These are links!

Hi,

I'm trying, remotely using Teamviewer, (for a friend who spent years
telling me she didn't want me using Teamviewer) to download and install
AVG and avg.com sends me to
http://download.cnet.com/AVG-AntiVir...=dl&tag=button

it has two buttons to download with:

http://dw.cbsi.com/redir?ttag=downlo...1vry2duHwoQcKX

and

http://googleads.g.doubleclick.net/a...04&ny=-19&mb=2

With names like these, how can one believe they will give me AVG.exe?



Okay, I went through it again on my own computer, and it started giving
the AVG name again with a suffix of -CNET, so I took a chance and it's
working on her computer, scanning now, but why do the links have names
like this.

Doubleclick is famous for advertising, afaik and nothing else.

"micky" wrote in message
...
Hi,

I'm trying, remotely using Teamviewer, (for a friend who spent years
telling me she didn't want me using Teamviewer) to download and install
AVG and avg.com sends me to
http://download.cnet.com/AVG-AntiVir...=dl&tag=button

it has two buttons to download with:
With names like these, how can one believe they will give me AVG.exe?

Okay, I went through it again on my own computer, and it started giving
the AVG name again with a suffix of -CNET, so I took a chance and it's
working on her computer, scanning now, but why do the links have names
like this.

I put Avist on this PC too @ cnet.com

Doubleclick is famous for advertising,
afaik and nothing else.


--
Advertising Free News Read
http://www.xsusenet.com/?ref=424563
One click to Buy, Two clicks it get pay



---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

micky wrote:
Hi,

I'm trying, remotely using Teamviewer, (for a friend who spent years
telling me she didn't want me using Teamviewer) to download and install
AVG and avg.com sends me to
http://download.cnet.com/AVG-AntiVir...=dl&tag=button

it has two buttons to download with:

http://dw.cbsi.com/redir?ttag=downlo...1vry2duHwoQcKX

and

http://googleads.g.doubleclick.net/a...04&ny=-19&mb=2

With names like these, how can one believe they will give me AVG.exe?



Okay, I went through it again on my own computer, and it started giving
the AVG name again with a suffix of -CNET, so I took a chance and it's
working on her computer, scanning now, but why do the links have names
like this.

Doubleclick is famous for advertising, afaik and nothing else.

This is CNET, a.k.a. "Toolbars For All". Very democratic of them. /s

This is what the browser of a happy CNET customer looks like.
I bet this browser runs fast.

http://farm4.staticflickr.com/3100/2...b210f8f3ac.jpg

*******

I must confess, I've run into pages with so many download
buttons, it must have taken me 20 minutes to figure out where
the download is. With some web pages, you really need to (in Firefox),
Save As for the page, and have it dropped as a set of files in
your download folder (that is, just the source code for the web
page, including style sheets and other crap). Then go through the
files one by one, for hints as to where the download might be hiding.
Some pages of course, have no downloads on them, and we've all run
into sham sites before, that only exist to get advertising
views and have no content at all to offer.

I tried your cbsi.com download, and the easy availability of files
in my copy of 7-ZIP, hints it is probably a "green" file. When
downloads contain UPX packed content, where your hex editor
encounters "high-density binary" in sector 0 of the file,
that's generally a hint they're hiding something. Sometimes in
7-ZIP, you can even see a "$PLUGINS" folder, which contains
the toolbars, ready to go.

I extracted the executables from the download, and all are clean
from an AV perspective. If there was a toolbar, the reaction
would not be all that strenuous in any case. So this is not
a guarantee of anything. The AV companies, for the most
part, "think toolbars are A-OK" and represent rough frontier
justice.

1ef311c44b22c97ab69fe19266ced618 *HtmLayout.dll
709094d39e92084a8d7d5b069f051b06 *avgmfapx.exe
4b614be8b8443d17e63b5215cafab79e *avgmfarx.dll
d5fa717d00111fe245f1536fd3fde709 *avgntdumpx.exe
7fe6b5b624f60cd8dc18f22d8957f28f *avgrdtesta.exe
ab7cf7d136993b6be86e7825e1913bb1 *avgrdtestx.exe
b39df70fff7cfb7f26ec3ea91d9bfc7c *avgrunasx.exe

(We don't know what they do, but they're nominally clean.)

