Click the image to view the full-version

Source: i-marco.nl
Found: weebee.ro

But Lavasoft’s Ad-Aware identifies a standard registry key included with Internet Explorer as “Data Miner” spyware, with little or no further explanation, and offers to delete it. I hope this page offers a better explanation, and other alternatives to deletion. Spybot identifies it too, also without much explanation, though they have a smarter strategy to deal with it (more below).

The issue is the ‘Related Links’ feature of IE which appears as the ‘Tools’/'Show Related Links’ menu item (and a corresponding toolbar button if you added it from the ‘Customize…’ link on the toolbar). If you use that feature, IE will contact the Alexa servers to obtain information about other web pages which might be, er, related, open an Explorer Bar, and display those (plus adverts and whatnot). Go check the Alexa web site to see if you think that is a good idea (and, just to be clear, I think it’s a sucky idea), or just to double-check that you haven’t deliberately or unintentionally or absent-mindedly installed some of their software.

And due to a recently discovered bug in IE, you might even transmit (potentially sensitive) URL information if you reload pages long after you close the Explorer Bar, about (even secure HTTPS/SSL) pages for which you didn’t request Related Links.

But if you don’t use that menu or button, Alexa will not hear from you. No spying will take place. Wierd.
Just to be clear, this feature is still ‘spyware’, if you use it,. If you do so, you will be sending information to MSN and Alexa obtained by spying, and there is nowhere that Microsoft adequately discloses and documents that privacy ‘leak’. Sure, Alexa have some information on it, and a pretty clear privacy policy, but you don’t get to know of Alexa’s involvement until after you use the feature, and even then you have to hunt for it, and even then no mention is made of MSN’s interstitial involvement. Don’t blame Alexa though – it’s Microsoft’s responsibility to provide their users with complete and truthful disclosure – and they haven’t.

But if you don’t use it, it won’t be spying on you behind your back, and you may sleep soundly.
Here are some options:
- You can let Ad-Aware delete it, with no harm done (though if you later repair, or patch or upgrade IE, it may get re-established).

- You can ignore the alert and leave it be, with no harm done.

- You can fiddle with it so that it just doesn’t work (so that even if you, or someone else using your PC, accidentally tries it, it won’t contact Alexa).

- Or you can fiddle with it so that it uses Google to find related links, instead of Alexa. See the instructions below.

Here’s the skinny . . .
The existing Alexa/Show Related Links gubbins is just a registry key [#1], creating a menu item [#2], pointing to a local web page [#3], pointing to an MSN search page [#4], which uses the Alexa engine. All that is ‘installed’ on your PC is that HTML page [#3], which uses MSN and Alexa, only if you use it.
[#1] HKLM\Software\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
[#2] Within IE, see Tools / ‘Show Related Links’

[#3] C:\Windows\Web\related.htm (for Win9X and XP it’s here. Other O/S’s may be slightly different).

[#4] http://related.msn.com/related.asp?url=

Open ‘Related.htm’ in Notepad to see what it does, if you like. Or try, say, this link . . .

http://related.msn.com/related.asp?url=grc.com

If you don’t use the ‘Show Related Links’ menu links, and if you haven’t installed any extra Alexa stuff [#5] then you are NOT in danger of it spying on you.
[#5] Maybe from Microsoft Internet Explorer Web Accessories)
So, what to do about it?
If you don’t want ‘Related Links’, and/or don’t want anyone else using your PC from inadvertently contacting MSN/Alexa, you could just let Ad-aware delete it for you. Or you could fiddle with it so that it doesn’t work, by just editing the line in your own copy of ‘Related.htm’ (by opening it in Notepad) to one of these :-

from . . .

RelatedServiceURL=”http://related.msn.com/related.asp?url=”;

to . . .
RelatedServiceURL=”http://no_way_no_how.org/=”;

or simply . . .

RelatedServiceURL=”http://127.0.0.1″;
Or if you do want ‘Related Links’ (see Note 4 re security implications), you could . . .
- Install the Google toolbar which has that option (if you’re happy to interact with Google. I am).

- Or just do ‘related’ searches in this format . . . http://www.google.com/search?q=related:www.grc.com

- Or hit the “Similar pages” link shown on all Google search results.

- Or you could just edit the line in your own copy of ‘Related.htm’ . . .
from . . .

RelatedServiceURL=”http://related.msn.com/related.asp?url=”;

to . . .

RelatedServiceURL=”http://www.google.com/search?q=related:+”;

Notes
If you later repair, or patch, or upgrade IE, it may get overwritten by a new ‘Related.htm’. So far I think Service Patches and version upgrades tend to overwrite it, whilst normal or cumulative patches don’t – but it’s anyone’s guess next time. If so you’ll need to do this tweak again (or just save a tweaked copy, then put your version back after the upgrade).

You can choose any search engine or search function you like, of course. You might get some ideas from here (and you’ll find appropriate URLs by looking within the Bookmarklets with Notepad.

Spybot users. If you select their “Alexa Related: What’s related link (Replace file)” option from scan results window, Spybot will effectively overwrite the same line within ‘Related.htm’ with …
RelatedServiceURL=”http://www.google.de/search?q=”;

Well, that’s okay. But it asks Google only to search on the current URL, not for pages related to the current URL. You can manually change it as above if you prefer to keep the ‘what’s related’ functionality, and of course you can change it from the German Google page to the main one, or indeed any localisation of your choosing.

Secunia have recently discovered a bug in IE which means that if you use the “Related Items” menu/button, then any time in the same IE session you happen to press Ctrl+R to refresh a page (including ‘secure’ SSL-enabled pages), even if you’ve already closed the Explorer Bar, the current page’s URL will be transmitted (in plain text, even for SSL pages) to MSN/Alexa!

As Secunia point out: “The data transmitted to “msn.com” and “alexa.com” is the complete URL. In some cases this could contain sensitive information such as username, password, session id, search string, “secret paths”, and more.”

Secunia’s workaround (to block MSN and Alexa at your firewall or Hosts file etc) is good, if you don’t normally need access to those sites. But changing Related.htm (instead or as well) is even better, because it still covers you if MS/MSN/Alexa quietly change servers in the future.

So, until MS patch the bug, you may wish to subvert Related.htm to use an invalid or loopback address, rather than even Google.

Found on the net. Thought of it to be quite useful.