Slashdot Mirror
Anti-Spyware Vendor Partners with Spyware Company?
Tuxedo Jack writes "eWeek reports that the anti-spyware vendor Aluria Software has partnered with WhenU of 'WhenUSave' and 'SaveNow' infamy. They've removed WhenU from their spyware/malware definition lists, certified their applications as safe, and they deny that money was involved. As a result, SpywareInfo and many other anti-spyware sites are delisting Aluria's 'Spyware Eliminator' from their lists of preferred software. Is this a dangerous trend for anti-spyware? Or are we just witnessing a natural evolution? I sure hope it's neither - I like my Windows boxes junkware-free, thanks (oxymoron noted)."
This is a dangerous trend. Given the majority of these ad/spyware companies don't care what their products do to the "users" computer, they can leave security holes unnoticed and allow exploits without the user even knowing there is a flaw in their computer. Windows updates can only do so much, and with companies releasing software that intends to help the user, but instead can hurt them. All the while the user is unaware. This makes me sick. Let's support the companies that work off of donations and have open source programs. This is the only way to prevent this from spreading to all of the favorite anit-ad/spyware programs.
-- johntracy.com, because everybody else is wrong.
reminds me of the age old question of whether anti virus companies created virii just to keep their own operations alive.
I like to keep my Windows boxes junkware free...
Wait a minute! Oxymoron noted?! Damn, there goes my frist-prost +5 funny...
How long until Windows catches on and starts paying off Norton and McAffee?
Symantec's upcoming "Sobig aint so bad" campaign promises to really ruffle feathers. I smell a payoff.
How is different from virus vendors stopping reporting on "corporate" keyloggers?
What's next? Gator is okay with Spybot?
Brr....it's getting dark...and cold...
Mercy was given to me by Christ...I must give the same to others.
Gee, thanks for pointing that out, for a second there I thought Slashdot was promoting a Micro$oft product (you see, I substituted a dollar sign the "S", I'm FUNNY!)
My computer has been hijacked by spys! I am located at... [NO CARRIER]
One problem that these anti-spyware programs are bound to run into is claims that a "spyware" program is a "legitimate business to consumer marketing connection enabler" by its makers. Afterall, in most cases the user has "agreed" to allow these programs to run by installing something without fully reading the terms of service.
That may be the reason why this group caved... not that money changed hands, but the threat of a lawsuit was waived around.
This is nothing new... capitalizing on the very market you help to create.
Cincinnati Microwave is another example; they manufacture both Police Radars and personal Radar Detectors.
We had that kind of BS with "Antivirus companies making their viruses so they'll keep on selling" kind of crap. An anti-spyware is the same as an antivirus, except it gets annoying stuff instead of dangerous stuff.
printf($randomline(sigs.txt) \n "-- "$randomline(authors.txt));
-- myself
This happened with lavasoft too, right? They started some consortium on spyware and then left it when it was evident that evil practices were going on... Perhaps there needs to be a legal definition of spyware before vendors will keep constant as to their aims? The problem is with defining it is that the somewhat arbitrary nature that's necessary will backfire and be abused *cough cough DMCA cough cough*.
AccountKiller
an anti spyware that does not remove spyware? just an other company that want to go out of business
nothing to see here
They've shown time and again they're not trustworthy and have gone to great lengths to sneak their junk onto unsuspecting users' systems. When confronted, they're not shy about throwing lawyers around either. I can't wait to see them slowly strangled out of business.
Solution: stick to vendors that can be trusted. Use Spybot and Ad-Aware.
I run Windows 2000.
I have never had spyware, viruses, MSBlast, Sobig or any other form of Bad Things.
How?
NOT BEING A DICKHEAD.
Keeping Windows spyware free is not impossible and Windows is only really a spyware magnet because of two distinct things: a) user idiocy and b) Internet Explorer, or maybe an insane combination of the two. Stop MS-bashing (OMGWTFLOLBBQ M$ ARE TEH GHEY WITH TEH BONZAY BUDDAY) and realise that for some people, Windows really is quite good. I just want to use my computer, rather than pissing around with KDE and X and kernels and other wank (this from an ex-Gentoo user).
By summer it was all gone...now shesmovedon. --
(and for those that don't RTFA) .... they are the backend behind AOL's anti-spyware application which is means potentially millions of users are affected by this.
I've only ever used Ad-Aware, who at the time when I found them weren't very well known. It's always a little nerve-wracking installing a free program that is supposed to help you but of which you know little. This seems common in a lot of those Windows-only shareware repositories.
... update their lists and consider Aluria's software as spyware.
You are more than the sum of what you consume. Desire is not an occupation.
After cleaning out my aunt's computer of about 11 different companies nagging her to visit their sites, this doesn't come as any surprise to me.
I still believe the Spybot S&D program is a much better solution because a) it's free, b) they only ask for donations which anyone would give for the value of the program, and c) the programmers don't appear to be linked to anybody within the spyware industry.
And for all intents and purposes of the definition, this has basically what this type of program has made: its own genre within the IT industry.
