This site will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device.
I was forced to remove Google Ads from this page because far too many 'betrayware' (fake antispyware) products were being advertised and it was becoming well nigh impossible to keep the bad guys out of the ads. Therefore, there is only a donation link in the menu above. If you see any pages where such malware is being advertised by Google Ads on other pages, please send me screenshots so I can do what I can to exclude them.
Many graphics are thumbnails that when clicked will open full size versions of the pictures.
Messenger Plus! (MP) is an add-on for Microsoft's free messaging programs Windows Messenger and MSN Messenger written by Cyril Paciullo aka Patchou. It is available at www.msgplus.net and is a 'free' download (with a few stingers in its tail). MP includes an optional Sponsor Program provided by C2Media. The Sponsor Program is commonly known in the anti-spyware and adware world as 'Lop' or 'Lop.com'. There has been a problem since Messenger Plus! first started including the Sponsor Program in approximately May 2003, with users installing the Sponsor Program without understanding what the Sponsor Program is, what it does to a user's system, or the privacy implications involved.
Circle Distribution (aka C2Media aka Lop) edit the user's HOSTS file to
block attempts by pushers of Winfixer to infect user's systems. If your
HOSTS file is read only, or is protected by third party software, CiD may not be
able to block Winfixer malware, in which case your machine may be in danger from
infection - see here:
http://msmvps.com/blogs/spywaresucks/archive/2006/12/18/428740.aspx
On 4 April 2006 Patchou announced that his Sponsor Program is now
being "distributed" by Circle Development Limited. BUT, the Sponsor
Program is still what is commonly known as LOP, and the Sponsor Program is still
being downloaded from C2Media Servers as at time of writing (October 2006),
such as r9849.bins.lop.com/bins/int/7k11_pk2.int:
http://temerc.com/phpBB2/viewtopic.php?t=2755&highlight=
Further evidence of a continuing connection with Lop/C2Media:
http://spyware-free.us/2006/10/messenger-plus-writeup.html
The latest versions of Messenger Plus (since late September 2005) have tried to create a degree of separation between Messenger Plus! and the sponsor program through the use of separate EULA windows - the sponsor program can also be uninstalled without removing Messenger Plus! via the Messenger Plus! uninstaller. The sponsor also known as lop adware does not have its own entry in Add/Remove Programs.
Messenger Plus version 3.63 introduced a new version of the Sponsor
Program. The toolbar was removed, the pass through bar was removed, and the home
page is no longer changed to a URL owned by C2Media (commonly known as Lop.com)
- instead, we're honored to see popup windows that try to install various activex controls on our PC, including one product that is known to use rootkits
- malware anyone?
http://msmvps.com/blogs/spywaresucks/archive/2006/04/07/89692.aspx
On 5 October 2006 Patchou announced via his site that he had been awarded MVP status under the group of Windows Live Developer. After an uproar amongst MVPs from several disciplines and security professionals, and after much negative press, Microsoft rescinded the Award on 7 October 2006. According to several news outlet's Microsoft's statement said:
"Cyril Paciullo was awarded with MVP status this year on the basis of his technical expertise and strong community contribution. However, his active MVP Award status was revoked as soon as the extent of the connection between his application and spyware was made apparent to the MVP Program."
Y'all may wonder why I keep such a close eye on things. It is because on the vast majority of systems that I have seen, Messenger Plus! is being installed by users who are young (often at an age where they are legally too young to be bound by, or allowed to agree to, any contract (including EULAs)) or too inexperienced to understand the implications of an EULA, or too young or inexperienced to understand the implications of installing the Sponsor Program. The fact that so many users are young makes me want to keep a closer eye on things than I would otherwise. Not only that, the advertising content is too often unsuitable for a young audience.
DO NOT install the 'Sponsor Program' before
reading the information at this link
The ties that bind -
Messenger Plus, Secure Software Inc and C2Media
Adware installed with Messenger Plus!
by the Sponsor Program
Facets of the Sponsor Program that
can be classed as spyware
The
implications of installing the Sponsor Program
My first Messenger Plus! installation experience
Malware being
advertised at the Msgplus forums
Is Messenger Plus Spyware?
Try uninstalling Messenger Plus!. That may remove the Sponsor Program.
There was a bug in the Messenger Plus! sponsor program that was, under some
circumstances, preventing the removal of the Sponsor Program. It may help to
download the latest version of Messenger, install with Sponsor Program
and then uninstall Messenger Plus! Apparently the latest version of the Sponsor
Program has been updated to remove this bug, but I do not yet have independent
confirmation of this.