HtmLayout.dll https://www.virustotal.com/en/file/5...b8c4/analysis/
avgmfapx.exe https://www.virustotal.com/en/file/b...c41b/analysis/
avgmfarx.dll https://www.virustotal.com/en/file/4...1cc4/analysis/
avgntdumpx.exe https://www.virustotal.com/en/file/9...ed18/analysis/
avgrdtesta.exe https://www.virustotal.com/en/file/4...2dd8/analysis/
avgrdtestx.exe https://www.virustotal.com/en/file/d...3866/analysis/
avgrunasx.exe https://www.virustotal.com/en/file/9...dfe4/analysis/

Have fun on teh interNetz,

Paul

CNet is now owned by CBS. That's probably what
cbsi.com is. The second link seems to be to get some
kind of nonsense "cleaner" that probaly tracks you
and shows ads. It hands you off to doubleclick,
undoubtedly for a cookie, in the process.

The rest is serverside parameters that allow information
to be transferred as you go from one webpage to another.
Each parameter is separated by &. Such parameters are often
used in lieu of cookies, to transfer info from one page to the
next, for instance if you click "Add to Cart" and then click
"check Out". Some parameters are obvious: "devicetype=desktop".
Some are not. As with Google search URLs, much of it can't be
known unless they tell you. But it's safe to assume they're
transferring information about what you're doing and who you
are, to the extent they can do that, and that they're tracking
you to show you ads, at the very least.

Personally I would always try not to download anything
from CNet. Their links can be bad. They try to sell you
on their downloader software. Basically it's a big company
trying to make a buck giving away free software. It's not
easy to do that honestly and still make a buck. Probably AVG
lets CNet show you ads and track you in exchange for the
CNet handling the download traffic.
If you have to download from places like that just try
to confirm the validity of the package and try to get
it without the "download manager".

I usually just search. I found this link that looks
clean:
http://www.filehippo.com/download_avg_antivirus_32/
It actually links to he
http://aa-download.avg.com/filedir/i..._4714a7694.exe

Also, anything from Major Geeks is usually OK.

I recently found someone trying to download my
software through a CNet link. The link was for a very
old version. CNet hasn't been authorized to list
my software for many years, since I refused to pay
them for listings. I don't know where they come up
with these links. They used to have a *very* old,
discontinued program of mine listed with a link coming
from Russia. I have no idea what was on the other end
of that link! I tried to contact them but as usual, couldn't
get through.
So... in other words.... CNet is a slimy swamp,
best avoided.

------ Interesting side story about Google that demonstrates
usage of url parameters:

If you go to Google these days they proxy you through their
server, unless you clean up the link yourself. Here's an
example. I searched for "green tray". This is one of the returns:

https://www.google.com/url?q=http://...ipfABYeUifNFdA

Google would send me to Yelp, but only after they've
run my click through their own server for tracking, unless
I clean up the link, using just what's between "q=" and
the next ampersand. They will then typically send a referrer
to Yelp. They don't send as much info as they used to in
most cases because they want webmasters to use Google
Analytics, but here's an example of a pretty good referrer I
got today:

http://www.google.ru/url?sa=t&rct=j&...,d.bGQ&cad=rjt

What does it tell? It tells more to Google than to me, but
I can figure out some of it. The searcher was from Russia
or E. Europe.

"q=windows%20installer%20unpacker"
The "q=" indicates the search terms typed in. So they
were searching for "windows installer unpacker"

"cd=2"
The "cd=" indicates the link number.
cd=2 indicates the link to my site was second
in the returns.

The actual link destination is also
in the referrer. Aside from that, I don't know what the
other parameters mean. Probably at least one is simply
a unique ID for tracking purposes.

On 01/07/2014 21:02, Paul wrote:
snipped

Paul


Hey Paul,

Did you get your dentures last week. I hope you can now eat your
favorite food. Without the dentures it must be very difficult.

How many latinos do you need for this weekend? It is the 4th so you
must be having a big party out there. Let us know as soon as you read
this post. It is almost difficult to get hold of you because of your
commitment to these newsgroups.

We'll keep 5 latinos for you every week so we don't have to disapoint you.

--
Al Sparber - PVII
http://www.projectseven.com
The Finest Dreamweaver Menus | Galleries | Widgets
Since 1998

micky wrote:

... Teamviewer ... AVG and avg.com sends me to
http://download.cnet.com/AVG-AntiVir...=dl&tag=button

Lot of freeware is hosted at download sites. It eliminates the cost of
the vendor having to supply the file server and bandwidth for a product
that generates them no revenue. The download sites qualify their free
downloads (not free software but just the downloads) by showing you ads.

it has two buttons to download with:

http://dw.cbsi.com/redir?ttag=downlo...utton&siteid=4...

