Sears.com: Join the Community – Get Spyware

I originally published this blog at http://community.ca.com/blogs/securityadvisor

Published:         December 20 2007, 10:30 AM         by         Benjamin Googins

Update to this blog here.

While Christmas shopping online this season, be careful what you are signing up for.

Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a chance to join My SHC Community, for free, but what I received was, from a privacy perspective, very costly.  Sears.com is distributing spyware that tracks all your Internet usage – including banking logins, email, and all other forms of Internet usage – all in the name of “community participation.” Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer.  In other words, if you have installed Sears software (“the proxy”) on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software.  In fact, while registering to join the “community,” very little mention is made of software or tracking.  Furthermore, after the software is installed, there is no indication on the desktop that the proxy exists on the system, so users are tracked silently.  An interesting note, the spyware Sears distributes is “genetically” related to software CA Anti-Spyware has detected for a few years by the name of MarketScore (and other aliases) and distributed by other websites.

A Significant Threat to Privacy

Here is a summary of what the software does and how it is used. The proxy:

  • 1. Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.
  • 2. Monitors secure sessions (websites beginning with ‘https’), which may include shopping or banking sites.
  • 3. Records and transmits “the pace and style with which you enter information online…”
  • 4. Parses the header section of personal emails.
  • 5. May combine any data intercepted with additional information like “select credit bureau information” and other sources like “consumer preference reporting companies or credit reporting agencies”.

In addition, My SHC Community requires a variety of personal information during registration – like name, email, address, city, state, and age.  All of this information can be correlated with intercepted data to create a comprehensive profile.

A Look at Network Traffic

When I analyzed my network traffic, knowing my machine was compromised, I expected to see data being sent to a domain registered by Sears.  Not the case.  All of my data was actually transmitted to the domain oss-content.securestudies.com (IP address: 209.247.230.166).  If you look at the figure below of data captured using Wireshark, you will see a simple web transaction I made via Google.  After the Google page was requested and loaded, a duplicate copy was sent to oss-content.securestudies.com.

The current registrant of the domain securestudies.com, is not Sears, but comScore.  comScore is a market research company, and my data is being sent to comScore without any mention of this in the Sears privacy policy. Both companies are yet to respond to an email I wrote asking how they use the data they receive from the Sears proxy.  I had sent a previous email to Sears asking some general questions about the “Community” and they responded promptly, but I am still waiting for either to respond to my inquiry on how comScore uses my data.  I am concerned.

A Blatant Lie or Misinformed?Sears makes the following statement: “The personal information that you give myshccommunity.com when you register as well as any personal information that you give during the completion of a communication is stored in a confidential database owned by myshccommunity.com and is never delivered to a client. myshccommunity.com never sells your personal information to any company for any reason.”  When I registered I looked over my network traffic, and all form data (name, address, etc), is sent to 66.119.41.87.  This IP address is registered to comScore.  This is almost laughable (in a scary privacy violation sort of way).  I enter data on a page branded Sears, saying my data is stored on a secure database owned by Sears, but when I submit the data it is sent to comScore, a third party market research company.

Lack of Prominent Notice and Informed ConsentThe problem with the installation process is that it does not prominently emphasize that by completing the registration process, the user’s computer will be intensely tracked.  Here are the basic steps of the registration (installation): 1)      I visited Sears.com (a repeat test of Kmart test produced a similar popup) and was presented with a sliding toast popup (see image, below).  The popup covered the Sears.com homepage and required that I find the hidden (in this case, the micro X in the upper right) exit button. The popup asked me to join the Sears community and enter my email address.  On this page, there is no mention of tracking software, only the “community”.

2)      I received an email and clicked ‘join today’.  In the 7 or 8 paragraphs describing the “community” on this page, Sears buries its mention of ‘tracking’ in the third sentence of the fourth paragraph.

3)      I was taken to a Sears landing page.  I clicked ‘join today’.  There was absolutely no mention of “software” or “tracking” on this page, but plenty of bullet points telling me about the joys of being a member and how my ‘voice counts’.

4)      A page opened asking me to fill in personal information.  There is no prominent mention that I am agreeing to install tracking software on my computer.  One sentence mentions that the information entered on the page will be used to “assist SHC in providing you the most relevant information, communication, and content customized to your needs.”  Also, at the bottom of the page is a small scroll box with the privacy policy.