The Messenger Plus! uninstall windows DO NOT mention this, but it is essential
that all other programmes be shut down during uninstall, especially Internet
Explorer. Use Task Manager to ensure that no iexplore.exe processes are running
before attempting an uninstall of Messenger Plus!. Also, anti-adware programmes,
antivirus programmes and other protective software that actively monitor a computer system can interfere.
If you have the MP! or MP!L version of the Sponsor installed, and manual
attempts to remove the Sponsor have failed, it may help to install MP! or MP!L
again with the Sponsor and then uninstall it again via Add/Remove Programs.
lop.com (the Sponsor Program) does not only come from Messenger Plus! There
is a slim chance that if your system is infected with lop, it may be a version
that did not come from Messenger Plus!
(granted, it is a remote chance, but something to keep in mind). In such
circumstances uninstalling Messenger Plus! will not do any good at all.
Sometimes the lop.com provided uninstaller works - available here:
http://lop.com/help.html
If you're still having problems, we get into the heavy stuff....
Troubleshooting
advice
A selection of information links about lop.com malware (detected as Swizzor Trojan by antivirus programmes) and Messenger Plus! itself follow:
lop.com information on this site
http://sarc.com/avcenter/venc/data/adware.lop.html (Symantec)
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076024 (Computer
Associates)
http://vil.mcafeesecurity.com/vil/content/v_120626.htm (McAfee)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SWIZZOR.AG
(Trend Micro)
http://www.f-secure.com/v-descs/swizzor.shtml (F-Secure)
http://www.sophos.com/virusinfo/analyses/trojswizzorbq.html (Sophos)
IE-SPYADS will add the msgplus.net and msgpluszone.com to your restricted
sites zone:
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
Windows Defender detects Messenger Plus as an Software Bundler
(and rightly so)
http://www.neowin.net/comments.php?id=26501&category=main
Historical content
5 December 2005 - do your kids use Messenger Plus? Do they want to
install the sponsor to support Patchou? This blog focuses on child
inappropriate pop-up advertisements that appeared on my machine after I
installed the Sponsor for testing purposes - the MP! sponsor also displayed
Jamster advertisements (anti-Jamster
information here)
http://msmvps.com/blogs/spywaresucks/archive/2005/12/05/78084.aspx
8 October 2005 - I never did get around to testing 3.52.130. Will work on testing the latest version (3.61.145) over the next day or so. Apparently there are many changes to the installer.
POTENTIAL SECURITY AND PRIVACY RISK PUBLICISED {Updated 26 August 2005}
11 June
2005 - Hopefully the proposed Bill discussed at URL below will become law,
and then other countries and States will follow suit - burying feature
disclosure within an EULA will no longer be sufficient notification
http://msmvps.com/spywaresucks/archive/2005/06/10/51772.aspx
24 May 2005 - another update - version 3.54. Still no time to run those tests until my other site updates are completed. Completely redoing http://inetexplorer.mvps.org in CSS is very time sapping.
13
April 2005 - Messenger 3.52.130 has been released - oops! .. an "important
problem related to compatibility with MSN Messenger 7 has been found ... Anyone
who uses Messenger Plus! with Messenger 7 is highly encouraged to update to this
version without waiting .."
http://www.msgplus.net/changelog.php
Patchou's going to Japan; shall I tell him I will be in Singapore and offer to meet half way? >cheeky grin< Nah, those gosh darned earthquakes and volcano alerts are sure to put a dampener on things... Don't worry guys - I will be testing the install protocols of the latest version of the Messenger Plus! soon. Unfortunately time is short, but it will be done soon - perhaps the tests will be released in tandem with my new site ;o)
16 March 2005 - Messenger Plus 3.50 has been released; preliminary tests have been completed - some interesting improvements (some affecting the potential security and privacy risk highlighted above - further testing required), an updated EULA, a buggy install on one machine, other problems and concerns- analysis and screenshots to come.