First we had viruses, then chain letters, then SCO. Now we have a spyware genre to worry about.
Money means more to software vendors then keeping promises... They're like government only we choose to pay for their services.
DarkMantle I been bored, so I started a blog.
With Microsoft getting into the anti-spyware buisness, I wonder how long many of the companies offering anti-spyware will last.
Why would they announce this kind of thing in a public press release? I mean, its the equivalent of a fireworker announcing to his team he maried a pyro. Maybe the software DOES comply with their standard... now, maybe their standard is a little low... I don't know anything about WhenU, so I can't judge on that. WhenU website even have a link to "anti-spyware portal"... confusing.
Eureka Science News - automatically updated
Wasn't it not long ago we had this story about Yahoo Anti-Spy Favors Yahoo's Adware Partners?
I think in long run, anti-badthings services are going to be influenced by the bottom line. Spyware/spammers can make enough to feed themselves and pay for these services to 'certify' them.
As end-users, we need to be educated to prevent these installations in the first place.
Rock that crushes, Paper & Scissors that don't matter.
Does this mean the only anti-spyware solution we can trust is or should be open source?
I would think yes.
Anybody else?
IGB: More fun than eating oatmeal!
Evil people taking over organizations designed to defeat them is nothing new. It's just like what the Mafia did to the police, or what the Church of $cientology did to the Cult Awareness Network.
I like my Windows boxes junkware-free, thanks (oxymoron noted).
:-)
Oxymoron noted from my spyware-free linux box on my desk at work. When I go home, I'll note that oxymoron from my spyware-free Mac, too.
They should obviously know they'll lose a ton of business this way. My guess is that a TON of money was involved.
While a mere partnership resulting in a buddy-buddy relationship with natural sworn enemies is odd, it is not unusual for a company to buy up and subvert its critics.
There used to be an activist organization which criticized religious cults. It was hardly a profitable business arrangement and eventually was bankrupted by lawsuits and had to sell off its assets. The organization's name and phone number, plus its member list was sold to a cult follower whose cult is, oddly enough, now cleared of any cult association by the now infiltrated anti-cult organization.
This actually dosnt suprise me. It just goes to support a theroy I follow: Everybody has a price.
I think it might be a good idea for an online tester to get a hold of all the popular Adware/Spyware removers and test them out side-by-side to figure out who "forgot" to block a given companies ads... Atleast then we could figure out who's on our side and who's on theirs...
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
Can't say I've ever heard of Aluria's Spyware Eliminator. I've got my triumvirate of anti-spyware tools, and I'm satisfied:
No need to limit yourself to just one, either - run all three!
Anyone know of any Libre anti-spyware for Windows? I don't use MS products except at work, so don't have to worry about such things.
See what I've been reading.
..but to be fair, Aluria says that they're concerned with "malicious spyware." If you RTFA, they indicate that they felt that the disclosure practices and what-not are all above-ground.
Not that this helps people installing without scanning the EULA and getting nasty little "gifts," but it's hardly malicious if you agree to it.
*Disclaimer* I have no idea what exactly WhenU does, never had it on my system. If it IS malicious, then immediately discount this post. Regardless, I'll be busy vomiting from my over-exposure to advertising in general.
picpix image polls. create - share - vote. fun!
It's not exactly the same but this looks awfully close for what the FTC's going after Spamford Wallace for. Given that this looks like a highly dubious financial move for the company.
What's the big surprise? This just means that actions are taking place in public with spyware that people have suspected with virii for years.
Just because they're wearing tin foil doesn't mean that they might not have a point.
~D
This sig has been enciphered with a one-time pad. It could say almost anything.
Apparently the keylogs weren't secure and someone inside the company stole his credit card info when he made a (work related) purchase from Amazon.com on his own credit card.
If you're at work and not using your own laptop or a Knoppix disk, make sure you only use a corporate credit card when ordering online.
Personally I think he should have sued his employer, but he wanted to keep his job.
Bah.
Since I started using adaware tools, I learned I could rely only on Spybot and Ad-Aware. Obviously, many others noticed their reliability too - just try googling for either of two, and see how many pages you can find with fake installers - some sites even distribute AdAware installations with modified malware definitions and crippled update, so your AdAware might even refuse to detect malware on your PC.
To me, it all smells so familiar... Just as M$ loves to force, bribe, coax or cajole software producers into specialising their products for Windows compatibility, so do too the malware distributers seek their fifth collumn... Similarities are far from passing.
'...computers in the future may have only 1000 vacuum tubes and perhaps weigh 1.5 tons...' Popular Mechanics, 03/49'
As stupid as it may sound, we have a corporate policy that all computers need to have antivirus and antispyware software running on them. Yeah, that includes Linux.
Anyone recommend a prefreed package.
I told our IT guys I'm using "debsums" - is Tripwire or chkrootkit better?
As in: "Free, huh? Well, last time I agreed to install free software I had to spend $500 to have my PC cleaned up! No thanks!"
