Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Monday, December 05, 2005

We've heard the riff, and now for the hook

The whole reason for the lawsuit wasn't because 180 was pissed with misleading statements, it was because a potential business partner of 180solutions had concerns about associating their company which Zone Labs had tagged as a high security risk.

So says Alex Morganis - looks like 180 got in touch to clear up some issues surrounding the whole "Zone Labs Vs 180 Solutions" thing.

However - that being the case - the issue in question being tagged as a high security risk - let's see what some other security experts have made of this. Notably the wonderfully kickass Mike Burgess, with a very interesting runthrough of what a piece of 180's software allegedly does.

He seems to suggest that Zango creates a hook into other software on the system:

As you can see in the screenshot Zango does hook (WH_SHELL) itself into the system.

Another quote from his exploration:

Microsoft Description: The system calls a WH_CBT hook procedure before activating, creating, destroying, minimizing, maximizing, moving, or sizing a window; before completing a system command; before removing a mouse or keyboard event from the system message queue; before setting the input focus; or before synchronizing with the system message queue.

180Solutions was complaining that "ZoneAlarm was advising that our 180search Assistant “is trying to monitor your mouse movements and keyboard strokes” well let's see after reading the above ... that description looks right to me.

Oh noes!

So now I'm really curious - can anyone tell me what this hook is being used for in the case of the Zango software, if at all? Is it mouse / keyboard movements? Or something else? The really odd part is how the application seems to hook into lots of stuff on the target PC - why is this required? Is this true, or is there something else at play here?

EDIT - I notice Slashdot posted this, and some of you are vaguely confused as to what's going on. This is a follow up post to something I've been writing about for a while - on its own, it more than likely wouldn't make much sense. So, in brief:

180 Solutions are suing Zone Alarm, claiming they are costing them money because they are flagging their apps as logging keystrokes / recording mouse movements and so on. At the same time, 180 are (bizarrely) using Winston Churchill as their new notable quotable, using lots of his choice phrases in the battle against the " antispyware zealots". As to who will win between 180 and ZA, well, if the 180 products flagged by ZA don't do what they claim, ZA will likely be taken to the cleaners - simple as that. An interesting account of a similar experience of ZA here.

More links here:

Now with 50% more zealot
Here I go on upload
We shall fight them on the beaches

Please refrain from mindless comment trolling - I've had Slashdot come visit before and I'm happy for anyone to post whatever they like, but mindless flames for the sake of it will be deleted. Thanks.

Update - This is interesting. After more research, the original article now finds that the specific hook comes from clicking a pop-up from Zango and ending up with a Apropos install - daisy-chains rule! I wonder if 180 are happy with one of their ads leading to Apropos dumping a hook into the system on a grand scale? Somehow, I doubt it. He also has some interesting information about Zango wanting to "copy some text from the clipboard", amongst other things. Check it out.

posted by paperghost at 10:09 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.