Lexmark Printer Users Beware of Spyware

[Jon O'Brien]

ok, the posting made it to zdnet - but no extra info is given by now.

What did you expect Lexmark to do? Issue press releases saying that those
responsible have been hung, drawn and quartered? Send someone round to the
poster's house to beg forgiveness? Close the company down out of shame?

I assumed the poster wanted the message spread as widely as possible, so I
let a group of journalists know about it. One of them picked it up and ran
with it. It's only been on ZDNet for a couple of days but something could
come of it yet. It may, at least, stop the buggers using the intrusive
software in the future.

Jon.

 

[Martin Trautmann]

What did you expect Lexmark to do?

confirm, deny, change, ...

Issue press releases saying that those
responsible have been hung, drawn and quartered? Send someone round to the
poster's house to beg forgiveness? Close the company down out of shame?

maybe.

but first, I'd have prefered that you state what actually can be found
on zdnet. I'm in usenet here and had to change over to WWW in order to
read this article - just to find out _nothing_.

It's the same info, based on this very posting.

I assumed the poster wanted the message spread as widely as possible, so I
let a group of journalists know about it.

So your message could have been

One of them picked it up and ran
with it. It's only been on ZDNet for a couple of days but something could
come of it yet. It may, at least, stop the buggers using the intrusive
software in the future.

I don't know about the influence of ZDNet - but as long as there's no
result from them, it's not that much use/news to mention it.

Just my personal idea what I might expect. YMMV.

 

[Jon O'Brien]

I'd have prefered that you state what actually can be found on zdnet.
I'm in usenet here and had to change over to WWW in order to
read this article - just to find out _nothing_.

So sorry to inconvenience you but I wasn't aware that you had to go to
such great and arduous lengths to see what the link pointed to. As far as
I was aware, most people would just have to click on the link and the page
would open up in their browser. If you'd like to describe in great detail
workings of your system, I'll try to make sure I don't inconvenience you
in the future.

So your message could have been

"I've forwarded this info to journalists at ZDNet. See <URL> for
article. No new infos yet"...

It could have been but it wasn't. It was intended to let the
original poster see that his message had been further disseminated. I'm
sure he doesn't mind that you took a look too, however.

I don't know about the influence of ZDNet - but as long as there's no
result from them, it's not that much use/news to mention it.

I don't know about ZDNet's influence either but at least a wider audience
is now aware of the games Lexmark is playing. I suspect it might make a
few more people think twice before buying a Lexmark printer, too.

Just my personal idea what I might expect. YMMV.

Life's full of little disappointments. I'm sure you'll get over it.

Jon.

 

[Skuuby]

(e-mail address removed) (Jon O'Brien) wrote in

What did you expect Lexmark to do? Issue press releases saying that
those responsible have been hung, drawn and quartered? Send someone
round to the poster's house to beg forgiveness? Close the company down
out of shame?

I assumed the poster wanted the message spread as widely as possible,
so I let a group of journalists know about it. One of them picked it
up and ran with it. It's only been on ZDNet for a couple of days but
something could come of it yet. It may, at least, stop the buggers
using the intrusive software in the future.

Jon.

Just to let people know, this thread and some of the mentioned links have
been placed on http://slashdot.org

Nothing new, but it's going to get a lot of attention now...

Russ

 

[user]

If UCITA is passed, Lexmark to use the self-help clause to
disable your computer if you violated the license.

 

[Alan Moorman]

Get some spy-ware trapping software, and run it regularly.
That should prevent you being surprised by this kind of
thing.

I use a Webroot product called "Spy Sweeper."

 

[Martin Trautmann]

As far as
I was aware, most people would just have to click on the link and the page
would open up in their browser.

So it's reasonable to let you know that NOT everyone on the net has a
24h flatrate connection, while some differ between usenet and WWW.

It was intended to let the
original poster see that his message had been further disseminated.