In Soviet Washington the swamp drains you.
Spyware will become a serious threat to operating systems of choice as well, once they become a bit more popular. It's exactly the kind of software that operating system level security cannot stop, namely, software willingly (if not knowingly) installed by the user.
Seeing that a lot of software for *nix systems needs to be installed as root, spyware could potentially bypass any OS security mechanisms, and there will be no end to the potential damage.
I think this situation needs addressing. Distributions supporting and simplifying installing software by regular users (as opposed to systemwide installation by the superuser) would be a good first step, with many additional benefits.
Please correct me if I got my facts wrong.
I like my Windows boxes junkware-free, thanks (oxymoron noted).
There is one thing that gets me about slashdot. That thing is the windows bashing. Windows XP IMO was worth the money. No other operating system makes my laptop function so well. OMG could that be the purpose of an operating system... no can't be...
I digressed, back to the topic at hand
Yes I'm a victim of the FUD
So this development is not exactly surprising. also their is so much competition in this software market that it's probably in the developers best interest not to sell out. If the developers sell out to everyone then they have lost the point of their business model.
Summation:
What could possibly go wrong?
They do have uninstallation programs, you silly! Of course it installs their "partner's" spyware application, but still it uninstalls their own! Then once you uninstall their "partner's" spyware application, then it reinstalls their own again. And the cycle continues forever...
What about all the major browsers?
Most users are completely unaware of their browser identification string. Normal people are usually horrified when they discover their browser leaks info all over the web. That makes browsers spyware in my book, but no one thinks of it that way. I guess because because the info isn't being leaked to a centralized point.
It makes me wonder: how much else is being pointlessly leaked by simple apps? Konqueror and mozilla are proof that FS/OSS isn't immune. Yes, you can change the strings, but shouldn't there be safer defaults for the masses of clueless? 'Cause, the string is only spywarey if you don't know it exists.
My Windows XP box is junkware free, adware free, and spyware free. It's only an oxymoron for the morons who don't keep their systems safe with firewalls, up-to-date anti-virus definitions, and enough common sense to not click "OK" on every IE prompt that asks you to install something.
I've caught shareware sites bundling my software with WhenU malware, without my permission, and without giving clear indications to users, causing problems for my customers and endangering my reputation.
I consider any program that sits in the background and pops up ads while the bundled application is not running to be unwanted malware.
As Slashdot is now proving, when this sort of thing comes to light, it totally destroys the brand image, and the credibility of the company goes down in flames. Sales plummet, people get laid off and the company never recovers.
Companies work very, very hard to create a brand image. Their brand is their promise to the consumer that they are going to deliver the best product possible. It's a really stupid CEO that is willing to sell out his brand in such a blatant conflict of interest.
"Anti-Spyware Vendor Partners with Spyware Company?"
;-)
I thaught Anti-Spyware Vendor is going together with Microsoft...
Sophie
--
I need your help! My son wants a sheep!? More information at my homepage: http://www.nakedsheep.de.tp/
Hey at least we still haven't seen proof of the anti-spyware companies actually making the spyware. Although we all have our suspicions.
I find the most effective anti-spyware/adware software to be OS X. It hasn't failed me yet!
Here's a clip from their joint press release with WhenU
From the desktop, WhenU software examines keywords, URLs and search terms currently in use on the opted-in consumer's browsers and then presents highly relevant advertising and services.
This is from their own press release! Who in their right mind would stake the reputation of their company on a declaration that such a product is not spyware?
There's such chaos out there in the anti-adware / anti-spyware world at the moment. I've tried like 100 programs before I got decent recommendations from friends. There are some good ones such as Ad-Aware (everyone's old favorite) and AdwareSafe (one of the most up to date). I never particularly liked Aluria to begin with and am not surprised this happened.
Not only is Aluria certifying WhenU with its "Spyware SAFE Certification Program", but it is also providing WhenU with a spyware removal tool too. This helps give WhenU an "air of respectability."
What I don't get, though is why anyone would consciously agree to have adware installed on their desktop that would examine keywords, URLs and search terms. Even if no data is collected and all is kept encrypted, why would anyone want ads popping up while they are working (or whatever) on their computer?
Sig cancelled due to lack of interest
I use windows. I am behind a firewall/router. I keep my system and anti-virus updated. I never use IE unless I absolutely have to. Everytime I run Spybot I might have a few DSO exploit registry keys but thats it. I just don't see spyware as near the problem as it is made to be if you know a little about what to do and what not to do with your computer.
Spyware companies should be prosecuted to the fullest extent of the law. I had spyware installed on my computer from just visiting a website by accident. I then had to buy an anti-spyware program to get rid of the damn thing. Turns out that the two fuckers are in league with each other! I called my credit card company and issued a chargeback. The POS spyware program that invaded my system was the most fucking annoying thing ever. It sucked all of my bandwidth and would open IE windows even if I was not using IE, or had the program open.
