"Amazon temporarily gags Spore critics, deletes and restores all customer reviews" [ArsTechnica] (Thanks to Nathan!)

From page 52 of the manual:

You may have multiple Spore accounts for each installation of the game.

However, here's what "EA_violet" wrote on the EA forums in response to complaints that players couldn't set up multiple accounts:

That section in the manual was a misprint and will be corrected in future printings of the manual. There is one Spore registration/account per game/serial code so you are correct in that you cannot make multiple accounts at this time.

We're among all those people who waited a long time for Spore to come out, and we're facepalming at how broken it is, all thanks to EA's misguided DRM implementation. This particular detail is notable for revealing that at some point in the past it was likely that the game allowed multiple accounts, and that this functionality was removed in order to tighten the DRM net.

forum.spore.com (Thanks to Sir Mildred Pierce!)
(Spore creature: Henjoness)

Corporate Executives
John W. Thompson
Chairman and Chief Executive Officer
jwthompson@symantec.com
408-517-8282

James Beer
Executive Vice President, Chief Financial Officer
james_beer@symantec.com
408-517-7929

Mark Bregman
Executive Vice President, Chief Technology Officer
mark_bregman@symantec.com
408-517-8003/203-434-5991

Art Courville
Executive Vice President, General Counsel and Secretary
art_courville@symantec.com
408-517-7676

Greg Hughes
Chief Strategy Officer
greg_hughes@symantec.com
408-517-8206

Rebecca Ranninger
Executive Vice President, Chief Human Resources Officer
rebecca_ranninger@symantec.com
408-517-8280/408-410-7815

Enrique Salem
Chief Operating Officer
enrique_salem@symantec.com
408-517-7444/415-531-5002

Product Executives
Joseph Ansanelli
Vice President, Data Loss Prevention Solutions
joseph_ansanelli@symantec.com
415-364-8101/415-264-7978

Ken Berryman
Vice President, Endpoint Virtualization
ken_berryman@symantec.com
650-527-4432/650-703-3663

Janice Chaffin
Group President, Consumer Business Unit
janice_chaffin@symantec.com
408-517-8375/408-718-6492

Francis deSouza
Senior Vice President Information Foundation, Compliance, and Security Management francis_deSouza@symantec.com
415-738-2801/617-818-8448

Brad Kingsbury
Senior Vice President, Endpoint Security and Management
brad_kingsbury@symantec.com
424-750-7326/424-750-7326

Deepak Mohan
Senior Vice President, Data Protection Group
deepak_mohan@symantec.com
407-357-7559/407-474-9884

Robert Soderbery
Senior Vice President Storage and Availability Management Group
robert_soderbery@symantec.com
650-527-4389/650-387-3609

David Thompson
Group President, Information Technology and Services Group
david_thompson@symantec.com
408-517-5557

Sales and Marketing Executives
John Brigden Senior Vice President, Europe, Middle East, and Africa Geography
john_brigden@symantec.com
(+44) 118 943 6269

Carine Clark
Senior Vice President of Marketing
carine_clark@symantec.com
801-995-7995

Bernard Kwok Senior Vice President, Asia Pacific and Japan Geograph
bernard_kwok@symantec.com
86 139 1083 0868

Julie Parrish
Vice President, Global Channel Office
julie_parrish@symantec.com
408-517-5396/408-621-2472

Bill Robbins
Senior Vice President, The Americas Geography
bill_robbins@symantec.com
408-517-5667/408-221-8685

Here's Janssens' take on the law:

According to a lawsuit initiated by the newly-established Texas Chapter of the Institute for Justice, the Texas Private Security Board, a state agency, is interpreting this as including simple computer repairs such as malware removal.

The law provides for punishment of up to one year in jail and $4,000 in fines, and up to $10,000 in civil penalties. Additionally, any customer knowingly enlisting the help of an unlicensed computer repair person (that is, without a PI license) is subject to the same punishment.

Matt Miller, Texas Institute for Justice Executive Director and lead attorney on the case, notes that "it makes no sense to require a computer repairman with 10 or 20 years of experience to get a degree in criminal justice just to continue working in his occupation. This law will drive up the price of computer repair for everyone, and that’s exactly what the private investigations industry wants."

