Restraining Order On Commercial Spyware Lifted 97
Back in 2008, the US Federal Trade Commission filed a restraining order against CyberSpy Software, makers of a commercial spyware program that logged keystrokes, took screenshots, monitored IM conversations, and sent all the collected data back to the company's servers. Reader suraj.sun tips news that the order has now been lifted, allowing CyberSpy to sell its software, but with a few restrictions.
"According to the US District Court settlement, the company must not provide users with the means to disguise the software as an innocent file or email attachment. Users must also be advised that doing so may violate US state or federal law. Additionally, all recorded information sent over the Internet must be encrypted and older legacy versions of the software must be removed from computers on which it was previously installed. ... RemoteSpy is said to employ rootkit techniques to hide from virus scanners."
Easy fix... (Score:5, Informative)
The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment.
I'll do it for them:
1. rename 'malicious_software.exe' 'unicorns_with_flowers.jpg.exe'
2. attach to email
Re: (Score:1)
The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment.
I'll do it for them: 1. rename 'malicious_software.exe' 'unicorns_with_flowers.jpg.exe' 2. attach to email
Even easier fix .... use something other than Windows/Mac OS for your operating system.
Re: (Score:2, Insightful)
No OS can possibly be secure against user security without giving the user no freedom (see: iPad).
Here's the similar exploit for Linux:
Linux newbie: How do I get $obscure_proprietary_hardware working on my system?
Evil black hat hacker: The following did it for me:
Linux newbie: Ok, thanks, I'll try that. I don't know what any of that means but it sure is nice to have people as advanced as you helping me!
Re: (Score:2)
Re: (Score:1)
Re: (Score:1, Informative)
Re: (Score:1, Informative)
Companies use this type of software on employee computers owned by the company. The end user consents either in their employment contract or a terms of use contract they sign before they use the computer.
Re: (Score:2)
Re: (Score:2)
I think Cyberspy is arguing that their software is intended to be installed with the consent of the owner of the computer. For example parents monitoring their childrens' computer useage, and employers monitoring their employees.
So Little (Score:2)
If they despise us so much, why don't they just allow phishing scams? Embezzlement? Ponzi scams?
Re:So Little (Score:5, Interesting)
"Do the authorities care so little for the average citizen?"
Yes. This will last a while, til things get rotten enough, then the purge-and-replace cycle begins again. It was ever thus, and so it shall be.
Re: (Score:3, Insightful)
This will last a while, til things get rotten enough, then the purge-and-replace cycle begins again.
If only it were so simple. It's relatively easy to pass a law. It's a lot more difficult to repeal them.
Re: (Score:1)
Removing one law is difficult, but removing lots of laws is not that much more difficult. All you need is for a few dozen thousand people to get really angry and each try to put a bullet in the head of a politician. That's the "purge" part of the cycle, and some form of sudden violent collapse is the only way that in the real world political complexity ever actually goes down.
Re: (Score:1, Insightful)
Nah- just have a 'death pool' site. You know, you get to bet on how certain people will die. Once the prize pools get high enough, I think you'll find some people placing some very specific bets, and winning them.
Re:So Little (Score:5, Insightful)
"Do the authorities care so little for the average citizen?"
Yes. This will last a while, til things get rotten enough, then the purge-and-replace cycle begins again. It was ever thus, and so it shall be.
Of course, don't you know government and industry are mostly in sleeping together? Why do you think BP got away with murder up until the point thhings quite literally exploded.
duh (Score:3, Insightful)
Do the authorities care so little for the average citizen? If they despise us so much, why don't they just allow phishing scams? Embezzlement? Ponzi scams?
The authorities "care" for the average citizen is roughly 0.000. Who says the don't allow scams, embezzlement and Ponzi schemes. Isn't all that what blew up the economy a couple of years ago?
Re: (Score:1, Insightful)
I think it is more because they don't like competition. Scams (Pork barrel projects) Ponzi (Social Security), Embezzlement (self voted raises).
Re:So Little (Score:4, Insightful)
Clearly, this is done "for the sake of" protecting children, "for the sake of" protecting us against terrorism, and "for the sake of" protecting our companies from industrial espionage.
When someone wearing a suit says "for the sake of", he or she means "in the name of".
Remember that the next time you vote.
Re: (Score:2)
Remember that the next time you vote.
So am I voting for Pepsi, or Coke?!?
Re: (Score:2)
Yes, that's about the freedom you have right now.
If you'd rather want the choice of lemonade, you have only a few choices, including expatriation and sedition. Attempts at changing the system from within is futile, and will only lead to Minute Maid(R)(TM) with 3% lemon juice.