5)      After filling out the forms, the software download started.  After the proxy software installed, there was nothing to indicate that it was actually installed.  Since installation, I have not received any follow-up emails from the “community” or any other form of communication reminding me of my “membership.”  All data continues to be logged – luckily the research is being conducted on a test machine.  Today I went to Sears.com and did not receive the sliding popup mentioned above, but clicked a link titled ‘join My SHC Community’. Following this link, I was never presented with the minimal notice listed in step 3 above.  Furthermore, because the proxy tracks silently, anyone else who uses a compromised system will have their web usage tracked. There are no technological controls in place to control inadvertent tracking.

The Privacy Policy

When I originally did the research for this post a few weeks ago, Sears had put together a privacy policy that did a reasonable job of explaining clearly how the proxy operates.  Suspiciously, when I looked at the privacy policy today, all of the direct, clear language has been removed and replaced with vague legal terms.  To give you an idea of what I am talking about, the original privacy policy mentioned the word “software” 11 times – in the policy published today, it is not mentioned even once.  In the old policy, “tracking” was mentioned 3 times – in today’s version it is not mentioned even once.   The word “application” – from 32 mentions to none.  Why did they pull out all the descriptive language and replace it with vague legal language?  Some sections that have been totally removed from the Privacy Policy:

  • ‘Once you install our application, it monitors all of the Internet behavior that occurs on the computer’
  • ‘software application also tracks the pace and style with which you enter information online’
  • ‘Our application may collect certain basic hardware, software, computer configuration and application usage information about the computer’

The direct language above has been replaced with a Privacy Policywith mushy language like:

  • ‘myshccommunity.com gathers information about its members to provide superior service, communicate offers on merchandise and services’
  • ‘We use this information to customize your experience on our website and to provide you with the most relevant products and services.
  • ‘we make commercially viable efforts to automatically filter confidential personally identifiable information such as UserID, password, credit card numbers, and account numbers’

Unresolved Questions

  • Why didn’t Sears disclose that my data, that related to registration and data sent by the proxy, is actually sent to comScore?
  • Why won’t comScore answer my questions about how they use my data?
  • Why has Sears removed all the clear language from the Privacy Policy and replaced it with vague legal language?
  • Why isn’t the registration process clear that the user is actually signing up to install tracking software?

Conclusions

Sears.com is pushing software with extensive user tracking capabilities and doing a very poor job of obtaining informed consent – if at all.  After the proxy software is installed on the user’s system there is nothing on the user’s desktop to indicate their every move on the Internet is being collected and sent to a third party market research company, comScore.

By: Benjamin Googins

avatar

Benjamin Googins is a senior engineer working on CA’s Anti-Spyware product. His primary functions include analyzing spyware and privacy breaches, fielding press inquiries, blogging and drafting documents. He has been a significant contributor to the User Permission document , Spyware Scorecard , Threat… Read More..

72 people have left comments:

Benjamin,

Nice write up, thanks for doing this.  Is CA going to add an antivirus/antispyware signature for this software to its products?

Posted by:                             James F. |                             December 21, 2007 11:55 AM

Benjamin,

Nice job, thanks for the detailed write-up.  Is CA going to add this software’s signature to their antispyware product(s) ?

Posted by:                             James F. |                             December 21, 2007 11:59 AM

In my blog post yesterday I reported that there was a significant change in how the privacy policy for

Posted by:                             CA Security Advisor Research Blog |                             December 21, 2007 2:13 PM

Thanks James.  Yes, this software is detected by CA Anti-Spyware by the pest name “Software.com proxy”.  Also, I just posted an update to this blog: community.ca.com/…/sears-update-privacy-policy-scorecard-and-genetic-heritage.aspx

and here is more info on the spyware detections: ca.com/…/pest.aspx

Posted by:                             Benjamin Googins |                             December 21, 2007 2:21 PM

Earlier today comments were submitted by Rob Harles, VP SHC Community, to my original blog posting titled

Posted by:                             CA Security Advisor Research Blog |                             December 22, 2007 1:02 AM

Do what I did. Write customer service, the webmaster (webmaster@customerservice.sears.com), the CEO (alewis1@searshc.com) and give them a piece of your mind.

