Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows AntiSpyware Downgrades Claria Detections

Posted by Zonk on from the convenient-timing dept.

accihap writes "A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria (See recent /. coverage), spyware researchers have noticed that the Windows antispyware application has downgraded Claria's Gator detections and changed the recommended action from 'quarantine' to 'ignore.' Screenshots of the new default settings."

14 of 411 comments (clear)

  1. That's why I recommend... by tkrotchko · · Score: 2, Informative
    I'm not trolling, I don't work for this company, but I've used it for a year, switched from IE to Firefox, and I'm done with spyware under XP:

    http://www.webroot.com/

    --
    You were mistaken. Which is odd, since memory shouldn't be a problem for you
  2. For those who don't remember the past by Anonymous Coward · · Score: 1, Informative

    Previous rating.

  3. My personal policy... by Noryungi · · Score: 4, Informative
    Is this: never use Microsoft products, even on Windows machines, if you have an equivalent.

    Therefore, I offer the following:



    And, of course, the usual suspects: Firefox, Thunderbird, Open Office, etc... This is not just a good idea, it's THE LAW on the networks I manage!

    Replace your Microsoft software today and avoid 90% of all problems that plague other Windows users.

    You are welcome.
    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:My personal policy... by grasshoppa · · Score: 3, Informative

      Replace your Microsoft software today and avoid 90% of all problems that plague other Windows users

      Sadly, on a network of any respectable size, this is a hard thing to accoplish. On my simple network of 50 stations I am forced to work with software that requires IE6.x, poweruser access along with unfettered access to the internet. It communicates over https, but it won't work through a proxy, so I have to open it up entirely.

      I have a few apps that simply require power user along with some other weirdness.

      So while I'd like to get rid of as many MS packages as possible, it's usually not practical.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    2. Re:My personal policy... by yasth · · Score: 2, Informative

      Well they use the same definitions...

      AVG caught some stuff norton did not. (Norton had the entry, but apparently the definition had a broken detection facility). Nothing is perfect, and in the case of Trojans nothings can be perfect.

      --
      I'd do something interesting, but my server can't handle a slashdotting.
  4. Re:Photoshop? by crimoid · · Score: 5, Informative

    Just tried to let IE install one of their apps and MS AntiSpyware caught it, flagging it with Moderate.

    To their credit though you had to dig to find the Moderate label. The first thing a user will see is a rather largish (scary looking) red box encouraging them to block the software.

  5. I can confirm by Slayback · · Score: 5, Informative

    Just yesterday I was helping a neighbor clean-up his girlfriend's parents' computer (how do I get roped into things like that?) So, I install the 3 big ad-removers; Spybot S&D, Adaware, and MS AntiSpyware. I ran the MS one first since Spybot kept crashing when doing the cleanup (very mean buggers). I noticed that the Claria stuff was all set to ignore after it detected it. I didn't think much of it and set all of them to quarantine, but I did think it was a little odd.

    Anyways, CONFIRMED.

  6. Re:Confirmed by dustmite · · Score: 2, Informative

    Indeed, OR Mac OS X .. no spyware so far here either.

  7. independent confirmation by bedelman · · Score: 2, Informative

    I independently observed the same thing -- Claria set to Ignore within MSAS. See image on my site, final paragraph of http://www.benedelman.org/news/063005-1.html .

  8. Re:Sadly, no surprise. by Parham · · Score: 4, Informative

    An foreign gaming site won't help him with his spyware problems. Try http://fedora.redhat.com/ for the real deal.

  9. Yes, it's real by Morinaga · · Score: 4, Informative
    At least the information is accurate. www.spywarewarrior.com reported on this last week (An excellent malware blog/information site). http://netrn.net/spywareblog/archives/2005/07/01/m icrosoft-antispyware-ignores-claria/

    Part of the article...

    Sunbeltblog reports: A brief check of our database updates from Microsoft shows that Claria adware has been set to a default action of "Ignore" since at least early June (Claria continues to be listed in our database with a default action of "Quarantine").

    You might recall that Microsoft acquired its antispyware application from GIANT, who had a close business relationship with Sunbelt Software. As part of the deal, Sunbelt continues to receive definitions from Microsoft until June 2007. Sunbelt, however, has its own research team and adds its own definitions to the database in addition to what they get from Microsoft.

    In the current Spyware Weekly newsletter, Mike Healan of SpywareInfo.com comments:

    I can't imagine what they are thinking at Microsoft. I would be hard pressed to think of a better way for Microsoft to alienate their users. I certainly hope that the opposition from within Microsoft prevails and that this deal dies on the negotiating table.

    Ben Edelman has updated his write up to include the news of the changed detections.

    This is exactly the kind of conflict of interest I worried about three paragraphs above--but I didn't anticipate how quickly this problem would come into effect!

    Wayne Porter, blogging at ReveNews calls it Conflict of Interest 102 His site at SpywareGuide.com reports, interestingly enough, that Gator (Claria) is currently the top detection. See the site for full the top 10 list.

    1 Gator 6.55% 2 MySearch 5.53% 3 CoolWebSearch 4.38% 4 180 Search Assistant 4.02%

  10. Not just Claria. by ArcCoyote · · Score: 5, Informative

    MSAS leaves all "Moderate" threats at Ignore, because they are often relatively well-behaved components of ad-supported software.

    MS isn't dumb, and they have criteria for determining what is a moderate/high/critical spyware threat. A lot of times it comes from feedback to SpyNet. If adware comes bundled with an ad-supported product, doesn't hijack your browser, and removes cleanly when you uninstall the software it supports, it's a only moderate threat.

    MS is also a big legal target and a monster in the eyes of many smaller software companies. They'd be getting sued non-stop if MSAS indiscriminately removed the adware from ad-supported products.

    I did a cleanup of a seriously crufted-up machine last night. Claria, 180Solutions, WhenU, Comet Cursors were all set to Ignore. Kazaa and BearShare were set to Quarantine, and quarantining them would have snagged the adware they came bundled with.

    CoolWebSearch, VX2, and the other real bastards were rated "Critical Risk" and set to "Remove."

    I set everything to "Remove" and MSAS did just that without problems. Can't really complain.

  11. Re:Sadly, no surprise. by Scarletdown · · Score: 1, Informative

    In the spirit of freedom of choice (or whatever you want to call it), http://distrowatch.com/ might be a more suitable URL.

    --
    This space unintentionally left blank.
  12. Re:Sadly, no surprise. by bhtooefr · · Score: 3, Informative

    Gator buries the fact that it sends data back to Claria in the EULA. Bad idea.

    Opera says in plain English that it'll send stuff to Google, and only if you use the Google text ads (which I use). Not nearly as bad, because it's made obvious (FWIW, I DO use Opera with the Google ads).