Several years ago (98) I was surprised to see modem activity, even though I was not on the Internet. Over the next 2 weeks spent investigating into what sort of communication was actually taking place, the result launched me into the arena of Internet Security. I did not have the foresight to document every step of the two week investigation, but years later discovered someone that did document a similar occurence. http://grc.com/downloaders.htm For those of us that are familiar with the dangers of SpyWare, this is old news, but to the vast majority of internet users, this may shock you. RealDownload/RealPlayer, from Real Networks, is on a great number of computers, and nearly everyone considers it harmless. Steve Gibson of Gibson Research discovered, and documented the REAL truth. The link is to his research journal, and is rather lenghty. For those uninclined to read through it, I'll sum up his conclusions. Whenever he downloaded a file, RealPlayer would send to Real Networks: 1. A Windows QUID, identifying the file. 2. A hexidecimal counter, identifying files downloaded to date. 3. A download ID, identifying his computer. 4. His IP address, again identifying his computer. 5. His real name in plain text. 6. His e-mail address in plain text. This is considered harmless? The REAL question is: If this is basicly harmless, what is the nasty stuff like Gator sending out? If you are one of those that has yet to take SpyWare seriously? Just think about all the little bits of information tucked away on your HD that is no one's business but yours. Now bear in mind there are over 14,000 different SpyWare programs on the net trying to discover your little secrets, and most of them are rated far worse than Real Networks. _________________________ Computers work with absolute flawless perfection, until the first person touches them!

Mr. Gibson left planet earth quite some time ago. I used to respect him but I no longer do. A lot of his claims cannot be backed up with true hard evidence and he likes to scare the hell out of the avg. joe computer user. While I'll admit Spinrite is one hell of a program Mr. Gibson is not one I trust at all with his word. I myself once thought this man knew his stuff, then I read the truth and relized he is just talking out of his ass a lot. Just remember this small fact. A 16yr old kid does not care about spyware or if his IP is being logged or if someone is keeping track of the porn sites he goes too. They also do not care that they use Kazaa and other malware programs. Almost all web sites capture your IP and it is nothing to worry about. If they get your name it is because you typed it in and again, this is no big deal. If they get a players ID, who cares??? How many of you hand your credit card to a perfect stranger when you go out to dinner and pay for the bill. For 5mins at least your card is out of your hands and view. Mr. Gibson likes to use big words and scare folks and he is good at it. Just remember this. Do not beleive all you read because someone claims they are an expert or has found out something nobody else has. KTTD

Martin, Kevin hi. I have realplayer installed. During this instalation I selected NO to 'auto update' NO to 'recommended whatever' yet still a file (realevent.exe) tried to contact the Internet when the program was run. Starting the PC in safemode, I was able to re-name this file to realevent.ex- The program still works but this file is now asleep. If it was not for the free version of Zonealarm, I would not know anything about this activity. I now have ZoneAlarm Pro. Martin may wish to find out more info on Thumbs.db Apart from record what picture files you had in a folder, even after they have been deleted, what is this for & why? Another file that I find suspicious- Index.dat, recording the url of websites visited even after you have deleted the history. The free program, SPIDER from http://www.fsm.nl/ward shines the light into what is stored here, but not why.

Kevin, having examined his journal, i believed his procedures and conclusions to be accurate. If he is as you say, feel free to eliminate this thread. The reason for the post was a client whose machine I worked on 2 days ago. While going through his machine, I discovered Gator. After 1/2 hour of trying to explain that this was about the worst thing he could have (short of a virus) on his computer. I finally gave in to insanity and left it there with his constant "But it's so nice, I don't have to remember all my passwords". _________________________ Computers work with absolute flawless perfection, until the first person touches them!

michael2, "Another file that I find suspicious- Index.dat, recording the url of websites visited even after you have deleted the history." ;-) Hmmm, mine don't. History, or Temp Internet (IE 5.5 Sp2) I guess, I'd have to recant on that, a little. Once in a blue moon, a redirect will stick. But not for long :-) CrazyOne

CrazyOne, I have Win ME and used Spider and found website addresses, my E-mail address & things I searched for from when I first got the PC. I deleted my history loads of times before using this program. When I say deleted, I mean via the Windows clean-up option then opened the folder and deleted everything in there except the undeletable index.dat file. How do you view the contents of your index.dat file? I now periodically use Delindex.bat and this deletes the file (& the stored history). Re-booting re-creates the file, although the history recording starts again. The new size is a fraction of what the bloated file was. I use Spider for a 'before & after' test. Spider was made for Win98 but for viewing the contents of the index.dat file it's great.

Spider works ok with Win XP also, in options just tell it to search the hard drive instead of the Windows directory. Get Spider 1.16 beta from here... www.fsm.nl/ward/ Iligitimi non carborundum est