"Jeremy, you need to get to an internet cafe and cut and paste some appropriate sentiments about me from the world wide
According to CNET Asia http://asia.cnet.com/news/software/0,39037051,3919 4057,00.htm
"Symantec's Norton AntiVirus product has blacklisted a piece of software which enables users in China to access websites which are blocked by order of the government."
"According to a report in the Financial Times, the firm has said the program, called Freegate, should be considered a Trojan horse. "
Aluria Software creates "Spyware Safe" icons for spyware!
Just the other day, my wife asked to have something called "Weatherbug" installed. I told her that I would install it for her, as long as it had no spyware.
It sure made me feel better when I went to http://www.weatherbug.com/ and saw the "Spyware Safe" icon from Aluria.
Well, right before the install of weatherbug, I cleaned the system, rebooted, and cleaned again to be 100% sure.
Right after the software about 35 items were found by Ad-Aware SE PE....so much for "Spyware Safe"!.
Aluria is just that...A LURE...a way to scam you!
I'm glad to now know that Aluria's "Spyware Safe" icon is really just scam.
-wpg
It never ceases to amaze me how often folks think such "under the table" activities will go unnoticed.
When I read this story, the first thing that to came to mind was:
HEY MAN, NICE SHOT!!!
http://www.wordiq.com/definition/R._Budd_Dwyer
I get the feeling this will not be the last of this story.
WhenU President and co-founder Avi Naider said the industry is falling on previous prejudices and lumping legitimate adware in with malicious spyware, failing to see the changes WhenU has made. (my bold)
How about NO ADWARE? The reason I got a spy/mal/adware remover was to be free from ALL adware. I don't want anybody pushing products on me when I'm on-line.
It seems Aluria has forgotten why they built an adware application in the first place.
It is not our abilities that show what we truly are... it is our choices.
Windows 2000 and XP boxes free of spyware/viruses/whatever.
Just simply never allow them to surf the web or reside on any directly-routeable-to-the-Internet network segment.
You might say that this defeats the whole purpose of using it, but Windows is still useful for purely internal apps. Using it on the Internet is just plain foolish these days. It is an unnetworthy operating system. Just like a leaky ship is called unseaworthy, and an airplane with cracks in the wing spars is called unairworthy, Windows is unnetworthy.... so just don;t try to use it for some purpose for which it is no longer worthy, and you'll be fine.
spyware, worms, viruses. JOLLY GOOD SHOW!
www.default-homepage-network.com will cause unprotected machines to immediately receive two or three adware/spyware installations. No agreement was presented to me at all.
I have occasional allergies and those commericials for allergy drugs seem designed to give you allergy symptoms.. am I the only person to have ever experienced this? When it looks like it's going to be an ad with pollen molucules flying into the tear duct of somebody's eye, I switch channels just to be safe.
If it doesn't remove (or allow you to remove) anything that could be identified as annoying or intrusive, it's not doing it's job.
Always use more than one... SpyBot, AdAware, etc.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Happens all the time.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
You should also consider investing in a windows resource kit or two... the su.exe program is very useful for making links to programs that are idiotically designed to need Administrator privledges.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
OK, we got spyware remover programs trying to keep up and remove 90%+ of the junk and now we got anti-spyware companies joining spyware companies for the purposes of removing themself as spyware? That's crazy!!
I invite you all to see how the whole spyware thing came about on one of the first sites to report on it at http://grc.com/downloaders.htm and also check out some of his freeware to help you protect yourself (Three Musketeers) which are directly on the home page @ http://grc.com/default.htm.
Good Spyware prevention and removal programs which are free, google for them:
SpywareBlaster (Prevent Spyware activex install)
SpywareGuard (Prevents spyware activity, similar to AV software)
AdAware SE (Spyware removal)
Spybot S&D (Spyware Removal+)
NOT FREE:
Webroot's Spy Sweeper (Good for preventing and scanning, no free version)
PestPatrol (Junk Removal for advanced users only!)
I run adaware, spybot, bazooka, teatimer, antivir, CWS shredder, AVG, and a few custom scanners I'v made myself for personal uses (batch file for deleting all cookies and IE cache). They all run via a batch script sunday while I'm doin' laundry and washin' dishes. I come back, press "ok" a few times, and it's tidy again.
Every time I find a scanner, I say "hey, it's free" download it, update it weekly, set the batch file to run the apps. It's a common security tactic called LAYERING. You've got 3 levels to network secuirty; instrustion prevention, instrusion detection, and intrusion elimination. Preventing intrustions is as simple as using firefox and some common sense, detecting and eliminating them are as simple as layering spyware scanners. I routinely find that one scanner catches what the other doesn't, and one regular deletion of a cookie catch catches what a number won't.
Take, for example, what I consider a good firewall setup; don't run 1 firewall, run 2 or 3. Preferably on different machines so an exploit on one firewall doesn't lead to the machine getting r00ted and your extra firewalls being useless.
