Comments for Java Spyware

Excerpt: RedSheriff may be tracking your activities on the Web. Their tracking applet is present on many Web sites and is installed without your knowledge or permission. Read the whole article…

November 8, 2002 3:55 PM

MEH! Not cool... -a

John McLaren
November 9, 2002 3:58 PM

I couldn't believe this when I first experienced it. The offending site was Of course, whether the java applet downloads, as you say, without your knowledge or permission, depends upon the settings in the browser. I had this site in my secure sites zone (ie6) and have since removed it. I run Proxo and would definitely appreciate a little more detail on your countermeasures. I see the measure.class files, but I'm not sure (apart from disabling java applets) how to defend against this unbelievable intrusion. I hope your commentary stimulates the response it deserves for this simple reason. I have found that whether I relax security for a given site depends upon how much I think I need access to the site. The intrusion, therefore, becomes an exchange for information. It is not a free choice. This is extortion at a site such as BBC Online and will undoubtedly appeal to a growing number of very large information providers of this and other kinds.

Adam Kalsey
November 9, 2002 4:11 PM

My Proxomitron filter replaces code="Measure.class" with nocode="Measure.class" The other measure I took was to find measure.class on my computer and delete it. Then to make sure that it can't install again in the future, I placed a blank text file in its place and set the blank file to read-only.

John McLaren
November 9, 2002 4:23 PM

I have complained to BBC. Here is my feedback, fwiw. I can hardly contain my outrage at the intrusion you visit upon anyone who dares to visit your homepage without protection. You can find my comments here: The simple fact that a visitor allows java applets to run may be foolish, more likely completely naive as to the potential consequences. But the mistake most unsuspecting visitors make is not to suspect that their privacy (as distinct from their personal identity) will be compromised by a corporation they hold in high regard. Spare me the usual disclaimers about personally identifiable information. What you are doing is wrong. It is immoral. If you doubt this, consult someone who can advise you on these matters. ... And you might consider offering your feedback users the courtesy of a preview without the demographic probes. It is an insult to suggest, as your inappropriate form suggests, that the relevance of what a reader has to say is to be judged, analysed and tallied according to sex and age, as though everything you hear from everyone has some analytical value surpassing the importance of the feedback itself. Maybe it's time the design of your site were vetted by someone with a little common sense.

Adam Kalsey
November 9, 2002 6:21 PM

The thing is, a Web site tracking you as you move about their site is understandable. You are using their resource and they have the right to learn how you use it. The problem I have with RedSheriff is twofold. First, the data is being recorded abd managed by a third party across multiple sites. Second, they are doing it by installing software on my machine. I don't know the security implications of this software, and I haven't been given the option of inspecting the software to ensure it's stable and won't crash my machine.

John McLaren
November 10, 2002 1:28 PM

My last post crossed with your previous. I agree with your latest, however, so far as it goes. I notice that your blog was picked up here by someone who is a good deal more equivocal, so far as privacy is concerned. I also noticed that there is another class to block: sleepthread.class. It seems to have been deposited during the same visit and apparently goes back to RedSheriff by an earlier name (IMR). By "so far as it goes" I mean this. It has now been accepted that the user is entitled to reject a cookie if s/he chooses, though it was something of a struggle. There are those (like the blogger mentioned above) who seem to think privacy is not only a lost cause but a lost or nonexistant right, those whose sensitivity to issues of privacy is predicated upon the benefits to Internet commerce. The RedSheriff java applet does much more than most cookies, I think, though (perhaps) less in respect of user identification (uid), since it may identify a visitor only in relation to the site in question. A big maybe, I'm afraid, and always subject to change. Therefore, I think that any privacy advocate would rightly be concerned not only about system security but also about user choice, without duress. Allow me to rephrase your statement this way for consideration. "The problem is twofold. First, the data is being recorded and managed by a third party across multiple sites. Second, I haven't been given the option of rejecting the software, either to ensure my privacy or the integrity of my system."