Posted by:                             Scott |                             December 24, 2007 11:59 PM

On December 29, Rob Harles, the SVP for Sears’ SHC, submitted a comment to my post titled: ”

Posted by:                             CA Security Advisor Research Blog |                             January 2, 2008 6:39 PM

Sears never learns. They have been sued (and lost) many times, yet they still keep on with their less than ethical ways. Hiding behind lawyer jargon won’t help them on this one, I think there may be another “settlement” in their future.

Posted by:                             George |                             January 2, 2008 8:13 PM

Better still, don’t join the community

Posted by:                             David Johnson |                             January 2, 2008 8:14 PM

is it the same for Kmart in Australia (kmart is owned by wesfamers there)

Posted by:                             anon |                             January 2, 2008 10:29 PM

If myshccommunity.com never sells your personal information to any company for any reason, how can they share it with Sears?

Posted by:                             31d1 |                             January 2, 2008 10:58 PM

What Sears does is outright illegal and ought to be prosecuted.

Posted by:                             Anonymus |                             January 3, 2008 4:34 AM

Hmmm… another example of a Windows-only exploit. Glad I made the transition away from Microsoft’s perpetually compromised “system” years ago. I don’t make a living from supporting Microsoft products, but even so, I dislike what Sears is doing even more.

Posted by:                             bluebox |                             January 3, 2008 8:10 AM

OMG!  Check out a sears site  managemyhome.com.  Once you register you can look up purchase information for ANYONE by just putting in their name address and phone number.  Sears has you enter a code and says that keeps you info safe, but that is pretty useless — I think that just prevents a script from being created, but DOES NOT stop people from entering in any eles info to get the purchase info on big ticket items — this could bring casing someone’s house to a whole new level!!

I contacted the privace e-mail that the site provided, but no one ever responded.  Anyone with any ideas about how to get this service off the web, I would be open to suggestions.

Posted by:                             Heather |                             January 3, 2008 10:40 AM

OMG!  Check out a sears site  managemyhome.com.  Once you register you can look up purchase information for ANYONE by just putting in their name address and phone number.  Sears has you enter a code and says that keeps you info safe, but that is pretty useless — I think that just prevents a script from being created, but DOES NOT stop people from entering in any eles info to get the purchase info on big ticket items — this could bring casing someone’s house to a whole new level!!

I contacted the privace e-mail that the site provided, but no one ever responded.  Anyone with any ideas about how to get this service off the web, I would be open to suggestions.

Posted by:                             Heather |                             January 3, 2008 10:41 AM

I’ve sent off links to this blog to some local consumer groups so that the word can be put out.  Thank you for this valuable insight.  You are right the average user would be clueless about what this software actually does.

Posted by:                             Brian |                             January 3, 2008 11:59 AM

No wonder my mom is always getting viruses.  She’s definitely not getting it from porn – they have a dish for that.  Sears will hopefully pay for this mistake.  Unfortunately it probably means more ugly pattern sweaters next holiday season either way.

Posted by:                             Ryan |                             January 3, 2008 1:07 PM

Surreptitiously installing surveillance software on someone’s computer without their express consent in Texas is a felony crime.

Posted by:                             Kenneth Radcliffe |                             January 3, 2008 1:53 PM

I almost fell into this trap until I caught the mention of tracking in the earlier EULA.   I decided to continue on to see if there were forums or whatever, only to find out it wanted to infect my Internet Exploder – Haha, I have a Mac and well…it wouldn’t even let me in!

Stick it, Sears – You’ve lost a loyal customer.

Posted by:                             TheSpatulaOfLove |                             January 3, 2008 3:18 PM

Until recently, I worked in IT for this bunch of buffoons.

Every one with a job title of Director or better has no spine at all.  Nobody in corporate leadership has any principles.  The first entry on their Corporate Values list is “Make More Money”.  It does not surprise me that this is the sort of stuff that they pull.

You might also try sending an email to Karen Austin (CIO) about this <kaustin@searshc.com>.  I’m sure she would be glad to hear from you.  It was her job to shoot down this hare-brained scheme in the first place.

Posted by:                             Pigdog |                             January 3, 2008 3:41 PM

www.zoominfo.com/…/PersonDetail.aspx

Rob Harles is ComScore VP.

Posted by:                             Timmy O’Toole |                             January 3, 2008 3:56 PM

Mr. Rob Harles

Senior Vice President

comScore Networks , Inc.

www.zoominfo.com/…/PersonDetail.aspx

Posted by:                             Rob Harles |                             January 3, 2008 4:09 PM

If anyone is interested in joining a class action regarding access to private information on sears website managemyhome.com e-mail me at cometogether73223@gmail.com.  There are a few privacy orgs interested in taking this on.  Also, please feel free to forward it on.  I will forward them info about the sears community tracking and see if they have in interest in that as well.

