Xupiter hell
November 30, 2002 6:48 PM Subscribe
Xupiter and other crap You geeks out there probably already know about the hell that is xupiter, and other parasite programs from Hades. I had to learn the hard way.
and then, of course, there's Ad Aware. run it often!
posted by mcsweetie at 6:52 PM on November 30, 2002
posted by mcsweetie at 6:52 PM on November 30, 2002
Ad Aware didn't get rid of it all for us. But having a geeky husband has its advantages!
posted by konolia at 6:53 PM on November 30, 2002
posted by konolia at 6:53 PM on November 30, 2002
I recently ran across this web-based parasite checker, which includes a check for Xupiter. Share and enjoy. Probably IE only, though.
posted by stavrosthewonderchicken at 6:54 PM on November 30, 2002
posted by stavrosthewonderchicken at 6:54 PM on November 30, 2002
tell me about it! (and it would appear as though ad aware was already mentioned in the article. SORRY, GOD.)
posted by mcsweetie at 6:55 PM on November 30, 2002
posted by mcsweetie at 6:55 PM on November 30, 2002
I guess I didn't get the memo-- this Xupiter issue is news to me. Would someone explain to me the ways in which it installs itself? Please don't tell me you have to consent via an Active-X popup... certainly there is a more nefarious way in which this bugger infests the victim?
posted by F Mackenzie at 7:24 PM on November 30, 2002
posted by F Mackenzie at 7:24 PM on November 30, 2002
Sorry, Mackenzie, it's an Active-X popup. Good ploy though - it apparently tells you that "Xupiter toolbar is not installed properly. Please reinstall." Click, install, be infected.
posted by whatzit at 7:34 PM on November 30, 2002
posted by whatzit at 7:34 PM on November 30, 2002
Blech. Wrong link, though still interesting. The long spywareinfo.com thread, and a shorter google groups thread.
posted by whatzit at 7:37 PM on November 30, 2002
posted by whatzit at 7:37 PM on November 30, 2002
My best advice: don't use IE or outlook on windows (get opera or phoenix already!); don't install anything you don't really need to have...there are plenty of good, free (as in speech) softwares on sourceforge/freshmeat (yes, even for windows*)...and always make sure the "free" software you are installing is sans strings; installing warezed applications is a very bad idea, and not just in terms of ethics.
Apparently people are still not immune to the most crude and childish of social engineering, but running lunix or mac will generally insulate one from this insanity, heh.
*e.g., filezilla, 7zip
posted by dorian at 7:51 PM on November 30, 2002
Apparently people are still not immune to the most crude and childish of social engineering, but running lunix or mac will generally insulate one from this insanity, heh.
*e.g., filezilla, 7zip
posted by dorian at 7:51 PM on November 30, 2002
besides ad aware , which is a good idea after every install ( if yer paranoid ) .
you should also get zone alarm ( a firewall ) and pop up stopper ( a pop up window killer ) . both are free fer personal use .
you neednt be geeky to be a lil more secure .
posted by mishaco at 7:53 PM on November 30, 2002
you should also get zone alarm ( a firewall ) and pop up stopper ( a pop up window killer ) . both are free fer personal use .
you neednt be geeky to be a lil more secure .
posted by mishaco at 7:53 PM on November 30, 2002
Whatzit, I'm still amazed at the number of people who say "yes" when some unknown installer attempts its nefarious act of sabotage. Remember folks, the Internet is just like drugs-- when someone offers you something you've never seen before, just say no.
posted by F Mackenzie at 8:27 PM on November 30, 2002
posted by F Mackenzie at 8:27 PM on November 30, 2002
Remember folks, the Internet is just like drugs-- when someone offers you something you've never seen before, just say no.
No, no, the Internet is like penises! [gratuitous self-link]
posted by Slithy_Tove at 9:44 PM on November 30, 2002
No, no, the Internet is like penises! [gratuitous self-link]
posted by Slithy_Tove at 9:44 PM on November 30, 2002
I'm generally happy anytime a journalist cares to name drop Apple products - if even just a token reference - but the mention of Mac's in this piece is a bit absurd. First, Mac users to the best of my knowledge don't have to deal with this type of thing - be it due to market share, superior products or plain old suckiness - whatever. Second, to suggest that if we did that the only way to do away with all the nasty little apps hiding in the recesses of our hard drives is to spend $50 when similar freeware solutions for PC's exist is just plain dumb and helps perpetuate the Mac vs. PC myths. Last, because this guy (and the fact checkers) failed to do his homework makes me call into question the entire piece. I'm not saying what he's describing doesn't actually happen but does this piece really do anything but whip up a little false hysteria with it's cyber-terrorism slant?
posted by photoslob at 10:54 PM on November 30, 2002
posted by photoslob at 10:54 PM on November 30, 2002
No, no, the Internet is like penises! - Slithy_Tove
You're an odd, odd duck. I *like* that about you! ;)
posted by dejah420 at 11:22 PM on November 30, 2002
You're an odd, odd duck. I *like* that about you! ;)
posted by dejah420 at 11:22 PM on November 30, 2002
I use IE exclusively and surf a lot --and scan regularly with Ad-Aware-- yet I don't get spyware. Two rules:
1. Be careful what you download; never open a .exe or .vbs attachment. Never get shareware directly from a website --go to download.cnet.com and/or tucows.com and check the user comments beforehand. Spyware gets "blacklisted" pretty early.
