Before you install Real Player, read this!

[John Corliss]

John Corliss wrote:
(clipped)
| installed the program. I will be uninstalling both Real
| Alternative and Media Player Classic on:
|
| Sunday, March 7, 2004 5:15 am
|
| Thanks for the heads up.
| They're worse than Microsoft and their Media Player 9 bullsh**.

Yup.

My friend with decades of high-level DP management once said,
"The only company I hate more than Microsoft is AOL." As far as
my own experience with software that rapes the user's computer,
I'd say that Real is tied with AOL. My friend can't comment about
Real other than to say that his public agency has blocked
streaming altogether because of the way that it comandeers the
resources they use for work.

Let me interject a different slant here, John. At least one other
post in this thread tells of a method by which the poster
emasculated your combination (I think it was Donutbandit). I
think that he did a reasonable test, too. Alternatively, a poster
on the spyware newsgroup detailed a number of system changes,
both in the registry, and involving a file named "Rotuma." I
encourage you to check up on his solution, too.

Personally, I've found that I really enjoy being able to listen
to alternative radio from cities far from me, programs that
aren't carried even here in the SF Bay Area. So, being able to
download this stuff is part of my life. Living without these
streams would feel a bit like being thrown into solitary
confinement. I once did as you described: ripped Real off my
system (that's how I know how to uninstall it). I haven't
attempted tweaking either of the alternative Real play methods
yet, other than to kill all the options and also block any
transmissions that my firewall alerts me to.

Well, at least RA uninstalled fairly cleanly (I still had to remove
some registry entries). Frankly, I don't do enough viewing of
streaming media to need the program so I won't be reinstalling it.
Thanks anyway for your input though.

 

[Frank Bohan]

message | I ran a registry search for the word "real". It found 1398
entries!

Yeah, Lester:

What were you doing wrong to only get 1398. I just checked my registry for
"real" and found 2866.
Anyone got more?

===

Frank Bohan
¶ Help stamp out and abolish redundancy and repetition.

 

[Richard Steinfeld]

| | > On Sun, 07 Mar 2004 05:07:53 -0800, John Corliss wrote:
| >
| >> Thanks for pointing this out. I just found this file on my
system:
| >>
| >> "C:\Program Files\Real Alternative\Common\cookies.txt"
| >
| > No such file here, also running Real Alternative.
| >
| > I have to assume that this is version, or source, dependent.
| >
| > Cheers,
| >
| > Roy
| >
|
| Indeed, different OS's put that file in different locations;
you are
| probably running
| an NT/2k/xp system.
|
| Do a search for "cookies.txt"; look inside.

I don't recall if I said so before: I'm running Windows Me and my
Real cookie file is located as above.

Richard

 

[Richard Steinfeld]

| It ain't freeware! But SystemSuite (now V5) is really worth
paying for.
| Think how difficult the task would have been without SS!
|

Please understand that although I still use v4.0, I do not
endorse System Suite!
After I bought the package, the publisher was acquired and sold
off all but their core business (data retrieval). The present
publisher is V-Com. V-Com did not purchase all of the former
System Suite modules.

The business arrangements were a bit messy. SS was originally
cobbled together from a number of products. Some were written by
Ontrack. Some were written by various third parties and used
under license. The entire package was linked together by a
reasonable interface and functioned very well all together. I
don't consider that the program was ever adequately debugged. For
example, the SS windows are too "pretty," often obscuring things
I want to see behind them. And listings (such as a directory
path) often just spill off the side of the screen: you can't read
them. So, I was actually looking forward to a v4.1 when I got
other news.

I have been especially displeased with the company's lack of
antivirus currency and their support policies. I experienced
repeated major frustrations. I will never do business with V-Com
again.

There are other ways of accomplishing what this suite performs,
and a lot of the functions, perhaps all of them, can be
accomplished with freeware. That's the direction I've gone in
after buying three utility packages. The first two were Norton
Systemworks, which I found to be the worst piece of bloatware and
problem creator I've ever put on my system. And the way that
Symantec "supports" their customers, frankly, disgusts me.

I have purchased Iolo System Mechanic to replace V-Com's product,
and I'll be moving over to that suite bit-by-bit. Iolo's support
is forever. Further, they'll talk with me on the phone. And the
package came highly recommended by professionals who use it at
home (recommendations from magazine reviewers who use a package
at the office on their highly-maintained super-powered systems
don't mean much for me on my lonely home box).