As for what this is, this is bullshit. Frankly, EULA's hold up in court, but they're BS; you can copyright a program just like you can copyright a song (songs have octaves and time, computer's have on/off and time), but you CANNOT tell me that using it on a computer is copying, just like you cannot tell me playing a roll of sheet music on a player piano is copying, even if that piano happens to buffer the music entirely before playing it.
Frankly, I look at it this way. Most programs say you may not distribute the application. Now, wait a minute, I'm distributing it on my computer, from chip to chip, in it's entirety (take a good night of gaming) so technically, there's an arguement there that the software vendor is falsely advertising their software and inciting their customers into commiting copyright infringement. Either way, they lose. The problem here is EULA's, and they're being abused like no tommaow by these big corps to make a buck. I believe in letting them have their copyright (although, with today's copyright system being so fucked as it is, I only do so at my own discretion, but my discretion will take a long, long time to explain, so I won't go into it here).
As for a solution to this, well, there's a couple of ways to solve the problem. Frankly, my favoire would be r00ting them and cleverly disassembling the infrastructure of their company piece by piece. However, considering this is probably some grubby CS student clicking at the looking glass, I'd think it would be far more entertaining to send some convincing people over to his general neck of the concrete jungle to convince him that mabye this isn't the thing he should be doing for a living.
Barring that, I think it would be even funnier if we got some of the slashdot crowd to, say, go over to a website that pilfers this kind of wares, install the app, then file a class action lawsuit asking for $500 is removal costs per infected machine. If we succeed, we can make a tidy profit AND knock out spyware vendors.
Candy-Coated Knowledge
If what you say is true, windows would have 1% of the marketshare by now.
We're dealing with end users here, not experts. They just want something that works and expect their anti-virus company and anti-spyware company to deliver the goods.
What good is branding when the company in question used to be called Gator? They simply changed their name. So long bad PR!
Its cronyism and its killing IT. The entire spyware phenomenon can be traced to activex, which exists to tie the browser to the platform.
That said, I've been running into a lot of OSX converts. They got sick of windows and bought a used iMac for next to nothing or 999 for an ibook with some promotion. My next machine will be an iBook too. With Mozilla and Firefox telling lazy web designers and those who make corporate policy to pay attention to standards, the shift will be even easier.
Well, for a starter, I'd not download software for a site that use popups. ;)
But now I have a question: did you click the "Click To Verify"-link?
If you had done, you'd maybe notice that it says:
"www.weatherbug.com
is a Spyware FREE website
verified by Aluria Software"
Well that either mean that they don't validate the files avaible at a site, just the site. Or that they didn't see the adware bundled with WeatherBug as spyware.
Too me both of those causes seam valid, well ofcourse I'd not trust their "Spyware Safe"-icons, but as I'd recomend to use open source software if you want it for free, that isn't really a problem.
It's up to you to qualify anything said on Slashdot, as this is not a trusted source of information.
I get a lot of great information from people posting on Slashdot, and I just use a little common sense to decide what I think is correct, and what I want to research further.
If you want everyone to be as much of an uber geek as you, well, then I guess you can just go play with your BSD in your mom's basement and leave the light conversation to the rest of us.
- It's not the Macs I hate. It's Digg users. -
I've been using Mozilla exclusively on Windows, except for Outlook Web Access 2003, for all my browsing needs. And I have not had an encounter with Spyware on any of my machines for over a year.
Of course, I also don't install Bearshare, Kazaa, and the other Spyware floodgates.
- It's not the Macs I hate. It's Digg users. -
A company that selectivily disables competitors products is engaged in an illegal act. It is criminal, and should be treated as such.
I'm the owner/lead programmer of a somewhat popular media playback software.
WhenU mailed me a few times, which I ignored (I get quite a few of these adware requests). Then a few days later the phone rings (and I'm no U.S. citizen, this was an international call).
I didn't ask them where they got my name and number, but since it's only listed on my DNS records and no where on the site, I guess they actually went through the minor trouble of looking it up.
I had no plan on incoporating any spyware into my software, but I find it interesting hearing their pitch every once in a while.
At first they contacted me using a low-level employee which asked me if I want to arrange a "call" with their senior whatever in order to discuss this. I told them that I had no intention of incorporating their software into my own (installer), but they really wanted me to talk to their higher-up person. The tone they used made it sound as if this person was "important". I found it all very funny and was interested in their pitch.
The next day I got a phone call from their director of something or other. This person (woman) was quite articulate and held quite a bit of technology information (she wasn't a lackey, she knew her stuff).
She insisted that WhenU is working with the gov to make sure they are not outside the law (slashdot was running a story about law changes that may effect spyware), she actually said they were championing the law.
I asked her about the "spying" portion of their software. She assured me that the ad-selection was done locally on the host computer and no-data was sent to their servers.
In the end I asked/told her something very simple:
1. Does the user see more ads when using your software (yes).
2. Does your software appear as spyware on spyware removal tools (yes, but they are working on it).
3. Don't you think that by attaching a software that is detected as spyware will ruin the reputation of my own software? (no answer).
4. Can I validate what their program actually does? (no)
I told her there was no way I'm risking the prestine reputation of my software and making my users angry.