2. Run a local, web-scrubbing proxy on your machine. Then point IE to it, instead of your dial-up or LAN connection. My favorite is The Proxomitron. No ads, no JavaScript, no Flash (unless you tell it to), no web-bugs and much faster surfing. As an added bonus, the Proxomitron can handle multiple web setups and switch between them transparently (for those road-warriors like myself).
posted by costas at 11:50 PM on November 30, 2002
1. Be careful what you download; never open a .exe or .vbs attachment. Never get shareware directly from a website --go to download.cnet.com and/or tucows.com and check the user comments beforehand. Spyware gets "blacklisted" pretty early.
2. Run a local, web-scrubbing proxy on your machine. Then point IE to it, instead of your dial-up or LAN connection. My favorite is The Proxomitron. No ads, no JavaScript, no Flash (unless you tell it to), no web-bugs and much faster surfing. As an added bonus, the Proxomitron can handle multiple web setups and switch between them transparently (for those road-warriors like myself).
posted by costas at 11:50 PM on November 30, 2002
3. Write your attorneys general. If I tell you that your water meter is installed improperly in order to gain access to your home and install my own metering device, i would be jailed. No reason for the Xupiter CEO to avoid the same result, along with those who bring you ads masquerading as OS window components, "internet speed warnings" etc etc etc. Explain how the fuck anybody here can excuse this as good ole american entrepreneurship, and you've just explained Enron Etal...
posted by quonsar at 12:06 AM on December 1, 2002
posted by quonsar at 12:06 AM on December 1, 2002
I had visted a site the other day that asked me if I wanted to download Xupiter. I said "no", as I never download things like that - yet the next time I tried to restart my computer, I got a message telling me that the Xupiter Toolbar whatever had crashed. Apparently, even though I denied it permission to install itself, it tried to anyway.
posted by thorswitch at 4:39 AM on December 1, 2002
posted by thorswitch at 4:39 AM on December 1, 2002
Spybot Search and Destroy is another excellent freeware product for rooting these things out of your system.
posted by straight at 12:51 PM on December 1, 2002
posted by straight at 12:51 PM on December 1, 2002
on the Mac issue: yes, users of alternative operating systems (anything not out of Redmond, that is) have to deal with a whole lot less in the way of spyware, worms, etc. Microsoft apologists generally whine that such is the cost of running the leading platform, as crackers and spyware companies (err, Innovative Online Demographic Collection Enterprises) see no need in targeting the other 5% when you can cover the vast majority of the computer user community by taking advantage of Microsoft exploits.
While this does contribute, the fact is that anything derived from DOS (consumer Windows through WinXP) or the original WinNT base (NT, 2k) is stuck in the single-user world. There has been over time an attempt to bolt on multiuser security - the NTFS permission system is a competent go at an ACL based filesystem - but the drive to add or retain whizzy features for integration among Windows, Office, and IE has been done in this single-user vacuum, leading to all sorts of ways around the user-level security.
All of the solutions discussed here - from the pay ones I'm sure the Time author found through PR channels, to the generally superior freeware and shareware products mentioned here - are somewhat inelegant. The simple solution would be to implement and use and operating system security model that prevents untrusted software from modifying the system at the system level - an approach followed by most Unices since the Nixon administration, and by Apple recently with the release of Mac OS X.
Yes, there is the fact that OS X provides an easy to use permission escalation system when you try to do something your user account isn't allowed to, but the escalation is always presented by the system in a uniform way, and always requires your password, and only if your account has the appropriate permissions. I've seen something similar in Win2k-land but I've had mixed luck trying to use software written before 1999 with anything other than Administrator privileges. There's probably a whizzy new feature in WinXP that handles this a bit better, but since we're talking about security here, WinXP is automatically disqualified because its license agreement grants Microsoft Corporation arbitrary remote Administrator access for basically any purpose it sees fit.
Such changes will not be easy for Windows - Unix had no legacy support to worry about when it went multiuser, and Apple had the good sense to take all of its past ugliness and stuff it in an isolated box at the system level (Classic). Microsoft maintains the strength of its monopoly on absolute (or at least uniformly poor) compatibility. In my little anti-Microsoft worldview, I'm hopeful this will be one instrument of their downfall.