That part of the URL tracks from where the download was obtained and
attributes of the page where the download link was provided. See:

http://www.whois.com/whois/cbsi.com

to see who owns that domain. Download is rife with ads. You expecting
them not to harvest demographics on their ads or to assist a site with
analytics on their downloads? Also, if you scroll to the bottom of
Cnet's page, you'll see "© CBS Interactive Inc." and the quicklinks
panel at the bottom has "About CBS Interactive". The acquisition was
back in 2008 yet they still have a mix of domains in links at Cnet.
When you hover the mouse over the images on that page, most of them go
to cbsi.com.

....&destUrl=http%3A%2F%2Fdownload.cnet.com%2FAVG-AntiVirus-Free-2014%2F3001-2239_4-10320142.html%3FhasJs%3Dn%26hlndr%3D1%26part%3Ddl-avg_free_us&onid=2239&oid=3000-2239_4-10320142&rsid=cbsidownloadcomsite&sl=en&sc=us&pdgu id=download%3A13799210&topicguid=security%2Fantivi rus&topicbrcrm=windows%20software&pid=13799210&mfg id=10044820&merid=10044820&ctype=dm&cval=NONE&ltyp e=dl_dlnow&spi=08cd3e00b35171064cc5fdf08464c257&de vicetype=desktop&pguid=5f847b1c60eb70aac748ca0b&vi ewguid=Oy-PHxla4jyhFbgOK54ugv1vry2duHwoQcKX

And therein lies the URL to CNet's actual download. The destURL (domain
and path) say where is the download while all the other attributes
provide CNet with their own stats on the download.

and

http://googleads.g.doubleclick.net/a...28288586014899...

Yep, they have ads from Google, too, and Google can use Doubleclick to
gather stats on link clicks.

....&adurl=http://systemspeedup.systweak.com/%3Futm_source%3Ddcomnewspdr728%26utm_campaign%3Ddc omnewspdr728&nm=3&nx=404&ny=-19&mb=2

So that link isn't for AVG but for some (probably bogus or hazardous)
tweaker utility that costs money for functions it provides that you can
find for free (i.e., create your own best-of-breed freeware to do the
same or more than some weak all-purpose tweaker).

It looks like you gave a link from the intro download page where you
click on a big green Download Now button. That takes you to another
page that should start the download. If it fails, you click on the
"restart the download link", not somewhere else, and especially not on
some ad.

You need to differentiate content, like download links, from ads. If
you go clicking on links, regardless of what they claim, who knows what
crap you'll end up getting pointed at.

I use TPLs (tracking protection lists) in IE. I use the EasyList,
EasyPrivacy, and Stop Google Tracking blocklists via TPL in IE. For
Firefox, you can use the Adblock Plus add-on. For example, me clicking
on the bogus Google Ad that says it is for AVG but actually points to
some ripoff tweaker tool gets blocked when I click on it. Doubleclick
in in the blocklists to which I subscribe. Or it could've simply been
and defunct link.

| Yep, they have ads from Google, too, and Google can use Doubleclick to
| gather stats on link clicks.
|

And for those who don't know, Google IS Doubleclick.
Doubleclick ads are so ubiquitous that the typical Doubleclick
URLs should be in everyone's HOSTS file. Doubleclick
is spyware ads, tracking the average person almost
everywhere they go, so that even someone who blocks
script and cookies can be tracked in most of their activites
by Google.

Surprisingly, Google makes little effort to vary or hide the
Doubleclick ad URLs, which is an indicator of just how
unusual it is for people to use their HOSTS file. A few
lines, or even one line -- 127.0.0.1 ads.doublick.net --
can remove probably more than half of all ads online,
along with the respective Google tracking. Adding a few
more lines can stop most Google spying:

127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 imageads.googleadservices.com
127.0.0.1 www.google-analytics.com

Yet very few people bother or even know about the
HOSTS file.

Mayayana wrote:

| Yep, they have ads from Google, too, and Google can use Doubleclick to
| gather stats on link clicks.
|

And for those who don't know, Google IS Doubleclick.
Doubleclick ads are so ubiquitous that the typical Doubleclick
URLs should be in everyone's HOSTS file. Doubleclick
is spyware ads, tracking the average person almost
everywhere they go, so that even someone who blocks
script and cookies can be tracked in most of their activites
by Google.