But as you can see, WhenU is really pushing hard...
Well, it's becoming relatively obvious at this point that Bush is going to lose tonight, but in his memory perhaps we need a doctrine for spyware that is similar to the anti-terrorism doctorine he founded.
As a result, SpywareInfo and many other anti-spyware sites are delisting Aluria's 'Spyware Eliminator' from their lists of preferred software.
I would encourage these groups to take it one step further and to consider software that associates spyware - spyware itself. I would love to see Ad-aware detect 'Spyware Eliminator' as spyware.
ôó
it strikes me that viruses and spyware/adware/malware whatever you want to call it only differ from each other in that spyware contains an EULA. They're really both equally damaging to productivity, and I dare say that many spyware programs are harder to get rid of than viruses!
Why is it that spyware writers are free from prosecution? If virus writers wrote an EULA that was as unlikely to be read as those by common spyware programs, even if it stated explicetly that "this program is known as a virus, it will delete all your data and spread to other computers. Click yes if you agree to this", would that make virus authors immune to prosecution??
In other news, the FBI announced that it will partner with the RIAA and MPAA in a pioneering move to trim the federal budget through privatization. The newly repurposed agency will be called the FBIP, Federal Bureau of Intellectual Property, and its primary mission will be to enforce entertainment copyrights, trademarks and patents. Former RIAA chief Hilary Rosen, slated to head the FBIP, said protection Intellectual Property is the key to the safety of American consumers. "Terrorists don't want artists to be compensated for their work," said Rosen. "They hate our freedoms. Plus their music really sucks."
I've seen a lot of people mention AdAware and Spybot, but I figured I'd throw a couple other recommendations in. For the computers we get in at work, we use a combination of
Autoruns (Kind of like MSConfig on crack)
HiJack This
and some other scanner, usually Ad-Aware or SpySweeper.
SpySweeper makes for some impressive numbers, but it's unclear to me why these numbers are any higher than what other software detects. Maybe it counts too many cookies.
"I like my Windows boxes junkware-free, thanks"
I like mine to be nonexistent... thanks.
In arguing about the recent actions of Aluria, the discussion will inevitably be steered toward whether WhenU (is, is not) malware/spyware/crapware/*ware, i.e. whether it is right or wrong for Aluria to decide they don't fit Aluria's definition of a threat, and de-list WhenU. This conveniently sidesteps larger and much more ominous issues:
1) The amalgam (Aluria+WhenU) is now a competeting product to other spyware removers. (Aluria+Whenu) could more legitimately bring suit against AdAware/Spybot/etc. for the "anti-competitive" practice of removing WhenU.
As Eric L. Howes notes,
"It now appears that the Aluria scanner is actually bundled or integrated into the WhenUSearch Toolbar. In other words, by removing the WhenUSearch toolbar, other anti-spyware vendors will effectively be removing a competing anti-spyware product. Still worse, WhenU itself is now a competitor to other anti-spyware vendors."
2) The amalgam (Aluria+WhenU) can worm onto a click-happy user's system due to its existing title of "spyware eliminator", and summarily remove competing ad-belchers from that system (how convenient!). Now WhenU's promotions aren't being drowned out by Gator/Claria, Bargain Buddy and all their other popup-spewing friends you are likely to find on a spyware-prone (read: novice user) computer.
Do note that AOL is partnered with Aluria; AOL version 9 bundles Aluria Spyware Eliminator--so we're talking about a potentially enormous market here.
Caveat Emptor is not a business model.
I've been going through this with Sophos (our school's anti-virus vendor) recently. The following is the beginning of an exchange between me and them. Frankly, I think that the anti-virus vendors also need to get their act together and stop all this fence sitting bullshit.
.DLL files. Some of these cannot be cleaned by the traditional methods (AdAware/Spybot). For instance one of these 'VX2' has been found on a few computers here. It cannot be deleted, or when it is, it mysteriously comes back.
I don't care if a user 'willingly' installs this crapware - these are the SCHOOL'S computers, not theirs. Our policy is to not allow these programs on our network - PERIOD. I feel that Sophos is not doing their job in helping me control some of this uninstallable crapware like CWS.
Here's the exchange:
**
To whom it may concern...
As the sole administrator of of our small school network I am responsible for the integrity of our machines - software and hardware. Like everyone, we are struggling with spyware and related issues. Recently, we've been finding spyware that is installing itself without permission and attaching itself to
Question: What is the difference between a malicious spyware application and a trojan virus? What is Sophos planning to do about this type of vicious software? In short, when can I expect Sophos to start eliminating this sort of virus?
Thanks,
Chuck Hunnefield
Technology Coordinator
***
Chuck,
Adware and spyware are usually considered one issue by many people. In reality, the adware and spyware lables applies to those applications that you've put on your machine intentionally. Many people are unaware of these things since they very rarely read EULAs and have no idea what's really being placed on their machines. Spyware, however, can sometimes cross into the malware catagory if it's functionality prevents a very obvious security vulnerability or if the application behaves in a way that is different to how the user was told it would behave. Malware is the umbrella term for applications that have made their way onto your machine without your consent and usually without your knowledge. Most trojans that we detect can easily be labled "malware" and vice versa.
