Windows AntiSpyware Downgrades Claria Detections

accihap writes "A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria (See recent /. coverage), spyware researchers have noticed that the Windows antispyware application has downgraded Claria's Gator detections and changed the recommended action from 'quarantine' to 'ignore.' Screenshots of the new default settings."

Sadly, no surprise.

[TripMaster+Monkey]

Honestly...is anyone surprised by this? We all saw this coming.
Unfortunately, M$ can pull this sort of thing with near-impunity, as the only ones outraged by this are the ones who had issues with them in the first place (read: us).
The vast majority of Windows users out there are just going to shrug and say, "Oh well...if Microsoft says they're not a threat, then they must not be a threat."

Re:Sadly, no surprise.

[digidave]

But I wonder if this will affect enterprise adoption of MS Antispyware. Even the diehard Windows admins where I work will admit this revelation makes that product less attractive, which is a shame because it used to be possibly the best antispyware product around.

Re:Sadly, no surprise.

[Zeinfeld]

Microsoft generates the default actions by looking at the feedback from people who have opted to communicate their actions to Microsoft.

Before getting into a stew it would be worthwhile considering whether it is likely that a significant number of people with Claria crap are opting to keep it.

No way would I have Claria crap on my machine but it does appear that there are people downloading the trash intentionally.

Re:Sadly, no surprise.

I wonder if this will affect enterprise adoption of MS Antispyware

If this indeed checks out, Microsoft Antispyware will be removed from our regional ISP's recommendation list by the end of the day. Our customer care people presently recommend it as the first tool for spyware infections due to its previous effectiveness in identifying items that several other no-fee tools did not.

Software that intentionally misleads users regarding the actual risk of unauthorized application behavior is malware, regardless of the vendor or intent.

Re:Sadly, no surprise.

[bhtooefr]

Typical infection process of a Claria app, if it's downloaded legitimately (I don't recall Claria's stuff doing drive-by downloads):

1. User sees "Free password manager", "Free calendar thingy", or "Keep your computer clock up to date" (on the last one, not knowing that their XP box has a built-in NTP client, and easy to set up, too)
2. User downloads, and installs, not reading the EULA (as they've been taught - it's all legalese BS, after all, but there's often a string of legalese in the EULAs of these apps that boils down to "this is spyware")
3. User wonders why computer is running so slow, so he/she calls a friend over to remove the spyware. Said friend mentions something about "Claria junk", and removes it.
4. User sees that their little clock thingy isn't working right, and redownloads it.
5. User again realizes that their computer is running slow, but hears about this "Microsoft AntiSpyware" thingy that helps it go faster, so they download it.
6. On the first scan, it says "OMG! There's Claria on here!" (not really, but that'd be the general gist of the screen to a user). The user remembers that when the friend cleaned stuff off, Claria was the thing that when removed, broke the clock thingy, so he/she tells it not to erase. Default behavior is to send the actions to SpyNet, so it went to SpyNet that he/she chose to keep it.
7. 
   
   Does that sufficiently explain it?

Re:Sadly, no surprise.

[bigman2003]

Furry Wookie- this is not pointed at you directly...but at something you said which sounds like what a ton of other people are saying:

"...take control of your life..."

A lot of the MS vs. (everyone else) debate sounds like this.

My life? How is an anti-spyware tool on my computer going to really affect my life? Or how is my computer going to help me take control of my life?

My computer is just a stupid, noisy, power-sucking box that sits on the floor. I am the one that gives it life, not the other way around. Whatever operating system it runs doesn't really affect my life at all- I just use the thing.

Just like the hedge trimmers I bought last weekend- I went to the store, bought some, and used them. It wasn't a decision that would affect my life- just those few moments as I trimmed the bushes.

My whole point is...don't confuse a computer with real life. Real life is about people, love, adventure, relationships, hardships and successes.

Computers are about reading e-mail, and surfing for porn.

Re:Sadly, no surprise.

[Proteus]

My life? How is an anti-spyware tool on my computer going to really affect my life? Or how is my computer going to help me take control of my life?

My computer is just a stupid, noisy, power-sucking box that sits on the floor. I am the one that gives it life, not the other way around. Whatever operating system it runs doesn't really affect my life at all- I just use the thing.

