Comments on: Xupiter hell

Xupiter hell

konolia — Sat, 30 Nov 2002 18:48:30 -0800

You geeks out there probably already know about the hell that is xupiter, and other parasite programs from Hades. I had to learn the hard way.

By: konolia

konolia — Sat, 30 Nov 2002 18:51:40 -0800

Google is full of geek sites that discuss how to get rid of xupiter. As a non-geek I am flabbergasted that such a thing exists. All of you who don't know what the heck I am talking about-go to Google. Unless it's too late, in which case you will be told that Google doesn't exist, and escorted directly to the xupiter "search engine".

By: mcsweetie

mcsweetie — Sat, 30 Nov 2002 18:52:17 -0800

and then, of course, there's Ad Aware. run it often!

By: konolia

konolia — Sat, 30 Nov 2002 18:53:37 -0800

Ad Aware didn't get rid of it all for us. But having a geeky husband has its advantages!

By: stavrosthewonderchicken

stavrosthewonderchicken — Sat, 30 Nov 2002 18:54:56 -0800

I recently ran across this web-based parasite checker, which includes a check for Xupiter. Share and enjoy. Probably IE only, though.

By: mcsweetie

mcsweetie — Sat, 30 Nov 2002 18:55:09 -0800

tell me about it! (and it would appear as though ad aware was already mentioned in the article. SORRY, GOD.)

By: F Mackenzie

F Mackenzie — Sat, 30 Nov 2002 19:24:20 -0800

I guess I didn't get the memo-- this Xupiter issue is news to me. Would someone explain to me the ways in which it installs itself? Please don't tell me you have to consent via an Active-X popup... certainly there is a more nefarious way in which this bugger infests the victim?

By: whatzit

whatzit — Sat, 30 Nov 2002 19:34:56 -0800

Sorry, Mackenzie, it's an Active-X popup. Good ploy though - it apparently tells you that "Xupiter toolbar is not installed properly. Please reinstall." Click, install, be infected.

By: whatzit

whatzit — Sat, 30 Nov 2002 19:37:41 -0800

Blech. Wrong link, though still interesting. The long spywareinfo.com thread, and a shorter google groups thread.

By: dorian

dorian — Sat, 30 Nov 2002 19:51:03 -0800

My best advice: don't use IE or outlook on windows (get opera or phoenix already!); don't install anything you don't really need to have...there are plenty of good, free (as in speech) softwares on sourceforge/freshmeat (yes, even for windows*)...and always make sure the "free" software you are installing is sans strings; installing warezed applications is a very bad idea, and not just in terms of ethics. Apparently people are still not immune to the most crude and childish of social engineering, but running lunix or mac will generally insulate one from this insanity, heh. *e.g., filezilla, 7zip

By: mishaco

mishaco — Sat, 30 Nov 2002 19:53:01 -0800

besides ad aware , which is a good idea after every install ( if yer paranoid ) . you should also get zone alarm ( a firewall ) and pop up stopper ( a pop up window killer ) . both are free fer personal use . you neednt be geeky to be a lil more secure .

By: F Mackenzie

F Mackenzie — Sat, 30 Nov 2002 20:27:29 -0800

Whatzit, I'm still amazed at the number of people who say "yes" when some unknown installer attempts its nefarious act of sabotage. Remember folks, the Internet is just like drugs-- when someone offers you something you've never seen before, just say no.

By: Slithy_Tove

Slithy_Tove — Sat, 30 Nov 2002 21:44:52 -0800

Remember folks, the Internet is just like drugs-- when someone offers you something you've never seen before, just say no. No, no, the Internet is like penises! [gratuitous self-link]

By: photoslob

photoslob — Sat, 30 Nov 2002 22:54:32 -0800

I'm generally happy anytime a journalist cares to name drop Apple products - if even just a token reference - but the mention of Mac's in this piece is a bit absurd. First, Mac users to the best of my knowledge don't have to deal with this type of thing - be it due to market share, superior products or plain old suckiness - whatever. Second, to suggest that if we did that the only way to do away with all the nasty little apps hiding in the recesses of our hard drives is to spend $50 when similar freeware solutions for PC's exist is just plain dumb and helps perpetuate the Mac vs. PC myths. Last, because this guy (and the fact checkers) failed to do his homework makes me call into question the entire piece. I'm not saying what he's describing doesn't actually happen but does this piece really do anything but whip up a little false hysteria with it's cyber-terrorism slant?

By: dejah420

dejah420 — Sat, 30 Nov 2002 23:22:01 -0800

No, no, the Internet is like penises! - Slithy_Tove You're an odd, odd duck. I *like* that about you! ;)

By: costas

costas — Sat, 30 Nov 2002 23:50:51 -0800

I use IE exclusively and surf a lot --and scan regularly with Ad-Aware-- yet I don't get spyware. Two rules: 1. Be careful what you download; never open a .exe or .vbs attachment. Never get shareware directly from a website --go to download.cnet.com and/or tucows.com and check the user comments beforehand. Spyware gets "blacklisted" pretty early. 2. Run a local, web-scrubbing proxy on your machine. Then point IE to it, instead of your dial-up or LAN connection. My favorite is The Proxomitron. No ads, no JavaScript, no Flash (unless you tell it to), no web-bugs and much faster surfing. As an added bonus, the Proxomitron can handle multiple web setups and switch between them transparently (for those road-warriors like myself).