When I pay good money for a security program, what I want for my
money is to be able to get the publisher on the telephone. When
my home system is screwed up due to a nasty virus, all the email
support in the world is worthless: I can't go on line for it --
Gotcha! I bought System Suite, a package that contained antivirus
and a firewall (both provided by third parties) with the
understanding that I would receive a certain level of support.
FAQs just don't cut it!

If the mfr won't provide this support in case I need it, I'll go
the freeware or cheapware route instead. With freeware, I don't
expect personalized support, nor do I feel entitled to it. I was
impressed with the slightly-compromised version of Sygate
Firewall that came with System Suite. After that part of my SS
became unusable, I considered buying the firewall directly from
its own publisher. However, I was stopped in my tracks by
Sygate's phone support policy. You can get it -- they call it
"priority telephone support." It only costs $75 per incident! I
wrote to their sales department to tell them that this policy had
cost them a sale. They didn't reply. Bye, bye, Sygate!

This is really too bad, because to me, Sygate had made a really
fine product. My experience with it has been very good.

Richard

 

[Richard Steinfeld]

|
message
| | >
| > message | > | I ran a registry search for the word "real". It found 1398
| > entries!
| >
| > Yeah, Lester:
|
| What were you doing wrong to only get 1398. I just checked my
registry for
| "real" and found 2866.
| Anyone got more?
|

Yup. I tracked over 5,000, as I've mentioned here repeatedly.

Richard

 

[Richard Steinfeld]

| |
| > Yeah. I couldn't have said it better myself. This is what you
| > need to know _before_ you load down your computer. Also,
perhaps
| > you'd like to think twice before using "Media Player Classic"
| > plus the "Real Alternative" codec set that allows Real
streaming
| > files to play in Media Player Classic.
|
| Once again:
|
| There are 2 text files in my Real Alternative/Common file:
cookies.txt,
| and 41000000.txt.
|
| I changed them both to read only. RA worked just fine.
|
| I erased the contents of both of them. RA worked just fine.
|
| I renamed them both. Same result.
|
| I deleted them both. RA worked just fine, and made no attempt
to recreate
| the files.
|
| I went to the BBC site, and used RA to play their stream
without any
| problem. It was recognized as "Real Player" by the site and
worked just
| fine. I found no evidence after playing of any newly generated
files having
| to do with RA.
|
| These 2 files appear to be remnants of the G2 codecs used by
RA. I would
| say that the claim that RA has spyware is greatly exaggerated,
based on
| these results.
|


Once again, I say "thank you" to Donut for coming up with this
low-tech solution and for debugging it.

This gives us two different methods of dealing with this nasty
"standard." Bogus provided a solution more suited to the
technially-inclined to use with MPC/RA, and in addition, a method
for taming jetAudio. Readers can find his details on this
newsgroup and also in greater complexity on alt.privacy.spyware.

A distinction: I think that Donutbandit has a point. RA probably
does not contain spyware: that is, executable code that transmits
to the "mother ship" without my knowledge. However, it does
maintain a log file of my history; this file can be polled by
other spyware. My system has no file "41000000.txt." Further, I
am not clear about the route that the fileset "Real Alternative"
took on its way from Real Networks to wherever we've been getting
it.

Another matter of curiosity:
I installed jetAudio after I installed MPC/RA. jetAudio is
slicker, has more features, is more "corporate" than RPC. It does
"digital rights management" (choke). It supposedly handles Real
streaming internally. But my firewall tells me sometimes that it
is going to the Real Alternative file set all by itself to load a
..dll. I'm not going to begin to speculate about this one!

A further question to Donutbandit: how has your low-tech fix
worked with additional Real-coded content that may be more
resource-intensive on the user's machine? I'm thinking about, for
example, Pacifica Network and "Your Call" content, both of which
stream from a server maintained directly by Real Networks. Or
KQED, which is a site over-bloated with excessive programming and
RedSheriff. Hint: if any of you are KQED members, why don't you
complain to them about the excessiveness of their web site and
the waste of your membership money for this obnoxious
"trendiness."

In mental burnout, I remain,

Richard

 

[Richard Steinfeld]

Richard Steinfeld wrote:
| ||
|| message |||
||| message |||| I ran a registry search for the word "real". It found 1398
|||| entries!
|||
||| Yeah, Lester:
||
|| What were you doing wrong to only get 1398. I just checked my
|| registry for "real" and found 2866.
|| Anyone got more?
||
|
| Yup. I tracked over 5,000, as I've mentioned here repeatedly.
|

Sorry. I read your post again. I didn't check for the number of
"real" entries in my registry. I logged over 5,000 changes made
to my system during the course of installation. That's not quite
the same thing.