November 22, 2002 9:18 AM

I'll follow up on this point. Privacy, online, or offline, is largely a falsehood. It's a feeling that one is able to create around themselves, whether real or imagined. We don't have any privacy anymore... why, you might ask? It's largely our own faults, because we, as a community, are almost always trying to find out more about others... Think about it. From the town gossip that your mom will tell some things, but not others... to the Inquirer... we all want to know something about someone else. It's human nature... That's not the complete argument, but keep following it in your own brain, and you'll come to the conclusion that I have, and that's that we have no real privacy anymore. Do I think that's right? no. Do I think we can fix that? not really. "The only secrets you have are those that you've told to no body else."

November 22, 2002 9:32 AM

None of the class files mentioned above are on my machine. A trace file "plugin131_02.trace" is installed/updated when I visit a site that redsheriff is "tracking". I deleted the contents of this file and set it to read only but when I visit the redsheriff site to test the file attributes are changed and the origional contents are back with "record sent". What am I missing?

Robert Doisneau
January 30, 2003 8:03 PM

good day gentlemen. Not sure if this thread is active still. Hopefully someone is notifified of my arrival here. If so, email me. Anonymously of course..

Robert Doisneau
January 30, 2003 10:11 PM

Why you may ask? Because I can't make it stop. Nor can I find the files you speak of.

John Compton
May 3, 2003 7:20 AM

I've discovered recently that FirstDirect Bank also uses Red Sherriff to send some sort of data back to them (see This page says that '...information cannot be used for marketing on an individual basis', but how do I know that?? I'm doing my best to find the Proxomitron filter that defeats this intrusive app., but can't seem to track down the source. Anyone got any directions for me, please?

June 23, 2003 11:58 AM

Using Ad-Aware 6.0, I found three RedSherrif cookies on my drive, but none of the files mentioned above shows up in a search of the drive (measure.class; sleepthread.class; plugin131_02.trace). It's worth mentioning that I use IE 5.5 and that when I activate my Anonymizer protection, I can search Google for anything (as normal), but an attempt to search for "RedSherrif" crashes it.... I deeply resent this arrogant invasion of my privacy, and hope someone will be able to tell me how to block it without disabling Java.

June 23, 2003 12:06 PM

After I sent the above message, I closed IE and re-searched my drive: found all three files. Is it safe to just delete them? Or, how does one replace them with blank files? Help is greatly appreciated.

Adam Kalsey
June 23, 2003 12:33 PM

I just deleted the files, and created empty text files with the same names. You should be able to do that with notepad or any other text editor. Then make sure you set the files to be read-only so that IE doesn't replace the blank files with the classes.

David H
July 3, 2003 9:57 AM

Hi, had already used Adaware 6 to delete RedSherrif, then starting looking for what is this RedSheriff? I found your web page at google, but would you mind informing me were would this spyware go to on the directory tree ie c:/windows (where), so I may install the counter measures that you stated, appreciate an email or listed here, Thank you

Adam Kalsey
July 3, 2003 11:25 AM

It's a Java applet, so it goes wherever your browser sticks those. It depends on the browser.

July 18, 2003 12:19 AM

re redsheriff i discovered redsheriff only bychance activating jre debug screen and then searching, found all your good comments. well folks - another answer is to use your firewall to block their servers that receive and record your interesting profile and habits. The offending web page source should contain the server address (in my case If your firewall needs the IP address download gtwhois & it will tell you.

