Slashdot Mirror
Anti-Spyware Vendor Partners with Spyware Company?
Tuxedo Jack writes "eWeek reports that the anti-spyware vendor Aluria Software has partnered with WhenU of 'WhenUSave' and 'SaveNow' infamy. They've removed WhenU from their spyware/malware definition lists, certified their applications as safe, and they deny that money was involved. As a result, SpywareInfo and many other anti-spyware sites are delisting Aluria's 'Spyware Eliminator' from their lists of preferred software. Is this a dangerous trend for anti-spyware? Or are we just witnessing a natural evolution? I sure hope it's neither - I like my Windows boxes junkware-free, thanks (oxymoron noted)."
How is different from virus vendors stopping reporting on "corporate" keyloggers?
One problem that these anti-spyware programs are bound to run into is claims that a "spyware" program is a "legitimate business to consumer marketing connection enabler" by its makers. Afterall, in most cases the user has "agreed" to allow these programs to run by installing something without fully reading the terms of service.
That may be the reason why this group caved... not that money changed hands, but the threat of a lawsuit was waived around.
This happened with lavasoft too, right? They started some consortium on spyware and then left it when it was evident that evil practices were going on... Perhaps there needs to be a legal definition of spyware before vendors will keep constant as to their aims? The problem is with defining it is that the somewhat arbitrary nature that's necessary will backfire and be abused *cough cough DMCA cough cough*.
AccountKiller
... update their lists and consider Aluria's software as spyware.
You are more than the sum of what you consume. Desire is not an occupation.
After cleaning out my aunt's computer of about 11 different companies nagging her to visit their sites, this doesn't come as any surprise to me.
I still believe the Spybot S&D program is a much better solution because a) it's free, b) they only ask for donations which anyone would give for the value of the program, and c) the programmers don't appear to be linked to anybody within the spyware industry.
And for all intents and purposes of the definition, this has basically what this type of program has made: its own genre within the IT industry.
First we had viruses, then chain letters, then SCO. Now we have a spyware genre to worry about.
Does this mean the only anti-spyware solution we can trust is or should be open source?
I would think yes.
Anybody else?
IGB: More fun than eating oatmeal!
I think it might be a good idea for an online tester to get a hold of all the popular Adware/Spyware removers and test them out side-by-side to figure out who "forgot" to block a given companies ads... Atleast then we could figure out who's on our side and who's on theirs...
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
Anyone know of any Libre anti-spyware for Windows? I don't use MS products except at work, so don't have to worry about such things.
See what I've been reading.
..but to be fair, Aluria says that they're concerned with "malicious spyware." If you RTFA, they indicate that they felt that the disclosure practices and what-not are all above-ground.
Not that this helps people installing without scanning the EULA and getting nasty little "gifts," but it's hardly malicious if you agree to it.
*Disclaimer* I have no idea what exactly WhenU does, never had it on my system. If it IS malicious, then immediately discount this post. Regardless, I'll be busy vomiting from my over-exposure to advertising in general.
picpix image polls. create - share - vote. fun!
Apparently the keylogs weren't secure and someone inside the company stole his credit card info when he made a (work related) purchase from Amazon.com on his own credit card.
If you're at work and not using your own laptop or a Knoppix disk, make sure you only use a corporate credit card when ordering online.
Personally I think he should have sued his employer, but he wanted to keep his job.
http://www.lavasoftsupport.com/index.php?showtopic =44037
Check this thread out from Lavasoft's own forums..."Hotbar" and "not a threat"...used in the same context? That's like using "not evil" to describe "Satan"!!!
Perhaps Lavasoft is another one getting ready to sell out...?
Spyware will become a serious threat to operating systems of choice as well, once they become a bit more popular. It's exactly the kind of software that operating system level security cannot stop, namely, software willingly (if not knowingly) installed by the user.
Seeing that a lot of software for *nix systems needs to be installed as root, spyware could potentially bypass any OS security mechanisms, and there will be no end to the potential damage.
I think this situation needs addressing. Distributions supporting and simplifying installing software by regular users (as opposed to systemwide installation by the superuser) would be a good first step, with many additional benefits.
Please correct me if I got my facts wrong.