By: quonsar

quonsar — Sun, 01 Dec 2002 00:06:04 -0800

3. Write your attorneys general. If I tell you that your water meter is installed improperly in order to gain access to your home and install my own metering device, i would be jailed. No reason for the Xupiter CEO to avoid the same result, along with those who bring you ads masquerading as OS window components, "internet speed warnings" etc etc etc. Explain how the fuck anybody here can excuse this as good ole american entrepreneurship, and you've just explained Enron Etal...

By: thorswitch

thorswitch — Sun, 01 Dec 2002 04:39:47 -0800

I had visted a site the other day that asked me if I wanted to download Xupiter. I said "no", as I never download things like that - yet the next time I tried to restart my computer, I got a message telling me that the Xupiter Toolbar whatever had crashed. Apparently, even though I denied it permission to install itself, it tried to anyway.

By: straight

straight — Sun, 01 Dec 2002 12:51:12 -0800

Spybot Search and Destroy is another excellent freeware product for rooting these things out of your system.

By: Vetinari

Vetinari — Mon, 02 Dec 2002 07:12:47 -0800

on the Mac issue: yes, users of alternative operating systems (anything not out of Redmond, that is) have to deal with a whole lot less in the way of spyware, worms, etc. Microsoft apologists generally whine that such is the cost of running the leading platform, as crackers and spyware companies (err, Innovative Online Demographic Collection Enterprises) see no need in targeting the other 5% when you can cover the vast majority of the computer user community by taking advantage of Microsoft exploits. While this does contribute, the fact is that anything derived from DOS (consumer Windows through WinXP) or the original WinNT base (NT, 2k) is stuck in the single-user world. There has been over time an attempt to bolt on multiuser security - the NTFS permission system is a competent go at an ACL based filesystem - but the drive to add or retain whizzy features for integration among Windows, Office, and IE has been done in this single-user vacuum, leading to all sorts of ways around the user-level security. All of the solutions discussed here - from the pay ones I'm sure the Time author found through PR channels, to the generally superior freeware and shareware products mentioned here - are somewhat inelegant. The simple solution would be to implement and use and operating system security model that prevents untrusted software from modifying the system at the system level - an approach followed by most Unices since the Nixon administration, and by Apple recently with the release of Mac OS X. Yes, there is the fact that OS X provides an easy to use permission escalation system when you try to do something your user account isn't allowed to, but the escalation is always presented by the system in a uniform way, and always requires your password, and only if your account has the appropriate permissions. I've seen something similar in Win2k-land but I've had mixed luck trying to use software written before 1999 with anything other than Administrator privileges. There's probably a whizzy new feature in WinXP that handles this a bit better, but since we're talking about security here, WinXP is automatically disqualified because its license agreement grants Microsoft Corporation arbitrary remote Administrator access for basically any purpose it sees fit. Such changes will not be easy for Windows - Unix had no legacy support to worry about when it went multiuser, and Apple had the good sense to take all of its past ugliness and stuff it in an isolated box at the system level (Classic). Microsoft maintains the strength of its monopoly on absolute (or at least uniformly poor) compatibility. In my little anti-Microsoft worldview, I'm hopeful this will be one instrument of their downfall. Until then, I wholeheartedly agree we should throw Xupiter's CEO in the klink.

By: delmoi

delmoi — Mon, 02 Dec 2002 13:18:01 -0800

Vetinari: I'm an anti-mac person myself, but I have agree with you somewhat :( 99% of everyone who maintains their own computer with windows runs at admin level 99.999% of the time. I know I do. And a lot of this *could* be solved by a proper multi-user environment being set up to begin with. In an ideal world windows would be set up like the JVM, where you have to manualy grant permissions to programs to access things like the filesystem, or the network (other then to computers that the thing was downloaded from) or even the printer. On MacOS a 'bad' peice of software could still delete your personal files (for example, your MP3s), or read anything thats accessable without you typing in your password (like your browser cache...) So mac spyware, if it was written, could do a lot of what windows spyware could do, it would just need to be smarter. And if you were a regular 'clueless' mac user, if you found some cool software you might be tempted to type your password in if the installer asked you for it. --- That said, I do not understand why this stuff is legal. I mean If I thew "I have the right to ass-rape you" into a EULA, and then came and ass raped someone, I'm pretty sure I would go to jail...

By: deborah

deborah — Tue, 03 Dec 2002 02:16:32 -0800

i was never asked nor gave any permission to Xupiter install itself on my computer yet it did so anyway. i was perusing, of all things, the old Kaycee Nicole stuff here and elsewhere. somewhere in the offsite links there is a popup that downloads it without permission. and i'm with konolia - thank the gods for a geeky husband. he quickly found the fix by Googling for it.

By: Darke

Darke — Tue, 03 Dec 2002 08:58:02 -0800

Interestingly enough, I had a xupiter.com url in my referrers logs today.