improves upon the flaws in AIM. It would be a shame to see this program be ruined because it had become spyware.

Why the warning?

Posted: Fri May 31, 2002 8:45 pm
by Guest
Big-O Mark wrote:The statistics counter, like the AIM+ preferences, are stored in the system registry. If you want to stop sending usage information NOW, we have created a registry fix to do this for you automatically. You can download it here, then double click to install. No more information will be sent to the Big-O Software servers.

Statistics Registry Fix Contents
[HKEY_CURRENT_USER\Software\Big-O\AIM+]
@="C:\\Program Files\\AIM+"
"Statistics"=dword:00000000
Why does it warn me if I want to add this information to the registry?
Is it because my local host or network might be able to see it?

Posted: Fri May 31, 2002 8:53 pm
by Big-O Ryan
Why does it warn me if I want to add this information to the registry? Is it because my local host or network might be able to see it?
I'm not really sure what your second question means, but I don't think it has anything to do with the answer.

Windows always asks for confirmation when you execute one of these .REG files. They modify your registry -- you should know that it's going to happen. It warns you so that you do not change your registry unknowingly.

If you want to confirm that the .REG file will do what you expect it to, you can open it using notepad to view it (obviously, this will not apply any changes).

Posted: Fri May 31, 2002 9:28 pm
by Big-O Ryan
dkratter wrote:There is absolutely nothing wrong with collecting usage statistics that are relevant to improving the application. . . . under no circumstances should the user's screen name, Windows username, hostname or IP address be collected..
Thank you for recognizing that our intentions were to improve the application. As has been implied, it is not difficult in the least to determine what information is being submitted -- this was very intentional, it could have been encrypted (or even simply compacted to be more nicer to our servers), but by leaving it in plain-text there is no question regarding what is being sent.

However, the information you pointed out as being not relevant towards improving the application was definitely used to improve the app! Unfortunately, it's difficult to identify a machine in an anonymous way, and in order for statistics to be useful I needed to eliminate duplicate entries. So, my original method for identifying a machine was MachineName+OSVersion+IP (Windows username is not submitted at all). Even this is fairly ineffective, however, since many people have computers named "COMPUTER", or the like, and IPs are not very unique (firewalls, AOL, etc). So, in the next version I added the "UID", which is a random number created for just this purpose -- it is simply a large number which is hopefully unique, so that I could distinguish between machines while arranging statistics -- there's certainly no information to be derived from it.

Most importantly, though, is the submission of the user's "Screen Name". This is the most personal piece of information submitted, but it was very, very relevant to the problem we were analyzing at the time. We were gathering information regarding cloning, which is using more than one screen name on a single computer, so the importance of this should be fairly obvious.

Ad-aware 5.8.1 -5.8.2

Posted: Fri May 31, 2002 9:29 pm
by Guest
"First, for the anonymous user who keeps posting that AIM+ is not listed in Ad-aware, what is your point? Perhaps the extent to which AIM+ is gathering information has only just been determined and therefore hasn't made it into Ad-aware's list? I only found out about this issue today and posted it on the forum this afternoon (in the post that was subsequently deleted)."

This issue popped up in late April.
Lavasoft, changed the Ad-aware build (miner bug fixes) on May 29th or 30th.

Included with this update is a new referencefile 005-29-04-02 with the following new targets: OpenMe.exe,recent GoHip version,Network-Essentials,DownloadWare, ImiServers IEPlugin and additional browser hijackers.

You may write your concerns at their forums.
http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi

Posted: Fri May 31, 2002 10:23 pm
by sickdm
Mark,

Thank you for addressing this issue promptly. While I am still a little confused why you deleted my post (with tcpdump data and stuff :P), I now find your response sufficient.

The reason that collecting data is causing such an outrage, and why i personally found it unpleasant; is because of software like Gator or Kazaa that aggregate the collected information to make money from unsuspecting users. I was suspecting you might have been doing a similar trick.

I am glad that you were only collecting data for performance/debugging issues.

Thanks again for responding to this quickly (you are not evil as i previously expected :)),
Anthony Volodkin

Posted: Fri May 31, 2002 10:54 pm
by Big-O Mark
sickdm wrote:The reason that collecting data is causing such an outrage, and why i personally found it unpleasant; is because of software like Gator or Kazaa that aggregate the collected information to make money from unsuspecting users. I was suspecting you might have been doing a similar trick.