Janssens points out that "to get a PI license, one needs either a criminal justice degree (with all associated costs) or a three-year apprenticeship under a licensed PI."

But the Daily Times says repair technicians' fears are unfounded, and that the lawsuit is in part a publicity stunt by the organization that filed it:

The author of the bill, Rep. Joe Driver, R-Garland, told the Houston Chronicle that computer techs are misinterpreting the law and that the lawsuit is simply a publicity stunt by The Institute for Justice.

The lawsuit marked the launch of the group’s Texas chapter.

Rep. Harvey Hilderbran, R-Kerrville, agreed the new law probably is being misread.

“It needs some tightening up and some clarification, but I have been assured that they will be very cautious about enforcing it,” Hilderbran said. “(Driver’s) intent was that this rule only be used when analyzing data for investigative purposes.”

An e-mail sent to Hilderbran from DPS states that “only computer forensics officials must be licensed under the Private Security Act” and that those who only retrieve information from computer databases and pass it on to another person are not subject to the new law.

We just can't get over the idea of Geek Squad members all carrying around P.I. badges. Beyond the obvious concerns that over-eager Geek Squadders will abuse their power to, um, "privately investigate," the Texas Best Buy stores will have to remodel their in-store zones to provide a door with a frosted glass window for customers to walk through.

"Geek Squad, P.I.? Computer Repair Uproar in Texas" [ITPlanet.com] (Thanks to CaptZ!)
"Computer techs fight private-investigator law" [Daily Times]
(Photo: Joost Assink)

Separate analysis by researchers Benjamin Googins and Ben Edelman find that there is insufficient disclosure throughout the advertisement and registration process about the tracking program's true nature.

In response to Ben Googins posts, Sears VP Rob Harles says that SHC "goes to great lengths to describe the tracking aspect." Harles says "[c]lear notice appears in the invitation", "on the first signup page", and "in the privacy policy and user licensing agreement."

Now, I took a look at the pitch emails and the installation sequence and I think a reasonably savvy user would recognize these warning signs: 1) looks lame 2) vague mention of "research" program's installation 3) Pop-up box warns of installation of unnamed program by company you've never heard of - and abandon installation. But it's possible that novice users could be caught unawares and unwittingly give permission for their entire internet existence to be documented by market researchers - and who knows what they'll do with that information.

Sears admits to joining spyware biz [The Register] (Thanks to S.R.!)

The authors, Dierdre Mulligan and Aaron Perzanowski, point out that unless Sony deliberately tried to harm its customers, it neglected to properly evaluate its third-party DRM solutions before releasing them to the public—or else it would have been aware of the programs' potential for damage. From pages 1179-80:

Prior to inking the deal to provide XCP to Sony BMG, First4Internet's business focused on content filtering, particularly the automated recognition of pornographic images. Aside from an earlier revision on XCP used by a number of labels on a smattering of pre-release CDs, First4Internet had no apparent expertise or experience in content
protection software.

SunnComm, the company that delivered MediaMax, offered even more cause for concern. The company began as a provider of Elvis impersonation services. After a change in management following a false press release announcing a non-existent $25 million production deal with Warner Brothers, the company purchased a 3.5" floppy disk factory in 2001, displaying a disturbing dearth of technological savvy.

"The Magnificence of the Disaster: Reconstructiong the Sony BMG Rootkit Incident" (PDF) [Berkely Technology Law Journal via BoingBoing]

RELATED
"Universal Music CEO: Record industry can't tell when geeks are lying to us about technology"
Consumerist posts on the Sony Rootkit debacle
(Photo: Getty)

• AllPosters.com
• Blockbuster
• Bluefly.com
• Busted Tees
• CBS Interactive (CBSSports.com & Dotspotter)
• Citysearch
• CollegeHumor
• echomusic
• ExpoTV
• Gamefly
• Hotwire
• iWon
• Joost
• Kiva
• Kongregate
• LiveJournal
• Live Nation
• Mercantila
• National Basketball Association
• NYTimes.com
• Overstock.com
• Pronto.com
• (RED)
• Redlight
• SeamlessWeb
• Sony Online Entertainment LLC
• Sony Pictures
• STA Travel
• The Knot
• TripAdvisor
• Travel Ticker
• Travelocity
• TypePad
• viagogo
• Vox
• Yelp
• WeddingChannel.com
• Zappos.com

One site points out that Redlight is a mysterious addition—"I couldn't find any site that went by that name that wasn't an adult site." We found something called Redlight Poker—maybe that's the participating company?

