Windows AntiSpyware Downgrades Claria Detections

← Back to Stories (view on slashdot.org)

Windows AntiSpyware Downgrades Claria Detections

Posted by Zonk on Thursday July 7, 2005 @01:23AM from the convenient-timing dept.

accihap writes "A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria (See recent /. coverage), spyware researchers have noticed that the Windows antispyware application has downgraded Claria's Gator detections and changed the recommended action from 'quarantine' to 'ignore.' Screenshots of the new default settings."

38 of 411 comments (clear)

Min score:

Reason:

Sort:

Sadly, no surprise. by TripMaster+Monkey · 2005-07-07 01:25 · Score: 5, Insightful

Honestly...is anyone surprised by this? We all saw this coming.
Unfortunately, M$ can pull this sort of thing with near-impunity, as the only ones outraged by this are the ones who had issues with them in the first place (read: us).
The vast majority of Windows users out there are just going to shrug and say, "Oh well...if Microsoft says they're not a threat, then they must not be a threat."

--
____
~ |rip/\/\aster /\/\onkey
1. Re:Sadly, no surprise. by digidave · 2005-07-07 01:28 · Score: 5, Insightful
  
  But I wonder if this will affect enterprise adoption of MS Antispyware. Even the diehard Windows admins where I work will admit this revelation makes that product less attractive, which is a shame because it used to be possibly the best antispyware product around.
  
  --
  The global economy is a great thing until you feel it locally.
2. Re:Sadly, no surprise. by Zeinfeld · 2005-07-07 01:30 · Score: 5, Insightful
  
  Microsoft generates the default actions by looking at the feedback from people who have opted to communicate their actions to Microsoft.
  Before getting into a stew it would be worthwhile considering whether it is likely that a significant number of people with Claria crap are opting to keep it.
  
  No way would I have Claria crap on my machine but it does appear that there are people downloading the trash intentionally.
  
  --
  Looking for an Information Security student project suggestion?
  Try http://dotcrimeManifesto.com/
3. Re:Sadly, no surprise. by Donny+Smith · 2005-07-07 01:39 · Score: 2, Insightful
  
  It's not that it was removed from the definitions update (i.e. that it is ignored/undetected). It is still detected.
  
  They just downgraded the threat level to Moderate and changed recommended action to Ignore.
  Those who care can change it to Remove. It's that easy.
  
  No big deal.
  
  I've seem some other utilities that call everything threats and/or infections - even cookies. That's even worse that MS's downgrade of Claria/Gator.
4. Re:Sadly, no surprise. by BaudKarma · 2005-07-07 01:45 · Score: 2, Insightful
  
  Oh, come on. Microsoft may take feedback into consideration, but surely it's not the only factor in selecting the default action. And what the *hell* would motivate hundreds of thousands of users to change the default action that Microsoft recommends and keep a piece of crap like Claria? Especially considering that these are people who are clueless enough to have installed Claria in the first place.
  
  --
  It's the land of the brave, and the home of the free
  Where the less you know, the better off you'll be.
5. Re:Sadly, no surprise. by Anonymous Coward · 2005-07-07 01:46 · Score: 5, Insightful
  
  I wonder if this will affect enterprise adoption of MS Antispyware
  
  If this indeed checks out, Microsoft Antispyware will be removed from our regional ISP's recommendation list by the end of the day. Our customer care people presently recommend it as the first tool for spyware infections due to its previous effectiveness in identifying items that several other no-fee tools did not.
  
  Software that intentionally misleads users regarding the actual risk of unauthorized application behavior is malware, regardless of the vendor or intent.
6. Re:Sadly, no surprise. by rearden · 2005-07-07 01:54 · Score: 4, Insightful
  
  If Microsoft is going to rate spyware based on the actions taken by end users, then the product is flawed from the begining. If most users knew what caused/qualified/ acted as spyware they would not get it in the first place. I can not tell you how many times I have removed some WeatherBug or other program, and the user goes "Why, I like getting the weather" and I have to explain that all of the Pop-UPs are from the WeatherBug and they say "Why? It is just for the Weather!". I actually had one user complain to my boss that I was trying to keep her from getting the Weather!
  
