Monday, March 31, 2014

Windows 8, EZproxy and Secret Sauce AdWare

As of writing we've had 3 reported cases of Windows 8 not displaying content through EZproxy. Basically any proxied content doesn't display - no errors, no friendly error messages, just a blank screen. Everything else 'webby' works fine.

With 360 Link 1-Click with the helper frame you see the helper frame (it's not proxied by EZproxy) but the iframe content is blank - viewing source shows that no html has been transported to the browser.

Originally I suspected some sort of mixed content problem (we've had a lot of that this year in Chrome and Firefox) but no grey shields - or possibly a caching issue (we've had problems with expired EZproxy sessions being cached so students are denied access to content but are not prompted to start a new session. Scarily it affects all three of the main browsers (IE, Firefox and Chrome). Even connecting to the EZproxy login screen gives a blank screen.

But thanks to ranking smart guy at our IT Helpdesk Anthony Warrell we have a diagnosis and resolution. As he says:

The culprit turned out to be a piece of Ad-ware called Secret Sauce which had somehow managed to sneak past Norton 360 and find its way onto her computer. The tool I used to remove it is called ComboFix. I would not recommend providing the client with self-help instructions on how to clean their machine but have them obtain IT assistance with running ComboFix and removing the Ad-ware.
Instructions on using ComboFix can be found here: says: "Some of the programs that are known to bundle Secret Sauce include 1ClickDownload, Superfish, Yontoo and FBPhotoZoom".  All three students mentioned seeing unsolicited advertisements in their browser. Malwaretips says that product images in Facebook will display a 'See Similar' button that links to the ads they earn money for clicks.

We're fortunate that ITR are willing to perform the clean for on campus students but I'm not sure how we'll help an off campus student - particularly when part of the process is restarting Windows 8 in safe mode, so RDC or similar remote operation isn't an option.

I hunted high and low for any mention of the way Secret Sauce interferes with EZproxy and came up with nothing. Anyone else at other institutions seeing this? No mention of it in OCLC's user support areas.  Are we the canary in the coalmine or is there something unique about our network environment exacerbating this?

I suspect that Secret Sauce doesn't like EZproxy rewriting URLs but I really don't know.  I have no idea how widespread Secret Sauce is but have written to OCLC asking if by any chance they've heard about it.

Obviously prevention would be the ideal solution, but how do you get people to be more suspicious of free software, especially when half the time we're advocating for open source and open access? Even something as seemingly obvious as always selecting the 'customise' option when installing software?  Even Java wants to install the Ask Toolbar.

Anyway I'm posting this for the future you who is googling 'Windows 8 EZproxy blank screens'. I hope it helps.