Spyware in your Software

DaftDog

Full Member
webmeister
Joined
Sep 19, 2007
Location
Houndsville
I am a webmaster who has two casino / poker related websites. Over the past year or so my virus protection program, I'm using NOD32, has been blocking an increasing number of different casino / poker software downloads.

The software I find that is currently being blocked is RTG, Playtech and Microgaming.

I got quite annoyed with this and sent an email to NOD32 support asking why their software was blocking legitimate casino and poker software. This is the reply that I received:

Even though the software may be legitimate, most of these still have integrated spyware and require the user to install active-x controls. ESET will not block any software that is harmless.

Have some of the major gaming software providers decided to spy on your gaming pattern? The market is very competitive so how low will some of these companies stoop to get a competitive edge?

I feel eCOGRA should investigate this matter as most of their approved list uses some of this "spyware". :eek:
 

c_note

Full Member
Joined
Feb 5, 2002
Location
divide by zero
Bah Humbug

Nod should head off back to sleep.

There are really 2 easy ways for online casinos to provide you with the entertainment you as a player want, Java Applets, and ActiveX. Most Microsoft based casinos will use ActiveX. More on active X at
You do not have permission to view link Log in or register now.


MGS & Specifically Playtech dont care what you do on your pc unless it relates directly to their product. The controls they will have put in place allow them to :

1. Provide you with the game client, flash client, images, flash files, movies, real spins, and all the extra added value you can see.
2. Track you across their site, and provide you with account specific functions like depositing, requesting cashouts, playing games etc
3. Manage fraud to a degree (this is a minor thing within the activex controls they use)

Dodgy casino software can be used to spy on users, take over machines, and do a whole bunch of other nasty things, but you are not going to see the big software providers doing anything like this. If there was really spyware within the software, they would have been bust a long time ago by any one of the dozens or hundreds of paranoid IT freaks that play online.
 

lots0

Banned User - troll posts - flaming
Joined
Jun 3, 2006
Location
Hell on Earth
It also depends on what their definition of "Spyware" is.

As far as I can tell ESET NOD32 defines "Spyware" in this case as the gathering of information and transmission of that data to an external destination.

This gathering and transmission of information is required for the casino games to play on your computer.

Also don't forget that if you are playing for 'Real' you have already given the casino most of your personal information anyway... The same personal information that these guys at NOD32 are saying the casinos are trying to steal with Spyware. (Why would anyone try to steal something that was given freely?)

Some companies have made the uninformed and incorrect decision that all online casinos are "evil" and therefor anything they do is suspect and intended to harm. This is just not the case.

Sure there are some Rogue Casinos, we have even discovered a few here at CM, that fill their download with Virus, Trojans and other badware. But that is the exception and not the rule.
 

c_note

Full Member
Joined
Feb 5, 2002
Location
divide by zero
Yep

Good response Lots0, thanks

And just like there are rogue casinos with spyware and other junk in their software, there are Anti Virus companies that write viruses to keep their sales up...
 

winbig

Keep winning this amount.
Joined
Mar 10, 2005
Location
Pennsylvania
I use ESET NOD32 as well, and love it - except for the false-positives such as these. I can't even download RTG software without turning it off first. It deletes it as soon as it starts downloading. :rolleyes:
 

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
Who's to say really that the casinos don't use this data gathering software plant to capture the play patterns of the customer ?? :what:

Can it be proven that it is not used for this purpose or on the other hand can it be proven that it is ? ;)
 

winbig

Keep winning this amount.
Joined
Mar 10, 2005
Location
Pennsylvania
Who's to say really that the casinos don't use this data gathering software plant to capture the play patterns of the customer ?? :what:

Can it be proven that it is not used for this purpose or on the other hand can it be proven that it is ? ;)

I can say without a shadow of a doubt that there's no "weird" traffic going in or out when I'm playing at a RTG casino.
 

catrina m

Dormant account
PABaccred
Joined
Feb 8, 2007
Location
US of A
I run a free program called threatfire I downloaded from cnet along with my virus software and it alerts me to anything going in or out, it alerts me when I start the casino, but I allow it. I havent had virus in a while, but traffic in and out is important.