I wouldn't call this a dangerous trend. I'd say it highlights the age old issue of buyer beware (or downloader beware). If you download an anti-spyware application, it is critical that you understand what it looks for and what kind of reputation it has. Even a nontechnical user can do a Google search for a product name. As soon as free spyware removers started showing up on the internet, I knew it was only a matter of time before a spyware vendor either packaged spyware as anti-spyware or made a deal with an anti-spyware company. If the user stays informed, this is a non-problem. There's plenty of information available on the internet about spyware. Companies like Aluria Software will get a clue when they see their number of users drop and realize that's the price to be paid for practices like these.
I agree with you, however, you'd think at the very least Microsoft could do is ask you to enter the account credentials of an administrative account whenever you're about to install an application or modify core system settings.
This would prevent the vast majority of silent spyware installations.
Instead, we have no authentication and a "SYSTEM" super user account for applications to play Administrator with.
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
It's a lot more than annoying. A six-year-old cousin of mine got redirected to a bestiality site by spyware, and his parents were afraid to go near the family computer for the next two months. When I finally found out and tried to fix it, the browser was very badly hijacked, and the computer - already old - was running ridiculously slowly because of the 20+ spyware process running in the background.
--- Bwah?
This "age old" question is perhaps the stupidest conspiracy theory I've ever heard. Corporations go to great lengths to avoid lawsuits, and I can't imagine that any successful antivirus company would risk losing all of their money in a class action lawsuit by pulling such a stupid move. Why would an antivirus corporation risk writing viruses? There are plenty of socially stunted 15 year olds to do that.
BTW the pural of "virus" is "viruses". Look it up on google.
Here's a clip from their joint press release with WhenU
From the desktop, WhenU software examines keywords, URLs and search terms currently in use on the opted-in consumer's browsers and then presents highly relevant advertising and services.
This is from their own press release! Who in their right mind would stake the reputation of their company on a declaration that such a product is not spyware?
Aluria Software creates "Spyware Safe" icons for spyware!
Just the other day, my wife asked to have something called "Weatherbug" installed. I told her that I would install it for her, as long as it had no spyware.
It sure made me feel better when I went to http://www.weatherbug.com/ and saw the "Spyware Safe" icon from Aluria.
Well, right before the install of weatherbug, I cleaned the system, rebooted, and cleaned again to be 100% sure.
Right after the software about 35 items were found by Ad-Aware SE PE....so much for "Spyware Safe"!.
Aluria is just that...A LURE...a way to scam you!
I'm glad to now know that Aluria's "Spyware Safe" icon is really just scam.
-wpg
Windows 2000 and XP boxes free of spyware/viruses/whatever.
Just simply never allow them to surf the web or reside on any directly-routeable-to-the-Internet network segment.
You might say that this defeats the whole purpose of using it, but Windows is still useful for purely internal apps. Using it on the Internet is just plain foolish these days. It is an unnetworthy operating system. Just like a leaky ship is called unseaworthy, and an airplane with cracks in the wing spars is called unairworthy, Windows is unnetworthy.... so just don;t try to use it for some purpose for which it is no longer worthy, and you'll be fine.
From the sounds of it they've already sold out. Notice the bit about working with the hotbar developers? What's the better the 'working with' involved large amounts of cash.
:(
It means Spybot is the only real ad-remover left
Er... WinXP, new installation. Just formatted hd. Connected to internet : 20 seconds and it gets down due to a Blaster variant.
That's ok. I enabled the firewall.
I did a WindowsUpdate from Microsoft.com, while installing Firefox and Thunderbird. I wasn't doing anothing else, I assure you.
In the meanwhile, I installed and ran the antivirus.
6 _different_ trojans discovered. In less than 20 minutes connected to the internet, whithout even opening the mail _client_, let alone "suspect attachments" opened by "user stupidity".
Now, or it was the WindowsUpdater ActiveX SuperMegaPlusPlus ProfessionalEdition from Microsoft.com, or I'm not a dickhead, sorry to tell you that.
Just my 2 (euro)cents -- it doesn't strictly mean they're more valuable.
PS: as for your point b), feel free to send me an email the day you'll be able to uninstall IE from your computer.
PPS : I'm a Gentoo user too. An happy one. A so happy one, in fact, that I fdisked my winxp partition away almost a year ago and never felt sorry.
42.