  My point being, most users don't know or understand what is in the programs, and so the determination of their adware/ non-adware status should not be left up to them.
  
  Additionally, what is going to stop the AdWare networks from running bots that mark their programs as Keep or Ignore and thus flooding the SpyWareNet with false info.
  
  If the change comes becuse of user feed back, then the system is flawed. If the change came because MS got paid, or threatened to be sued then MS is just corrupt.
  
  --
  Huh?
7. Re:Sadly, no surprise. by malsdavis · 2005-07-07 01:56 · Score: 2, Insightful
  
  This is disgusting.
  
  There's Microsoft saying that in the future we should let them run our lives and give them control of our home applicances and such. Then they go and do this.
  
  Makes you think: In 10 - 15 years when Microsoft will probably own half the home security alarms market, I wonder what will happen if they were to acquire 'Burglers Inc.'?
  
  Its not hard to imagine Microsoft downgrading the threat posed by them to 'ignore' either.
8. Re:Sadly, no surprise. by bhtooefr · 2005-07-07 02:05 · Score: 5, Insightful
  Typical infection process of a Claria app, if it's downloaded legitimately (I don't recall Claria's stuff doing drive-by downloads):
  
  User sees "Free password manager", "Free calendar thingy", or "Keep your computer clock up to date" (on the last one, not knowing that their XP box has a built-in NTP client, and easy to set up, too)
  
  User downloads, and installs, not reading the EULA (as they've been taught - it's all legalese BS, after all, but there's often a string of legalese in the EULAs of these apps that boils down to "this is spyware")
  
  User wonders why computer is running so slow, so he/she calls a friend over to remove the spyware. Said friend mentions something about "Claria junk", and removes it.
  
  User sees that their little clock thingy isn't working right, and redownloads it.
  
  User again realizes that their computer is running slow, but hears about this "Microsoft AntiSpyware" thingy that helps it go faster, so they download it.
  
  On the first scan, it says "OMG! There's Claria on here!" (not really, but that'd be the general gist of the screen to a user). The user remembers that when the friend cleaned stuff off, Claria was the thing that when removed, broke the clock thingy, so he/she tells it not to erase. Default behavior is to send the actions to SpyNet, so it went to SpyNet that he/she chose to keep it.
  
  Does that sufficiently explain it?
9. Re:Sadly, no surprise. by bigman2003 · 2005-07-07 02:21 · Score: 5, Insightful
  
  Furry Wookie- this is not pointed at you directly...but at something you said which sounds like what a ton of other people are saying:
  
  "...take control of your life..."
  
  A lot of the MS vs. (everyone else) debate sounds like this.
  
  My life? How is an anti-spyware tool on my computer going to really affect my life? Or how is my computer going to help me take control of my life?
  
  My computer is just a stupid, noisy, power-sucking box that sits on the floor. I am the one that gives it life, not the other way around. Whatever operating system it runs doesn't really affect my life at all- I just use the thing.
  
  Just like the hedge trimmers I bought last weekend- I went to the store, bought some, and used them. It wasn't a decision that would affect my life- just those few moments as I trimmed the bushes.
  
  My whole point is...don't confuse a computer with real life. Real life is about people, love, adventure, relationships, hardships and successes.
  
  Computers are about reading e-mail, and surfing for porn.
  
  --
  No reason to lie.
10. Re:Sadly, no surprise. by harlows_monkeys · 2005-07-07 02:30 · Score: 2, Insightful
  
  And what the *hell* would motivate hundreds of thousands of users to change the default action that Microsoft recommends and keep a piece of crap like Claria?
  Perhaps the same thing that motivates a large number of people to go to the Claria site and download Claria's software on purpose?
  
  This is what makes anti-spyware applications difficult. Things like Claria's software do provide some useful functionality in exchange for their data gathering, and some people find that to be a worthwhile trade. They'd rather give up some information and get the software for "free", than pay money for software that doesn't gather information.
  