It does identify casinos as a high risk threat, but what isnt online these days.

cookies are still the way most places track you. We all probably have a meister cookie :)
 

GrandMaster

Dormant account
Joined
Jan 21, 2004
Location
UK
I am a webmaster who has two casino / poker related websites. Over the past year or so my virus protection program, I'm using NOD32, has been blocking an increasing number of different casino / poker software downloads.

The software I find that is currently being blocked is RTG, Playtech and Microgaming.

I got quite annoyed with this and sent an email to NOD32 support asking why their software was blocking legitimate casino and poker software. This is the reply that I received:



Have some of the major gaming software providers decided to spy on your gaming pattern? The market is very competitive so how low will some of these companies stoop to get a competitive edge?

I feel eCOGRA should investigate this matter as most of their approved list uses some of this "spyware". :eek:
There is also a concept of a false positive. See my previous posts on this topic: https://www.casinomeister.com/forums/threads/dont-download-golden-casino.22397/, https://www.casinomeister.com/forums/threads/online-casinos-and-spyware.9021/, https://www.casinomeister.com/forums/threads/download-inetbet-and-get-a-bug.7013/


Who's to say really that the casinos don't use this data gathering software plant to capture the play patterns of the customer ?? :what:

Can it be proven that it is not used for this purpose or on the other hand can it be proven that it is ? ;)
I know you love a good conspiracy theory, but what sort of play patterns are you thinking of that could not be obtained from the server side information?
 

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
There is also a concept of a false positive. See my previous posts on this topic: https://www.casinomeister.com/forums/threads/dont-download-golden-casino.22397/, https://www.casinomeister.com/forums/threads/online-casinos-and-spyware.9021/, https://www.casinomeister.com/forums/threads/download-inetbet-and-get-a-bug.7013/



I know you love a good conspiracy theory, but what sort of play patterns are you thinking of that could not be obtained from the server side information?

Frequencies in bet patterns and or global, area specific bet/play patterns, breaks in play...pauses
 

c_note

Full Member
Joined
Feb 5, 2002
Location
divide by zero
Robwin

They have ALL of that data on their database. Every bet you place, the result, which games, when it happened, hell, they could probably work out when you took a coffee break from the amount of data they have.

BUT, they dont need to steal it from you. You give it to them by placing the bet.

Think about it : every casino uses SSL/HTTPS for its game play. That means that only Casino 1 can see Casino 1's traffic/bets. But Casino 1 can see all that stuff anyway, 'cos you are betting with them, and the data is stored on their database. Casino 2 cannot see Casino 1's while you are playing, even if they are owned by the same company. But the company can see everything from both casinos, on the database.

Why would they need to go to the risk of being legitimately detected as having spyware in their software when every bit of data they need they have. Look at Playcheck & Cashcheck on MGS. All your game play is there. Every bet. Everything they need to know if available to them under their control (the servers), which is where it should be.
 
Last edited:

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
Robwin

They have ALL of that data on their database. Every bet you place, the result, which games, when it happened, hell, they could probably work out when you took a coffee break from the amount of data they have.

BUT, they dont need to steal it from you. You give it to them by placing the bet.

Think about it : every casino uses SSL/HTTPS for its game play. That means that only Casino 1 can see Casino 1's traffic/bets. But Casino 1 can see all that stuff anyway, 'cos you are betting with them, and the data is stored on their database . Casino 2 cannot see Casino 1's while you are playing, even if they are owned by the same company. But the company can see everything from both casinos, on the database.

Why would they need to go to the risk of being legitimately detected as having spyware in their software when every bit of data they need they have. Look at Playcheck & Cashcheck on MGS. All your game play is there. Every bet. Everything they need to know if available to them under their control (the servers), which is where it should be.

Bet patterns and or global, area specific bet/play patterns was my main concern...you really don't think that they harvest this info from their player database and further use it for marketing, etc...why else would they need to implant that "Active X" control with their software ??
 

c_note

Full Member
Joined
Feb 5, 2002
Location
divide by zero
The active X control allows them to serve the images, movies and games to you. It cannot check into your play at other casinos. All of that is encrypted by the casino itself. Active X is used by hundreds, if not thousands of sites to control content. It allows to them to do some very nifty things on their own site, but gives them no access to anything not related to their site. Active X does not use sites or applications, Site and applications use active X.