Re: (Score:3, Insightful)
Well, yes, they do, but this is not an example of that. If I own a small company I can install whatever I want on my systems to monitor what my employees are doing for various reasons. I know of one specific case where a property management company does this to ensure that a disgruntled employee doesn't improperly handle a tenant's personal information - it is there for CYA reasons. I would also imagine that some parents would want to monitor their kids. I can see a lot of legitimate uses for this, and
Re: (Score:2)
Since they run the largest Ponzi scheme in US History, I suspect that they're only down on them because they don't like competition.
Re: (Score:2)
If you increase the amount of money the value of each unit of money goes down. A system with unlimited money would mean each unit of money becomes worthless.
Re: (Score:1, Insightful)
Do the authorities care so little for the average citizen?
Absolutely. The bureaucrats in Washington typically do little or nothing until the situation gets so bad that it threatens re-election opportunities; e.g., the 9-11, financial collapse, the BP environmental disaster. Once a situation reaches this level, they'll stand in front of every camera possible to declare something must be done in order to save face. Without this incentive, they're more than happy to sit on the lap of the corporate-backed lobbyists.
Of course, it doesn't say much about the American peo
Hmmm ... (Score:2)
Re: (Score:2)
Best to keep computer land flooded with low grade consumer OS and issues.
Just another warning, click and its gone.
What would the feds do if more users had Unix like backends with gui pop ups about changes to vital system areas?
Re: (Score:2)
No, just another evil corporation that isn't actually chopping up kittens and has powerful lobbyists. Yeah, amybe those lobbyists are partially police agencies, but surely the NSA/CIA don't need these guys.
Re: (Score:2)
I wonder if the government lifted its restraining order on this software because they're using it, or a variation, themselves? Requiring encryption? Users can't disguise it, but what about government agencies? I may sound paranoid, but I don't care ... I'm going to buy a tinfoil hat for my computer!
Switch to the most secure operating system in the world, OpenBSD. No tinfoil needed.
Tinfoil hat? Don't do it! (Score:2)
Use in the workplace (Score:4, Insightful)
I am assuming that the order was recinded because workplaces might want this functionality. It sucks for workplaces to do this but it's their right to install this sw on the computers they own
Re: (Score:2)
I see you are successfully ignoring the stealth aspect. Or maybe you think an employer has the right to spy on employees? (note spy vs monitor)
Re: (Score:1, Insightful)
I never understood that mentality. If you are representing the company in a n official capacity (using company email) and putting something in writing, why would you assume they won't find out? If they were monitoring your personal email (sent from home, not work) then I could understand the outrage, but WTF? It's the same thing with business phone calls at work. They should be monitoring them to make sure people aren't being rude, saying things that are wrong (legally and also for just simple mistakes).
Re: (Score:2)
I see you are successfully ignoring the stealth aspect. Or maybe you think an employer has the right to spy on employees? (note spy vs monitor)
I guess it depends upon your purview and political orientation. An employer does have certain rights to protect its company image but only while implied employee is on company time. I've heard about stories about Coors employees being fired for drinking Bud while on their own time! This kind of spying is wrong!
Or on your own systems (Score:5, Insightful)
Not saying I'd trust software like this, but I could see the potential in wanting to be able to monitor your own computers. Maybe you live with roommates and you don't trust them to leave your shit alone, etc.
There are legit uses for having clandestine reporting software on a PC. Same deal as lock picks, firearms, and many other things with legal and illegal uses.
Sounds like the problem with these guys is they were attempting to primarily market it for illegal use. That is what gets you in trouble. If something has legal and illegal uses, but you market it for legal uses and attempt to sell it only to legal users, then you are fine. If you market it for illegal purposes, then you get in trouble.
That is why smoke shops are so big on what you say you are going to use their glassware for. It is perfectly legal to buy it for smoking tobacco. Bongs and such derive from Hookahs which were invented for the purpose of smoking tobacco. However, if you imply that you intend to use their products for smoking marijuana or other controlled substances, they'll refuse to sell to you. In this way they can make sure to stay clear legally. Though their products have illegal uses, they only market them for legal ones, and take care to attempt to not sell them for illegal purposes.
Re: (Score:1, Interesting)
That is why smoke shops are so big on what you say you are going to use their glassware for.
As someone who sold smoking accessories at one time, I can attest to this. We flat told people that these were for tobacco use only and that if they made any reference to illegal use, we would not sell to them. Ironic, but about 3% of the people were too stupid (or stoned) to understand this, thus they didn't get to buy. Otherwise, I would have been guilty of selling "drug paraphernalia" and subject to a fine or
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What if you own half of the computer? (Score:1)
California is a community property state. This means your wife owns half of your computer. Uh, oh. And even if you live in a spare bedroom at your mom's house, single and bad husband material at age 32, you may not want this software to email mom a jpeg of the download page from www.toilet-rated-pron.com She bought it for you, remember?