[Updated to include missing companies—thanks Phantomfly!]

"Leading Websites Offer Facebook Beacon for Social Distribution" [Facebook] (Thanks to Gary!)

RELATED
"41 Sites Using Facebook Beacon—Facebook to Know Your Porn Viewing?" [dcoates.com]

But Berteau's investigation reveals that Beacon is more intrusive and stealthy than anyone had imagined. In his note, titled "Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in," he explains that he created an account on Conde Nast's food site Epicurious.com, a site participating in Beacon, and saved three recipes as favorites.

He saved the first recipe while logged in to Facebook, and he opted out of having it broadcast to his friends on Facebook. He saved the second recipe after closing the Facebook window, but without logging off from Epicurious or ending the browser session, and again declined broadcasting it to his friends. Then he logged out of Facebook and saved the third recipe. This time, no Facebook alert appeared asking if he wanted the information displayed to his friends.

After checking his network traffic logs, Berteau saw that in all three cases, information about his activities was reported back to Facebook, although not to his friends. That information included where he was on Epicurious, the action he had just taken and his Facebook account name.

"Facebook's Beacon More Intrusive Than Previously Thought" [PCWorld]
(Photo: Getty)

The redirect isn't triggered on every visit, so it's been hard to track, but watch the video for a walkthrough of what exactly happens. The easiest thing to do to get out of the malware loop is force-quit your browser—it's likely you can even go back to the website you were on and not have to worry about the ad being triggered again. But it's embarrassing for DoubleClick (and troubling to us) because it shows they don't have the ability to screen and catch malware that's hidden inside Flash files. The company has announced that it's implemented a new security system to catch and disable these ads, but it hasn't yet confirmed that it can identify similar ads in the future that might use the same technique.

"Hackers Use Banner Ads on Major Sites to Hijack Your PC" [Wired]

RELATED
"Canada.com Infected With Trojan-Installation Browser Hijack" [Sudosu]
"Rogue Anti-Virus Slimeballs Hide Malware in Ads" [Wired]
(Photo: Getty)

The report isn't the prettiest or most exciting thing to read, and the section on how to spot a fake MySpace profile is hilarious. (Wait, you mean I'm not friends with all these sexy ladies?) But it's worth a read just to bring yourself up-to-speed on the current state of the art in badware.

Their closing advice is fairly obvious: install anti-virus software, keep your operating system up to date, and stay educated. We also suggest Ad-Aware 2007, a free program that helps monitor your Windows PC for unwanted programs, and AdBlock Plus, a free cross-platform Firefox add-on that lets you block specific third-party feeds from pages you visit.

"Trends in Badware 2007" (pdf) [stopbadware.org]
"'Trends in Badware 2007' released" [stopbadware.org]

RELATED
Ad-Aware 2007 [Lavasoft]
AdBlock Plus [Mozilla.org]
(Photo: Getty)

Sigh. Consumer Reports says Internet scams have cost American consumers $7 billion dollars since 2005. According to Consumer Reports, between spam, spyware, phishing, and viruses—you have a 1 in 4 chance of becoming a "cybervictim."

Please: Tell a friend! Internet scams exist—and we've heard rumors that knowing is half the battle.

Half of Americans clueless about online threats [Ars Technica]
U.S. CONSUMERS LOSE MORE THAN $7 BILLION TO ONLINE THREATS, CONSUMER REPORTS SURVEY FINDS [Consumer Reports]
(Photo:Getty)

"makes it impossible for consumer rights groups to sue DRM companies for putting spyware in their DRM (like Sony did last year, with its rootkit DRM). The irony is that spyware is already illegal, so all that this act does is immunize big media companies that sneak spyware onto your computer."