September 1, 2003 1:57 AM

I emailed redsheriff and wanted them outta my computer, this is their reply. RedSheriff Measurement relies upon information sent to our global data nodes. If you do not wish to participate in this anonymous data collection, please follow the below instructions: If you are using a Windows NT / 2000 / XP machine, your hosts file will most likely be located in the following path: c:\winnt\system32\drivers\etc\hosts For Windows 95 and 98, your hosts file will most likely be located in the following path: c:\windows\hosts You need to edit the aforementioned file using a text editor (e.g:notepad.exe) and add the following lines: localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost Adding the above lines will redirect all traffic collected by RedSheriff to your own PC, thus excluding you from RedSheriff data collection. If you have any further questions or queries, please do not hesitate to contact our Customer Services organisation at

September 11, 2003 9:24 AM

Thanks Capt Russell. Now if only I can get the damn thing to not load in the fist place. It's not the smallest memory footprint you know. I can always tell when it loads because this machine crawls. It's not fair that they should destroy my system's performance for their own needs. That's like if the road construction crew dumped huge loads of materials on our cars or in our trucks and told us that as long as we were driving down the road they were working on we'd have to carry thier loads for them. I shouldn't be forced to upgrade this computer because some site wants to run demographic reconaissance on my machine. Is there a simple way to prevent the app from even loading? On a related note, is there a way to keep the "install gator" or "install comet cursor" from popping up? I'm glad I get the pop-up versus the auto-install, but I'd like to never ever get even the request again. I'll post again if I figure it out elsewhere.

Adam Kalsey
September 11, 2003 9:45 AM

Sure, stop using Internet Explorer. Or use something like Proxomitron that will filter out that junk.

Ripoff (DK)
September 15, 2003 5:08 PM

re. redsherrif. I have been reading severel solutions to the problem "redsherrif" I use with succes the little program IE-SPYAD. It works by double-clicking a .REG file , uninstall double-clicking unistall REG FILE. But read and try for yourself. All I can say is that it works 100% percent. Download here English Introduction the program is freeware/donationware. In my case redsherrif is history. Peter - Denmark

October 10, 2003 6:56 PM

Ripoff (DK) is right about ie-spyad--if redsherrif is the main problem, you can get the same effect by adding the following host to the Restricted zone in ie (and then setting the security on Restricted zone as high as it will go in all categories): * That will prevent them from putting cookies, java classes, or anything else on your machine again. It won't remove anything that's already there, though.

Yan Kiowski
October 18, 2003 12:14 AM

You guys should NOT believe everything you read on the web. This is the most ridicolous I've ever heard! What is wrong with collecting info about how visitors uses your own website? All the data collected contains nothing you want to hide. I believe it is every website owner's right to get info on how their site is being used. Furthermore, all the data is collected by a machine. Redsherrif does not have 10.000 geeks who log all the data manually. Therefore none of your data will ever be read by a real person - it is just one dataset out of thousands collected, all which are compiled into statistics. I admire people that fights for protecting people's privacy, but this particular case is based upon the lack of knowledge and exaggerated personal proteciton. This also is known as "paranoia"... Regards, Yan Kiowski, information technology (my thesis which gave me my doctor's degree, discussed security and privacy on the web)

Adam Kalsey
October 18, 2003 10:59 PM

The objection is not that the site is tracking the user's visits. The problem is that they are installing software on your computer without your knowledge. The problem is that the site isn't tracking you, a third party is. They are tracking you across multiple sites, aggregating, and selling that data. And you can't opt out. The information about what I do online is valuable. And it belongs to me, not RedSheriff. It is mine to choose who I want to share it with. I didn't choose to share it with RedSheriff. They simply took it without providing me with any consideration in return. With direct mail, telemarketing, surveys, and grocery store discount cards you can choose not to participate. RedSherrif doesn't offer that choice. And since your comments are predicated on the fact that your doctoral thesis was on the subject of online privacy, I'd like to point out that I find it curious that you hold a Ph.D. in information technology yet Google doesn't return a single result for your name.

October 20, 2003 12:58 AM

I too found it odd that a google search for "Yan Kiowski" yielded no results for a Doctor of Information Technology. Perhaps Yan has altered his name for, ironically, privacy reasons. Yan, may I install some softare on your personal computer please? I promise it is harmless.

