Yes, Lexmark is now in the Spyware business!

Just the other day I purchased a new Lexmark X5250 All-in-one printer.
I installed it as per the instructions and monitored the install with
Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had
been placed in the c:\program files directory. I investigated and
found a data log and an initialisation file called Lx_CATS.ini.
Further investigation of this file showed that Lexmark had, without my
permission, loaded a Trojan backdoor on to my computer. Furthermore,
it is embedded into the system registry, so average users would likely
never know it was there and active.

This Lexmark Trojan was programmed to monitor my use of the printer by
way of data collected from two DLLs in the c:\program files\lexmark500
folder. The Trojan would then send information on printer usage,
including types of print activity, scanning activity, OCR activity
etc., back to a hidden URL at 30 day intervals.

The URL, www.lxkcc1.com, is identified as being owned by Lexmark.

When I called and spoke with Lexmark support, they denied all
knowledge of any such program, and suggested I had somehow been
infected by a virus. When I challenged them with the facts, they
ultimately aknowleged that this was indeed activity tracking software
that reported printer and cartridge use back to them for "survey"
purposes. Lexmark said that "no personal data" was relayed by the
program, and that I could not be personally identified by it. However
- the program transmits the printer serial number, and when I
registered the warranty with Lexmark, they recorded my personal
information along with the serial number. How much effort does it take
to match the two?

I call it spying! I was not advised of this part of the installation,
nor was I asked to agree to be part of any such data gathering
activity. I see this as a breach of my privacy, and as deplorable
behaviour by Lexmark.

Lexmark users beware! But, they may not be the only ones stealing your
private information.

In article <3ec7f2e1.0411090817.3c9c0c7@posting.google.com> ,
Commander_rn1@yahoo.com says...
knowledge.
--
Thanks for the laughs..

I'm not sure why people are making fun of the OP here. I see
no reason to disbelieve what he wrote, and I agree that it is
a serious invasion of privacy.

Before you say, "What does it matter?" consider that with this
spyware, Lexmark can probably determine if you are using
non-OEM or refilled cartridges, and they may use either of
these as an excuse to refuse to honor their warranty if your
printer has a problem.

On 9 Nov 2004 17:21:37 GMT, Martin Trautmann <t-use@gmx.net> wrote:

Not true any longer since this thread exists now but even so, just
because it's not on the net doesn't prove/disprove anything.
The OP has said Lexmark by phone has admitted to this spyware /
tracking software as part of his installation.


Yeah I agree with you. Why don't you ask the OP to invite you to
dinner at his place so you can check this out and get a free dinner
outa it too.

Jonathan Kamens wrote:
Because he was moronic enough to purchase a Lexmark. AFAIK, the newer models
are non-refillable and you cannot use aftermarket tanks (if any exist), the
quality is questionable (and believe me I know). It's idiots like this that
keep Lexmark in business. They weren't bad when they were owned by IBM but,
since the demerger, they've become crap. Victims of their own success. They
now need to vanish - and fast! The best that can be said for them is the
tanks are recyclable (but so are HP's).



--
My great-grandfather was born and raised in Elgin - did he eventually
lose his marbles?

Hello Jonathan:
You wrote on Tue, 9 Nov 2004 16:59:14 +0000 (UTC):

JK> Before you say, "What does it matter?" consider that with this
JK> spyware, Lexmark can probably determine if you are using
JK> non-OEM or refilled cartridges, and they may use either of
JK> these as an excuse to refuse to honor their warranty if your
JK> printer has a problem.

No, they can't, unless the printer also told them the name, phone number and
address.

And even then, I don't see how could they phrase such a denial. "The
software we installed on your computer told us you were using OEM
cartridge"?

"bat" <bat@bats.com> writes:
The OP already explained this: The spyware reports the printer
serial number. The user reported the serial number along with
his name, phone number and address when registering the
printer.

If the printer breaks, the user will have to send it back for
service. The warranty service center can then claim that they
had determined from examining the printer that unauthorized
and/or refilled cartridges had been used. They don't have to
explain how.

Also, assuming that the click-through agreement mentions in
the fine print that usage information is collected and
transmitted to Lexmark, which it probably does, then they
would be on perfectly sound legal ground to tell the user
exactly what you suggested above.

JK> If the printer breaks, the user will have to send it back for
JK> service. The warranty service center can then claim that they
JK> had determined from examining the printer that unauthorized
JK> and/or refilled cartridges had been used. They don't have to
JK> explain how.

JK> Also, assuming that the click-through agreement mentions in
JK> the fine print that usage information is collected and
JK> transmitted to Lexmark, which it probably does, then they
JK> would be on perfectly sound legal ground to tell the user
JK> exactly what you suggested above.

I agree, that makes sense. But it's easy if all their repairs are
centralized; if they are performed in some service centers, dealerships and
such, Lexmark would have to implement a project of communicating that
database to all of them, and train how to use it, including how to lie. Hmm.

If they had the brainpower sufficient to mastermind and implement such a
sophisticated scheme, they would had applied it long ago to their main
product. If that was the case, HP would be forgotten long ago.