To learn more about this issue, you can read the bill yourself or check out the EFF. The bill has already been passed in the House, so if you decide you're for or against, you'll need to contact your senators. —MEGHANN MARCO

Act now to stop Congress from legalizing spyware! [BoingBoing]
Stop the SPY Act! [EFF]
H.R.964 Spy Act (Engrossed as Agreed to or Passed by House) [LOC]
(Photo: decaf)

The I-SPY Prevention Act, passed in May on a voice vote, would send spyware makers to the slammer for up to five years. The measure enjoys broad support from industry. Its controversial cousin, the SPY ACT, was passed last week 368-48. The SPY ACT would target an array of spyware, adware, and phishing schemes by requiring notice and consent before allowing the installation of information-gathering programs, and would subject violators to FTC fines reaching $3 million.

The measures, which also passed the House in the last Congress, will now make another enthusiastic dash towards the Senate. If you think spyware makers should be imprisoned or slapped with multimillion-dollar fines, write your Senator. — CAREY GREENBERG-BERGER

Some say spyware bill too broad, others say too weak [InfoWorld]
H.R. 964 - SPY Act
H.R. 1525 - I-SPY Prevention Act
Write Your Senator
(Photo: blatch)

Regarding AJU in general, "...AJU (a beta name, by the way - and an admittedly really bad reference to a really bad Keanu Reeves movie) is a program that is really is innovative. You see, when you bring your PC to us, we need to run a lot of standard checks - including virus and spyware scans. With the size of hard drives today it can take hours to scan a single hard drive. Why use live people at the counter to run basic scans on your computer when they could be helping customers in the store? I'd rather use those Counter Intelligence Agents to deal with the people coming into the store - rather than have their backs to you running virus scans. They both rely on each other," said Stephens.

Sounds good, as long as the wait times aren't getting increased as computers wait in the queue, like one Geek Squad agent said they are. Perhaps the solution really is to hire even more techs in India! — BEN POPKEN

"Many of most serious wrongdoers we observed in this area, I believe, are only going to be deterred if their freedom is withdrawn," so it's important for the FTC to collaborate on its cases with criminal law enforcement authorities, Kovacic said.

FTC official: Let's imprison spyware distributors [CNet] (Thanks jpc!)

(Photo: MikeG626)

IS YOUR COMPUTER A CRIMINAL?
VIRUS GANG WARFARE SPILLS ONTO THE NET
WHO'S BEHIND CRIMINAL BOT NETWORKS?

You can help protect your computer from botnets by practicing safe surfing:
• Only install software you know to be safe
• Protect yourself with programs like ZoneAlarm (firewall, anti-virus), Spysweeper (anti-spyware, anti-virus), and Ad-Aware (anti-spyware, anti-malware).
• Remember that visiting "questionable" sites is a sure way to attract trojans.

— BEN POPKEN

(Photo: Dan Coulter)

Edelman says Cingular Wireless and Travelocity are indirectly supporting the adware and spyware industry with ad dollars despite efforts by both companies to cut ties with that form of advertising.

Edelman claims that ads for both companies are being displayed by adware companies whose software programs are installed on users PCs without consent. He says adware is inserting ads for Cingular and Travelocity on Web sites that include Google and dating site True.com—without either of the site's consent or knowledge.

Still, it's Cingular and Travelocity's responsibility to clean this up.—MEGHANN MARCO

Unstoppable Adware [PCWorld]

Priceline.com, Travelocity.com and Cingular Wireless have settled over charges that they used secret adware Internet software programs as marketing tools, New York Attorney General Andrew Cuomo said on Monday.

Priceline, Travelocity, Cingular settle over adware charges [CNet]

If it's American, if it's an egregious affront to the average consumer... hell, we'll post it! But that is not to say that we don't shower our love upon our readers from further-off climes. Heck, I'm a swarthily tanned, nut-brown native of a far off clime myself... Ireland!

So this just in, for our readers from the Rising Sun, or merely our readers from the You! Ess! Ay! McDonald's — that most American of companies — recently had a contest in Japan, giving away free MP3 players. Sounds swell.

The problem? They're all infected with spyware. They are loaded with the QQpass, a dose of dangerous malware that transmits your username, passwords and other information.