If you have samples of files that you believe fall under this malware heading, by all means submit it to supportus@sophos.com and our virus lab analysts will look at the sample, evaluate it's functions and determine how to classify the files. If it is found to be malicious, then we'll certainly add detection for it in our engine and/or release an IDE for it.
If it is not malicious and is not something that'd be considered viral, then we will not currently have detection for it.
So to briefly answer your final question, Sophos has always and will continue to detect malicious files that reside on your machines.
Regards
Michael ***
Sophos Technical Support
***
Michael,
First of all, thank you for your quick response. I'm afraid I have to disagree with you about the labels 'adware' and 'spyware' being intentionally installed. Increasingly we are seeing these 'applications' (and I use this term loosely) getting installed through holes in I.E. or the OS. A perfect example would be this 'VX2' application. I feel fairly certain that nothing my users did invited this software onto their computer.
I fully understand how difficult your situation is concerning applications willingly installed by users. Applications like Comet Cursor, Gator/Claria, Weatherbug, and Date Manager are WELL known to me. And it may well be that software like VX2 is also installed through these means; but regardless of how it got there, it's unwelcome there now. Should ANY software be allowed to install itself and/or not allow user removal? I think this is covered under the new anti-spyware law recently passed by the U.S. Congress. If an app like VX2 downloads other applications unbidden and worms it's way through
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
I would bet you money you do have several.
Have you downloaded the divx player to watch porn? Do you actually use a web browser?
You dont have to agree to install useless stuff to get spyware. Many use buffer overflow tricks that affect Firefox as well as IE. Many use javascript exploits.
Many ad's use jpegs or mpegs that are infected so just the ad popping up can install an executable. Its insane.
You would need to set both firefox and IE with not only to refuse activeX controls, but refuse javascript and images to be safe. In other words you would take away the whole internet experience.
Most of my spyware comes from infected mpegs that I download off of DC++.
You do not have to be administrator either to get a buffer over flow spyware program installed.
http://saveie6.com/
Do not confuse saving Windows with saving the Internet. I am quite certain IBM, as altruistic as they may be, is perfectly happy to let spyware twist the knife and drive people awayfrom Windows and to Linux.
Gary Dunn
Open Slate Project
Well, you are correct that it does just say the SITE is clean, but it sure is misleading...and surely is designed to be misleading!
I've still learned to not trust Aluria!
While I hate spyware/adware as much as anyone else I believe that if it's mentioned in a EULA then it's the users own stupid fault if it's installed. And as long as the company provides a simple uninstaller I wouldn't consider it malware. It took less than a minute searching the WhenU website to hit this page detailing how to unintall their software: http://www.whenu.com/products_whenusearch_help.htm l#8
According to that there is an entry in the add/remove programs for their WhenU software so it is easily uninstalled. Now I haven't installed it to test whether it's true or not but for now I'll take them on their word. :)
I would suggest that spyware/adware removers class software into two categories. Malicious - where the software installs without notifying you and is difficult to remove (eg: Coolwebsearch) and Non-Malicious - where they provide you with info and a simple uninstall (eg: This WhenU stuff). That way when your anti-spyware program scans you get two lists and can make a choice based on that. Should keep us happy and the ad software companies as well (well at least it should stop the lawsuits).
> And it may well be that software like VX2 is also installed through these means
That's one way VX2 is getting installed, yes. Another is by bundling with IE exploits.
For example the achtungachtung exploit (covered recently by Tom Liston in the SANS Internet Storm Center blog) compromises the machine then downloads a large number of spyware programs, including Transponder/VX2.
This has been going on for some time. Mindset/BetterInternet (the company behind VX2) is quite happy to pay affiliates to load their software using wholly illegal security exploits, and if Sophos doesn't think this is grounds for removal they're crazy.
The best spyware will always be the freest spyware.
I used to be you should run Ad-aware *and* Spybot. This was back when Spybot was in its infancy. Now that is not the case. Spyware is the best.
When news stories like this show up, it's for spyware removal utilities that people never used to begin with. For all I know, it was spyware itself.
I think even MySearch toolbar has a pop-up blocker. There's a lot of incentive for spy and adware to "clean" a users system of other spyware so that they actually do not go download Spybot or Ad-Aware. Don't be fooled, there's only two alternatives, and either one is fine enough for your home use or your corporation.
The real problem with spyware is the stuff that is installed along with other programs...
I seem to remember Microsoft being forced to allow users to uninstall IE because the use of one product (Windows) was forcing users to use another (IE). Should not the same logic apply to spyware? If I install bearshare why must I use WhenU? I might prefer another "direct marketing customer niceness happy funtime enabler", should I not have the option to remove it so I can replace it with another?
Personally I think it should be illegal to include software in a package that is not directly related to the functionality provided by that package.