Posted by:                             heatherh |                             January 3, 2008 4:17 PM

first, Sears was bought out by Kmart, so it isn’t the company it used to be. It is just another greedy company in sheep’s clothing. Second, this is by no means unique. Other sites are just a little more slippery about getting caught. If you think you are anonymous on the internet you have seriously deluded yourself. Marketing companies, the government, retail companies all know far more about you than you imagine. The only difference is that tracking you has become more visible and bolder than before. We have GPS and Onstar in cars, cameras at intersections, chips added to drivers licenses in some states and sooooo much more.

Posted by:                             AnotherFlyOnTheWall |                             January 3, 2008 4:28 PM

hey PigDog.  Do you have Edwin’s e-mail address too?  So who was the brainchild in charge of the community?  Was it Paul Miller or Maureen

Posted by:                             summerlover |                             January 3, 2008 4:48 PM

anon, I have not tested KMart Australia.

Posted by:                             Benjamin Googins |                             January 3, 2008 5:55 PM

31d1,

My SHC Community is a operated by Sears.

Posted by:                             Benjamin Googins |                             January 3, 2008 5:57 PM

This is the same as the old Marketscore ossproxy. We have snort signatures in the emergingthreats ruleset: 2001564 and 2001562

http://www.emergingthreats.net

Posted by:                             Matt Jonkman |                             January 3, 2008 5:58 PM

It doesnt surprise me a bit, I used to work for the slimeballs.

Posted by:                             John E. |                             January 3, 2008 6:02 PM

I found this gem on the TMRG Web site:

www.tmrginc.com/Priv.aspx

This pretty plainly spells out the info they are gathering. It doesn’t spell out that they are part of Comscore Network, but I use the Netcraft Toolbar to tell me who is who:

http://www.netcraft.co.uk

McAfee’s SiteAdvisor has them listed as a green site, no complaints.

Posted by:                             Empedocles_of_Agrigentum |                             January 3, 2008 6:20 PM

I found this gem on the TMRG Web site:

www.tmrginc.com/Priv.aspx

This pretty plainly spells out the info they are gathering. It doesn’t spell out that they are part of Comscore Network, but I use the Netcraft Toolbar to tell me who is who:

http://www.netcraft.co.uk

McAfee’s SiteAdvisor has them listed as a green site, no complaints.

Posted by:                             Empedocles_of_Agrigentum |                             January 3, 2008 6:20 PM

TMRG’s Web site has this:

www.tmrginc.com/Priv.aspx

Their data collection policy is pretty plainly laid out. Their connection with Sears/K-Mart/ComScore isn’t, but I use the Netcraft toolbar to tell me who is pretending to be someone else. McAfee’s SiteAdvisor has them as a green site, no complaints.

Posted by:                             Slidewinder |                             January 3, 2008 6:24 PM

Looking at <www.tmrginc.com/Priv.aspx>, their data collection policy is pretty clear, but their affiliation with Sears, KMart, and ComScore is not. The NetCraft Toolbar show them to be hosted by Comscore. McAfee’s SiteAdvisor shows them as a green bubble site, no complaints.

Posted by:                             SlideWinder |                             January 3, 2008 6:27 PM

Matt Jonkman,

the Sears software is very similar, though not identical to the Marketscore ossproxy (and RelevantKnowledge, Internet Acclerator, etc).  As I mention in this blog post – ‘the spyware Sears distributes is “genetically” related to software CA Anti-Spyware has detected for a few years by the name of MarketScore’ – the Sears software is an evolved version of something spyware dating back to at least 2002 or 2003.

thanks.

-Benjamin

Posted by:                             Benjamin Googins |                             January 3, 2008 6:29 PM

Looking at TMRG’s Web site

http(colon)(whack)(whack)www(dot)tmrginc(dot)com(whack)Priv(dot)aspx

Their data collection policy is pretty clear. Their affiliation with Sears, KMart, and Comscore isn’t. Netcraft’s Toolbar shows them as hosted by Comscore Network, Inc. McAfee’s SiteAdvisor shows them as a green site, no complaints.