McDonald's seems appropriately embarrassed and has set up a 24 hour helpline for people who just bricked their computer and sent all their details to hackers through spyware. But, you know, a little bit too little, a little bit too late.

McDonalds gives MP3 players infected with spyware as prizes [Newlaunches]

The reason's fairly common sense: it isn't that these anti-virus programs are bloated and badly programmed (although there is that), it's because most virus and malware authors test their code against the most popular apps. There's an 80% miss rate amongst the most popular applications.

Malware authors are getting more and more skilled. One expert in the article claims that the quality of the code these days is worthy of professional software engineers.

If you want to keep your system clean, the prescription has been standard for the last few years: stop using Internet Explorer. Set-up a firewall. Download a free antivirus software package like AVG and have it scan every night. Periodically run a system check for spyware with software like Spybot. Or just buy a Mac already.

Why popular antivirus apps 'do not work' [ZDNet]

Vonage CEO EO Jeffrey Citron claimed last year that they "do everything we can to make sure our partners adhere to our standards," but his company's lack of oversight over its advertising belie that assertion.

Perhaps the lack of concern over how it reaches consumers and the company's infamously poor customer service go hand-in-glove?

"How Vonage Supports Spyware" [Ben Edelman]

To be fair, it isn't the execrable emo service that's responsible. Rather, it's our good chums at 180solutions. They've launched two fronts on MySpace trying to infect users: the first is an ad that encourages users to install a free toolbar to help protect "kids from child predators." Classy! The second is a simulacrum of an embedded video.

When clicked, both scams install 180solutions' Zango software on the system, which places a .dat file on a user's machine containing over 166,000 words that trigger pop-ups when displayed on screen.

Someone just nuke both 180solutions and MySpace from orbit already. It's the only way to be sure.

Zango Accused of Deceiving MySpace users [Security Pro News]

The English language is far more impotent in the expression of hate than the simple act of inserting a glass catheter up a man's urethra and then slapping him in the crotch with a length of rubber hose. But we trust that comparison alone will make it clear how much we hate scummy spyware company Direct Revenue.

Referring to their customers as "trailer trash" and their EULA as a "lawyer-writ license to kill", Direct Revenue has infected a hundred million computers over the last four years. How much did they make for spurting ads all over your desktop? $100 million over the last four years. Hours of your inconvenience and frustration, not to mention hundreds of your dollars in PC repair costs, are worth exactly a buck to these jackals.

The tide's turning against them now, as the state of New York levels has filed suit against them and even Direct Revenue's advertisers leave in droves — deliciously enough, usually after a top client gets their home PC infected with Direct Revenue spyware.

MSNBC has a long history of the company up, though, and their gloating lack of repentance is enough to make you wish the State of New York could just summarily execute all employees.

Spyware developers net huge profits, outrage [MSNBC]

But his trouble didn't end there, and Greg's been chronicling his attempt to get a resolution from Sony for the last two hundred and thirty one days over his blog.

It's long, but filled with obnoxious quotes from Sony reps like:

Please do not generalize.

And!

I'm sorry that you felt I was being unresponsive to your missive, and appreciate your attempt to "train" me on proper customer service..

Ha. Well, if Greg won't, who else would have the patience to, Sony? Job's been dead a damn long time.

Sony BMG DRM Rootkit Spyware Album Settlement Still Unsettled [Perfect Porridge]

And best yet? Every time you enter a URL, you are served up child pornography!

Meet Yap Browser, the worst "browser" ever. Actually, it isn't so much a browser as a spyware front end for IE. After causing some problems in April, it disappeared from the scene for awhile when every security analyst outside of Moscow labeled it a major security threat. Filled with spyware, exploits and virus. Achtung, achtung, achtung! YapBrowser went into hiding for a couple months.

But hey, now it's back, and whadda ya know? It's now advertising itself under the claim that it will fully protect users from harmful exploits and viruses. No similar promises have been made in regards to full protection from child porn. After all, that's a feature of YapBrowser.

Return of Porn-Fetching 'YapBrowser' Raises Eyebrows [eWeek]

So how long does it take the average Internet luddite to just totally ruin their computer with their frivolous clicking? Steve Knopper at Wired bought himself a cheap Dell and then did all the stupid things that your parents do: click on strange email links and pop-ups, accept pop-up offers for more emoticons and search tools, correspond with Ugandan princes looking to off-shore their fortunes.

