Steven Burn wrote me about finding malware in Kiwi Alpha, which is a peer to peer file sharing client. He found it at Download.com. He knows I've had bad experiences at Download.com in the past.
Steven also sent me links to a thread at SpywareWarrior's forums. He had posted his scan results there. It looked very bad, but naturally I had to try it for myself.
I fired up a clean Win98 machine using Virtual PC. Then I googled for the page at Download.com. I found it and downloaded it. My anti-virus software wasn't triggered by the download. I wasn't surprised. Malware can be fairly well hidden inside an installer.
Next, I placed the installer in my Win98 virtual machine. Then I started Total Uninstall to monitor the install. After a simple installation, I ran it awhile and downloaded an MP3 from someplace (I deleted it later). The program is very simple to use and I liked it.
Finally, I closed it and ran a quick scans with Ad-Aware SE and A2Free trojan scanner. Ad-Aware found no problems. A2Free trojan scanner detected over 20 "traces". At the time I assumed that these "traces" where bad, but after a little research I found out that they are only warnings about programs that A2Free considers security risks. In general it was flagging any P2P (peer to peer) software. P2P programs and services have a long history as an easy way to spread infectious adware or malware.
The next day, Tom in the TeMerc security forums recommended that I try a few more programs to scan this Kiwi Alpha. So I did.
I scanned with SpywareTerminator, and then Spybot S&D. In both cases, Kiwi Alpha showed no detectable malware, just as my first scan with Ad-Aware had shown.
I wondered where Steven had gotten his copy of Kiwi Alpha because I noticed that the MD5 checksum was different from the one I had. It looked like we had scanned different files. Steven later confirmed that someone had replaced the infected Kiwi Alpha with a clean version. This apparently happened sometime between November 20th and November 23rd. Isn't that interesting?
In this case, Download.com is redirecting you to the KiwiAlpha website to download the file. This means that Download.com cannot truthfully guarantee the safety of anything you download from some of their pages. This is common at Download.com, so be aware of it when you go there.
I checked Google's cached copy of the Kiwi Alpha page at Download.com which was dated November 19th. At the time of this "snapshot", 800,000 people had downloaded copies of Kiwi Alpha. Most of these downloads likely had the WhenU/SaveNow and Relevant Knowledge adware in them. What does this tell you about Download.com's concern about the consumer who comes to their website?
Conclusion: Despite Download.com's claim to be "Safe, Trusted, & Spyware Free", you can't count on that because they don't always host their own "downloads".
In my opinion, this isn't the worst practice there. They also provide "sponsored links" to websites that offer more downloads full of adware and other malware.
Example:
Make no mistake about it. Adware is big business and big money. Download.com is getting a piece of the action too. They're just a little sneakier.
I recommend that you stay away from Download.com.
Finally, I'll fill you in on some of the history of Kiwi Alpha. When Steven first contacted me, I had never heard of this peer to peer application. The folks over at SpywareWarrior.com had certainly heard of it and they have a nice write up about it explaining what to expect from the owners of Kiwi Alpha.
The Spyware Warrior Guide to Adware Installations of 2005
Fast and anonymous downloads from LimeWire, BearShare, Ares Galaxy, and other P2P networks. Kiwi Alpha uses the same technology used by many of the leading file sharing programs such as LimeWire, BearShare, BitComet, and Ares Galaxy. Kiwi Alpha protects the privacy of the user by connecting anonymously to the networked community. With Kiwi Alpha you can easily download music, movies, images, and other files. Kiwi Alpha features a handy play list, advanced search filters, and some nice options for fine-tuning the performance.
This animation tool works very nicely. Since the GIF format is so common across the web, this tool is going to be very handy for graphic artists and webmasters. There are very few free GIF animation tools out there and I don't know of any that have such a full feature set. I tried it briefly and even though I'm not worth a darn when it comes to graphic design, I was able to make an animated GIF easily by copying and pasting frames.
Quote from the website
Beneton Movie GIF is a GIF editing tool. It is simple, quick, and effective.
Features:
Supports 48 file formats such as BMP, GIF, JPG, PNG, and AVI
Multiple frames selecting
Drag and drop frames for a quick editing
20 different effects, divided in 2 big categories: normal and animated
Supports individual frame properties: delay and transparent for each frame
Save and load a batch of frames (frame1.bmp, frame2.bmp, etc.)