So I'd like to point out once again that your understanding of
newsgroups might be flawed: If you want to send the poster a reply, then
send a reply, but not a follow-up to the newsgroup.

Sorry for the nitpicking - but it may be reasonable sometimes to point
out the differences.

Life's full of little disappointments. I'm sure you'll get over it.

I hope so,
Martin

 

[Martin Trautmann]

Answer from Lexmark Headquarter:

"The software to which this article refers implements a completely
voluntary product improvement program called Lexmark Connect. This
voluntary program is explained to customers during the installation
process for a new printer. During this process, a registration screen
will appear that will allow the customer to choose to participate, or
choose not to participate, in the Lexmark Connect program. A user MUST
review this page, choose whether or not to participate and click
?continue? for the printer installation program to proceed. This page
also features a ?Learn More? button that provides additional information
to the customer of about the data that would be collected. If the
customer chooses not to participate, the printer installation will
proceed, but the Lexmark Connect software will not be installed and the
data will not be collected. The information collected is operating
information that will allow Lexmark to understand our customers printing
habits and needs better, such as the number of pages printed, amount of
ink used, and how frequently product features are used. No personal
information is collected. Customers who sign up for this program will
receive additional optional surveys from Lexmark, and again this
participation is fully voluntary. To discontinue participation in this
program, the customer can simply go into the Lexmark Solutions Center
(the same one used to check the ink gauge, install a new cartridge,
etc.) and click on the advanced tab, for instructions to terminate his
or her participation.

We expect this program to permit Lexmark to better design products that
meet customers? actual printing needs and preferences."


I don't know an official source for this second hand statement - but it
does sound reasonable.

How about the 'choose to participate, or choose not to participate"? Is
there a default set in order to participate or is it really optional?

 

[Lars Haeh]

Fark just picked it up too.

(e-mail address removed) (Jon O'Brien) wrote in


Just to let people know, this thread and some of the mentioned links have
been placed on http://slashdot.org

Nothing new, but it's going to get a lot of attention now...

Russ

 

[zcrayfish]

Just to be safe... I'm tossing my Z22 in the trash.
I'm outta ink and the cartriges cost more than the printer itself
anyway... haha.

 

[Brendan R. Wehrung]

Answer from Lexmark Headquarter:

"The software to which this article refers implements a completely
voluntary product improvement program called Lexmark Connect. This
voluntary program is explained to customers during the installation
process for a new printer. During this process, a registration screen
will appear that will allow the customer to choose to participate, or
choose not to participate, in the Lexmark Connect program. A user MUST
review this page, choose whether or not to participate and click
?continue? for the printer installation program to proceed. This page
also features a ?Learn More? button that provides additional information
to the customer of about the data that would be collected. If the
customer chooses not to participate, the printer installation will
proceed, but the Lexmark Connect software will not be installed and the
data will not be collected. The information collected is operating
information that will allow Lexmark to understand our customers printing
habits and needs better, such as the number of pages printed, amount of
ink used, and how frequently product features are used. No personal
information is collected. Customers who sign up for this program will
receive additional optional surveys from Lexmark, and again this
participation is fully voluntary. To discontinue participation in this
program, the customer can simply go into the Lexmark Solutions Center
(the same one used to check the ink gauge, install a new cartridge,
etc.) and click on the advanced tab, for instructions to terminate his
or her participation.

We expect this program to permit Lexmark to better design products that
meet customers? actual printing needs and preferences."


I don't know an official source for this second hand statement - but it
does sound reasonable.

How about the 'choose to participate, or choose not to participate"? Is
there a default set in order to participate or is it really optional?

I vaguely remember having to do this when I installed my Z65. I always
check "no" on these sorts of things and it's no big deal.

Brendan
--

 

[Brendan R. Wehrung]

Just to be safe... I'm tossing my Z22 in the trash.
I'm outta ink and the cartriges cost more than the printer itself
anyway... haha.

