Diallers - responsibility for installation

Johnny Versace

I'm sorry, but I will never put any blame on Eircom for this.

People have got to accept responsibility for what their PC's are doing.

I really don't know what else to say.

(Rather than going around in circles here, as I am always going to disagree, this shall be my last post on this matter...)


ww)

zod

Lets over engineer a scenario:

A eigth year old boy turns on his parents pc unknown to them (he knows he not allowed to), he double clicks on the mail icon on the desktop which automatically checks for mail. He clicks yes on the "you've got new mail" message and opens some spam. His favorite disney character is featured and he answers "yes" to some repetitive questions. His parents call him and he quickly switches off the monitor. The family go on a two week holiday, except for an older brother who does not enter the spare room with the PC.

They come home to a 10 grand phone bill.

They obviously should pay this because..

1. They didn't supervise their children all of the time.
2. They didn't password lock internet related applications on the PC, or the entire pc.
3. They didn't specifically check that their pc was turned off before they went out the door.
4. They didn't opt out of porno dialling codes
5. Their spam filter was not up to date.

I think 99% of Irish families would be guilty of all five.

dahamsta

Let's engineer another, much shorter scenario:

- Exploit is released for Internet Explorer.
- Patch has yet to be released by Microsoft.
- User browses to site, picks up dialler because of exploit.
- Yadda.

Is that the users fault?

adam

bealtine

quote

Let's engineer another, much shorter scenario:

- Exploit is released for Internet Explorer.
- Patch has yet to be released by Microsoft.
- User browses to site, picks up dialler because of exploit.
- Yadda.


You forgot the :
Lets create a special zone for these porn diallers so we can make lots of money...

jd

re "Why is there nothing in the safe surfing advice on Eircom.Net, is that because the traffic is too valuable for Eircom to pass up on it, print all the links and stuff on Eircom.Net lest it change soon <cough> , in which case you may print it all again as more evidence. "

To be fair,
Once you go to the support site, and select what type of customer you are..
at the bottom of the page it has

Warning! Click here for important information about mini diallers

with more info when you click..
What is a Mini Dialler?
Where do Mini Diallers come from?
How do I avoid coming into contact with a Mini Dialler?

spongebob

thats new, very very new

I can only find it in the Business support TBH , it seems that there is no advice for the free users on the subject.

Click Here and Here and Here

How do I avoid coming into contact with a Mini Dialler?
In order to reduce the risk of coming into contact with these Mini Diallers users should follow these guidelines:

1. Avoid going to sites of questionable content.
2. If you accidentally stumble across one of these sites, close down any pop-up windows that open.
3. Users should not download and/or install any software from these sites.

To check whether or not your computer may have one of these Mini Diallers installed, carry out the following steps:

1) Check through the programs list in your Start Menu. This is done by:

Clicking on Start
Moving the cursor over Programs
Reading through the Program List for anything that looks suspicious.
2) Check through the Installed Programmes List. This is done by:

Clicking on Start
Moving up to Settings
Clicking on Control Panel
Double Clicking on Add/Remove Programs in Control Panel
Searching for suspicious looking Programs in this.
If they appear, click on the entry, then Click on the Add/Remove button, which will uninstall it.
3) Check through Dial Up Networking: This can be done by:

***WINDOWS 95/98***

Double Click My Computer
Double Click Dial Up Networking
Check for unusual Dial Up Networking connections and delete as necessary
***WINDOWS ME***

Double Click on My Computer
Click on the blue Dial Up Networking link along the left hand side of the screen
Check for unusual Dial Up Networking connections and delete as necessary
***WINDOWS 2000/XP***

Click on Start
Move up to Settings
Select Control Panel
Click on Network and Internet Connections
Click on Setup or Change Network Connections
Check for unusual Dial Up Networking connections and delete as necessary


Where do Mini Diallers come from?

Mini Diallers come from visiting certain websites. These could be sites that are offering pirated software, adult websites or sites that have questionable content. The owners of these sites have the Mini Dialler software integrated into their webpage code to automatically download and install on to a user's system. The idea behind these programmes is that the people who produce them are able to generate revenue from users who dial into the number installed from the webpage.

What is a Mini Dialler?
A Mini Dialler is a software program/applet, that when run on a user's computer, can act in two different ways, as follows:

1. It can change the Dial Up Networking (DUN) settings to force the user to dial a specified number (usually a premium rate international call) unknown to the user. It erases the user's Internet Service Provider (ISP) number and replaces this number with it's own. This number is then used each time the user connects to the Internet instead of the ISP number.

2. It can force the computer to bypass DUN settings altogether and dial to its pre-set number. This means that the DUN settings that appear correct are in fact dialling an incorrect number when the user connects to the Internet.


Mucks Notes

1. No information in the support for Free customers or HOME customers !
2. No mention of hardening your browser by turning off scripting or active x
3. No mention of active x at all, funny that.
4. No mention of Online Gambling sites ?
5. No mention that the damn thing can come back after removal.
6. No mention of Spybot Search and Destroy or Adawar or any of a myriad other programs , many free, that detect and REMOVE these things for ya and protect you.
7 No mention of the cost, €3.61 a minute including VAT


M

The Brigadier

Because she is not a techy geek with nothing better to do than hang around on internet message boards like this!

Would your mother know to put a firewall up?

Eircom certainly never told her to use a firewall.

And this applies to most people.

jd

Originally posted by Muck
thats new, very very new

I can only find it in the Business support TBH , it seems that there is no advice for the free users on the subject.