You should also consider investing in a windows resource kit or two... the su.exe program is very useful for making links to programs that are idiotically designed to need Administrator privledges.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
For a real AV app, run ClamAV. It's meant for mailservers, but it'll run. As for anti-spyware, they actually want RUNNING, or just installed? If it needs to be running, try running Ad-Aware Plus on WINE or Xover.
It's happened here. I'm from Minneapolis. You may know that we get snow around here in the winters. Remember, snowfall means fender-benders, and body shops hereabouts live for the winter repair season. One mild winter an employee of a local bodyshop was found guilty of driving around the city in a beat-up old wreck, sideswiping parked cars in an attempt to give his business enough work.
Just because you "can't imagine" unethical behavior doesn't mean it won't happen. What makes you think Aluria was a "successful" company, turning a profit? When it comes time to making sure the bank has enough money to cover payroll on Friday afternoon, desperate people have been known to turn to desperate measures. Actually, we have some measure of their desperation already -- they're partnering with WhenU (which is indeed scumware no matter how you classify it.)
I'm not saying Aluria or any antivirus company is guilty of anything criminal. I am saying that some people are more desperate than you might think, and that they may take an unethical route to drum up more business.
John
I'm the owner/lead programmer of a somewhat popular media playback software.
WhenU mailed me a few times, which I ignored (I get quite a few of these adware requests). Then a few days later the phone rings (and I'm no U.S. citizen, this was an international call).
I didn't ask them where they got my name and number, but since it's only listed on my DNS records and no where on the site, I guess they actually went through the minor trouble of looking it up.
I had no plan on incoporating any spyware into my software, but I find it interesting hearing their pitch every once in a while.
At first they contacted me using a low-level employee which asked me if I want to arrange a "call" with their senior whatever in order to discuss this. I told them that I had no intention of incorporating their software into my own (installer), but they really wanted me to talk to their higher-up person. The tone they used made it sound as if this person was "important". I found it all very funny and was interested in their pitch.
The next day I got a phone call from their director of something or other. This person (woman) was quite articulate and held quite a bit of technology information (she wasn't a lackey, she knew her stuff).
She insisted that WhenU is working with the gov to make sure they are not outside the law (slashdot was running a story about law changes that may effect spyware), she actually said they were championing the law.
I asked her about the "spying" portion of their software. She assured me that the ad-selection was done locally on the host computer and no-data was sent to their servers.
In the end I asked/told her something very simple:
1. Does the user see more ads when using your software (yes).
2. Does your software appear as spyware on spyware removal tools (yes, but they are working on it).
3. Don't you think that by attaching a software that is detected as spyware will ruin the reputation of my own software? (no answer).
4. Can I validate what their program actually does? (no)
I told her there was no way I'm risking the prestine reputation of my software and making my users angry.
But as you can see, WhenU is really pushing hard...
it strikes me that viruses and spyware/adware/malware whatever you want to call it only differ from each other in that spyware contains an EULA. They're really both equally damaging to productivity, and I dare say that many spyware programs are harder to get rid of than viruses!
Why is it that spyware writers are free from prosecution? If virus writers wrote an EULA that was as unlikely to be read as those by common spyware programs, even if it stated explicetly that "this program is known as a virus, it will delete all your data and spread to other computers. Click yes if you agree to this", would that make virus authors immune to prosecution??
The vulnerability that the sasser/blaster/etc viruses exploit is closed in SP2. There are millions of Windows XP users out there without SP2 CDs. These viruses can hit so fast you don't have time to patch a system.
In arguing about the recent actions of Aluria, the discussion will inevitably be steered toward whether WhenU (is, is not) malware/spyware/crapware/*ware, i.e. whether it is right or wrong for Aluria to decide they don't fit Aluria's definition of a threat, and de-list WhenU. This conveniently sidesteps larger and much more ominous issues:
1) The amalgam (Aluria+WhenU) is now a competeting product to other spyware removers. (Aluria+Whenu) could more legitimately bring suit against AdAware/Spybot/etc. for the "anti-competitive" practice of removing WhenU.
As Eric L. Howes notes,
"It now appears that the Aluria scanner is actually bundled or integrated into the WhenUSearch Toolbar. In other words, by removing the WhenUSearch toolbar, other anti-spyware vendors will effectively be removing a competing anti-spyware product. Still worse, WhenU itself is now a competitor to other anti-spyware vendors."