I am glad that you were only collecting data for performance/debugging issues.
I understand exactly how you feel about programs that have harmed you in the past. Ryan and I both have had bad experiences with programs collecting information. We don't like that these programs did this to us, so we would certainly never want to turn around and do this to AIM+ users. We never considered selling this info, and we would never want a program that we enjoy using selling our info.

It's unfortunate that the term "spyware" has been applied to both programs that innocently collect usage data and those that collect information with malicious intent alike. Under a blanket term like that, so many quality programs that 99% of the people reading this post probably have installed on their systems, could be deemed "spyware."

Won't install

Posted: Sat Jun 01, 2002 11:45 am
by Guest
Big-O Ryan wrote:
Why does it warn me if I want to add this information to the registry? Is it because my local host or network might be able to see it?
I'm not really sure what your second question means, but I don't think it has anything to do with the answer.

Windows always asks for confirmation when you execute one of these .REG files. They modify your registry -- you should know that it's going to happen. It warns you so that you do not change your registry unknowingly.

If you want to confirm that the .REG file will do what you expect it to, you can open it using notepad to view it (obviously, this will not apply any changes).
I clicked the little reg icon, and this is what I saw...
Cannot import C:\MyDOWN~2\AIM_S~1.REG: The specified is not
a registry script. You can import only registry files.

Posted: Sat Jun 01, 2002 12:09 pm
by Big-O Mark
I clicked the little reg icon, and this is what I saw...
Cannot import C:\MyDOWN~2\AIM_S~1.REG: The specified is not
a registry script. You can import only registry files.
What OS are you using? I have a feeling you're running Windows 95/98/ME because the .REG file was created in Windows XP and was tested on both XP and 2000. However, we don't have a Windows 9x computer to test things on :(.

To manually do what the .REG file is supposed to do, click on the Start Menu, choose Run, and type in 'regedit' ... from there, go to HKEY_CURRENT_USER / Software / Big-O / AIM+ ... near the bottom of the registries is 'Statistics' ... highlight it, choose 'Edit' and 'Modify' and change the 1 to a 0. Statistics will now be turned off.

Posted: Sat Jun 01, 2002 3:54 pm
by Big-O Ryan
There is a new version of the .REG file (available at the same link, above) that should work for all Win32 operating systems.

Please let us know if it does not work for you.

Posted: Sun Jun 02, 2002 12:23 am
by Speebs
What I don't understand is why this is such an outrage in the first place.

First off, Mark and Ryan have always been clear about the fact that they gather statistics, and the specifics of what they are gathering. If people are so paranoid about having their "personal" information (which isn't really very personal anyway) sent around, then said people should investigate the software they use before using it. Also, AIM+ IS FREE. Even if it were legitimate "Spyware" all they'd have to do is add a little disclaimer and then they could do whatever the heck they wanted. Beggars can't be choosers, even though some here might feel to the contrary. But, that's not really relevant anyway.

Second, if you look at the list of what AIM+ sends back to Big-O, what do you think they could possibly use the info for? They know your AIM settings. So what? They know your AIM+ paths and version. Big security risk there! They know your IP address and computer name. Anyone on the internet can find out any or all of these things. If you have cookies enabled, many websites can also tell you what OS and resolution you're running. This information is not private. And NEITHER IS YOUR SCREEN NAME. So what if they know your screen name? Everyone on your buddy list probably knows your screen name, as do a bunch I bet you don't know about.

It's pretty clear, to me at least, that AIM+ doesn't report information that's relevant to anything other than self-improvement. And I think that the claims of this terrific program being Spyware are ludicrous and even more outraging than if the information were being used maliciously. I, for one, salute Big-O for GIVING us this great piece of software and I will gladly share any information necessary to keep it in development.

Please keep up the good work, guys, and don't get discouraged!

Posted: Sun Jun 02, 2002 7:49 am
by Guest
sigh, this is a kick butt program, doesn't really matter to me what information they gather. i wouldn't prefer it, but i wouldn't kick up a fuss about it.