A complete built-in image editor with many tools (pencil, shapes, airbrush, alpha brush, fill, selection, text)
A simple preview window that previews individual frames or the animation with options such as zoom, loop, etc.
A simple tool which adds more functionality to your PC DVD player. Allows you to play any dvd on your computer without needing to change your region code and more ...
Kind Regards
Tony
www.topfreeware.net - The best freeware downloads and tips to optimize your system
From Clif:
Thanks Tony! Nice pick.
Quote from the website
Remote Selector is an add-on utility for PC DVD players with the following features:
Region free for all supported decoders and players with any DVD drive, even region protected ones. You will never have to worry about changing the region code or upgrading the firmware of your DVD drive, which can be difficult and dangerous!
Disabling MacroVision and changing video mode on TV output. Connect your DVD player to your VCR without the usual image distortion.
Disabling User Prohibition, or in other words enabling of Prohibited User Operations. All buttons and menus will be enabled in your player, which will allow you to:
skip or fast-forward FBI warnings and other intro's.
change soundtracks on the fly.
... and much more!
Disabling of forced subtitles. Even when User Prohibition is disabled, subtitles may still appear on screen. However, Remote Selector can remove any subtitle (!), as long as it has not been hardcoded in the image.
Control DVD player software by keyboard, joystick or remote control.
Display player info like title, chapter and time on LCD display and Closed Caption.
Currently supported decoders and players include Creative Dxr2, Dxr3 and Inlay, RealMagic Hollywood+ and Xcard, Chromatic Design Mpact2, PowerDVD and WinDVD.
Remote Selector works with all versions of Windows (95, 98, ME, NT4, 2000 and XP) and has support for all versions (including the latest) of the players mentioned above.
The Matrixor theme pack gets points for originality. The nine included wallpapers are very nice but the screensaver is pretty lame. I wasn't crazy about the mouse cursor either.
I've been playing with different themes lately. If you find that Windows doesn't recognize the .theme file type then you can try the free DesktopArchitect to manage your theme files.
Words of caution:
Be very careful when searching for desktop themes or screensavers on the internet. These are often infected with all types of malware. Use SiteAdvisor or ScanDoo while searching for them.
Quote from the website
Words just can't describe the detail in this package. Like the Matrix itself, you can't explain it. You have to see it with your own eyes. Remarkably, there are 9 complete themes for both 1024x768 and 800x600 JPG display sizes with matching color schemes for each. Outstanding creativity is included in every individual theme part from the cutout type desktop icons and cool new cursors to the web view images and system logo screens. Stereo sound files and a screen saver just put the icing on the cake.
You must help caveman Bunt save his good friend Unga Bunga. He must dodge or destroy several enemies while on this quest. The game is very simple yet challenging. No installation is needed. Just unzip it to a folder and start it up.
Notes: The game screen is a bit small but you get used to it quickly.
Quote from the game review site
Heroes of the Stone Age is a simple but fun platformer, and there's not a whole lot to say about it. It follows an extremely simple storyline through a couple dozen fairly linear levels
I use text replacement tools quite often. It saves me a great deal of time to type a short keyword and then see an entire paragraph appear just where I want it. In the past I've used AutoHotKey to do this job for me, but I'm going to use PhraseExpress for awhile now. It's much easier to set up and add new phrases to.
Note: There is a "Pro" version that allows people to share the same phrase database over a network. This free version appears to be truly free with no nags to upgrade.
Quote from the website
Do you find yourself typing common phrases over and over again? Just store abbreviations, answers to frequently asked questions, email templates or text snippets in PhraseExpress and reuse them again and again
Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.
The most recent versions of Internet Explorer and Firefox both have anti-phishing detection built in. Currently both claim their protection is the best. All you can do is laugh. See the articles here:
Use the most recent versions of both Firefox and Internet Explorer and make sure the anti-phishing tools are turned on. In addition, you may want to try out one or more of the following add-ons.
PhishTank
The block page
SiteChecker displays a block page when you visit a URL known to PhishTank as an active, online phish. This focused page lets you view the PhishTank detail page, or even continue on to take a look.
Translations
MASA has recruited folks around the Internet so that SiteChecker comes with English, Swedish, Dutch, Chinese (simplified and traditional), Italian, Spanish, French, and Brazilian translations right away. Contact MASA (via SiteChecker site) if you want to help translate to other languages.
Thoughtful preferences
The default preferences are fine, but MASA built in some options which you might explore, including whether the extension is on or off and where the Phishy Fishy icon takes you when clicked.
