http://www.spywareinfo.com/newsletter/archives/feb-2003/22.php
Is
NewDotNet Really Spyware?
Note: To avoid confusion, everywhere I say "New.net", I am referring
either to the company or its web site. Everywhere I say "NewDotNet",
I am referring to the software plug-in.
Since I'm already on the topic of NewDotNet, I guess it is time to discuss why
it is considered by some to be spyware. NewDotNet is a plug-in for your
computer which allows you to access unofficial top level domains, such as .shop
and .xxx. What New.net does is sell a sub domain of the new.net site. For
example, the domain http://www.book.shop
actually resolves to http://www.book.shop.new.net
if you are a NewDotNet user. These domains are unofficial and won't resolve
without the plug-in unless you receive your internet access from an ISP which
has modified its customer's name servers to use new.net domains. There is a
list of these ISP's at http://www.new.net/about_us_partners.tp#ISP.
New.net estimates that they have 178,386,226 users worldwide as of this
writing.
One thing which gives New.net a bad name is the fact that their software is
bundled with "partner" software. Nearly all of these programs have
bad reputations because they also bundle adware and spyware. For instance,
NewDotNet is bundled with Radlight Media Player, which also installs WhenU.com's SaveNow.
These are two particularly disgusting companies. Radlight once included
instructions in its installer that would secretly
remove Lavasoft's Ad-aware. After a massive public outcry (and a
particularly nasty case of the /. effect), CNet and Simtel briefly pulled the
software from their archives until Radlight produced a new build which doesn't
tamper with Ad-aware.
WhenU's SaveNow is even worse, for not only does it spam you with pop up ads,
those ads are based on the context of the web site you are currently visiting
or the words you just searched for. For instance, if you are on the Chevrolet
web site, SaveNow might pop up an ad for a competing Ford vehicle. Or perhaps
you search for the term "automobile" at Google and Ford has purchased
advertising on Google for that keyword. SaveNow may pop up an ad for
Daimler-Chrysler. In effect, it is sending you ads on web sites for which WhenU
has no relationship (and reporting this fact to WhenU servers). Most webmasters
consider this activity to be theft and many of them include detection scripts
on their sites which will alert a visitor that it is installed and redirect
them to a page with instructions on how to remove it.
Another issue that people have with NewDotNet is the automatic update
component. The plug-in will automatically contact New.net servers to check for
an updated version. There is no prompting for this and it cannot be disabled.
It also downloads a GUID (Globally Unique Identification Number) on its first
update so that New.net can keep track of how many people are using their
service.
All of that in combination leads many people to avoid it and to suspect it of
being spyware. Certainly it is unsavory. Nothing on my computer is permitted to
check for updates unless I've gone out of my way to tell it to do so. For that
matter, nothing on my computer is permitted to connect to the internet unless
I've decided to allow it to do so (Mailwasher, my ISP's satellite connection
software, Trillian, etc). Any software which attempts to connect to the
internet, whether to check for updates or for any other reason, without giving
me an option to disallow it quickly gets uninstalled and deleted off of my hard
drive.
One issue which I have debated with David Hernand, CEO of New.net, is the way
NewDotNet loads at startup. Rather than loading an application named
"NewDotNet" or similar, the application loads by calling the Windows
system file "Rundll32.exe", which means that you don't see it when
you look in the Windows task manager. I argued that it made it look suspicious.
If there is nothing to hide, why hide?
The answer I got back was that it was done this way to keep people from looking
for all files named "newdotnet" and deleting them and endangering
their network. That's sounds logical, but some people are going to stubbornly
ignore add/remove and use the delete key anyway. When doing this breaks their
network, they have no one to blame but themselves. I don't believe that this is
reason enough to hide the running process. This is nothing bad by itself, but
it does nothing to improve NewDotNet's image.
Two years ago, Lavasoft added NewDotNet as a spyware target to Ad-aware.
New.net objected to its software being labeled spyware and invited open testing
of its software to look for any privacy violations. When none were found,
Lavasoft removed them as a target (and got flamed mercilessly for it at their
support forums). One of the original members of "Team Lavasoft" who
helped test the software was Craig Rashad. Mr. Rashad is no longer associated
with Lavasoft and now hosts the Net-Integration message
boards which is also the home of Spybot
S&D's support forums.
With the introduction of Ad-aware 6, Lavasoft has once again started targeting
NewDotNet. No one knows why and even Lavasoft can't seem to decide what the
reason for that is, as there have been contradictory statements made at their
own support forums about it. Heated arguments have been popping up on message
boards everywhere between people who say NewDotNet is spyware and those who say
that it is not.
Rashad decided to load several test computers with New.net's software to see
whether or not it was collecting and uploading personal information about its
users. After extensive testing, Mr. Rashad concluded that no, NewDotNet is not
spying on its users in any way. No personal information leaves the machine,
period. He has posted his opinion of New.net's software at his message boards
here: http://forums.net-integration.net/index.php?showtopic=358&hl=
While I haven't personally tested the software, I'll take Rashad's conclusions
at face value. He's been doing this for a lot longer than I have. If he says
that NewDotNet is not spyware, then it is not spyware. NewDotNet is not even
adware, much less spyware. The worst that it can be called is "foistware",
a term defined by CounterExploitation as
"Unwanted application programs that come along, trojan-style, with
completely unrelated software."
Rashad's final conclusion is that NewDotNet does not warrant targeting by
Ad-aware, Spybot, or any of the other spyware removers. That took courage,
because there seems to be something magical about NewDotNet. As soon as anyone
dares to disagree that it is complete and utter scum, people begin to revert to
the mental equivalent of school children. It is truly fascinating to watch so
many grown adults lower themselves to below the mental age of their own
children rather than simply stating their disagreement. It never, ever fails to
happen when the issue is NewDotNet. Rashad has already receive dozens of hate
mails, insults, and outright threats.
Here is my 2 cents on the subject.
I don't like the GUID and personally will not ever run this program for that
reason alone. Many others agree with me on the issue of software which uses a
GUID, especially when it is passed back to the vendor's servers as part of a
"head count" of users. However, NewDotNet is not the only program
which uses a GUID, and there is a legitimate reason for having it.
I don't like that it reaches out to the internet without asking, and then also
downloads and installs updates without asking. That is extremely rude behavior
and very questionable. When asked why they don't make the auto updater a manual
updater, their unsatisfactory answer is that it would raise the size of the
download. As rude as this is, there is nothing malicious about it and no
personal information other than the GUID is sent to New.net in the process.
Neither of these issues, nor any of the other issues mentioned earlier warrants
New.net's software being targeted by spyware/adware removal tools. NewDotNet is
not spyware. NewDotNet is not adware. NewDotNet does not install using drive-by
activex scripts the way Xupiter and others do. Every known third party
installer discloses NewDotNet's presence and has boxes which the user can
uncheck if they don't want NewDotNet to install. If it is already installed,
then the uninstaller provided with each copy works perfectly.
NewDotNet is not worth targeting in my opinion.
P.S.
Do not email me with links to web pages that discuss NewDotNet. I have seen
every single page in existence that discusses it. Thank you in advance.
NOTE: Some URLs have been updated for resolvability. No text has been changed. The original copy may be found here: http://www.spywareinfo.com/newsletter/archives/feb-2003/22.php#new.net