Surprisingly, Google makes little effort to vary or hide the
Doubleclick ad URLs, which is an indicator of just how
unusual it is for people to use their HOSTS file. A few
lines, or even one line -- 127.0.0.1 ads.doublick.net --
can remove probably more than half of all ads online,
along with the respective Google tracking. Adding a few
more lines can stop most Google spying:

127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 imageads.googleadservices.com
127.0.0.1 www.google-analytics.com

Yet very few people bother or even know about the
HOSTS file.

The problem with a hosts file is that, well, it lists only *hosts*.
That's why, for example, the MVPs hosts file has over 50 host entries
just for the doubleclick domain. You cannot block on a domain, like
just on doubleclick.com. You cannot block on a string somewhere within
a URL, like *googleads*. There is no easy way to temporarily disable
the hosts file and then reenable it. Any server can detect that you did
not retrieve some of its content and then alter what content it delivers
to you. You may be extremely interested in some content and am willing
on a case-by-case basis to allow the ads to see the collateral content
that got blocked by blocking the ads. That's why I find TPLs in IE and
Adblock Plus in FF so much more convenient: easy to disable and enable.

The longer the host file, the longer it takes to search it. It's
entries do not get cached in the DNS cache service (assuming you left it
running). Search are linear from top to bottom of the list. The hosts
file is search on *every* lookup and there can be hundreds of links
within just one page. The problems aren't exhibited in short hosts
files compiled by each user but they are evidenced when using a
pre-compiled hosts file that has 16 thousand entries, or more. After
all, it has to list EVERY [known] host at a domain instead of just the
domain.

Even before I used TPLs in IE (EasyList, EasyPrivacy, and StopGoogle),
just 50 entries in my own compiled blacklist eliminated tons of ads,
especially those very nuisancesome Intellitext popups when you happen to
move the mouse cursor over a hotspot in the web page. No, I didn't use
the hosts file since it would be a hell of a lot longer in having to
lists every host I discovered Google/DoubleClick/etc was using. I use
Avast Free which has a site block feature. I can list just domains to,
say, block Doubleclick, than a slew of hosts at their domains. I can
filter on subtrings within URLs.

With TPLs, I can simply click on the blue hazard symbol in the toolbar
row in IE to enable or disable those blocklists (and AX support, too).
Click it's off. Click it's on. With Avast's site blocker feature,
there is a bit more navigation to get at the option to disable or enable
it but I've rarely had to do that except at a few sites where I found
that I had to tweak my filters, or when I want to add a new filter.

The hosts file is an antiquated and clumsy trick to block hosts. By the
way, you'll get a quicker rejection by using 127.0.0.0 than 127.0.0.1
plus you can still run your own web server without trying to connect to
it for all those host lookups listed in the hosts file.

"Mayayana" wrote in message
...
| Yep, they have ads from Google, too, and Google can use Doubleclick to
| gather stats on link clicks.
|

And for those who don't know, Google IS Doubleclick.
Doubleclick ads are so ubiquitous that the typical Doubleclick
URLs should be in everyone's HOSTS file. Doubleclick
is spyware ads, tracking the average person almost
everywhere they go, so that even someone who blocks
script and cookies can be tracked in most of their activites
by Google.


Google pay to have Check Mark click on
http://store.mynews.ath.cx/users/Avist/Avist005.jpg

That why Google Chrome the number one Down Load Browser

The funny thing is a Toolbar for internet Explorer 5,6,7 and 8 for XP
why?


Surprisingly, Google makes little effort to vary or hide the
Doubleclick ad URLs, which is an indicator of just how
unusual it is for people to use their HOSTS file. A few
lines, or even one line -- 127.0.0.1 ads.doublick.net --
can remove probably more than half of all ads online,
along with the respective Google tracking. Adding a few
more lines can stop most Google spying:

127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 imageads.googleadservices.com
127.0.0.1 www.google-analytics.com

Yet very few people bother or even know about the
HOSTS file.



---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

I've always found a HOSTS file works pretty well. I would
never use IE online, so I have no opinion about your "TPLs",
though it sounds similar to a HOSTS file. Probably some kind
of mime filter.

As I noted before, Google doesn't make much attempt
to foil HOSTS entries. Most Doubleclick ads are something
like ads.doubleclick.net. Likewise with Google Analytics.
They don't use server1.google-analytics.com,
server2.google-analytics.com, etc. So a HOSTS file can
stop a great deal without many entries.

