Is Non-install Software Data Linked to Seller?

[bionictortoise]

Hi,

What does it mean when you download software from an internet marketer that does not need installing - it's just ready to use straight away?

I was wondering if the data I put into it is connected to the seller, ie: could the seller of such a keyword tool have access to all my keyword research?

I've only ever known this type of software to be keyword tools and I'm a bit suspicious. I'm hoping I'm wrong though.

Thanks

[bionictortoise]

anyone know?

[barathrum]

yes i believe so

[Steve Diamond]

Hi, bionictortoise. The presence or absence of an installation program says nothing about the question that you raised. It just suggests that the developer may be a bit lazy or rushed.

Whether installed or not, any program that accesses the Internet in order to perform searches could potentially be "phoning home" to send data elsewhere. If you can configure your firewall to keep a detailed log of what addresses that program is contacting, you may be able to get an indication of how likely that is. Many home firewalls may not be up to that level of detail, though.

Do you have a particular reason, other than the absence of an installation, to suspect this program?

You do know that Google keeps a record of every search you perform under any circumstances, right? It's not as if any of us really has any privacy about such things.

[milan]

Whether a program needs installation or not is not in any way related to the issues that bother you.

[bionictortoise]

Thanks everyone,

It's helpful to know that this connection can exist on either type of software.

My suspicions were aroused because all the non-install tools I've had were keyword tools or similar, but the latest one I have includes email information - which is worse!

This tool asks for personal email account info so the seller could access my email account.

Yes, I did know about Google thanks but that's fine. It's the email password I'm more concerned with.

Steve, do you know what type of Firewall would let me find out what info is passed back? It could be that the seller isn't the slightest bit interested in my email account, but I'd rather know for sure!

Thanks

[milan]

All better personal firewalls can do that. I remember ZoneAlarm, Kerio can do that.

[bionictortoise]

Thanks for those suggestions. I checked out ZoneAlarm and Kerio.

But first, as I already pay for Trend Micro Firewall, I rang them to ask if their Firewall would give me this info.

The lady said it would, and that she'd email me to tell me how. But the email just told me how to access the log files. I have them in front of me, but I have no idea what is what, other than my own IP address.

For example, the columns are:

Time, Protocol, Source ID Address, Sort Port, Destination ID Address, Destination Port.

The different Protocols are:
TCP
UDP
ICMP

The ICMP is the only one that has my IP address as the source and a London IP address as the destination. But it is my cable ISP.

If this software is giving data, such as my email account details, to its seller/developer, how can I tell from the log?

Thank you

[jacktackett]

This is a pretty standard log file; each line has detailed information about a single 'packet' that your firewall sent or received.

Time - obvious, but you have to make sure you understand what time zone

protocol - which internet protocol this packet used.
TCP - think of it like a phone call - you need acknowledge sending and receiving data. It connection oriented and provides for making sure information is sent and received. But it takes a lot more packets/processing power to get a bit of information via this protocol. Telnet, HTTP, ftp and others use this protocol.
UDP - connectionless, like the us mail. It just sends out the packet. The sender doesn't care if you get it or not. DNS uses this protocol.
ICMP- a control protocol, used by programs like ping, traceroute, and others.

Source IP - the ip address of this packet. You can do an nslookup, dig, ping, or use another tool to get information on this IP.

Source Port: There are 64K ports available in IPv4, which most of us are using at the moment, though those at universities may be using IPv6. They are also called sockets from a programmer's point of view. Think of them like that. They are sockets into which data is sent from/to. The first 1024 ports are reserved for system level functions and are known as 'Well Known Ports", some examples are:
22 - ssh
25 - snmp (email)
110- pop (email)
80 - http
443 - https
You can have ports for both TCP and UDP protocals and some programs use both to work.

Destination IP/Port covers the same information for the destination of the packet.

If you're interested in something communicating with an MTA (Mail Transport Authority) look for any traffic on port 25. To a web server, look on port 80 or 443. For a complete list of well known ports see:

http://www.iana.org/assignments/port-numbers

You can use the information at the above url to track down what each packet is doing. There are also items called packet sniffers that can do a pretty detailed protocol decode on such a log file. They can also capture traffic and do the same, though I strongly caution anyone against doing this on a company's network (ie at work or school).

If they know what they're doing they'll detect the sniffer and come looking for you to ask why you're doing this.

good luck.
best,
--Jack

[bionictortoise]

Thank you Jack

A lot of the ports in the log file say n/a or are not listed in the page you gave me. So it's difficult to say.

Is an offending IP address going to be in the source or destination? (sorry if that's a dumb question).

I have looked up all the IP addresses in both source and destination and there are lots of different places worldwide, including where the seller lives, but he outsourced the software development, so it could be anywhere!

But even if any IP or port is linked to him, would that necessarily mean he is obtaining data illegally such as my email password (that I typed into the software)?

Thanks

[Alp Bozkurt]

Short & simple: You every activity is visible to the seller. If it's a keyword tool, all your keyword research is visible by the seller. Because all the data is transferred from/to the seller's servers.

But I don't think they will steal your research data. Are you afraid of this?

[bionictortoise]

Thank you

So the seller has access to my email account?

I'm just a bit surprised that this is possible and no-one seems to be concerned!