Richard

 

[John Corliss]

What were you doing wrong to only get 1398. I just checked my registry for
"real" and found 2866.
Anyone got more?

In my case I've got *less*. That's because I stopped using the actual
RealPlayer a long time ago, long before getting this computer. I just
used Regseeker:

http://www.hoverdesk.net/freeware.htm)

to check my registry and only found 28 listings. Of those, only 11
were RealPlayer related.

 

[Roy]

| probably running
| an NT/2k/xp system.
|
| Do a search for "cookies.txt"; look inside.

I don't recall if I said so before: I'm running Windows Me and my
Real cookie file is located as above.

XP Home here, and I search all files, all drives both physical and logical,
using Agent Ransack. I've not yet tried Windows Grep, but I can't see much
point given the effectiveness of Agent Ransack.

Cheers,

Roy

 

[Roy]

However, it does
maintain a log file of my history; this file can be polled by
other spyware.

Please do us all a favour and name names.

Which spyware do you suspect of doing this, and doing it (apparently)
undetectably?

Cheers,

Roy

 

[Richard Steinfeld]

| On Tue, 09 Mar 2004 01:13:02 GMT, Richard Steinfeld wrote:
|
| > However, it does
| > maintain a log file of my history; this file can be polled by
| > other spyware.
|
| Please do us all a favour and name names.
|

Sorry to dissappoint you, Roy. What I'm saying is that any
software that's so inclined and can get through a person's
security (providing that they have any) and retrieve the contents
of the named file. I do not know for a fact that it is happening,
just that the log file is there. You may want to see if you can
find this file on your own system and if you can, see what's in
it. It is an ordinary text file, easily viewed.


| Which spyware do you suspect of doing this, and doing it
(apparently)
| undetectably?
|
| Cheers,
|
| Roy

Roy, since you asked for more details, let me tell you about my
setup: My OS right now is Win Me. I am using Sygate firewall with
my own settings, and Proxomotron for web security. In addition,
my Internet Explorer settings are quite strict. The result is
that there may be invasion and/or polling attempts, pings,
probes, whatever, that take place without my knowledge; I'm
fairly satisfied that almost any attempt to break into my system
from within and without will be stopped. Sygate will tell me
about it, the others mostly won't. That's about the best I've
been able to do for myself. While I have worked in the computer
and internet industries, I am not a programmer. I don't think
like a programmer and I'm not wise to the intricasies of the many
details of the internet beyond the specifics of the projects I've
worked on.

I realize that this does not answer your question. I can only
report what I've discovered for myself. There are other people
who have much more knowledge about the actual workings of these
files than I do: files that are used with Real technology for
reporting. "Bogus" has provided the most detailed information on
the two newsgroups I've named in response to my posts. Perhaps he
would like to help with what he knows. I can't provide any more
information than I've already done. Considering that the foisters
of spyware don't brag all over the web about what they do and how
they do it, "reverse engineering" what they're up to is truly
more than a full-time job. I've just about hit my own personal
limit, and I may have hit my limit regarding what I post on the
subject also. Hope you understand.

Richard

 

[fred]

An alternative to uninstalling this is to "tame" it.

1. Add these keys to your registry to stop cookie retention:

[HKEY_CURRENT_USER\Software\RealNetworks\RealMediaSDK\6.0\Preferences\
Cookie
sEnabled]
@=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMedi
aSDK\6.0\
Preferences\CookiesEnabled]
@=dword:00000000

2. Occasionally scramble this key, which is unique to each user and is
passed to the streaming server:

Software\RealNetworks\RealMediaSDK\6.0\Preferences\Rotuma\


- IMHO RealAlternative, with these tweaks, is the least intrusive of the
Streaming alternatives

- IIUC, The remaining privacy compromise is RDNS - which requires an
anonymous proxy to cure.

Thanks for the keys and your other posts on this in alt.privacy.spyware but
I've still got problems with the <apparently random letters & digits>.txt
being recreated.

I've created these keys and have assigned a value to the default of "0" with
no effect, added a dword value named '@' with value 00000000 again to no
avail. Key text and locations have been checked numerous times. Other
'preferences' seem to just to have a text values of '0' or '1' applied to the
default value.

Any ideas, or chance of a link to the original source of the info, or are
these from your own research?

In the mean time I'm just deleting the file at startup or on demand with a
little batch.

Thanks,

 

[Onno]

I just checked my registry for
"real" and found 2866.
Anyone got more?

Less, about 190. I have Real Alternative installed.