I bought a Z11 for about $6 after rebate. It has never been used, but I
keep it as backup to use cartdriges for my 5700 if and when it craps out.
That's a hidden cost with any printer (and I'm sure it happens to Epson
and Canon users as well) of stocking up during sales and then having the
printer die. As you say, the carts cost more than the printer. Always
have a plan B to use them up.

Brendan



--

 

[thisguyisafucker]

MY GOD THE GUY WHO WROTE THIS IS SUCH AN IDIOT...firstly the domain
isnt even registered secondly its not called spyware and all hes doing
he trying to get lexmark to pay him money

commander go **** ur mum u looser

 

[Martin Trautmann]

MY GOD THE GUY WHO WROTE THIS IS SUCH AN IDIOT...

firstly the domain isnt even registered

Great - you've found a solution how to contact a domain that is not even
registered?

traceroute to lxkcc1.com (192.146.101.142)
1 ...
2 lextra2.lexmark.com (192.146.101.142) 1 ms 1 ms 1 ms

However, the domain IS registered:
Domain Name: LXKCC1.COM
Registrar: DOTSTER, INC.
Status: ACTIVE
Creation Date: 06-jan-2004

secondly its not called spyware

True - you might call it Lexmark ware instead - or whatever your
definition might be.

and all hes doing he trying to get lexmark to pay him money

How do you know? Hey thisguyisafucker - I want you to pay me money.
Since I feel I get the idea who is the idiot, maybe I've a chance...

 

[Aravind]

Here is a suggestion if you are concerned about this type of
thing:

If you have a firewall program such as ZoneAlarm installed, it
will alert you every time a new program tries to access the
Internet. If, while installing new hardware or software that
certainly should NOT be going online, I get a pop-up telling me
the program is trying to 'phone home' I can kill it right there.

Thanks for the info. One of the 'tips' from ZoneAlarm website gives
the following:

Tip No. 5: Create a Trusted Zone
If you have two or more computers connecting to the Internet through a
router, you can create a Trusted Zone. Click Firewall in the ZoneAlarm
Control Center, then click the Zones tab. Click the Add button and
enter your other computers' local IP addresses. You can set Trusted
Zone security to let your computers share files and disk space.

Now, if your router generates ip addresses dynamically, I wonder how
one could create a "Trusted Zone" since you can not assign a single ip
address. Is there a work around?

Any info or comments are appreciated.

 

[nerd32768]

I vaguely remember having to do this when I installed my Z65. I always
check "no" on these sorts of things and it's no big deal.

Brendan
--

I had to do the same thing on my HP business inkjet 1100, where HP
supposedly hosts a server that lets you see your printer statistics. i was
using it for a while, but my network(100mbps) was consistently active, so i
disabled it, and the problem was gone. never thought of it from the
perspective of this NG. There are also articles of this thread at :
http://www.theregister.co.uk/2004/11/15/lexmark_spyware/
http://p2pnet.net/story/2992
http://software.silicon.com/malware/0,3800003100,39125876,00.htm
http://channels.lockergnome.com/win...inter_you_may_also_have_lexmark_spyware.phtml
http://www.osnews.com/story.php?news_id=8858
http://www.tweakzone.nl/nieuws/6532
http://forums.winxpcentral.com/showthread.php?t=12082
http://www.zdnet.com.au/news/security/0,2000061744,39166406,00.htm
http://www.techdirt.com/articles/20041112/0455245.shtml
http://www.techimo.com/newsapp/i12411.html
http://www.techspot.com/story16288.html
http://www.livingroom.org.au/printers/archives/lexmark_accused_of_installing_spyware/
http://www.engadget.com/entry/3508496627337139/
http://forums.anandtech.com/messageview.aspx?catid=27&threadid=1441270&enterthread=y
http://blogs.ittoolbox.com/crm/gap/archives/002167.asp
http://uk.news.yahoo.com/041111/152/f6g2g.html
http://www.astalavista.com/index.php?section=news&cmd=details&newsid=968
http://j-walkblog.com/blog/index/P17522/
http://slashdot.org/article.pl?sid=04/11/13/015214
http://eyeonit.itmanagersjournal.com/article.pl?sid=04/11/12/1836204
http://itrain.org/itinfo/weblog/archives/00000080.html
http://msmvps.com/rodtrent/archive/2004/11/13/19019.aspx
http://newsvac.newsforge.com/newsvac/04/11/12/1836237.shtml
http://www.msfn.org/comments.php?shownews=10621
http://www.thepossums.com/modules.php?name=News&file=showarticle&threadid=7077