21 Feb 2005 - Messenger Plus 3.50 is in the works - it will be interesting to see the situation vis a vis the Sponsor Program, install windows, EULA, data collection without prompting for permission etc with the new version - I am especially interested because I have an email from Jason at Lop.com from back in October 2004 wherein he said that he had taken some of my suggestions and passed them along to Patchou with his recommendation that they be implemented. Jason did not list exactly which suggestions he was talking about so I do not know which have been implemented and which are still to come. Since October there have certainly been improvements but there is still much to be hoped for - for example, my suggestions to implement OpenOffice's idea of forcing a user to scroll through an entire EULA, to have a separate entry in add/remove programs for the sponsor program and to soften the harshly worded 'I refuse to give my support' text. Patchou has done a lot over the past year or so to improve the reputation of his programme and address concerns listed here and elsewhere on the web. He is to be congratulated, and commended, for his efforts. That being said, Messenger Plus! is very popular with younger users, who need and deserve protection and consideration, and I am not comfortable with the situation just yet, a big concern being insufficient efforts in the MP forums, and during installation of Messenger Plus, to warn people under 18 that they are not permitted, under the EULA, to install the Sponsor Program.
Not only is the Messenger Plus! Sponsor the malware commonly known as lop.com, the Msgplus forums used to advertise Gator products, and have also advertised funwebproducts. That's quite a trio. Since Patchou switched to Google Ads, I have not seen Gator products advertised on the MP site.
As a point of interest,
Patchou said he no longer advertises Smiley Central because it is
'incompatible' with Plus!, but guess what I saw advertised (check out the
address in the status bar). SmileyCentral wasn't added to Google's URL filter,
though the problem (and another SmileyCentral URL that later appear, both seem
to have been filtered (an assumption drawn from forum messages and the
disappearance of both URLs from Google Ads)
HOW CAN THE INSTALLATION PROTOCOLS FOR MP! AND THE SPONSOR PROGRAM BE IMPROVED?
Ideally, the installation window should open with this warning on the very first screen. "If you are under 18 you are not allowed to install the Sponsor Program". This is because, like it or not, Messenger Plus! has a lot of underage users.
The Sponsor Program should have its own listing in Add/Remove Programs so that it can be removed without also removing Messenger Plus! (It is now possible to uninstall the Sponsor Program without removing MP! as well, but the Sponsor Program does not have its own entry in Add/Remove Programs)
Open Office has a very good protocol in that it is not possible to proceed with the installation of Open Office products until after a user has scrolled through the entire EULA - something that I hope Patchou will consider.
As has been suggested, a simple 'I refuse,' or a 'no thank you' would have sufficed, or even better, something like the following, which avoids harshness or bad feeling:
"Yes please, install Messenger Plus! with the sponsor program.
No thank you, install Messenger Plus! without the sponsor."
The problem of 'clickfast' users, and users not realising what is going to happen when they install the Sponsor Program is beginning to be addressed.
When MP users use highly reputable anti-spyware products such as AdAware or Spybot to remove the effects of the Messenger Plus! Sponsor Program, not realising that the adware they are trying to remove comes from the MP Sponsor Program, sometimes the removal attempts fail. The overwhelming response to complaints by such users in the MP forums has been 'you should have read the EULA' (the licence agreement that users must agree to as part of the installation) and 'all you had to do was uninstall MP and then reinstall without the Sponsor Program'.
Patchou (the creator/owner of MP) used Messenger Plus 3.21.104, released on 10 October 2004, to test several different installation screens before making a final decision about how to address some of his install program's poor disclosure problems. Version 3.25.106 was then released, unveiling Patchou's final choice of installation screen.
I note that Patchou improved the text of the 'important message', as it appeared in his test screens, from "This program will add, among other things, a search bar in Internet Explorer...." to "This program adds advertisements and a search bar in Internet Explorer..." Note: There is no longer a Search Bar.
This was an improvement, though it would have been better if the important message *also* advised, as has been suggested, that a user's home page will be changed. Note: The home page is no longer changed.
I do not believe that an innocent/new computer user who is caught by the Sponsor Program will make the connection between 'advertisements' and a sudden change to their home page. Add to this problems such as the 'yellow window' and it becomes very important to ensure that the 'in your face' changes made by the Sponsor Program are made clear to help avoid the historical problem of users using legitimate (or disreputable) anti-spyware software to (sometimes unsuccessfully) remove the Sponsor Program.
The new install screens are below.
The beginning of the C2Media (lop.com) EULA is no longer hidden from the user by an introductory message.
I note in the changelog that there is a delay on the second screen of the setup, but it is not long enough to be noticeable. So far all reports I have received indicate that the eye is drawn to the graphics and text and that by the time the eye moves to the buttons below, the delay is over and the button is clickable.
The 36 hour delay before installation of the Sponsor Program is still gone (yay).
Things are much, much better, but (there's always a but ) there are continuing issues...
