The Inquirer-Home

Opera is Spyware!?!

Dodgy goings on backstage
Mon Apr 21 2003, 12:10
Update 16:31 BST But now see The INQUIRER, Andrew Busigin and Opera.

Andrew Busigin says: "The best advice I have, is to disregard the article entirely, until a more complete and competent analysis can be properly prepared, reviewed, and published."

RESTING IN SUNNY FLORIDA, I was Running Opera on a nephew's system, specifically ver 7.03 US - the adware version. I didn't mind ignoring the ads too much, and even occasionally clicked on a few to feed the clikthru hungry bannerati. Lo and behold, without entering any voluntary location data, and always entering such info in a dodgy fashion when it was a "required field", the banner ads started getting personal, or at least - local, advertising businesses very close by. It seemed as if the browser might be feeding back URL lists, or perhaps, gasp, form field content, or XML. Naw... I thought - not Opera. I like those folks, and have recommended it to so many.

Being a wary security sort, my early experience with Opera was good. I didn't want to believe that Opera was no longer behaving ethically. I wanted to find other culprits.

Ok, let's review... I was running anti-virus at least two extra full scans a day, with daily updates ( AVG-Anti Virus - free for personal use and a very good anti-virus program). I also had Ad-Aware running and cleaning everything it could find several times daily. I didn't want to believe that Opera wasn't behaving ethically. The machine also operated on a network connection behind a firewall appliance.

I realized this wasn't enough.

Time to install Sygate Personal Firewall ( free for personal use). Heck - it should have been installed from the outset, but in a previous visit, it had interfered with my nephew's personal mud server.

I digress... Using Sygate is a bit of work if you want to be diligent about security, so I set the options to register every dll. This meant that every time a program loaded a new DLL, I would be asked permission, or the dll would not be allowed to load henceforth. Well - Opera went and caused me numerous notifications, and by reading the fine print, it was loading several DLLs at a time.

Now in fairness, dll's seemed to load at times when there might have been an excuse to do so, for example - when I asked to print a page, it loaded several dlls. Fine. I wasn't certain it needed as many as it asked for, but I allowed it. I noticed that every now and again, it seemed to be loading DLLs at synchronous moments when my nephews Opera-based mail account was periodically going to his POP3 server to look for mail. Odd. Now I noticed that opera seemed to occasionally update a dll that appeared to be connected to it's ad-banner, but while I objected to being updated without my express permission, I allowed it a couple of times.

But then during a now seemingly routine DLL load notification, I read that Opera had loaded a pgpmn.dll file, that I couldn't explain. After all, I wasn't using pgp on this machine, and my nephew hadn't fired it up in weeks, or longer, so I had to wonder - What was Opera doing with my pgp files, without my express permission to be there?

Having tried to e-mail Opera folks about security questions a few times in the past, I knew better than to try again, and I thought about the other odd things Opera had done recently.

Well, one of the things about Opera for some time now, is that I've noticed Opera's memory footprint growing on my system as if it had a bad memory leak. And after a hour of use, the Opera footprint could be pretty large. Opera crashes seemed to happen repeatedly after sucking up mucho memory, but I had thought that a design flaw that failed to dump old memory/pages aggressively enough.

(Right now with about 7 active windows, it was taking about 47 MB, with an additional 69 MB of virtual memory swapped out. I had lots to spare, but that's a pretty big chunk of memory. Opera commonly pumped itself up well over 100MB, and sometimes well over 200.

Time for another tool. PROCESS VIEWER ( Free!) I used to use AATools, but those tools are nag-and-timeout-ware now, and this process viewer utility is fine to discover processes and threads under the hood.

Ok, after a look, Opera looked like it had referenced everything but the kitchen sink. While one nasty possibility I floated was that Opera was linking to a PGP dll to get at my private keyring - perhaps snooping for some dark-sunglasses guvmint agencies. An alternate explanation for accessing my pgp files, could be simply as on in a long list of modules Opera was just taking an inventory of. Less nefarious, but still unethical in my book.

Looking still deeper, Opera appeared to have pgpmn.dll listed twice in the modules list, with two different entry points. A few minutes later, Opera dropped one of the entry points, and again had pgpmn.dll registered only once. Time to worry some more. With two entry points to a pgp dll, it was no longer likely to be just a file inventory exercise.

And how many modules was Opera loading? In all one count just yielded 80 modules. Compared with all the other tasks running, it appeared to be the program with the largest number of modules linked.

The Process viewer also showed me the 8 threads it was running, and strangely, though MS Task Manager showed Opera operating at normal priority, the child threads showed a different story. No less than two threads were running at Time-Critical priority, and another thread was "above normal".

Now I'm worried. At this point, I no longer trust Opera, and will soon be removing it from all the PC's I own and influence - and that's a great lot of PC's BTW.

As far as I'm concerned, they have a near-impossible chance of winning back any trust from me, and despite the many features of Opera that I truly enjoyed, like mouse gestures and easy page ZOOM, I'm going to flip over to Phoenix. I've been playing with it, and thought it wasn't quite ready, but I now think that it is ready enough, based on the alternatives. (Phoenix and Mozilla also have the best support I've seen for Math-ML, do render complex mathematical formulae almost as well as TeX.) Phoenix is FAST, has a tiny memory footprint, and it is open source.

Oh, and for you lot out there still trusting the Microsoft browser, and Active-X controls, your security isn't affected by this Opera issue. Mind you, I won't run the Vole's browsers on my PCs either. Most data security professionals credit the Redmond Satan with writing the book on bad examples for security. You can have bad security on a Linux OR Microsoft box, but it is so much easier with MS.

So Opera folks - unless you can come up with a complete and thorough explanation, you might want to plead insanity, and go open source. For me, that's the most likely road back to any measure of trust. Today I've learned to spell betrayal - O.P.E.R.A. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?