Nerd32768
A+, Network+, MCP, MCSA

 

[nerd32768]

Because he was moronic enough to purchase a Lexmark. AFAIK, the newer models
are non-refillable and you cannot use aftermarket tanks (if any exist), the
quality is questionable (and believe me I know). It's idiots like this that
keep Lexmark in business. They weren't bad when they were owned by IBM but,
since the demerger, they've become crap. Victims of their own success. They
now need to vanish - and fast! The best that can be said for them is the
tanks are recyclable (but so are HP's).

On my HP business inkjet 1100DTN, i also noticed some interesting things
about deleting the accounts. This is what HPs website states when i begin
the "process" of deleting my account:
------------
By submitting this form, you will be deleting your printer usage data with
HP.
HP will store your data (Email address, Serial number) in a server located
overseas only for the purpose of deleting your printer usage data. Your IP
address will be stored in server log files for a maximum of 5 years. You
will be notified by email once your data has been deleted.
------------
If this seems to be what it is, my email address is being linked to my
serial number and my IP address for _5 YEARS_!! Does anybody else here have
a BJ1100? Is anybody else suspicious about what HP is doing?

Nerd32768
A+, Network+, MCP, MCSA

 

[Christina Barnes]

(e-mail address removed) (Aravind) wrote let it be known in

Tip No. 5: Create a Trusted Zone
If you have two or more computers connecting to the
Internet through a router, you can create a Trusted Zone.
Click Firewall in the ZoneAlarm Control Center, then click
the Zones tab. Click the Add button and enter your other
computers' local IP addresses. You can set Trusted Zone
security to let your computers share files and disk space.

Now, if your router generates ip addresses dynamically, I
wonder how one could create a "Trusted Zone" since you can
not assign a single ip address. Is there a work around?

Any info or comments are appreciated.

Even if your router assigns addresses dynamically, they will
allways be in the same range of addresses set asside for a local
network, usually by default (depending on the router's
manufacturer) either 192.168.0.1-255 or 192.168.1.1-255

These are 'non-routable'local addresses, so you don't have to
worry about any Internet traffic using any of these IPs.

Since the .1 address is usually the router itself, and
represents traffic coming in from the Internet, I would define a
'Trusted Zone' of addresses from .2 through .255 for whatever
subnet you are on. I believe that Zonealarm lets you define the
zone as either a single IP, a subnet, or a starting and ending
IP address.

You could also look at the config of the router, sometimes they
define a much smaller range of addresses they will actually
assign by DHCP, so you might only have to 'trust', for example,
..10-.50

 

[Steve Brown]

Commander makes a good point in his last statement: "Lexmark users
beware! But, they may not be the only ones stealing your private
information." I personally don't believe Lexmark has any evil
intent--but their spy-ware may open your PC up to a "False Flag"
attack wherein Lexmark's Trojan is hi-jacked by another to scan the
balance of your HDD. At the very least it's another in-road. And
while FF attacks are currently rare, they seem more likely once hacks
get wind of Lexmark's spy-ware practice. I wonder what the military,
NASA (victim of many hacks) and other governmental agencies would
think were they to find out about this practice?

NO OEM should be eavesdropping on your PC without express (opt-in)
permission--and not just an "I-Agree-button-level" permission. Good
catch out there.