(A Javascript-enabled browser is required to email me.)

TBTF for 1995-06-09: Followup on two rumored Trojan horses

Keith Dawson (dawson dot tbtf at gmail dot com)
Fri, 9 Jun 1995 08:18:29 -0400



[This note forwarded by Monty Solomon <monty at roscom dot COM> adds credence to the
story that pkzip 3.00 is a Trojan horse.]

>>From RISKS DIGEST 17.16:


Date: Fri, 2 Jun 1995 11:50:44 -0700
From: sidney@apple.com (Sidney Markowitz)
Subject: Bogus PKZIP 3.00 Trojan horse

I saw the following notice on PKWARE's support forum on CompuServe and have
more recently seen it forwarded via the COOL mailing list. The RISK involved
is obvious, but I'm forwarding it in case any of RISK's readers still use
DOS :-). For those who don't: PKZIP is a widely used file
compression/archiving program that is sold as shareware. It's been at
version 2.04G for quite a long time, so people would be quite likely to grab
up a new version quickly.

sidney markowitz <sidney at apple dot com>

Some joker out there is distributing a file called PKZ300B.EXE and
PKZ300B.ZIP. This is NOT a version of PKZIP and will try to erase your
harddrive if you use it. The most recent version is 2.04G. Please tell
all your friends and favorite BBS stops about this hack.

Thank You.

Patrick Weeks Product Support PKWARE, Inc.

[Since I helped to spread the rumor that Microsoft's Win95 Registration Wiz-
ard may be a Trojan horse of another color, here is an excerpt of Microsoft's
explanation of this apparentlly blameless piece of software. OK, guys, the
Wiz is clean, but the PR hit was avoidable...]

>>From WinNews Vol. 2 #8, June 5, 1995


> REDMOND, Washington - May 30, 1995
> Microsoft today responds to customer confusion
> with the on-line registration option of Windows 95.
> Microsoft reassures customers the on-line registration
> feature preserves user privacy. The confusion began
> last week when an industry publication incorrectly
> reported that the on-line registration option sent
> information on customers' computer systems to Microsoft
> without consent. This article, and several subsequent
> posts on the Internet, alleging the unauthorized query
> and sending of customer information, are not accurate.
> In fact, the on-line registration option is simply an
> electronic version of the paper-based registration card
> that will ship in the Windows 95 product box. Similar
> to many paper-based registration cards, on-line
> registration is completely optional and allows customers
> to provide their system information for product support
> and marketing purposes.
...
> The on-line registration process uses three steps
> to register customers. Customers are asked to provide
> information such as Customer Name, Company Name, Address
> and Phone Number. Customers are then presented the option
> of providing information about their computer system's
> configuration. A screen displays a list of the computer
> system's configuration information - such as the processor
> type, amount of RAM and hard disk space, and hardware
> peripherals such as network card, CD-ROM drive, and sound
> card.
...
> Customers must review and explicitly choose to
> provide the information or it is not sent. Customers are
> then presented with a list of application programs that
> reside on the local computer and asked if they would like
> to provide this information as well. The list of
> products is gathered by the registration program which
> looks for a list of programs on the local hard disk.
> The user must again explicitly choose to provide this
> information as part of the registration process or it is
> not sent.
>
> Once the user chooses to send the information, the
> registration process is completed by sending the
> registration information to Microsoft. On-line
> registration uses the transport of the Microsoft Network
> to send the information. The customer does not have to be
> a Microsoft Network subscriber to register on-line, and
> once registered, the customer is not a Microsoft Network
> subscriber. Registering Windows 95 is a separate process
> from signing up for the Microsoft Network. Contrary to
> reports, the on-line registration feature does not query
> serial numbers or product registration information
> designed to fight software piracy. It also does not query
> computers on the local or wide-area network. For a list
> of the exact information gathered by on-line registration,
> the user can view the REGINFO.TXT file found in the
> C:\WINDOWS directory of the local computer.


TBTF alerts you 3 times a week to bellwethers in computer and communications
technology, with special attention to commerce on the Internet. To subscribe
email me at either address below.
______________________________________________________
Keith Dawson dawson dot tbtf at gmail dot com dawson@atria.com
Layer of ash separates morning and evening milk.