Posted by:                             SlideWinder |                             January 3, 2008 6:33 PM

This will succeed.  It’s all about ‘Community’.  Evey one wants to be socially accepted.

—  CHAS

Posted by:                             Charles |                             January 3, 2008 8:41 PM

Told yah big brother was coming !

Posted by:                             Aldous Huxley |                             January 3, 2008 10:56 PM

You didn’t believe me ?

Posted by:                             Aldous Huxley |                             January 3, 2008 10:57 PM

I got invited to My SHC and it was obvious to me that they were going to install SpyWare on my computer.  I’m no lawyer nor am I paranoid, so I don’t feel like they were trying to hide anything.  If you sign their contract, then what happens afterwards is your own fault.  If people are too illiterate or irresponsible to read contracts, they deserve what they get.

Posted by:                             Alejandro |                             January 4, 2008 1:54 AM

I hope they lose big.

Posted by:                             weighing_in |                             January 4, 2008 2:24 AM

thanks for all your hard work.

Posted by:                             blue |                             January 4, 2008 9:16 AM

Never mind complaining, tell us how to uninstall it.

Posted by:                             sucker |                             January 4, 2008 12:04 PM

Yes, how do you get if off once its installed?

Posted by:                             Meme |                             January 4, 2008 12:43 PM

Alejandro, I disagree.  The unfortunate reality is that the current install routine for the My SHC software lacks prominent notice and confirmed informed consent.  First, the popup on Sears.com made absolutely zero mention of tracking software.  That is a critical point in ones decision-making.    Second, the inivitation email buries two sentences in the middle a 582 word email.  Most reasonable people have a million other things to do, so they rely on headers, topic sentences and highlighted areas to help point them at important information.  In addition, the two measly sentences lack useful information like where and when tracking will occur.  Too little information for such extreme tracking!

Posted by:                             Benjamin Googins |                             January 4, 2008 12:49 PM

blue,

thanks.

-Benjamin

Posted by:                             Benjamin Googins |                             January 4, 2008 12:50 PM

No freakin wonder sears is falling through it’s a**

Posted by:                             T-R-A |                             January 4, 2008 1:01 PM

sucker,

the Sears software uses a variety of registry and file objects to operate.  One of the key components lies in the sytem32 directory by the filename srhc.exe.  I ran this executable through a multi-scanner (scans with a variety of AV and AS engines) a few weeks ago and only a handful of vendors detected that file, today at 12:52 PM (eastern time) the following engines detect it:

AhnLab-V3 = not detected

AntiVir = ADSPY/MarketScore.k

Authentium = not detected

Avast = not detected

AVG = not detected

BitDefender = not detected

CA AntiSpyware = Sears.com proxy

CAT-QuickHeal = AdWare.RK.q (Not a Virus)

ClamAV = not detected

DrWeb = DLOADER.Trojan

eSafe = not detected

eTrust-Vet = not detected

Ewido 4.0 = Not-A-Virus.Adware.RK

FileAdvisor = not detected

Fortinet = Adware/OSS

F-Prot = W32/Adware.ZBI

F-Secure = not detected

Ikarus = not-a-virus:AdWare.Win32.RK.q

Kaspersky = not-a-virus:AdWare.Win32.RK.q

McAfee = potentially unwanted program Proxy-OSS

Microsoft = Win32/Comscore.gen

NOD32v2 = probably a variant of Win32/Genetik

Norman = RK.AG

Panda = not detected

Prevx1 V2 = Adware.RelevantKnowledge

Rising = not detected

Sophos = not detected

Sunbelt = Marketscore.RelevantKnowledge

Symantec = not detected

TheHacker = not detected

VBA32 = AdWare.Win32.RK.q

VirusBuster = Adware.MarketScore.A

Webwasher-Gateway = Ad-Spyware.MarketScore.k

I suggest using an anti-spyware product to remove unwanted software.

Posted by:                             Benjamin Googins |                             January 4, 2008 1:03 PM

blue,

thanks for the feedback.  very much appreciated.

-Benjamin

Posted by:                             Benjamin Googins |                             January 4, 2008 3:07 PM

Alejandro…. I have not visited their site recently nor installed any spyware from Sears on my computer…..