  This puts the anti-spyware application developer in a pickle. Remove stuff like Claria, to protect users who didn't realize what they were getting into (or don't even realize they have it), and then piss off people who actually asked for Claria's stuff? Or let Claria's stuff stay, and then fail to protect those who didn't want it?
11. Re:Sadly, no surprise. by Proteus · 2005-07-07 03:37 · Score: 5, Insightful
  
  My life? How is an anti-spyware tool on my computer going to really affect my life? Or how is my computer going to help me take control of my life?
  My computer is just a stupid, noisy, power-sucking box that sits on the floor. I am the one that gives it life, not the other way around. Whatever operating system it runs doesn't really affect my life at all- I just use the thing.
  
  I think you're missing the point. A computer is a very powerful tool, and the more you use it to communicate and work (research, etc. counts as work), the more its correct operation impacts your life. This is analogous to buying a nice power drill -- if you rarely use it, a $20 cordless from Wal-Mart will suffice you; but, if you are remodelling your house and use it every day, you will need to buy a better drill and put some effort toward maintaining it (keeping the cord from getting worn, making sure not to strip out the chuck, etc.), or you will find your projects significantly delayed.
  
  Viruses and other malware (spyware included) have become a fact of life for most Windows users. The more they use their tool (the computer), the more impact that being hit by malware will have on their life. Most people are at least somewhat aware of this, so they purchase anti-malware software to protect their Windows machines. The fact that such software is so popular indicates that people are aware that malware significantly impacts their lives if they are regular computer users.
  
  The problem is that people have just accepted that malware is out there, and feel that forking over a few hundred dollars for someone to detect and fix infections is the only real course of action. This is akin to getting the flu frequently, accepting that we all get sick, and paying a doctor for medication for every infection; yet, if one were to simply wear properly-warm clothing, eat balanced meals, and ensure a sufficient supply of Vitamin C, etc., one could reduce their vulnerabilities significantly. This is how I see suggesting a user switch to Linux or Mac OSX. Yes, it requires some effort, some discipline and some self-education (just as changing your diet and other habits would), but the end result is significantly less vulnerability.
  
  Why people continue to accept Windows' problems without much ire is a mystery to me.
  
  --
  We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
12. Re:Sadly, no surprise. by Shalda · 2005-07-07 03:46 · Score: 4, Insightful
  
  I have to take a small exception to this. MS Antispyware, even with the downgrade on Claria garbage, is still one of the better products out there. First, I really see two possibilities here: MS completes their acquisition of Claria, at which point Gator will likely be on the chopping block or they don't and the threat level of Gator is restored. Secondly, while it changes the recommendation on Gator, it still detects Gator and the capability to remove Gator is still there. Many users, I'd be at least 50%, will recognize Gator for the junk that it is and want to get rid of it, regardless. Also, it's likely that enough bad press will get MS to rethink the downgrade. I'll keep the tool for now.
  
  --
  bance.net
13. Re:Sadly, no surprise. by r_a_trip · 2005-07-07 03:51 · Score: 3, Insightful
  
  Computers are about reading e-mail, and surfing for porn.
  
  It's just ironic that the above activities are the things that will get a Windows box to its knees within days (hours, minutes?), if the user is not maintaining an arsenal of anti-everthing software.
  
  GNU/Linux will not make you live the life of 007, but it certainly brings down the maintenance time significantly. When you are just checking e-mail and surfing porn, this simply is the unbending truth.
  
  Ofcourse you are free to choose using Windows with a big arsenal of band-aids to keep it running. I'm just glad that I have the choice not to go down the same route.
  
  --
  # touch universe # chmod +rwx universe # ./universe
14. Re:Sadly, no surprise. by digidave · 2005-07-07 04:05 · Score: 4, Insightful
  
  So at best this particular instance of MS ignoring spyware may not hurt you if you're smart enough to recognize it as spyware, but what about the future? How can you possibly trust such a product when the programmers are intentionally not removing certain spyware?
  
  And I disagree that most users will remove it anyway. The huge majority of users will accept the default recommendations.
  
  --
  The global economy is a great thing until you feel it locally.
15. Re:Sadly, no surprise. by arafel · 2005-07-07 04:24 · Score: 2, Insightful
  
  Real life is about people, love, adventure, relationships, hardships and successes.
  