It's a mistery why all scammers and spammers easily implement the cutting
edge ideas and technologies to deliver their scam, but never to come up with
a decent product.

Martin Trautmann <t-use@gmx.net> wrote let it be known in
news:slrncp4bk0.b62.t-use@ID-685.user.individual.de:

Here is a suggestion if you are concerned about this type of
thing:

If you have a firewall program such as ZoneAlarm installed, it
will alert you every time a new program tries to access the
Internet. If, while installing new hardware or software that
certainly should NOT be going online, I get a pop-up telling me
the program is trying to 'phone home' I can kill it right there.

I've done this dozens of times (you really wouldn't believe how
many programs try to send info to the manufacturer during
install!) and it has yet to cause the install routine or program
to fail.

It is also a great way to catch the programs that are 'checking
for updates' constantly or doing any other online activity you
aren't aware of.

--
Christina Barnes
CB Design

Martin Trautmann (t-use@gmx.net) writes:

The last time this came up I think the file name was "lexrepps" or
something like that. I called Lexmark and was told its function was to
connect to networked computers on your system, surely a desireable feature
(and even today one that seems to an irritant when a printer works with only
one computer). That was called "spyware" too.

Brendan
--

"Miss Perspicacia Tick" (misstick@lancre.dw) writes:
Out of curiousity, why are empty "real" Lexmark cartridges still accepted
at Staples, Office Max and Office Depot in exchange for a ream of paper if
they are not refillable? I don't think these companies ae doing it out
the goodness of their hearts.

Brendan
--

ck183@FreeNet.Carleton.CA (Brendan R. Wehrung) wrote let it
be known in news:cmtomh$rde$1@theodyn.ncf.ca:

My guess would be that it is an attempt to be a 'good citizen'
by taking used ink cartridges and laser toner out of the waste
stream. Even if they can't be refilled, they can be disposed of
in a more ecologically sound way than throwing them into the
landfill.

It may not be out of the 'Goodness of their hearts', but it is
great public relations that could translate into more $$ later
down the road.

--
Christina Barnes
CB Design

Christina Barnes <Christina(dot)Barnes@gmail.com> wrote let
it be known in news:Xns959D915EBD498123eieio@216.196.97.142:

Plus, anything that gets you into the store is good for
business... I doubt if too many people stop in to drop off an
empty cartridge without buying SOMETHING.

--
Christina Barnes
CB Design

Brendan R. Wehrung wrote:

And you are right, of course.

Just checked my supplier of refill ink. Yes, they have ink for the
latest Lexmark printer, the PhotoJet P915.

-Taliesyn

In article <3ec7f2e1.0411090817.3c9c0c7@posting.google.com> ,
Commander_rn1@yahoo.com (Commander) wrote:

http://news.zdnet.co.uk/0,39020330,39173517,00.htm

Jon.

If UCITA is passed, Lexmark to use the self-help clause to
disable your computer if you violated the license.

Just to be safe... I'm tossing my Z22 in the trash.
I'm outta ink and the cartriges cost more than the printer itself
anyway... haha.

Commander wrote:

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---

"zcrayfish@clis.com" (zcrayfish@clis.com) writes:
I bought a Z11 for about $6 after rebate. It has never been used, but I
keep it as backup to use cartdriges for my 5700 if and when it craps out.
That's a hidden cost with any printer (and I'm sure it happens to Epson
and Canon users as well) of stocking up during sales and then having the
printer die. As you say, the carts cost more than the printer. Always
have a plan B to use them up.

Brendan



--

Christina Barnes <Christina(dot)Barnes@gmail.com> wrote in message news:<Xns959D6D0024462123eieio@216.196.97.142>...

Thanks for the info. One of the 'tips' from ZoneAlarm website gives
the following:

Tip No. 5: Create a Trusted Zone
If you have two or more computers connecting to the Internet through a
router, you can create a Trusted Zone. Click Firewall in the ZoneAlarm
Control Center, then click the Zones tab. Click the Add button and
enter your other computers' local IP addresses. You can set Trusted
Zone security to let your computers share files and disk space.

Now, if your router generates ip addresses dynamically, I wonder how
one could create a "Trusted Zone" since you can not assign a single ip
address. Is there a work around?

Any info or comments are appreciated.

"Miss Perspicacia Tick" <misstick@lancre.dw> wrote in message
news:fAnkd.7930$mu4.7058@fe48.usenetserver.com...
On my HP business inkjet 1100DTN, i also noticed some interesting things
about deleting the accounts. This is what HPs website states when i begin
the "process" of deleting my account:
------------
By submitting this form, you will be deleting your printer usage data with
HP.
HP will store your data (Email address, Serial number) in a server located
overseas only for the purpose of deleting your printer usage data. Your IP
address will be stored in server log files for a maximum of 5 years. You
will be notified by email once your data has been deleted.
------------
If this seems to be what it is, my email address is being linked to my
serial number and my IP address for _5 YEARS_!! Does anybody else here have
a BJ1100? Is anybody else suspicious about what HP is doing?

Nerd32768
A+, Network+, MCP, MCSA