2) The amalgam (Aluria+WhenU) can worm onto a click-happy user's system due to its existing title of "spyware eliminator", and summarily remove competing ad-belchers from that system (how convenient!). Now WhenU's promotions aren't being drowned out by Gator/Claria, Bargain Buddy and all their other popup-spewing friends you are likely to find on a spyware-prone (read: novice user) computer.
Do note that AOL is partnered with Aluria; AOL version 9 bundles Aluria Spyware Eliminator--so we're talking about a potentially enormous market here.
Caveat Emptor is not a business model.
I've been going through this with Sophos (our school's anti-virus vendor) recently. The following is the beginning of an exchange between me and them. Frankly, I think that the anti-virus vendors also need to get their act together and stop all this fence sitting bullshit.
.DLL files. Some of these cannot be cleaned by the traditional methods (AdAware/Spybot). For instance one of these 'VX2' has been found on a few computers here. It cannot be deleted, or when it is, it mysteriously comes back.
I don't care if a user 'willingly' installs this crapware - these are the SCHOOL'S computers, not theirs. Our policy is to not allow these programs on our network - PERIOD. I feel that Sophos is not doing their job in helping me control some of this uninstallable crapware like CWS.
Here's the exchange:
**
To whom it may concern...
As the sole administrator of of our small school network I am responsible for the integrity of our machines - software and hardware. Like everyone, we are struggling with spyware and related issues. Recently, we've been finding spyware that is installing itself without permission and attaching itself to
Question: What is the difference between a malicious spyware application and a trojan virus? What is Sophos planning to do about this type of vicious software? In short, when can I expect Sophos to start eliminating this sort of virus?
Thanks,
Chuck Hunnefield
Technology Coordinator
***
Chuck,
Adware and spyware are usually considered one issue by many people. In reality, the adware and spyware lables applies to those applications that you've put on your machine intentionally. Many people are unaware of these things since they very rarely read EULAs and have no idea what's really being placed on their machines. Spyware, however, can sometimes cross into the malware catagory if it's functionality prevents a very obvious security vulnerability or if the application behaves in a way that is different to how the user was told it would behave. Malware is the umbrella term for applications that have made their way onto your machine without your consent and usually without your knowledge. Most trojans that we detect can easily be labled "malware" and vice versa.
If you have samples of files that you believe fall under this malware heading, by all means submit it to supportus@sophos.com and our virus lab analysts will look at the sample, evaluate it's functions and determine how to classify the files. If it is found to be malicious, then we'll certainly add detection for it in our engine and/or release an IDE for it.
If it is not malicious and is not something that'd be considered viral, then we will not currently have detection for it.
So to briefly answer your final question, Sophos has always and will continue to detect malicious files that reside on your machines.
Regards
Michael ***
Sophos Technical Support
***
Michael,
First of all, thank you for your quick response. I'm afraid I have to disagree with you about the labels 'adware' and 'spyware' being intentionally installed. Increasingly we are seeing these 'applications' (and I use this term loosely) getting installed through holes in I.E. or the OS. A perfect example would be this 'VX2' application. I feel fairly certain that nothing my users did invited this software onto their computer.
I fully understand how difficult your situation is concerning applications willingly installed by users. Applications like Comet Cursor, Gator/Claria, Weatherbug, and Date Manager are WELL known to me. And it may well be that software like VX2 is also installed through these means; but regardless of how it got there, it's unwelcome there now. Should ANY software be allowed to install itself and/or not allow user removal? I think this is covered under the new anti-spyware law recently passed by the U.S. Congress. If an app like VX2 downloads other applications unbidden and worms it's way through
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Do not confuse saving Windows with saving the Internet. I am quite certain IBM, as altruistic as they may be, is perfectly happy to let spyware twist the knife and drive people awayfrom Windows and to Linux.
Gary Dunn
Open Slate Project
> And it may well be that software like VX2 is also installed through these means
That's one way VX2 is getting installed, yes. Another is by bundling with IE exploits.
For example the achtungachtung exploit (covered recently by Tom Liston in the SANS Internet Storm Center blog) compromises the machine then downloads a large number of spyware programs, including Transponder/VX2.
This has been going on for some time. Mindset/BetterInternet (the company behind VX2) is quite happy to pay affiliates to load their software using wholly illegal security exploits, and if Sophos doesn't think this is grounds for removal they're crazy.