The battle to keep adware on your PC.

The folks over at philosecurity.org have a great interview with an adware author article that anyone using Windows who’s interested in keeping the PC secure should read. Matt Knox is a developer who worked for a rather notorious adware company called Direct Revenue for awhile. In the course of the interview he discusses why he took on the job:

S: Let’s back up a second. Why did you write adware?

M: I was utterly and grindingly broke for a little while.  I started working on SPAM filtering software. That work got noticed by [Direct Revenue], who hired me to analyze their distribution chain.  For a little while, the site through which all their ads ran was something like top 20 in Alexa. Monstrous, really huge traffic. Maybe 4 or 5 months into my tenure there, a virus came out that was disabling some of the machines that we had adware on. I said, “I know enough C that I could kick the virus off the machines,” and I did. They said “Wow, that was really cool. Why don’t you do that again?” Then I started kicking off other viruses, and they said, “That’s pretty cool that you kicked all the viruses off. Why don’t you kick the competitors off, too?”

It was funny. It really showed me the power of gradualism. It’s hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.

As adware became more widespread and the potential profits became apparent programmers started including code that would kick competing software off the PC as well as keep anti-virus applications from disabling them. An arms race soon broke out with folks trying to figure out how to keep their programs from being detected and removed. An increasingly complex technique that is referred to as persistence:

So we’ve progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that’s encrypted– really more just obfuscated– to an executable that doesn’t even run as an executable. It runs merely as a series of threads. Now, those threads can communicate with one another, they would check to make sure that the BHO was there and up, and that the whatever other software we had was also up.

[…] We did create unwritable registry keys and file names, by exploiting an “impedance mismatch” between the Win32 API and the NT API. Windows, ever since XP, is fundamentally built on top of the NT kernel.  NT is fundamentally a Unicode system, so all the strings internally are 16-bit counter Unicode. The Win32 API is fundamentally Ascii. There are strings that you can express in 16-bit counted Unicode that you can’t express in ASCII. Most notably, you can have things with a Null in the middle of it.

That meant that we could, for instance, write a Registry key that had a Null in the middle of it. Since the user interface is based on the Win32 API, people would be able to see the key, but they wouldn’t be able to interact with it because when they asked for the key by name, they would be asking for the Null-terminated one. Because of that, we were able to make registry keys that were invisible or immutable to anyone using the Win32 API. Interestingly enough, this was not only all civilians and pretty much all of our competitors, but even most of the antivirus people.

We also wrote a device driver and then a printer driver.  When you write a device driver you get to do all sorts of crazy things, even crazier than the things you typically get to do in Windows. This was right around the time that the company [got sued by Eliot Spitzer and started shrinking ]. They made a somewhat poor business decision at the same time to get visible, and they branded their ads and everything at the same time that they were having me kick all of our competitors off and we were doing all that persistence stuff.

Eventually Direct Revenue shut down in mid-2007 and a final judgment in the lawsuit levied a $1.5 million fine against the company’s four founders—Joshua Abram, Daniel Kaufman, Alan Murray, and Rodney Hook—which seems like a lot until you consider that the company made more than $80 million in just three years with the founders themselves earning around $28 million. Proving once again that being a total douchebag can be very profitable indeed even when you get sued.

In addition to reading about the techniques used to keep the software on your PC the other fascinating insight comes from how the money is made. Remember the entry I wrote yesterday about how there appears to be a credit card scam making money 25 cents at a time over thousands of credit cards? Adware profits work on a similar principle:

The good distributors would say, ‘This is ad-supported software.” Not-so-good distributors actually did distribute through Windows exploits. Also, some adware distributors would sell access. In their licensing terms, the EULA people agree to, they would say “in addition, we get to install any other software we feel like putting
on.” Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say “Hey! I’ve got 4 million machines. Do you want to pay 20 cents a machine? I’ll put you on all of them.” At the time there was basically no law around this. EULAs were recognized as contracts and all, so that’s pretty much how distribution happened.

Multiply 4 million machines by 20 cents each and you get $800,000 from just one advertiser. As anyone who’s been infected with adware knows there’s often at least four or five clients of any particular company.

Linux fans will be happy with Knox’s suggestion for avoiding adware on their PCs:

S: In your professional opinion, how can people avoid adware?

M: Um, run UNIX.

It also helps to avoid using Internet Explorer if you have to run a Windows box (or just stubbornly insist on doing so as I do).

ArsTechnica interviews geek rockstar Jonathan Coulton.