I HAVE made big ticket purchases through Sears, however…… I, for one, am extremely upset that MY purchase history can be viewed by others…..

this leaves a wide door open for warranty scams and makes my household more vulnerable to being “cased” by thieves who can find out what types of big ticket items are available for the picking……

if anything happens because of that information being provided to the public, it is not because I was “too illiterate or irresponsible to read contracts”….. it is because Sears was irresponsible with personal information that has no business being blasted across the web…..

Signed,

A Former Sears Customer

Posted by:                             *gasp* |                             January 4, 2008 3:35 PM

Ummm. what about HIPAA, if you do any online medical related items.. i.e your health care, order medication online etc.  They are capturing that information.. How are they protecting your information?  If you unknowningly are sending your medical information to these third parties, I believe they are breaking the law….  Remember all the HIPAA papers you had to sign when you visited the doctors? Just another law suite…  There are cast studies regarding items such as this…

Posted by:                             Tommy G |                             January 4, 2008 4:04 PM

Think about HIPAA – All those papers you signed when you visited your doctors.  Anyone order their meds online, how about visit your HMO’s web page or review your medical info.  Did SEARS provide you with a HIPAA release form prior to capturing all your medical information and sending that to a marketing firm?  Um… Legal team take action… Sounds like a company with deep pockets has done something stupid again…

Posted by:                             Tom G |                             January 4, 2008 4:09 PM

How many of use have gone to our Doctor’s office and signed all the notices of HIPAA regulations and such.  How many of you have used the interent to Order your meds from Walgreen’s or such.  Who has visited their HMO’s website to review medical bills and out of those who’s had to accept their HIPAA statements.  Now Who has signed Sears HIPAA statement allowing them to share your medical information with these third parties?  Isn’t that against the Law?

Posted by:                             T Gast |                             January 4, 2008 4:27 PM

This is an update to my blog post from yesterday evening. As of this afternoon, Sears has removed the

Posted by:                             CA Security Advisor Research Blog |                             January 4, 2008 6:48 PM

Those of you with the excellent “UserAgent Switcher” extension for Firefox might like to try logging a message with your UA string. Simply visit any of their sites while running a fake UA string like:

Description: YOUR-SPYWARE-SUCKS!!!

User Agent: YOUR-SPYWARE-SUCKS!!!

App Name: YOUR-SPYWARE-SUCKS!!!

App Version: YOUR-SPYWARE-SUCKS!!!

Platform: YOUR-SPYWARE-SUCKS!!!

Vendor: YOUR-SPYWARE-SUCKS!!!

Vendor Sub: YOUR-SPYWARE-SUCKS!!!

(heh.)

Posted by:                             Blinky the Hitman |                             January 4, 2008 7:41 PM

Sorry on he HIPAA front.  Retailers are not covered entities under HIPAA, they can do anything they want.

Posted by:                             dr. dance |                             January 4, 2008 10:42 PM

Thanks a lot Ben!

It’s people like you who keep the heat on those who will take advantage of other human beings.  Those who choose to ignore the Golden Rule stain their souls.

Excellent point made by Tommy G above. Medical info of a lot of people will have been shared.

— supposing technically *somewhere* in their jargon they had mentioned the software, they still have crossed that line of “reasonableness” inherent in the U.S. law

Since this is against the law, I believe those responsible should be liable for jail time.  People caught breaking & entering, stealing data, plus distributing it to others, should be prosecuted.

That said, has any of the people from **SONY** responsible for doing the same thing, ever been put on trial?

—-> What would happen to me if I did the same????  <—–

Posted by:                             Ballpeen |                             January 5, 2008 2:38 AM

Big picture:  this is indicative of a disturbing widespread lack of ethics in the IT workforce.  Does this have its roots in the last 15 years of wink-nudge attitude towards hacking?  Mid-level technologists who developed hacking skills as teens are now working in corporate IT groups.  What leads us to believe that these leopards have shed their spots?  The best predicter of future behavior is past behavior.

Posted by:                             D D Wressell |                             January 5, 2008 11:01 AM

Damn, criminals have done again. First, they destory Mortgage, stealing info from intellus, stealing ss#,  and hijacking corporation’s assets.

Could Computer Assiocate track down spyware on job websites such as hotjobs, simplyhire, etc?

People got telemarketing calls from these job websites.

Posted by:                             Jimmy |                             January 5, 2008 5:26 PM

Thank all of you so much for using your knowledge and taking the time and making the effort, very much appreciated.

Now how do I get this out of my computer.