Until then, I wholeheartedly agree we should throw Xupiter's CEO in the klink.
posted by Vetinari at 7:12 AM on December 2, 2002
While this does contribute, the fact is that anything derived from DOS (consumer Windows through WinXP) or the original WinNT base (NT, 2k) is stuck in the single-user world. There has been over time an attempt to bolt on multiuser security - the NTFS permission system is a competent go at an ACL based filesystem - but the drive to add or retain whizzy features for integration among Windows, Office, and IE has been done in this single-user vacuum, leading to all sorts of ways around the user-level security.
All of the solutions discussed here - from the pay ones I'm sure the Time author found through PR channels, to the generally superior freeware and shareware products mentioned here - are somewhat inelegant. The simple solution would be to implement and use and operating system security model that prevents untrusted software from modifying the system at the system level - an approach followed by most Unices since the Nixon administration, and by Apple recently with the release of Mac OS X.
Yes, there is the fact that OS X provides an easy to use permission escalation system when you try to do something your user account isn't allowed to, but the escalation is always presented by the system in a uniform way, and always requires your password, and only if your account has the appropriate permissions. I've seen something similar in Win2k-land but I've had mixed luck trying to use software written before 1999 with anything other than Administrator privileges. There's probably a whizzy new feature in WinXP that handles this a bit better, but since we're talking about security here, WinXP is automatically disqualified because its license agreement grants Microsoft Corporation arbitrary remote Administrator access for basically any purpose it sees fit.
Such changes will not be easy for Windows - Unix had no legacy support to worry about when it went multiuser, and Apple had the good sense to take all of its past ugliness and stuff it in an isolated box at the system level (Classic). Microsoft maintains the strength of its monopoly on absolute (or at least uniformly poor) compatibility. In my little anti-Microsoft worldview, I'm hopeful this will be one instrument of their downfall.
Until then, I wholeheartedly agree we should throw Xupiter's CEO in the klink.
posted by Vetinari at 7:12 AM on December 2, 2002
Vetinari:
I'm an anti-mac person myself, but I have agree with you somewhat :( 99% of everyone who maintains their own computer with windows runs at admin level 99.999% of the time. I know I do. And a lot of this *could* be solved by a proper multi-user environment being set up to begin with.
In an ideal world windows would be set up like the JVM, where you have to manualy grant permissions to programs to access things like the filesystem, or the network (other then to computers that the thing was downloaded from) or even the printer.
On MacOS a 'bad' peice of software could still delete your personal files (for example, your MP3s), or read anything thats accessable without you typing in your password (like your browser cache...) So mac spyware, if it was written, could do a lot of what windows spyware could do, it would just need to be smarter.
And if you were a regular 'clueless' mac user, if you found some cool software you might be tempted to type your password in if the installer asked you for it.
---
That said, I do not understand why this stuff is legal. I mean If I thew "I have the right to ass-rape you" into a EULA, and then came and ass raped someone, I'm pretty sure I would go to jail...
posted by delmoi at 1:18 PM on December 2, 2002
I'm an anti-mac person myself, but I have agree with you somewhat :( 99% of everyone who maintains their own computer with windows runs at admin level 99.999% of the time. I know I do. And a lot of this *could* be solved by a proper multi-user environment being set up to begin with.
In an ideal world windows would be set up like the JVM, where you have to manualy grant permissions to programs to access things like the filesystem, or the network (other then to computers that the thing was downloaded from) or even the printer.
On MacOS a 'bad' peice of software could still delete your personal files (for example, your MP3s), or read anything thats accessable without you typing in your password (like your browser cache...) So mac spyware, if it was written, could do a lot of what windows spyware could do, it would just need to be smarter.
And if you were a regular 'clueless' mac user, if you found some cool software you might be tempted to type your password in if the installer asked you for it.
---
That said, I do not understand why this stuff is legal. I mean If I thew "I have the right to ass-rape you" into a EULA, and then came and ass raped someone, I'm pretty sure I would go to jail...
posted by delmoi at 1:18 PM on December 2, 2002
i was never asked nor gave any permission to Xupiter install itself on my computer yet it did so anyway.
i was perusing, of all things, the old Kaycee Nicole stuff here and elsewhere. somewhere in the offsite links there is a popup that downloads it without permission.
and i'm with konolia - thank the gods for a geeky husband. he quickly found the fix by Googling for it.
posted by deborah at 2:16 AM on December 3, 2002
i was perusing, of all things, the old Kaycee Nicole stuff here and elsewhere. somewhere in the offsite links there is a popup that downloads it without permission.
and i'm with konolia - thank the gods for a geeky husband. he quickly found the fix by Googling for it.
posted by deborah at 2:16 AM on December 3, 2002
Interestingly enough, I had a xupiter.com url in my referrers logs today.
posted by Darke at 8:58 AM on December 3, 2002
posted by Darke at 8:58 AM on December 3, 2002
« Older Jewish Proselytism and Modern Rabbis | Reach in and touch someone Newer »
This thread has been archived and is closed to new comments
posted by konolia at 6:51 PM on November 30, 2002