We’re all hopelessly addicted to the songs of Jonathan Coulton here in the Jenkins household. A CD full of his songs has been in the car’s CD player for months and all the other music CDs are starting to get jealous. Some of you out there are undoubtedly asking yourselves, “Jonathan who?” because outside of geeks not a lot of folks have heard about him. Perhaps you’re curious and, if so, then this ArsTechnica interview is just what you need:

It’s an odd kind of fame, built from the ground up, and strangely contextual. At some locations, Coulton is treated nearly like a god, but in most places he’s roundly ignored—just another guy with a beard. “It’s actually… I’ve always felt like I don’t want to be a super-famous person… that doesn’t sound so nice to me,” Coulton told me. He described an angry moment at a car rental place. “Thank God I’m not famous enough to worry about someone seeing me all pissed off… I’m glad it’s a niche thing. I get to come to a place like this and feel like a rock star, but most of my life is still normal. As great as it is to feel like a rock star, it’s not something I’d like to feel like all the time.”

It’s a good read so go check it out.

I’ve been interviewed by The Atheist Spot blog.

I agreed to do an interview with the good folks over at The Atheist Spot back at the start of August and it’s just been posted today:

This week we interview Les Jenkins of the the blog Stupid Evil Bastard. Once you get past the initial shock when first visiting the site and wondering what you did to upset him…you’ll find Les always brings an interesting perspective to the everything he covers, with topics ranging from the market meltdown to Spore DRM issues. My personal favorite part of the blog is that every blog posting has a picture of Les starting right back at you. It’s as if he’s right there reading you his thoughts!

Considering the previous interviews already posted with much better atheist bloggers mine is a bit anticlimactic, but it was still very cool to be asked and quite the honor to be included among some of the bigger names.

The Atheist Spot is interviewing atheist bloggers and I’ll be one of them.

The folks over at The Atheist Spot are starting a week-long series of interviews with prominent atheist bloggers. Lenny contacted me and asked if I’d be willing to be interviewed and I told him that I wasn’t sure how prominent I was, but that I’d be happy to participate. They have their first interview with Craig A. James from The Religion Virus up already and it’s an interesting read.

I just got done submitting the answers to the questions I was sent a few moments ago. Not sure how interesting I am and if you’re a long-time SEB reader then some of it you’ve heard before, but what the hell, it’s always fun to be interviewed. Well, so long as it’s not because of a sex scandal or something like that. Though I’d imagine that would go a long way to increasing the page hits for SEB.

So be sure to check out the series as it goes live and perhaps you’ll find a couple of other places worth dropping in on. One of these days I’ll get around to adding a “submit this entry to Atheist Spot” icon to the list at the bottom of my entries as I’ve yet to take advantage of that site to promote SEB.

“You talked about Fight Club.” - Jon Stewart to Scott McClellan.

Scott McClellan showed up on The Daily Show to promote his new book. The interview is worth watching:

Mel Brooks interview gives hope for “Get Smart.”

As a kid I used to love watching reruns of Get Smart because A) it was a spy show and B) is was funny as hell. I was worried about the new movie until I heard they had signed Steve Carell to take on the role of Maxwell Smart. If there’s one guy who might step into the shoe phone left behind by Don Adams, I think he’s it. Apparently Mel Brooks feels the same way:

Q: A lot of your projects have been getting remade recently. Do you go to them or do they come to you?

A: It’s all haphazard. Someone called me up and said, “They’re making a movie of ‘Get Smart.’ ” I said, “Oh, really? What are they going to call it?” They said, “‘Get Smart.’ ” I said, “That was wise.”

Because they did do a movie based on “Get Smart” about 20 years ago called “The Nude Bomb.” I said, “That’s foolish.”

Q: You didn’t have any say in the title?

A: No, not at all. I had nothing to do with it. They never even called me! This one, they called me from Day One. They said, “What do you think of this?” Or “What do you think of that?” And I’d say yay or nay.

It’s got a good director, Peter Segal. Wonderful director. The writers were great. The producers were young and aggressive and smart. But the brilliance is Steve Carell. To choose a guy who’s right in the Don Adams groove. You couldn’t get a better guy than Steve Carell. And yet he doesn’t do Don Adams. He does none of his delivery. He just does Steve Carell.

For those of you who aren’t overly familiar with Get Smart, as it’s a rather old show, I should probably mention that Mel Brooks was the guy responsible for the original shows existence. Which is why I find his comments on the new film very reassuring. If it ends up being pretty good then perhaps we’ll get a sequel or two out of it.