And as for spyware cleaning software going bad - I've always seen the one great use for open source communities as being related to security product.
You are right, but you really need to secure your machines. Users shouldn't have the ability to install software. Group Policy.
Religion is a gateway psychosis. -- Dave Foley
That's spyware for ya. If they start to police/remove the stuff, they're gonna probably have to at least double their prices to cover increased developement costs. After all, with viruses, they come to your. With spyware, you've usually got to go looking (I've never got Gator in my inbox).
So the question is, are you prepared to pay more? That's probably what most antivirus venders are trying to figure out.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
You're surprised there is more money in the spam and spyware then the anti of them?
Wake up. There is orders of magnitude more money on the advertising and blackmarket side.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
AS he said, they're being installed through various exploits, bypassing what the user is actually permitted to do.
Oh, you meant ANTI-virus vendors. Damn I was confused for like, a minute.
In Soviet America the banks rob you!
Oh, yeah, Ironport claims their multimillion e-mail per hour senders are only for use by good guys. Right.
What we really need is for a respected anti-virus company to join forces with one of the respected anti-spyware companies and churn out something that has automated protection from viruses and at least -the option- to turn on automated protection from spyware. (lists of spyware programs that trigger neon red warnings when they're being installed, or are simply blocked from installation, anyone?)
If the users need to be protected from themselves because they are installing malicious programs, then there should be the option for that protection.
I guess, though, that the very concept of the system giving warnings on things that shouldn't be installed would require -Microsoft- to take action. And the fact that they haven't done that already makes me wonder whether there is some angle to it that makes it an advantage for them not to label problematic programs for their users...
But then again, I should remember that I'm talking about people who made a built-in firewall and then didn't turn it on until they released a patch.
I think Microsoft would almost have to make a system-wide policy. Something exclusive like, 'Only run these applications'. Something like... Uh... The Mac. ;)
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Sorry, students installing malware on your computers is a security / windows problem, not an issue for the anti-virus firm to sort out for you. They are SCHOOL computers, it's the SCHOOL's responsibility to secure them. These programs tread a grey line between legitimate software and viruses and present a tricky legal problem for anti-virus vendors. It's not as straight forward as you would think for them to just remove them.
s px?kbid=324 036
We had a similar problem to the one you face ourselves. Several programs were installing on users machines and causing real problems. I'd have loved to move away from IE entirely and install Firefox or Opera as our browser, but unfortunately that's not possible with our intranet.
Our solution has been to lock down IE to the state that no javascript or active controls can run from the internet sites. It causes problems for a few sites, but the majority still run ok. The few sites that need scripting can be verified manually and added to the trusted sites list.
This locked down internet access, filtered e-mail and good anti-virus software (Sophos of course) has solved all of these problems for us.
For a real belts & braces installation, we're also investigating Microsoft's Software Restriction policies:
http://support.microsoft.com/default.a
Ross
Simple solution. Don't buy a Malware remover that supports a known malware product. It's simple. If you have two products and you don't like one of them, then don't buy it. Either they clean up their act, they change their product, or they go out of business. I prefer free removers anyway, because they have the tendency to look at a product more objectively. Business is fueled by the bottom line, or they wouldn't be in business very long.
I would buy a product that specifically removes Aluria+WhenU because I don't feel that I should be subjected to WhenU garbage. That's based on a fair evaluation of what I and my customers want. WhenU = garbage, take out the trash. Aluria supports garbage, take them to a landfill. My customers do not want the functionality of WhenU so we remove it, and do not use Aluria products.
Anti-competitive? Not really, if you think about it. If people are clamouring for something to remove Adware or Spyware, and you are adding it to their system, then it's not competition, it's reprehensible. Anything that claims to be removing spyware and adware, but then allows instances of it seems more like a trojan than anything legitimate.
Someone paying you money to classify their product as not adware is pretty close in definition to a kickback, or bribe. If they were on the legitimate course they would universally provide support to all vendors as to why they should not be considered adware. Trying to hide behind a license agreement is irresponsible in this particular case. IMHO.
It is by caffeine alone I put my mind in motion...
I'm not missing the point here, but I have an alternative suggestion-- reimage the machines nightly from another (non-compromised) box or ghost image. You can probably get something free or cheap to do it, and then you never really have to worry-- every night at 11PM, everything gets wiped.
The difficulty of dealing with [Spy|Mal|Ad|Crap]-ware is increasing exponentially-- unless something major comes along (cough cough Linux cough cough Firefox), then I don't see *any* company being able to step up and really protect us.
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
But wait, aren't they (Aluria/WhenU) also putting themselves at risk of similar lawsuits for their anti-competitive practice of removing Gator/Claria Bargain Buddy and friends? Seems to me this should be a major concern to these guys. Have they got some loophole I'm not aware of?
Information doesn't want to be anthropomorphized anymore.
Humm.. interesting.. now I'm wondering what media player it was.. BSPlayer? (just a guess)
Good for you for not letting their BS get past you.