  Computers are about reading e-mail, and surfing for porn.
  
  Computers can easily be used for the other things you mentioned as well, which undermines your argument somewhat. ;-)
16. Re:Sadly, no surprise. by Jezza · 2005-07-07 04:29 · Score: 2, Insightful
  
  Err... What?!
  
  OK I take the point about the computer being a funky little box. But the rest of it is daft, if that "stupid, noisy, power-sucking box" loses your credit card information (or other personal details) you'll soon find your life pretty badly affected. Keeping your computer free from malware is pretty important, I'd agree the exact speed of your CPU might not be.
  
  Also if your computer spews email and viruses it can make everyone else's life pretty sucky too.
17. Re:Sadly, no surprise. by jannesha · 2005-07-07 04:43 · Score: 2, Insightful
  
  The upshot of this is:
  
  When you remove malware from a luser's computer, you need to try to find them an alternative to the thing that you're taking away. No, it's not your job to give them fun toys to play with. But if you don't, they'll continue to f**k up their system.
  
  The other alternative is take away all admin priv.s, and be all hard-assed about it (this works less well when the luser is family).
18. Re:Sadly, no surprise. by Spy+der+Mann · 2005-07-07 05:02 · Score: 3, Insightful
  
  Those who care can change it to Remove. It's that easy.
  
  Those who care don't get spyware IN THE FIRST PLACE. They already use firefox, have their firewall, and often run ad-aware and spybot SnD.
  
  But here it's the Joe user we're talking about.
  
  Besides - who says malware authors won't disguise their malware as Claria's? (Expect a Secunia report issued in the following months about this exact issue)
19. Re:Sadly, no surprise. by nullvector · 2005-07-07 05:35 · Score: 2, Insightful
  
  Proteus, I fully agree with your sentiment, but the last line is what I am questioning.
  
  Computer problems have existed for a long time, pre-windows, pre-linux, pre-dos. Users just accept that as with any machinery, there are caveats to use, and that it will not always run as smooth as it did on day 1 out-of-the-box.
  
  The problem is that users EXPECT problems with their computer, like they do with their cars, their houses, everything.
  
  The alternative to the many problems of Windows, is either Mac (which they cant find software for as prevalent as PC's at retail stores...), or Linux, which has a steep learning curve that makes users not want to "put hours into learning the system just to check my email"
  
  The alternatives are out there, but they have their caveats as well.
  
  Users will stick with what is prevalent, popular, easy, fast, and simple. Windows defines all that for the basic user, and they just accept the problems along with the benefits.
20. Re:Sadly, no surprise. by CyanDisaster · 2005-07-07 07:48 · Score: 2, Insightful
  
  ...Why people continue to accept Windows' problems without much ire is a mystery to me...
  
  It might not necessarily be so much as accepting Windows' problems, but a lack of knowledge about those problems. Another contributing factor could be the fact that Windows is pretty much the only operating system installed on computers at the store, and most of the software on the shelves is written for Windows.
  
  Hope be with ye,
  Cyan
21. Re:Sadly, no surprise. by compro01 · 2005-07-07 08:32 · Score: 2, Insightful
  
  Why people continue to accept Windows' problems without much ire is a mystery to me.
  
  well, my thoughts on this.
  
  1. microsoft has done a remarkable job of addicting the world to microsoft office, and office ain't going within 10 miles of linux. despite the fact that there are programs like openoffice, which i have tried, i still prefer microsoft office. could be that i'm simply used to how it runs.
  
  2. microsoft has become the leading OS on the planet. go into the local computer software shop and tell me what percentage of the programs sold there run only on windows. i would say the number is very close to 100%. now, you can get some of those to run on linux, but that's gonna take some time and work, if it will work at all.
  
  3. people are very much used to the windows UI. people don't want to have to get used to something new. i personally run both linux and windows on my computer, but i am usually on windows as that is where all my stuff is. 90% of the programs i use don't have a linux equivilent (mostly games)
  [nitpick]
  oh, and about that "wearing properly-warm clothing" bit. that has little to do with catch the flu or colds. the reason why cold and flu rates jump in the winter is everyone is indoors clustered together and the virus can spread much more easily.
  [/nitpick]
  
  --
  upon the advice of my lawyer, i have no sig at this time
It's worrying... by taskforce · 2005-07-07 01:28 · Score: 4, Insightful

...how quickly corps like MS will sell out their customers to make a quick buck. This is not only found in the Spyware arena but also with companies such as Intel embedding DRM into their chips when coaked by the various entertainment industries.