 

[Jackdaw]

| On Tue, 09 Mar 2004 01:13:02 GMT, Richard Steinfeld wrote:
|
| > However, it does
| > maintain a log file of my history; this file can be polled by
| > other spyware.
|

<<<<<<<<<<<<<<Snip>>>>>>>>>>>>>

Apologies if I have jumped into the wrong part of this
thread but have checked this out and the file (on my system
50000000.txt) is only generated when you use MPC to play an
..ra file. When listening 'live streaming' no file is
generated

Just my 2cents

Jackdaw

 

[Bogus]

Thanks for the keys and your other posts on this in alt.privacy.spyware but

I've still got problems with the <apparently random letters & digits>.txt
being recreated.

I've created these keys and have assigned a value to the default of "0" with
no effect, added a dword value named '@' with value 00000000 again to no
avail. Key text and locations have been checked numerous times. Other
'preferences' seem to just to have a text values of '0' or '1' applied to the
default value.

Sorry! The "@" and 00000000 are ".reg" file conventions.

The final key is "CookiesEnabled" with a "name" of "default" or "none"
(depends upon the registry editor), and a doubleword value of "0".

Might be easier to take the contents of my first posting and put it into a
..reg file, which would look like this:
==================================================================
REGEDIT4

[HKEY_CURRENT_USER\Software\RealNetworks\RealMediaSDK\6.0\Preferences\Cookie
sEnabled]
@=dword:00000000

====================================================================
Then just double click the .reg file and it will be added to the registry.
Same for the other key.

Any ideas, or chance of a link to the original source of the info, or are
these from your own research?

Own research. I backed up my box; removed RA; installed RP8; turned cookies
on; then off - and recorded the changes. Restored box and added these keys to RA. On
my box, these keys work.

The "routouma" is a well known issue; use Google.

RA uses Real .dll's - .

In the mean time I'm just deleting the file at startup or on demand with a
little batch.

Yep -

 

[David Simpson]

Less, about 190. I have Real Alternative installed.

18. Only 4 related to Real as a MIME type. I do not listen to Real
Audio.

 

[Bogus]

The "routouma" is a well known issue; use Google.

Well, it would help a lot if I spelled it correctly. "Rotuma". Here's a
dated article, but the info. re Rotuma still applies (I believe).

http://www.computerbytesman.com/privacy/realjb.htm


Now I've just noticed a NEW key (at least for me) that has come with
the new RealPlayer/Codec/RA final.

"Software\RealNetworks\RealMediaSDK\10.0\Preferences\PluginHandlerData\GUIDI
nfo0"

So it appears that there is -another- unique field to occasionally scramble.
:-(

Also, I now wonder if it is desirable to add a "CookiesEnabled" key to the
SDK 10 portion
of the registry!?

All of these new registry keys have appeared with RA final - which,
gratefully, handle the
new Real codecs.

 

[fred]

Sorry! The "@" and 00000000 are ".reg" file conventions.

Ok, just playing newb in this area . . .

The final key is "CookiesEnabled" with a "name" of "default" or "none"
(depends upon the registry editor), and a doubleword value of "0".

Yup, but default doesn't seem to be keen to take on a dword value - I'm
still on W98?

Might be easier to take the contents of my first posting and put it into a
.reg file, which would look like this:
============================================================
======
REGEDIT4

[HKEY_CURRENT_USER\Software\RealNetworks\RealMediaSDK\6.0\Preferences\
Cookie
sEnabled]
@=dword:00000000

============================================================
========
Then just double click the .reg file and it will be added to the registry.
Same for the other key.

Sure, have done; key gets inserted, but {Default} has a {Value Not Set}
value. Could it be that {Default} values are not setable to dword in W98,
only to string? Other values in the 'preferences' branch are <string> '0' or
'1'. Anyway, set both set to '0' (string), but <random>.txt still gets created.

Own research. I backed up my box; removed RA; installed RP8; turned cookies
on; then off - and recorded the changes. Restored box and added these keys to
RA. On
my box, these keys work.

Thanks for the work, inc daring to put any version of RP on your system,
even with a wipe ;-)

The "routouma" is a well known issue; use Google.

Thanks for the details in the other post and the other key, I'll keep a look
out now that I'm aware. I'll also resubscribe to alt.privacy.spyware . . .

 

[fred]

<<<<<<<<<<<<<<Snip>>>>>>>>>>>>>

Apologies if I have jumped into the wrong part of this
thread but have checked this out and the file (on my system
50000000.txt) is only generated when you use MPC to play an
.ra file. When listening 'live streaming' no file is
generated

Mine was generated following 'Listen Live' via a .ram file on BBC Radio,
using MPC, but only when it was closed. Marking the .txt file as RO as
suggested has sorted that.