Unfortunately the harshly worded "I refuse to give my support..." refusal text remains.
Patchou said on 1 October 2004 that "if no one installs the sponsor with the new agreement window, I'll change it back, sorry".
5 minutes of installation time reveal pop-up advertisements such as the 'yellow window' and advertisements for online gambling services. A quick look around the Sponsor Program home page reveal hyperlinks to family-unfriendly 'adult' content and gambling links, and even an advertisement for a bulk email service. As I said in an earlier commentary on page 2, there is more to the Sponsor Program than its install and uninstall protocols. The Sponsor Program is also what it advertises, where it leads people and what it encourages people to install.
Undisclosed data collection As at version 3.2.100 data collection and transmission did not start until one week after installation of Messenger Plus. I have not seen anything on the MP forums so far to make me think that the one week delay has been removed. I will leave the option enabled and *IF* Messenger Plus pops up a window asking for permission to commence data collection and transmission I will update this page. In the interim, we will assume that the data collection and transmission is silent. Assuming a user will discover the option, and that it is enabled by default, is not good enough. Note: This feature was later removed.
MP still fails to openly disclose that reversing some of the changes made by the Sponsor Program will trigger the installation of even more software, AND breach the user's privacy by reporting details of the user's preferred home page, search engine and error pages to C2Media [Note, the underlined 'feature' is apparently 'long removed', but the C2Media EULA included as part of the MP installation was not updated until 29 October 2004. For more information about this change, check out the link "DO NOT install the 'Sponsor Program' before reading the information at this link' directly below.]
POTENTIAL SECURITY AND PRIVACY RISK PUBLICISED
Pre March 2005, archived (aka logged) conversations and the 'show contact on desktop' options caused contact names and email addresses to be stored in the Windows Registry in readable format under HKEY_CURRENT_USER\Software\Patchou, and HKEY_Users/S-I-5-****/Software/Patchou.
Under most circumstances, this data was not easily accessible to other users. But, Fast user switching leaves a user logged in, and their HKEY_USERS/S-I-5 keys readable by others, unless the person trying to view the data is a limited user. Also, an administrator can load and examine anybody's HKEY_USER and HKEY_LOCAL_MACHINE keys using Load Hive (ntuser.dat), even if that user is not logged on.
It was not until after I first highlighted this issue in January 2005, and the problem was discussed in public forums, that the data was encrypted.
On 26 August 2005, Cookie Revised, a long-standing and well known helper at the MP forums, advised me that the new encryption was added in the beta of 3.50.118 released in February 2005. The first public release after that was 3.50.124 in March 2005. BUT your Messenger email ID is still unencrypted in various places, and if you enable Pop3 checking, your email address will be recorded in the registry, unencrypted at:
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\{messenger_email_id\Preferences\PopMails\PopMail**\{pop3emailaddress}.
Patchou changed unencrypted contact data to encrypted, why not pop3 email addresses or Messenger IDs?
Historical stuff about the encryption issue follow...
14 July 2005.
I see that contact details stored
at HKCU\Software\Patchou\Msgplus2\**\archive\... is now encrypted. Show
contact on desktop data is also encrypted.
Pre February 2005
Archived (aka logged) conversations and the 'show contact on
desktop' options caused contact names and email addresses to be stored in
the Windows Registry in readable format under HKEY_CURRENT_USER\Software\Patchou, and HKEY_Users/S-I-5-****/Software/Patchou.
HKEY_LOCAL_MACHINE was also used, but is irrelevant to this problem. Other
programmes record data to the registry, via MRU keys and the like, but data like
Media Player playlists, run lists, recent document lists, typed URLs and recent
search phrases etc cannot be compared to personally identifiable information
such as email addresses.
If you do NOT want other computer users to know who you are talking to when using Messenger, or which contacts you have displayed on your desktop, do not use Messenger Plus! unless you are willing to forego logging or the ability to display any contact on your desktop.
UPDATE AM: 22.01.05 - some people have requested more information. For a start, let's look at Fast User Switching. Fast user switching leaves a user logged in, and their HKEY_USERS/S-I-5 keys readable, unless the person trying to view the data is a limited user. Also, an administrator can load and examine anybody's HKEY_USER and HKEY_LOCAL_MACHINE keys using Load Hive (ntuser.dat), even if that user is not logged on.
For those of you at the MSGPLUS forums who are unable to find my contact address where it appears elsewhere in this article I shall repeat it here. It has always been on page three (three times) and page two (once) ;o)