--
My 3D Texturing Skinning work (under construction)
Confirmed by Steinfiend · 2005-07-07 01:29 · Score: 5, Insightful

First thing is we need to make sure these images are real. We have been caught with faked images many times before. If they are then I think all it really does is reinforce the need to run multiple anti-spyware utilities.

When a for-profit organization releases a product that can adversely (or positively) affect another for-profit organization we must expect, at least sometimes, to have some negative effects on the consumer. Its a capitalist society and companies are free to do anything and everything they need to maximize profits, within the scope of the law.
I guess it's "just" typical MS by mytec · 2005-07-07 01:30 · Score: 5, Insightful

This sort of thing boils my blood. There is a certain level of trust I have with a vendor who provides detection and removal of spyware, etc. I've not payed as much attention as maybe I should have, but what other vendors are strong in detecting spyware that don't give in or at least haven't thus far? The product they purchased from Giant was really good to boot. Doesn't take look for the MS taint to occur, does it?

Unrelated, I get the impression, MS doesn't need more competent competition to fail. Instead, they need to continue doing just what they are doing. Between moves like this, the failure to manage projects, etc. they are hurting themselves just fine and making everything that isn't MS look better.

Every so often the MS marketing machine almost gets me to believe they might be changing. The developer blogs have helped a lot in that respect. Then MS does something like this. On the one hand they say they are concerned about this threat and then, not too long into the future, they pull a move like this which says the exact opposite.
Photoshop? by stinerman · 2005-07-07 01:30 · Score: 5, Insightful

I'd like to see independent evidence before jumping to conclusions. Anyone want to install Gator and test it themselves? :-)
One in the eye for MS Anti Spyware lovers by deusiah · 2005-07-07 01:34 · Score: 2, Insightful

A few people I have spoken with have been telling me how wonderfull this free tool is. I pointed out I don't need said tool as I just run a better OS but now I have a much better comeback next time someone praises MS for releasing this hehe.
How Long by Fujisawa+Sensei · 2005-07-07 01:34 · Score: 2, Insightful

How long before MS integrates Gator into the OS where it cannot be removed without corrupting the system?

--
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Re:first post by Storm · 2005-07-07 01:38 · Score: 4, Insightful

Indeed. In fact, I have to constantly remind the Windows evangelists that the entire spyware and virus problem has created a cottage industry, and as long as Microsoft can make money off of it, they will choose never to solve it.

--
--Storm
Re:Let the conspiracy theories fly! by dustmite · 2005-07-07 01:45 · Score: 4, Insightful

One has to wonder if companies such as Microsoft do things like this intentionally or, as the comment in the article indicated, simply miss some things in the wash?

Of course this was done intentionally. GAIN must be the most widespread and well-known spyware out there, do you think that a team of people working on one of the world's biggest anti-spyware programs accidentally thought it was not a threat and should be set to "ignore"? Or do you think someone "accidentally" modified the status in the database by clicking a few wrong buttons, and that quality control didn't check before a product release that their anti-spyware program happens to ignore the world's biggest spyware? There is just no way this happened by mistake.
Interesting turn of events by shr3k · 2005-07-07 01:51 · Score: 3, Insightful

At first people thought:

1. MS buying Giant means putting a great anti-spyware product into Windows. Windows becomes *stronger* at stopping such attacks.

2. MS possibly buying Claria means that Microsoft could eliminate one of the biggest pieces of spyware out there. In other words, Claria/Gator becomes *weaker*.

Now, it's possible that things will look like this:

1. Anti-spyware becomes *weaker*.
2. Claria/Gator becomes *stronger*.

So much for doing the right thing(s).
Re:And people trust a firewall to them by Speare · 2005-07-07 01:59 · Score: 5, Insightful

I really like your analogy, mind if I repeat it?
Marketing a security product for your own operating system is like correcting your own spelling test.