Posted by:                             David Glenn |                             January 8, 2008 4:30 PM

Welcome to Capitalism

Posted by:                             dev |                             January 9, 2008 1:26 PM

Got this email yesterday, probably as a result of emailing via contact forms asking for contact information for an executive-level privacy officer at Sears. My favorite part is that it’s from “Kevin L”, a “manager”.

Dear Customer,

We appreciate your feedback concerning the various news stories that have been published over the last week mentioning Sears Holdings and possible violations of customers’ privacy..

First, it has been claimed that myshccommunity.com was using spyware to obtain your information without your knowledge.  We wanted you to know that not only are these allegations false, Sears has taken a number of steps to protect your privacy and wants to assure you that all information you may have shared with us remains confidential and safe.

Members joining My SHC Community through the website link or general email are not tracked. You can only become a tracked member of the My SHC Community if, as you are signing up to join, you receive an invitation from us to install the software.  These invitations are generated randomly and, by design, only a small percentage of the Community has been invited to participate.  Users are free to decline to participate in the tracking functionality and still be a member of the Community.

Second, it was reported that it is possible for users to obtain information about other customers concerning the type of appliances customers purchased, the brand of the appliance and if the customer maintained a protection agreement on the product when registered on http://www.managemyhome.com.

We wanted you to know that we take our customers’ privacy concerns very seriously.  As a result, we have turned off the ability to view a customer’s purchase history on managemyhome.com until we can implement a validation process that will restrict access by unauthorized users.

The purchase history functionality was added to provide you with easy access to useful information about products you might have purchased from Sears.  Customers told us that it was a helpful feature for working with the other tools and information available on the site.

We can’t stress strongly enough how committed Sears Holdings is to protecting our customers’ privacy.

Kevin L.

Manager

Sears Holdings Corporation

Posted by:                             Gene |                             January 10, 2008 3:00 PM

I’m a novice when it comes to computer. I completed the survey offer by SHC Community. How do I find if I have this on my computer? And how do I delete it?

Posted by:                             K.S. Lyons |                             February 27, 2008 11:29 PM

i just hope that they lose big deal

Posted by:                             Tracy Esau |                             February 28, 2008 1:03 AM

In reguard to spyware I have always found it quite helpful to send a bill for spyware removal to the offending company as well as a reminder of the massive class action suit that will be coming in the

distant future. Lost productivity and bandwidth theft

are a multi billion dollar problem for everyone.

Posted by:                             D.A. Martin |                             March 5, 2008 2:27 AM

I read this post since january. Its very interesting!

God work.

Posted by:                             Marco |                             March 22, 2008 7:48 PM

I read your article since january, its very interesting. I like it. Good work!

Posted by:                             Marco |                             March 22, 2008 7:51 PM

thanks for all your hard work.

Posted by:                             Kostenlos |                             March 24, 2008 9:06 AM

I’m a novice when it comes to computer. I completed the survey offer by SHC Community. How do I find if I have this on my computer? And how do I delete it?

Posted by:                             Ben |                             March 24, 2008 9:08 AM

I WILL NEVER SHOP AT SEARS AGAIN.

Posted by:                             LARRY |                             April 22, 2008 1:29 PM

very thx for this information!

Posted by:                             Oyun |                             April 28, 2008 5:40 PM

Thanks Oyun!

Posted by:                             Benjamin Googins |                             April 28, 2008 5:46 PM

If everyone read the ToS or license agreement contained within software then very few programs would ever get installed.  The bottom line is, most popular programs and websites collect information from you for analytical purposes.  There is no dark shadow of big brother waiting to use your personally identifying information against you.

People claim the comScore software is spyware, this is patently ridiculous.

Right on the site, in the panel software agreement and pretty much everywhere you look on the net, personally identifying information, names, social security numbers, credit information – all either destroyed on contact or separated from the data and never revealed to anyone.

There is no threat, no intention to threaten, only to measure.  Third party market measurement is only reason that you are still not innundated with ridiculous levels of untargeted, unwanted advertising.  It is the only reason the big portals and websites are kept honest about how popular they really are.

And the rule of all “security” is alway that it is relevant to the action taken.  Want absolute internet security?  Don’t connect.  Don’t want to be measured while on the internet?  Don’t connect to sites, read every line of every agreement and don’t ever install any software.

Posted by:                             Anonymouse |                             April 29, 2008 1:56 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s