Information Security News
by Dan Goodin
In 2004, a 22-year-old technology enthusiast named Ladar Levison hatched a venture that fused his passion for open-source software with his belief that privacy was a fundamental right. Using the OpenSSL cryptography library, the Linux-based operating system, and close to 10,000 programming hours, he built what ultimately became Lavabit, an e-mail service that, when used correctly, made it impossible for even him to read the encrypted messages stored on his servers.
The goal from the start was to develop a technical underpinning that would resist the secret National Security Letters (NSLs) that had been authorized under the PATRIOT Act of 2001. Short for Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, the statute required service providers to surrender private data relating to users named in an NSL.
Even more disturbing to Levison, the law strictly prohibited providers from disclosing the existence of the secret demand, which, unlike normal subpoenas, were issued without the oversight of a legal court. (The constitutionality of those gag orders has been called into question by at least one recent court order.) Levison's plan was simple enough—use multiple levels of encryption to ensure that only someone who knows the user-chosen password protecting each account could decode the protected messages. Because Lavabit stored the passwords as one-way hashes that were generated by a complex cryptographic algorithm, even Lavabit operators were unable to obtain the plain-text characters.
According to McAfee’s 2008 The Web’s Most Dangerous Search Terms, “free” fell into the highest search term risk category. And my previous search for free stuff on the Internet ended ugly. What did I do? I searched for free things, clicked the top links, and initiated the first download on each page. This—no surprise—led me to download a bunch of adware and malware, what McAfee coined as Potentially Unwanted Programs (PUPs). For instance, a search for "free music downloads" (the worst search query from round one) left my desktop littered with them. From my download notes and desktop count, I went from three to 19 programs while adding six Firefox plugins and 12 extensions that made my browser a cluttered array of toolbars and icons. My computer was dogged with PUPs—point proven. Now this was my mess to clean up. Could I do anything to fix my computer, and was it even worth it?
Six Firefox plugins: Conduit Plugin 18.104.22.168, Exent AOD Gecko Plugin 22.214.171.124, GameTreatWidget 126.96.36.199, Google Update 188.8.131.52, Microsoft Windows Media Player Firefox Plugin 184.108.40.206, Shockwave Flash 11.7.700.202
12 Firefox extensions: Default Tab 2.0, Frostwire Toolbar 12.42738, MixiDJ V30 10.16.300.3, Mp3skull Toolbar initial.rev194, New Tab 220.127.116.1181, QuickShare Widget 1.1, SavetheChildren App By We-Care.com 18.104.22.168, SearchDonkey 2.6.14, Search-Results Toolbar 22.214.171.124, SelectionLinks 1.5, Yahoo Toolbar 126.96.36.19930322105505, Yontoo 1.20.02
16 programs downloaded: BearShare, Torch (Internet Browser), 24x7 Help, Free Ride Games / 7 Wonders II, FrostWire 5.5.6, Google Drive, Groove-Stream, Adobe Flash, iTunes (didn't install; it was a 32-bit version on 64-bit Windows), iMesh, inTuneMP3, PC Fix Speed, PC Optimizer Pro, SpeedItup Free, The Weather Channel App, WeatherBug
I went searching for answers on the Internet and found hints but no conclusions. McAfee’s white paper Potentially Unwanted Programs: Spyware and Adware, which dates back to 2005 when PUPs were on the rise, hinted at the worst. “Anecdotal evidence suggests that many home users and even system administrators periodically wipe out machines and reinstall from scratch or even buy completely new computers to rid them of spyware, adware, and other PUPs.” But picking up where I left off, I decided to see for myself just how easy it was to restore my computer to its normal, pristine state… if it was possible at all.
I resumed my Windows 7 virtualization via Parallels from a more than two-month slumber on my MacBook Pro. Exactly how long had it been? PC Optimizer Pro popped up as soon as I restarted my computer. “Last Scan Performed 79 days ago. May 15, 2013 10:37pm.” According to this, I had a lot of work to do: 1,286 items. This broke down into 70 “Invalid Registry Entries," 629 “Junk Files,” and 587 pieces of “Internet Junk.” But since PC Optimizer Pro is adware itself, I didn’t trust it. Earlier, it detected “problems” after a fresh install with almost no other programs, classifying it as “scareware.”