Einar Ekström
October 24, 2003 10:01 AM

Could you please be kind enough to tell me in simple (easy) english or ditto amerikanisch oder german oder swedish language, 1. how to get rid of RedSheriff 2. how to resist reinstallation of foreign programmes or java applets on my machine. I should very much appreciate your assistance Mr Adam Kalsey (and forgive me my bad english). From cold Stockholm City, best regards!

November 11, 2003 2:36 PM

In looking at some of their code I found... codebase="" I run my own DNS server as a proxy server to my ISP's DNS servers. I can simply add a domain of "" with no hosts and it will short circuit any connection attempt to them. This is easier and more comprehesive than using the "hosts" file trick.

December 10, 2003 3:47 AM

I just found out about RedSherrif. I would like to thank you all for your comments. You've helped me a great deal. David wrote: "Yan, may I install some softare on your personal computer please?" Oh, but Yan doesn't obviously mind even if you do it without asking him. Go ahead and install any and all software you like on his computer.

December 17, 2003 8:24 AM

I have no problem with them taking information on me, or my surfing habit... But i DO mind if they are doing it without my knowledge... Also, one of my computer completly crash, with nothing more on it then all those spyware... So, don't mess with my computer, but go ahead, take all the info you'll need...

Matthew Donald
August 19, 2004 11:29 AM

As a former Technical Director of IMR Worldwide (later named Redsheriff) and one of the authors of the Measure java class, I think I can speak with some authority about what this code does. It adds 1 to a counter. Thats it. It doesn't track you beyond recognising you if you visit a website a subsequent time. It doesn't look at your web surfing habits. Its not particularly intersested in you as an individual at all. What the Measure class (and the Redmeasure product from Redsheriff) does do is track aggregate stats for a web site. There are reports outlining total number of page views, number of vistors, entry and exit pages, reach, country of origion and so on. There are no reports on which sites Jenny Bloggs visited, just reports on the total visitors to a site. The Measure class is not spyware.

Dave Clayton
September 12, 2004 12:35 AM

Matthew, Once again, the outrage felt by posters here and myself is not specifically what this software does with information it collects, but the fact it runs without asking the user - in fact runs at a regular interval regardless of what the user is doing. As a computer programmer myself I can not fathom how anybody could possibly write software that installs itself secretly and be happy there's nothing dodgy about it. "It's ok, this man just went round the back of my house and let himself in the back door, but he's not harmless, so it's fine!" Whatever, I hope the money was worth it.

October 11, 2004 9:44 PM

I find it ridiculous that some of you are 'outraged' at this 'arrogant' 'intrusion' in the collecting of anonymous data. Do you realise what these metrics are routinely used for? To improve your future experience of the site you are visiting. Someone previously pointed out - this is someone's resource that they have made available - often for free. Surely then it's their prerogative to collect anonymous data on the use of their resource? It *is* anonymous - yours is one of hundreds of thousands of personally unidentifiable records from which the authors of the site can pinpoint what may be confusing to users, and how things can be improved. If you don't like the way they're using their own property you don't have to go back. If I owned such a site I think my first thought would be akin to 'good riddance'. *So what you are really affronted by is that the owners of a resource, that they have made available to you and that you obviously derive value from, have then gone on to invest money and time in trying to improve the experience for you next time you visit.* The b@stards! String 'em up I say! Oh, that's not what you're really upset by is it... the biggest complaint about redsherrif seems to be the dynamic loading and running of code on your computer via a web page - fact: *all Java Applets do this - it's what they're for.* For that matter, that's exactly what Shockwave Flash does, and activeX and JavaScript and others. So if you have issues with this behaviour in redsherrif you should disable all these things. Java and Shockwave Flash, however, are sandboxed - this means that *they are incapable of doing anything to compromise your system*, (unless, in Java's case, you explicitly agree to let them do it) or accessing data you haven't explicitly given them access to, just like JavaScript. If Java Applets crash - they only crash themselves, they don't have access to any data you haven't given to the page that contains them and they can only be run by the page that contains them which means that if you have entered your credit-card number into a page and an applet is capable of reading it - that applet is as trusted and trustworthy as the page you have made a conscious decision to trust, just like JavaScript. Nothing to worry about - if you trust the source. Some of you seem to be perfectly blasé about people and sites other than redsherrif loading and running Java Applets on your machine without your consent ("please tell me how to disable redsherrif without having to disable Java!") but you've heard that redsherrif is 'spyware' and immediately demonise it. So, what have we learned? Java is not JavaScript, but Java has the same exploitability as JavaScript and Flash (unless you have explicitly agreed otherwise). So, if Java worries you - so should JavaScript and Flash. You should turn them all off... and good luck. On a side note: I can't believe that some of you are willing to execute potentially lethal .REG files on your computer to remove a few totally benign java classes. It's like approaching a guy on the street selling pills, asking them for some medication because you sneeze once or twice every few days and blithely taking the pills without question. Is that rational behaviour? Only if you trust the source *absolutely*. The sneeze isn't really a problem - the pill might kill you. It would be the work of a few minutes to whip up a .REG file that would irrevocably destroy your computer setup, I would spend more time thinking on that, perhaps? If you are really concerned about online security and privacy then you will have a firewall and know how to use it - the best way to opt-out of the redsherrif data collection is to block their domains - a single entry... but I didn't need to tell you that, right? If you want to spend your time making meaningless gestures in the name of paranoia, be my guest... I for one have better things to do with my time.