Personally I use 3rd-party file blocking in Pale Moon
and only allow *any* 3rd-party content when I need to,
using Firefox for that. I also use Acrylic DNS server,
which allows for wildcards. So I only need *.doubleclick.com
and *.doubleclick.net.

There are various approaches. Yours may work well
for anyone who doesn't mind using IE. But even a fairly
simple HOSTS file can block the vast majority of online
ads and tracking because they're coming from such a
small number of sources. There's nothing "clumsy"
about that.

| Google pay to have Check Mark click on
| http://store.mynews.ath.cx/users/Avist/Avist005.jpg
|
| That why Google Chrome the number one Down Load Browser
|
| The funny thing is a Toolbar for internet Explorer 5,6,7 and 8 for XP
| why?
|

I'm sorry but I don't understand what you're saying.

"Mayayana"
wrote in message ...
| Google pay to have Check Mark click on
| http://store.mynews.ath.cx/users/Avist/Avist005.jpg
| That why Google Chrome the number one Down Load Browser
| The funny thing is a Toolbar for internet Explorer 5,6,7 and 8 for XP
| why?

I'm sorry but I don't understand what you're saying.


Maybe So looking at
Message-ID:
You said:

I've always found a HOSTS file works pretty well.
I would never use IE online, ,
so I have no opinion about your
"TPLs"

So Mayayana you maybe one of the them
That have install Google Toolbar on internet Explorer
With out knowing it...........


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

In message , Mayayana
writes:
| Google pay to have Check Mark click on
| http://store.mynews.ath.cx/users/Avist/Avist005.jpg
|
| That why Google Chrome the number one Down Load Browser
|
| The funny thing is a Toolbar for internet Explorer 5,6,7 and 8 for XP
| why?
|

I'm sorry but I don't understand what you're saying.


Have you not met hot-text before? English is definitely not his first
language, and often his posts have me really scratching my head to work
out what he's on about! (Or I skip them.) But I haven't killfiled him,
as (a) he genuinely is often trying to help, and (b) sometimes he does
actually come up with some useful (to me anyway) information, once I've
managed to parse a post!
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"images you may find disturbing". What? Like a mirror or an empty fridge?
- Sarah Millican, RT 2014:5/31-6/6

"J. P. Gilliver (John)" wrote in message
news
In message , Mayayana
writes:
| Google pay to have Check Mark click on
| http://store.mynews.ath.cx/users/Avist/Avist005.jpg

This is why Google Chrome
Is the number one
Down Load Browser

Because Google pay
Software Company to add
Chrome to there Software push list
http://store.mynews.ath.cx/users/Avist/

|

Funny thing is a Google Toolbar for internet Explorer
| why?

Kill internet Explorer
So you will go Chrome

I bet you can not put Bing Toolbar on Chrome
or can you?
But I do not have Chrome too
So how would I know

I'm sorry but I don't understand what you're saying.

Have you not met hot-text before? English is definitely not his first
language, and often his posts have me really scratching my head to work
out what he's on about! (Or I skip them.) But I haven't killfiled him, as
(a) he genuinely is often trying to help, and (b) sometimes he does
actually come up with some useful (to me anyway) information, once I've
managed to parse a post!

J. P.
I know Mayayana
Information useful to us here
And I believe he started a good Subject too



This is News
"
Ez-missing The hot-text





---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

| This is why Google Chrome
| Is the number one
| Down Load Browser
|
| Because Google pay
| Software Company to add
| Chrome to there Software push list
| http://store.mynews.ath.cx/users/Avist/
|

Ah. I think I finally get what you're saying. But you
don't have to worry about me. I don't use Chrome and
wouldn't touch anything from Google. I even try to avoid
their search these days. I don't use AV. And I'm running IE6,
which I mostly just use for writing HTAs and testing webpage
design. (IE "quirks mode" webpage rendering is designed to
mimic IE6 rendering, so I can just leave out the DOCTYPE
tag in webpages, test in IE6, and know that I've covered all
versions of IE.) Even the Googlites have a little pride. I don't
think they'd put their toolbar on IE6.

It's an interesting issue, though. I hadn't noticed that
Chrome was being pushed in 3rd-party venues. I do know
that Firefox makes nearly all of their $100 million+ per year
from Google, in exchange for adding the Google search box.
So Mozilla has pretty much been bought out by Google. (And
it shows.) It's a shame. I can remember when Google was an
endearing, idealistic company that was making a fortune by
simply providing good, honest search with relevant, contextual
ads - targeted ads without spying. They got rich by *not*
being exploitive. But billions of dollars just wasn't enough for
them.