The result? 18 days later, the machine was so trashed that a computer repair technician had to cancel the spyware app, as it emitted only one long, high-pitched beep for thirty minutes straight.

18 Days of Reckless Computing [Wired]

Starting in August 2004, Ancheta turned to a new, more lucrative method to profit from his botnets, prosecutors said. Working with a juvenile in Boca Raton, Fla., whom prosecutors identified by his Internet nickname "SoBe," Ancheta infected more than 400,000 computers.

Ancheta and SoBe signed up as affiliates in programs maintained by online advertising companies that pay people each time they get a computer user to install software that displays ads and collects information about the sites a user visits.

Prosecutors say Ancheta and SoBe then installed the ad software from the two companies — Gamma Entertainment of Montreal, Quebec, and Loudcash, whose parent company was acquired last year by 180Solutions of Bellevue, Wash. — on the bots they controlled, pocketing more than $58,000 in 13 months.

"It's immoral, but the money makes it right," Ancheta told SoBe during one online chat, according to the indictment.

Out of curiosity, what is the difference between a kid like this and, say, Sony? Both infected tens of thousands of computers with malware. Both espouse the same philosophy to justify that infection— the money makes it right.

At first blush, it seems pretty similar. Given that, there s really only a couple of differences. The first is that Ancheta s network merely preyed on insecure systems, where as Sony s network actually made systems insecure, opening them up to further infection by guys like Ancheta. And the second is that, when caught, the kid goes to jail, where as Sony s team of lawyers just have to pay you seven dollars and fifty cents worth of imaginary money.

By the way, notice that the ad network Ancheta used—Loudcash—was acquired by 180solutions, who are also under investigation for being scumware jerks.

"I am receiving pop-up video from movieland.com that tell me I'm 'legally obligated to pay, now that your free trial is up' and I never ordered anything from the Website," said Michael of Wheeling, W.V., in an October 2005 complaint to ConsumerAffairs.Com

"This video overrides all other functions on my computer until it is finished and the reminder keeps coming back every day," he said.

The pop-up windows repeatedly admonish the user that they are violating the terms of service agreement with Movieland, and advise that they need to pay money in order to stop the pop-ups from appearing. A link is provided to offer the consumer's credit card information.

Why does it matter? In this particular case, it really doesn't. Apple is just trying to sell you some more iTunes downloads. But the fact remains that your listening habits should be your own business and if Apple wants to collect your personal information so as to better tailor their offers to you, they should have to ask your permission first. (Even though that likely means burying such terms inside a cryptic EULA.)

You can read the article for the details on the settlement, but we found this bit about a program called Spykiller a lot more sleazy, and therefore, interesting. From ConsumerAffairs.com:

While the SpyKiller "scan" was running, the program displayed a status report entitled "Spyware Found on your PC:" that included a category called "Live Spyware Processes." In fact, the FTC alleges, this category deceptively identified anti-virus programs, word processing programs, and other legitimate processes running on the system as spyware. Then, even though the "scan" itself was free, consumers usually had to pay approximately $39.95 to enable SpyKiller's "removal" capabilities.

'Computer security experts were grappling with the threat of a new weakness in Microsoft s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The potential [security threat] is huge, said Mikko Hypp nen, chief research officer at F-Secure, an antivirus company. It s probably bigger than for any other vulnerability we ve seen. Any version of Windows is vulnerable right now. '

The vulnerabilty appears to be yet another exploit involving running malicious codes through images. Didn't you guys just supposedly fix this?

(Update: Nicholas Weaver posted a link in our Comments section directing us to instruction to an unofficial patch, along with the portent: "It really is that serious." Microsoft's patch? Due on January 10th.)

Steven Silvers has got an excellent message to send to Sony and other businesses engaging in "stealth marketing":

As the hide-your-marketing hype reaches its inevitable peak, Sony s very public image problems are bound to be followed in 2006 by other companies that ignore this reality of the information age:

Your stealth marketing will be only as successful as the reaction consumers have when they realize who s behind it and what you ve been up to.

And, yes, they will find out.