M

actually was the first place i checked yesterday..
eg
http://support.eircom.net/SRVS/CGI-BIN/WEBCGI.EXE?New,Kb=gfff,Company={D2840E10-972D-49C0-88DB-FB1DCBCAA547}

watty

Since the firewall is used AFTER the dialler has made connection and since it is meant to allow port 80 http traffic outgoing, it won't alert you if a rogue dialler is installed. Sorrry.

If though, your PC has NO MODEM AT ALL, then a rogue dialler can't rackup the phone bill. In this case you may be using the PROXY feature of a Firewall on another PC or appliance. It isn't the Firewall that "saves you", but fact that you don't have a modem at all on the PC (a mini dialler CAN remove your LAN proxy connect settings and subsitiute a local modem if one is installed, even if it not the one you normally use).

The Brigadier

To clarify.

A firewall is useless if you are infected.

However it can prevent the dialler installing itself.

watty

Originally posted by James Melody
To clarify.

A firewall is useless if you are infected.

However it can prevent the dialler installing itself.

In some situations ...

eircomtribunal

sceptre, I'm also too dumb to understand your splitting arrangements at this time of day, so please just move my response to Brian to wherever you want.


Brian,

To your Nanny State argument only so much: Look beyond that phrase. The situation is not that black and white. We have in general a system of checks, balances and safeguards, of consumer protection/rights and consumer responsibilities and you would not like to live without this.
You find it normal that you insurance has to do what it promised in the brochure, your bank has to advertise the annual interest of loans etc. It's not one-sided, there is always responsible consumer attitude asked for as well. And the business world has no problem with this.

On the dialler issue: It is simply not acceptable that a quasi monopolist supplier, or one with significant market share, as it is called now, like Eircom, does not contribute to minimise the damage of third parties (the crooks who operate stealth diallers), but instead does everything to maximise its profits on the back of the scam.

While the tech savvy will be able to protect him/herself against the dialler, the people who we want to embrace the Internet (and do not yet for a variety of reasons) will have another hurdle in front of them. Let us not underestimate the deterrent factor this has on many people.

Germany's ruling that a customer is not liable for telephone bills run up by dialler's which installed itself by stealth, has had the following effect: As now the German Telco is in danger to run up huge bills against other providers like Cable and Wireless (who for example run the Diego Garcia business – and basically are in bed with the scam operators), because it can not only not make a profit from its customers' dialler induced calls to Diego Garcia, but cannot even get any money for these calls, it suddenly got interested in finding out who these crooks are and how to block their numbers etc.

It makes much more sense for the experts of Deutsche Telecom to block the scam as they are higher up on the pyramid of things: Why should millions of Internet users shoulder the sole [that's what you seem to suggest] responsibility for something (and invariably fail in big numbers) that can be solved higher up? Of course no Telco would be interested to do such a thing, as long as the status quo is so much more profitable.

All that has nothing to do with Nanny State, but with intelligently responding to challenges by setting self-regulatory conditions.


You say it is simple to protect against diallers. I know that using a Mac or Linux or using broadband (provided no normal phone connection for a fax for example is there) fully protects against diallers, but apart from that? Firewalls certainly don't.

Would you mind giving your advice how to simply protect one's computer against unwanted diallers?

Do you think Comreg's advice, which I copied earlier, is any good? Which part of it? What would you add? What would you take out?

P.

sceptre

Originally posted by eircomtribunal
so please just move my response to Brian to wherever you want.

Done, thanks.

oscarBravo

Originally posted by BrianD on the other thread
2)What can the industry (ISP's/telcos and regulators) do through a code of practice or legislation to stop diallers being installed without a PC owners consent.

You talk about ISPs, telcos and regulators trying to prevent the installation of dialers - how? What can an ISP, a telco or a regulator do about a vulnerability in the customer's operating system or MUA? Do you really think it's a better solution than simply restricting (not preventing) access to certain phone numbers?

I know this thread is about the responsibility for the installation of the dialer, but I think a measure of crosstalk is hard to avoid. My point is that if your phone line won't allow calls to band 13, then it doesn't particularly matter whether the dialer is installed or not.

BrianD

I must admit that the line you quoted is a bit confusing. Only the PC user can prevent or allow the dialler be installed.

My point is that there is no CoP or legislation in Ireland concerning porn diallers for the telco industry(as there appears to be in Germany). This will only happen when the various players in the industry come together to take action. There have been some quiet steps from ComReg and some of the ISPs in providing consumer guidance.

I don't think you will find that any telco will rush to allow consumers to selectively ban calls to certain destinations. Why would they want to restrict access to their services? Unless there is legislation to force them.

oscarBravo

Originally posted by BrianD
My point is that there is no CoP or legislation in Ireland concerning porn diallers for the telco industry(as there appears to be in Germany). This will only happen when the various players in the industry come together to take action. There have been some quiet steps from ComReg and some of the ISPs in providing consumer guidance.

Why does there need to be a coming together? All that's needed is a bitchslap from ComReg, or some basic morality from Eircom in the first place (and we've crossed back into the other thread again).

I don't think you will find that any telco will rush to allow consumers to selectively ban calls to certain destinations. Why would they want to restrict access to their services? Unless there is legislation to force them.

There's no need for legislation, just regulation. If only we had a regulator.

Customers can selectively ban access to premium rate numbers, which cost substantially less than band 13. Do you think Eircom offer this service out of the goodness of their hearts?