Again, if their was any way a Casino software was spying on you, the IT freaks who play on the sites would have discovered it and reported it.

When you say "global/area", are you talking about your own game play at lots of sites, or everyone in a specific area (even the world) playing at 1 site?
 

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
The active X control allows them to serve the images, movies and games to you. It cannot check into your play at other casinos. All of that is encrypted by the casino itself. Active X is used by hundreds, if not thousands of sites to control content. It allows to them to do some very nifty things on their own site, but gives them no access to anything not related to their site. Active X does not use sites or applications, Site and applications use active X.

Again, if their was any way a Casino software was spying on you, the IT freaks who play on the sites would have discovered it and reported it.

When you say "global/area", are you talking about your own game play at lots of sites, or everyone in a specific area (even the world) playing at 1 site?

Remember too that this Active X control has not always been a part of the MG download...I played at MG casinos for years before this became a part of the download...

Global as in meaning area specific, evaluations of a multitude of players from specific locales..their play patterns, their average bet size, what time of day they play, what days of the week and or months they deposit the most, etc, etc,...that list could go on and on to determine the demographic studies that could be harvested...
 

RobWin

closed account
Joined
Apr 24, 2004
Location
A Vault!
From Wiki FWIW...

ActiveX controls are small program building blocks that can be used to create distributed applications that work over the Internet through web browsers. Examples include customized applications for gathering data, viewing certain kinds of files, and displaying animation.

Malware, such as computer viruses and spyware, is often distributed as ActiveX controls in webpages.
 

c_note

Full Member
Joined
Feb 5, 2002
Location
divide by zero
Global as in meaning area specific, evaluations of a multitude of players from specific locales..their play patterns, their average bet size, what time of day they play, what days of the week and or months they deposit the most, etc, etc,...that list could go on and on to determine the demographic studies that could be harvested...

All of the above is on the database. They know who you are when you register, and every time you connect, they know where you are. They store all deposit, cashout, bet, transfer, bonus, adjustment, login, logout and any other kind of transaction you can think of. Again, why use a control on a user's PC when they have all of that data on their servers.

The Active X control will only gather data from the specific computer where it is installed from. You did not see MGS use it a long time ago, because they only started using it with Viper. They used it because it allows them to do much much more. Yes, Its is used by virus writers because if the user does allow it to be installed, the user is effectively giving the Active X object full access to their PC.

By your logic, since some Active X controls are viruses/trojans/spyware and are thus dodgy, you need to apply it to all websites, email, SQL and everything else even remotely associated with a windows PC, since pretty much everything on your PC can be used by virus writers as a method of infection. It does not even have to be on your PC. Do you own a Digital Photo frame? about 300,000 were shipped from China with a Virus preloaded, thanks to one of their techs who was using an infected PC to test the frames before they were shipped.
 

GrandMaster

Dormant account
Joined
Jan 21, 2004
Location
UK
From Wiki FWIW...

ActiveX controls are small program building blocks that can be used to create distributed applications that work over the Internet through web browsers. Examples include customized applications for gathering data, viewing certain kinds of files, and displaying animation.

Malware, such as computer viruses and spyware, is often distributed as ActiveX controls in webpages.
Do I really have to point out the logical flaw in the argument because viruses or spyware are installed via ActiveX, every use of ActiveX must be malicious?

Nevertheless, ActiveX has a flawed security model, it is based on the author certifying that it is harmless, as opposed to, for example, Java, which was designed with security in mind.


The Active X control will only gather data from the specific computer where it is installed from. You did not see MGS use it a long time ago, because they only started using it with Viper. They used it because it allows them to do much much more. Yes, Its is used by virus writers because if the user does allow it to be installed, the user is effectively giving the Active X object full access to their PC.
ActiveX is irrelevant for download software since the software has the same privileges as the user running it, and as far as I can remember, MG flash casinos used ActiveX before Viper software.
 
Top