Re: (Score:2)
Absent specific laws or agreements to the contrary, each owner in a jointly-owned property has the right to do anything they want with said property, with or without the consent of the other owner(s).
Re: (Score:3, Interesting)
Is it also their right to install cameras in toilet stalls they own?
How about searching through cars in the parking lot they own?
It's easy to extend your logic to the point where the company owns you, and I don't think we want to approach those times again. (Personally, I'd like to see the point where the workers own
Re:Use in the workplace (Score:4, Insightful)
Is it also their right to install cameras in toilet stalls they own?
How about searching through cars in the parking lot they own?
Are you really this stupid? The company already has a legal right to monitor your work activity, and already doesn't have a legal right to search your car or to watch you poop. Further, there is a clear difference between one and the other. The toilet is provided for your needs. The car is yours. The computer is provided for their needs, i.e. your work output.
It's reasonable not to want to work for someone who monitors your work activity, but not reasonable to compare that to monitoring your toilet activity.
Re: (Score:2)
If by "really this stupid", you mean "think beyond the initial gut reaction", I sure hope so.
If the computer is only for company use, you have a case. If, however, the company allows the user any personal use of the computer, be it to read news during breaks, check personal e-mail, or listen to personal music, then it's not so clear-cut anymore. Then they do indeed provide computer resources "for your need" (your words) too, and monitoring that would logically be no different from monitoring other persona
Re: (Score:2)
You do not "need" to use a computer for personal reasons at work. As long as the company is up front about the monitoring software on the computer it is your option whether you want to use it for personal reasons.
Re: (Score:2)
You do not "need" to use their parking lot or their rest room either. By the same logic, it's OK for a company to install monitoring devices and perform searches there too, as long as they are "up front" about it.
No, it's high time that employers are told what's permissible and what's not. Anything private should not be subject to searches, else we're already on that slippery slope.
Today, it's OK if they log your web access and go through e-mails stored on your computer.
Tomorrow, it's OK if they read thro
Re: (Score:1)
Is it also their right to install cameras in toilet stalls they own? How about searching through cars in the parking lot they own?
Are you really this stupid? The company already has a legal right to monitor your work activity, and already doesn't have a legal right to search your car or to watch you poop. Further, there is a clear difference between one and the other. The toilet is provided for your needs. The car is yours. The computer is provided for their needs, i.e. your work output.
It's reasonable not to want to work for someone who monitors your work activity, but not reasonable to compare that to monitoring your toilet activity.
I've been under the impression that monitoring your personal habits is part of the Japanese method management. Too many potty breaks and you get a stern talking to
Re: (Score:3, Interesting)
Re: (Score:2)
That's a bit of a red herring. For example, a company that handles personal customer info has a duty to ensure that that information is handled properly, and closely monitoring employee's handling of that data is completely legitimate as is making sure that the employee isn't spending all day playing Farmville. This is a very poor slippery slope argument - it is NOT easy to extend that logic to to video surveillance of a bathroom stall.
If you were monitored while taking your daily constitution, and it somehow got back to you, you would have a hell of law suit against your employer.
Re: (Score:2)
Re: (Score:2)
I hate to have to be the one to tell you this, but, "daily constitution" is a euphemism for a bowel movement. The GP wasn't talking about using the computers, he was talking about using the bathroom.
Re: (Score:2)
Re: (Score:1)
The bathroom stall is the scene of much corporate espionage (you know, where you see the guy inserting or removing the capsule containing the microfilm, looking at it, then getting knocked on the head by a guy wearing the black ski mask), it is a legitimate surveillance target.. well, in Hollywood anyway
Re: (Score:2)
Why, exactly?
I can see that it's in the interest of the company to get as much work as at all possible out of an employee, but if one salaried employee works 8 hours and produces X amount of work, and the salaried employee in the next cubicle plays Farmville for 6 hours a day and STILL produces X amount of work, it's no loss. Both do their work. If a company wants them to work constantly, they should put them on wages, not salary.
Re: (Score:2)
It's easy to extend your logic to the point where the company owns you, and I don't think we want to approach those times again. (Personally, I'd like to see the point where the workers own the company, not the other way around.)
I think we never left those times. There are still FEW laws that protect the employee and MANY that protect the employer.
