Dumping tynt.com tracer programs
I’ve been watching the forums for a product we’re interested in… the next version is supposed to include a feature we’d have to have to be able to use the product. So I’ve been checking back pretty frequently to see when the next release occurs. But here’s the problem… on the 2 main computers I use (home and office), both anti-virus programs consider a javascript file from tynt.com as “malicious”. I’m not really positive it is, but the fact that every page I go to in the forum pops up a warning, both claiming the code is “high risk”.
Tynt if you’re not familiar with it watches for people copying your content to another site. While in theory, this isn’t a bad thing. I trust the 2 a/v program manufacturer’s to judge safe vs. not, more than what a company is claiming they are doing (or not doing). So I’m not willing to make an exception in the a/v program for this site. This means my options are 1) stop going there – which is an option. There are alternatives to the product, and if they are unwilling to listen to the (potential) users, do I want the product? I have to wonder what’s “measures” it contains as well. Or 2) I have to find a way to stop the annoying pop up without endangering my pc.
So here’s how to do option number 2 in this case. Since this javascript it being pulled as a linked file, it’s a normal http get request. All we need to do is get rid of the ability to resolve the hostname for it. In this case the host is wau.tynt.com This is an XP machine so I go to c:\Windows\System32\drivers\etc and edit the file named “hosts”, adding the line:
127.0.0.1 wau.tynt.com
Save the file then from the command line, ping wau.tynt.com and the address should come back as 127.0.0.1 which should ping fine as it’s the local loopback address. But any request for the file shouldn’t work, unless you happen to have a web server running on your local machine and it happens to have that file in that directory which would just plain be wierd.
Now to get the browser to pick up the change, close ALL of your browser windows and reopen them. If you typed the url into the browser window, you should get an error message that the page is not displayable. You should now be able to surf without the annoying popup.
For Windows Vista and Win7, the fix is basically the same, but there is a gotcha on it. You won’t be able to edit the file directly as the directory is protected. You will need to copy the hosts file outside of the system tree, to say your Documents folder, edit the file and then copy it back. When you copy it back, it’s going to complain, and ask you if you really want to do this. Since you are really meaning to change the file, it’s ok in this case. Normally, unless you’re specifically meaning to make a change to Windows like this, you’d want to say ‘No’.
There is another way to do this was well… Turn off scripting in the browser. This has an unfortunate side effect of stopping some features of some sites as well. The above is easy, and works fine, so that’s my choice (until I hear back on their thoughts about the reasoning behind using tynt anyway).
Considering how easy this is to get around, it’s really not protecting much. And it’s a major inconvenience to the users (not to mention how it looks to them)… And finding your content isn’t hard… embed your domain name, name phrase, etc. in the content portion. Then use Google’s Alert feature, http://www.google.com/alerts, to find it. I’d think twice before using it.
|
About: Robert: Robert Porter holds MCSE, A+, Net+, Security+, and multiple CIW certifications. He has been in the hosting industry for more than a decade and is founder of Lagniappe Internet L.L.C., a privately owned, completely debt free, hosting company based out of New Orleans. Robert's background includes 25+ years in programming, databases, networking and systems administration. |
September 30th, 2009 at 8:27 am
Thanks Robert for your post. I wanted to leave a note that we are aware of the false positives from a couple of anti-virus companies. We have contacted the companies and they have recognized the false positive, but we have to wait for the next auto-update of their signature files for it to go through. In the meantime we are working on a longer term solution to this issue of false positives. Many new analytics tools can be identified by the anti-virus companies as a risk when in fact they are not.
Could you please contact us a support at tynt dot com with the anti-virus programs you are using so we can make sure we are on their whitelists ?
Thanks!
Derek from Tynt
September 30th, 2009 at 8:50 am
Thanks Derek for the quick response. Post hasn’t been around but a couple of hours and already a reply. That speaks well of your company.
This machine is running Trend Micro’s OfficeScan product – which is an enterprise type a/v program. I’m not at the other computer, so I can’t say for certain the product or version. I’ll email this to the email you gave as well.
Thanks,
Rob
October 1st, 2009 at 10:34 am
Thanks, we’re on it! The ironic thing is Trend actually runs Tynt on their blog at blog.trendmicro.com.