I might just have to go make up some more bumper stickers or something.

--
[ .sig file not found ]
We should all be grateful that M$ detects it by digitaldc · 2005-07-07 02:01 · Score: 2, Insightful

Hey, look at the bright side, at least it detects their software and doesn't ignore it completely! Can anyone else tell me a company that would not do the same? Anti-anti-spyware anyone?

--
He who knows best knows how little he knows. - Thomas Jefferson
Serious Question by Nethershaw · 2005-07-07 02:09 · Score: 2, Insightful

I'm wondering: if anyone out there actually still trusts Microsoft (rhetoric: of course, some people do), is there any demonstrably good reason for that trust or are they just ignorant/apathetic?

I suppose another way to ask this question is why the Revolution(tm) hasn't come yet...

--
$p$g
Claria = Gator = Spyware = Microsoft by gadlaw · 2005-07-07 02:19 · Score: 4, Insightful

I don't know why anyone would think otherwise. Everything that Microsoft puts on your computer wants to call back home and report on what you do and how you do it. Everything Claria trys to put on your computer wants to call back home and report your every action and keystroke. So running any 'Microsoft spyware' in the first place is like letting a burglar watch your home. What did you expect would eventually happen?

--
Enjoy your Karma, after all you earned it. Feel your Karma Joe, feel it burn.
Re:Why? by orderb13 · 2005-07-07 02:34 · Score: 2, Insightful

Well considering he said "networks he manages" I doubt that replacing windows is an option. You've never really had fun until you've tried to explain to a CIO or equivelant that some of the software (especially the OS) that they are using in a company with 20,000 computers causes all kinds of problems. You generally get a blank stare back and a comment like "But it is Windows, which is secure, right?". Love clueless upper management.
Re:Take off the tin-foil hats... by ramblin+billy · 2005-07-07 03:07 · Score: 4, Insightful

Yes, it's true that the usual reaction to MS stories tends to be kneejerk criticism often without much evidence of thought or rational balance. The baby gets the old heave ho along with the bath water more times than not. I usually urge a more reasonable approach based on the real contributions that MS has made to the IT industry and the fact that most major corporations behave the same way. I may not agree with MS's methods, but I try to keep an open mind, always aware of what MS has always represented. That said...NOT THIS TIME!

It's bad enough that the most pernicious and persistant tattle tale software on a MS box is probably the operating system. Take for example the index files in WIN98 that have never been explaned, the automatic updates in apps that can't be disabled, and services that reinstall themselves behind your back. I really do buy the 'least common denominator' explanation for a lot of these 'features', most users really don't understand their computers enough to maintain them, much less integrate new codecs, standards, and protocols. I do believe that making the default behaviors in many programs more update and security focused was a necessary step. MS often gets a bad rap for problems users could avoid by performing their recommended chores, especially installing patches. Bill Gates has recently touted a new focus on security, wanting to win back some customer trust. Whew, it was nice to see MS finally starting to turn in a new direction. Maybe I should have known better. The attitude expressed in this situation seems to be "Oh that's OK, it's just us, your friendly neighborhood MS. It was bad when those other guys did it, but you can trust us! By the way, could you enter your 16 digit authentication code and explain what that new unsupported by XP hardware is, since we really can't trust you?"

Microsoft could take the lead in creating really secure, customer oriented products. Maybe they would make a little less money if they gave up the drive to control every part of the industry. Would that kill them? IT is past the point where it needs one firm hand on the tiller to keep from sinking. Microsoft has the power and influence to change the face of software development. They could help make the world a better, freer place. Too bad the accountants have taken over from the dreamers.

billy - say it ain't so Bill...
Re:My personal policy... by digidave · 2005-07-07 04:18 · Score: 2, Insightful

Why do you find it hard to believe? Because McAfee and Norton are big names? Because they're more popular? Life's full of examples where the underdog is the superior product, from OS X vs. Windows to Saucony vs. Nike.

IMO, AVG and Avast! are both better antivirus packages than McAfee or Norton.

--
The global economy is a great thing until you feel it locally.