PREVIOUS PAGE • SUBSCRIBE TO THE NEWSLETTER • CLIENT LOGIN

Don't just HIT the monkey
KILL the monkey

5TH IN A SERIES OF 5

An entire class of programs has been tarred, inaccurately, with the sobriquet "spyware". These programs are really "adware" and there's nothing wrong with adware if the publisher is up front about it. Unfortunately, many of them are not.

Adware is a program that displays an advertisement whenever the program is running. Qualcomm's Eudora is one of these programs. The application occasionally polls an Internet site for a new ad and displays it. Some people inaccurately call programs like this "spyware".

Spyware, on the other hand, examines files on your computer and can transmit information to someone you don't know. An example of this kind of program is "Back Orifice". Someone must trick you into installing the BO server application, but that can be accomplished with surprising ease.

In my opinion adware is OK if you're told the details in advance. Spyware is not OK under any circumstances.

A personal firewall such as Zone Alarm from ZoneLabs (http://www.ZoneLabs.com/) can eliminate the Back Orifice threat and can shut down some of the other annoyances. Symantec's Norton Internet Security includes a firewall but also offers the ability to block banner advertisements that appear on Web sites.

I'm not a foe of advertising. In fact, I spend some of my time creating direct-mail ads, commercial Web sites, and other forms of advertising. I am a foe of annoying advertising. Banner ads annoy me, particularly the ones that include something that never stops moving. Some of these ads are provided by companies that attempt to track your travels on the Internet and to match your e-mail address with your physical address.

Depending on your point of view, this might be all right or it might not. The fact that it happens without your knowledge makes it at least suspect.

The annoying monkey

One company's banner ad shows a monkey running left and right across the screen. I hate this ad. I've told Web masters of sites that display the ad. I once even paid enough attention to find out who the ad was for (I've since forgotten, which may illustrate how "effective" this technique is) and complained to the administrator of the organization that uses the monkey. Nobody even bothered to reply.

Surprised? Neither was I.

Another company uses an ad that looks like an official Windows message. The banner says your Internet connection is not optimized and asks if you want to fix it. Needless to say, this is an ad that works. Is it honest? No! But it works and ethics be damned.

Copycat advertisers are using the same trick now.

Side note to advertisers: Let's say you're walking down the street and, as you pass a store, the proprietor, who's standing in the doorway, says, "Hey! Your hair's on fire. Come in here QUICK and I'll get some water!"

You rush inside, the guy slams the door shut and locks it, then says, "Oh, your hair wasn't really on fire, but look at all the HOT DEALS I have here in the store."

Would you be likely to buy from this person?

The answer is so obvious that there's no reason to even ask, but some Web marketers seem to think that this is a good business model to follow. It's one of the reasons that I use some tricks of my own to eliminate all banner ads.

You've probably seen the one that looks like a Windows error message. It tells you that you computer isn't optimized for the Internet and displays what looks like a standard Windows button. But it's just an advertising banner.

Click on it and you'll find that you've been "mousetrapped". Extra windows will open and you may have to shut down the browser to make it stop.

Advertisers, people will not buy from companies they don't trust and the company that pulls a trick like this is not to be trusted.

Be an ad killer

You can defeat these ads without having to shell out even one cent. If you have a standard modem connection, it may make connecting with some sites a bit slower, but at least you won't have to watch that idiotic monkey!

Mac users please note: See the sidebar for information on how to do this.

When a Web browser, telnet, or FTP client want to connect to a server, it has to translate the English name of the site (www.Blinn.com, for example) to an IP address (www.Blinn.com evaluates to 209.15.99.71). It's this IP address that the Internet protocols use to make the connection.

To convert the English address to an IP address, the PC first checks to see if a "hosts" file resides on the local computer ("localhost"). If localhost has a hosts file, the system will look there to see if it can find a match. If so, it uses the IP address supplied in the hosts file. If not, it makes a request with the domain name service (DNS) server that your ISP provides. These machines typically have names like ns1.somedomain.com and ns2.somedomain.com - a primary server and a backup server. If the English name is found there, the connection is made. If not, you get a "no DNS entry" error message. (As you might suspect, the actual process is a little more complex.)

The important point is that the localhost hosts file takes precedence.

Next you need to know where the ads are coming from. The easiest way to discover this is to download a hosts file from either www.smartin-designs.com/ or www.accs-net.com/hosts/. Keep these addresses because you'll need to download a new file occasionally.

This new hosts file will point all known ad servers to "localhost" - 127.0.0.1 - and this is true whether you have a PC, a Mac, or a Unix/Linux machine.By telling hosts that "goofy.ads.com" is at 127.0.0.1 instead of its real address, you tell the system to look on YOUR computer for the ad. It won't find the ad there, of course, so you won't see the ad.

This approach seems to cause delays on some systems and one of my sources suggests using 0.0.0.0 instead. This, the source says, can significantly speed browser access. When I tried the technique on a Windows 2000 machine, the ads returned. It may be that Windows 2000 is smart enough to know that 0.0.0.0 is a bogus address, bypass it, and ask a DNS server for the real address. One or the other should work for you.

This is of CRITICAL importance

Read this section carefully and make sure you understand exactly what you're supposed to do. If your system is already using a "hosts" file, replacing it could cause your current connections to stop working. If you create the file with anytihng other than a plain text editor (Ultra Edit or Notepad, for example) the results will not be good.

If you're not comfortable tinkering with critical files, STOP NOW! Search your computer for "hosts.*". If you find an existing "hosts" file (no extension), make sure that you save a copy of it. The hosts file might be in use and you don't want to wipe out any existing entries.

Hosts is a plain ASCI text file, so you can open it with Notepad.exe or with Word or WordPerfect. If you use a word processor, be CERTAIN that you save the file as a text file. And be certain that the file's name is "hosts" with no extension.

If you've chosen to download a new hosts file instead of making your own, just replace the existing hosts file after backing up the existing file. You may have to reboot the system. The ads just disappear.

When you look for the hosts file, you'll find it in:

• C:\WINNT\SYSTEM32\DRIVERS\etc (NT)
• C:\WINDOWS\ (9x)
• C:\WINDOWS\SYSTEM32\DRIVERS\etc (2000)
• C:\WINNT\SYSTEM32\DRIVERS\etc (2000)

Why this is a security issue

Things are not always what they seem. Some banner ads are for legitimate companies, while others are designed to entice you down one of the Internet's dark alleys.

Down that dark alley you might encounter someone who wants to infect your computer with a virus, install a program such as SubSeven or BackOrifice, or simply trick you into buying something that will never be shipped.

These precautions are particularly important if your children use the Internet unsupervised. It won't keep them from all the threats, but it will eliminate some.

The Internet is no different from the "real world". It's populated by many friendly people and by a some who appear friendly, but aren't. Besides the techniques presented here and in the other reports in my security series, you'll be well served on the Internet by a healthy sense of skepticism.

Useful sites

Steve Gibson's site (http://www.GRC.com/) includes useful information on spyware, various other threats, and firewalls. Steve may be a little paranoid, but it never hurts to be safe.

Thanks to Ian Kingston, who provided some of the background information and to Jane Lyle at Indiana University for forwarding one of Ian's reports.

Another way to get rid of ads is to use a free German program called WebWasher from http://www.Webwasher.com/.

William Blinn Communications - All Rights Reserved
Subscribe to the Newsletter
179 Caren Avenue • Worthington, Ohio 43085
Phone: 614-785-9359
(Telemarketers please note: This number is listed on the national Do Not Call registry.)