Re: (Score:2)
And, the legal situation is dynamic. Why do you think so many corporations are so happy to employ illegal aliens? It isn't just the up-front cost of employment. Millions of illegals also give the corporates the muscle to avoid increased wages, benefits, and rights of employees. If half of your employees are afraid to talk to a law enforcement officer for any reason, he certainly isn't going to rat on you for putting spycams in the restrooms! Any lesser violation of an employee's rights simply won't be
Re: (Score:1)
Hardly. Of course as an employee it would be safer not to use workplace machines for private affairs at all... but:
It's perfectly reasonable a company should have control over how employees use the employer's equipment. But that should be limited to "work-time spent doing other things", "making sure company gear isn't used for illegal activity", "making sure company network isn't cluttered because company machines are (ab)used for P2P downloads", "blocking access to risky sites, or allowing access only t
Re: (Score:3, Interesting)
The name of the software company ("CyberSpy") sure seems to imply that its marketing strategy is to appeal to the obsessive stalker who needs a convenient way to spy on another person and steal their passwords, read their email, etc. I personally knew a guy that was so obsessed with his ex that he tricked her into d/l a similar spy program with very similar functionality to CyberSpy and all he did was change the filename of the install package to something a little less obvious (unicorns_with_flowers.jpg.e
Re: (Score:2)
Re: (Score:2)
Because the gp is wrong. It's not about making sure the employees are using their time efficiently, it's about making sure that they aren't doing nefarious things like sharing trade secrets
Re:Use in the workplace (Score:4, Insightful)
At best, this stuff is being used in interpersonally-touchy-but-legal ways(ugly roommate situations, spying on the kiddies, spousal paranoia, etc.), and I'm guessing that the sliminess of the customer base just increases from there.
Re: (Score:2)
There are far more efficient ways than installing a rootkit on computers to "catch" employees. And
Re: (Score:1)
I don't agree that an employer has the right to spy on employees without their consent as a condition of using the computer.
It IS their right... but you ARE allowed to disagree.
If you are so worried that an employee is going to goof off, then maybe you don't have a clue how to manage your employees.
I'M not a manager, I'm just a general-purpose technician. If a local business manager calls me and says he wants to limit Facebook access, I'm not going to advise him on his managerial skills. I am going to blacklist *.facebook.com on the local DNS server or use a DynDNS account with blacklisting/filtering and point the offender's NIC to that address. If he insists that he has made the decision that he wants spyware installed, guess what - I'll install
Re: (Score:3, Informative)
In south african law it's legal only if the employee is aware of it, so if it's in the employment contract. I think.
The company I was working for charged too much, didn't make enough sales, went tits-up. Classic case of greed before the fall.
Re: (Score:2)
Ownership has nothing to do with it (Score:1)
- The employer leases or rents their hardware. No spying allowed?
- The employee uses his own hardware. Can't demand he installs this?
- Someone leases or rents hardware to a company. Can't spy on their customers?
- Someone leases or rents hardware to individuals. Can't spy on them?
- Some company owns mail servers / routers / wires. Ca
Re: (Score:2)
WTF are you talking about? Of course it's about whether the employer owns the hardware. You can't install stuff on employees private property.
For the record using this software is pretty lame. If an employer wants to monitor employees just tell the employees they are being monitored and use a less obfuscated software system. However, if the employer owns the hardware they can do whatever the fuck they want with it.
Re: (Score:2)
You can however require that the software be installed on any computer that uses the company network or even on any computer that's in the building.
Re: (Score:2)
So don't use private computers at work. Don't connect to the work VPN with private computers. You shouldn't be doing these things anyway.
Employers cannot demand you to utilize private equipment for work tasks.
Visible spyware? (Score:4, Funny)
Re:Visible spyware? - does it run on linux ;) (Score:2)
Dear CyberSpy software
I need to spy my sysadmin, because he is suspected of spying on company's emails. That is why I am sending this email from my hotmail account instead of company's server. I want to purchase your RemoteSpy software.
PS: you asked about his windows version. I just checked that, he is running windows version called "Slackware" I hope this helps.
PSS: I have already paid on your secure website using my credit card,
best regards
Re: (Score:2)
Re: (Score:1)
How do you market an oxymoron?
Why...ask Bill Gates! I know, it's a cheap shot - 's/Bill Gates/Steve Jobs/g' if you wish.
No need to fear... (Score:2)
...as I imagine it will only be a matter of time before some inquisitive folks who are up to the challenge figure out how to detect (and possibly disable) this.
I turned down the "opportunity" ... (Score:4, Insightful)
Back in 2002 or 2003 I was offered a job with these guys [or possibly a similar firm] to port the software to Mac OS X. Once I was informed that the product I would be working on was to be used to spy on a company's employees, I chose to decline. When I started in my career almost 30 years ago, I vowed to myself that I would pursue it with the utmost integrity. This was way over *my* line.
This from the Democrats? (Score:1)
Bush's FTC stopped this horrid piece of software from infecting a persons machine.
Obama's FTC allows allows this spyware into the world.
Can someone remind which party is for 'the little guy'.
Wow am I glad we voted Obama in.