November 17, 2004 8:05 PM

Good topic.. I have been blocking Red Sherrif worldwide for a while now , there are a lot worse things to be worried about , but still something worth avoiding. To Quote farmerbri : "If you are really concerned about online security and privacy then you will have a firewall and know how to use it...the best way to opt-out of the redsherrif data collection is to block their domains - a single entry" Which single entry would that be ? I have a firewall and there is lot more than just a single IP range to block , as well a large range of domains to be blocking in a Hosts file. Of course if you have something like Outpost firewall or some type of adfiltering program you can disable java applets from running altogether. The IESpyad .REG file is from a completly trustworthy source and has been used and recommended for many years on most sane security forums , it's hardly a serious risk to use. Also the post above which displays the format for effectively blocking RedSherrif in a Hosts file is not correct. since it was originally supllied by RedSherrif that may be the reason why it's incorrect. The Host file entries should actually be listed with localhost first : A great Hosts file for blocking dangerous spyware can be found here : There was a good discussion a while back on Spyware info on preventing RedSherrif connecting to your computer : And really it's not about being paranoid , I will block anything I want during my internet travels , since I own my computer and pay for my internet connection , it is therefore my choice who I allow to connect to me. :) cya

January 12, 2005 7:34 AM

That´s the point: if there is everything correct and friendly, why is it done secretely? K. P.

January 12, 2005 3:47 PM

websites do *lots* of things without notifying you... Just because a web page doesn't notify you each time it wants to change an image on a roll-over (by running code you haven't installed and didn't approve blah blah blah...) doesn't mean there's something sinister about the roll-over. There's an enormous amount of stuff going on inside your computer that you will never know about - and even on a clean install some of those things are considerably more sinister then what redSherrif does...

March 23, 2005 12:32 PM

Wow! Symantec had nothing I could find on Red Sherriff, but I learned a lot here!

April 11, 2005 1:58 AM

The constant reappearance of this baby was beginning to worry me. Like Anonymoose I've learned more from this site than any other I've looked at. I now know that the reason Ad-Aware keeps finding Imrworldwide on my machines is probably the BBC. I now know it's not particularly harmful but I've added the site and IP addresses to Zonealarm and put it in my IE resticted sites. I don't think I'll risk the more technical suggestions. Thanks to everybody.

August 27, 2005 5:44 PM

Ever since I stopped using Java of any description, all my Spyware worries seemed to dissappear. Sure makes it difficult to view some pages properly, but is well worth it. Forget Java - its LAME.. and infectious.