See the hosting location and Risk Rating of every site you visit.
Help defend the Internet community from fraudsters.
The Toolbar community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing frauds.
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It's not a comprehensive solution, but it's a good start.
Bill Allin writes to tell us what his source in Microsoft has heard recently. Bill believes Win2k is on the chopping block, which may not be a surprise to some of you.
Letter from Bill
Hi Clif,
MS Mole reports from a Microsoft meeting this week that the company has no plan to support the installation of Internet Explorer 7 with Windows 2000 or any earlier version of Windows. In his words, "Microsoft is trying to make Windows 2000 go away" without saying as much publicly. The MS screw is being steadily tightened so that everyone who uses Windows will have to use an up-to-date version because new Microsoft products will not run on earlier platforms. While work is going on in about nine places around the globe to create a non-Microsoft operating system that will run Windows programs, none is close to market yet, in the sense of being proven. Microsoft, being all too aware of the wolves snapping at its heels, intends to change its own operating systems enough that even its own older (five years or less) programs will no longer run on its newer platforms. Nothing less than 32-bit receives any consideration now and even 32-bit will be phased out ASAP. More and more it seems that we are all destined to have multiple computers at hand that will each perform different functions, some old and some new. The old dogs may be the only ones that can perform the old tricks.
Cheers
Bill
'Turning It Around: Causes and Cures for Today's Epidemic Social Problems,' real and inexpensive solutions to community problems most people think are inevitable evils of modern society. They aren't. We just have to look in the right place.
Thanks to everyone who commented on the articles last week. You gave me more ideas and some good advice. If you see comments on an article, you will be missing out if you don't click on them to take a look.
If you commented last week, check to see who commented on your comment!
A while back, 2 penny Ron, one of your fellow readers, wrote in to ask this.
Is Boogie Jack Still active? His site's up, but I don't see any updates since last year.
The answer is a resounding YES! He's still there and his websites are all worthwhile of the best recommendations I can give you. Sure, there are plenty of places on the web to learn HTML and webmastering. There aren't many where you can get a good laugh or two while you are doing this. That's why I still recommend him to new webmasters.
I wrote Dennis (BoogieJack) when I was curious about the lack of activity that Ron mentioned above.
Hi Dennis,
A subscriber to my newsletter asked if your site was still active.
...the second site isn't quite finished because of the second reason, and
the second reason is because my publisher wanted a new edition of my book.
So I had to drop everything and work on that, and that's what I've been
doing on the for the last several months. The book is a complete rewrite
covering HTML, XHTML, and CSS, plus offers an overview of other
technologies ...
Best regards, Dennis
Quote from the website
Welcome to Boogie Jack's, a webmaster's resource site featuring free graphics, HTML tutorials, CSS tutorials, copy and paste JavaScript, very cool products you won't find elsewhere, and many other features for webmasters.
I think it may interest some of your your readers.
Thank you for your newsletter.
Quote from the website
FreeScience.info is an initiative to substitute real libraries with a virtual one, where it will be possible download all books, in a printable format mainly PDF.
There really aren't too many safe places to get free wallpapers, themes, and screensavers. This site has my approval so far. The single exception I'll mention is that they have advertising links to some very risky websites. In other words, don't click on the ads.
I think this site should have a "yellow" rating at SiteAdvisor and ScanDoo. It's green right now.
You need a free 2.7 GB Gmail account to access many of the cool features at Google. I'll send you an invitation right away if you write me and say I WANT GMAIL.
I think Gmail works best in the awesome Firefox browser. It's free, easy to use, and it's way more secure than Internet Explorer. My favorite thing to do is to customize Firefox so that it does much more than IE ever could. You can select new button controls for your toolbars, install extensions to add new features, or change the look of your browser with themes - the way Firefox looks and works is under your control.
Wow! Over 400 people and still growing! I invite all of you to record your locations on this map**. You can include as little or as much information as you wish. I think you'll enjoy seeing yourself there.
Here's a small look at my frapper map.
Write your own review
I get many of the reviews in the newsletter from the readers. You don't have to be a genius or computer guru. Just answer a few questions and send me a review. I'll probably put you in the newsletter.
What do you have to say?
Just tell me what article you are talking about and leave me your comment.
Quote from the game review site
TrustWatch
SpoofStick
Letter from Bill
Quote from the website
Quote from the website
Source - 