September 18, 2005 11:34 PM

Well, thank you Anon for that tremendously uninformed opinion... you may think Java is 'LAME' and 'infectious', but I can assure it is neither by nature. By deliberately causing yourself browser woes you are merely punishing yourself for your own ignorance. If your spyware issues seem to have disappeared since removing Java it is only because you are blind to the nearly infinate non-java spyware issues. Educate yourself and post again. cheers.

von-hill karl
January 2, 2006 5:51 AM


February 13, 2006 8:28 PM

There thieves. These companies ( ect.)have sent theives to our computers and thieves cannot be trusted. It shows they have no care for the people dealing with them. I have to pay for my internet connection. It gives me an amount I can download and my upload is included as download in that figure. These programs are stealing my bandwidth. I dont care what they want to collect I dont want to pay for it and I dont care how little it is. It is like going to someones buisness office and while there they go through my pockets and have a key cut for the backdoor of my house then go there and sent letters back to them using my stamps. How can anyone condone that? Any company using this technology has no integrity Wheres my cheque.

John Charville
April 16, 2006 4:03 AM

Dear People, Might I suggest that you all have a look at EC Directive 2002/58/EC paying particular attention to recitals 17, 24, and 25 (The paragraphs of the Preamble to the Directive itself) and then have a look at Article 5. Directive 2002/58/EC makes the deployment of spyware, cookies and anything else totally unauthorised if your fully informed consent is not obtained. Then have a look at section 1 of the Regulation of Investigatory Powers Act 2000, and sections 3 & 1 of the Computer Misuse Act 1990. These make the deployment of cookies and interception of traffic data a criminal offence, since such deployment and interception is clearly unauthorised. I hope that this helps. Regards John Charville

daniel vernede
July 3, 2006 8:26 AM

hello...i for some reason am unable to get onto my favourite site at the moment i can get onto but when i try to get to the kelloggs nutri-grain dream team competition it comes up with "this page cannot be displayed" it loads up "" please can i have some info as to how i can fix this problem because i MUST be able to access that site... please email me at asap its very important that i fix this problem kind regards daniel

March 1, 2007 3:26 PM it's on Pandora !? VV

John Charville
February 15, 2009 5:31 AM

The UK has actually annulled the obligations created by Directive 95/46/EC through Sections 22 & 23 from the Data Protection Act 1998.

John Charville
February 15, 2009 5:33 AM

The secretary of state has refused failed to produce the Orders that Sections 22 & 23 from the Data Protection Act 1998 refer to.

This discussion has been closed.

Recently Written

The Trap of The Sales-Led Product (Dec 10)
It’s not a winning way to build a product company.
The Hidden Cost of Custom Customer Features (Dec 7)
One-off features will cost you more than you think and make your customers unhappy.
Domain expertise in Product Management (Nov 16)
When you're hiring software product managers, hire for product management skills. Looking for domain experts will reduce the pool of people you can hire and might just be worse for your product.
Strategy Means Saying No (Oct 27)
An oft-overlooked aspect of strategy is to define what you are not doing. There are lots of adjacent problems you can attack. Strategy means defining which ones you will ignore.
Understanding vision, strategy, and execution (Oct 24)
Vision is what you're trying to do. Strategy is broad strokes on how you'll get there. Execution is the tasks you complete to complete the strategy.
How to advance your Product Market Fit KPI (Oct 21)
Finding the gaps in your product that will unlock the next round of growth.
Developer Relations as Developer Success (Oct 19)
Outreach, marketing, and developer evangelism are a part of Developer Relations. But the companies that are most successful with developers spend most of their time on something else.
Developer Experience Principle 6: Easy to Maintain (Oct 17)
Keeping your product Easy to Maintain will improve the lives of your team and your customers. It will help keep your docs up to date. Your SDKs and APIs will be released in sync. Your tooling and overall experience will shine.


What I'm Reading


Adam Kalsey

+1 916 600 2497


Public Key

© 1999-2022 Adam Kalsey.