I think you're missing the point. A computer is a very powerful tool, and the more you use it to communicate and work (research, etc. counts as work), the more its correct operation impacts your life. This is analogous to buying a nice power drill -- if you rarely use it, a $20 cordless from Wal-Mart will suffice you; but, if you are remodelling your house and use it every day, you will need to buy a better drill and put some effort toward maintaining it (keeping the cord from getting worn, making sure not to strip out the chuck, etc.), or you will find your projects significantly delayed.

Viruses and other malware (spyware included) have become a fact of life for most Windows users. The more they use their tool (the computer), the more impact that being hit by malware will have on their life. Most people are at least somewhat aware of this, so they purchase anti-malware software to protect their Windows machines. The fact that such software is so popular indicates that people are aware that malware significantly impacts their lives if they are regular computer users.

The problem is that people have just accepted that malware is out there, and feel that forking over a few hundred dollars for someone to detect and fix infections is the only real course of action. This is akin to getting the flu frequently, accepting that we all get sick, and paying a doctor for medication for every infection; yet, if one were to simply wear properly-warm clothing, eat balanced meals, and ensure a sufficient supply of Vitamin C, etc., one could reduce their vulnerabilities significantly. This is how I see suggesting a user switch to Linux or Mac OSX. Yes, it requires some effort, some discipline and some self-education (just as changing your diet and other habits would), but the end result is significantly less vulnerability.

Why people continue to accept Windows' problems without much ire is a mystery to me.

And people trust a firewall to them

[syntap]

Why would anyone rely on a security product of any kind owned by the same people as the OS? Not only are users subjected to this kind of tomfoolery, but in general marketing a security product for your own operating system is like correcting your own spelling test... best left to a third party.

Spyware works because Microsoft designed their softwarein such a way that lets it work. The premise of trusting their anti-spyware tools is ludicrous.

Re:And people trust a firewall to them

[Speare]

I really like your analogy, mind if I repeat it?

Marketing a security product for your own operating system is like correcting your own spelling test.

I might just have to go make up some more bumper stickers or something.

Confirmed

[Steinfiend]

First thing is we need to make sure these images are real. We have been caught with faked images many times before. If they are then I think all it really does is reinforce the need to run multiple anti-spyware utilities.

When a for-profit organization releases a product that can adversely (or positively) affect another for-profit organization we must expect, at least sometimes, to have some negative effects on the consumer. Its a capitalist society and companies are free to do anything and everything they need to maximize profits, within the scope of the law.

I guess it's "just" typical MS

[mytec]

This sort of thing boils my blood. There is a certain level of trust I have with a vendor who provides detection and removal of spyware, etc. I've not payed as much attention as maybe I should have, but what other vendors are strong in detecting spyware that don't give in or at least haven't thus far? The product they purchased from Giant was really good to boot. Doesn't take look for the MS taint to occur, does it?

Unrelated, I get the impression, MS doesn't need more competent competition to fail. Instead, they need to continue doing just what they are doing. Between moves like this, the failure to manage projects, etc. they are hurting themselves just fine and making everything that isn't MS look better.

Every so often the MS marketing machine almost gets me to believe they might be changing. The developer blogs have helped a lot in that respect. Then MS does something like this. On the one hand they say they are concerned about this threat and then, not too long into the future, they pull a move like this which says the exact opposite.

Photoshop?

[stinerman]

I'd like to see independent evidence before jumping to conclusions. Anyone want to install Gator and test it themselves? :-)

Re:Photoshop?

[crimoid]

Just tried to let IE install one of their apps and MS AntiSpyware caught it, flagging it with Moderate.

To their credit though you had to dig to find the Moderate label. The first thing a user will see is a rather largish (scary looking) red box encouraging them to block the software.

I can confirm

[Slayback]

Just yesterday I was helping a neighbor clean-up his girlfriend's parents' computer (how do I get roped into things like that?) So, I install the 3 big ad-removers; Spybot S&D, Adaware, and MS AntiSpyware. I ran the MS one first since Spybot kept crashing when doing the cleanup (very mean buggers). I noticed that the Claria stuff was all set to ignore after it detected it. I didn't think much of it and set all of them to quarantine, but I did think it was a little odd.

Anyways, CONFIRMED.

Not just Claria.

[ArcCoyote]

MSAS leaves all "Moderate" threats at Ignore, because they are often relatively well-behaved components of ad-supported software.

MS isn't dumb, and they have criteria for determining what is a moderate/high/critical spyware threat. A lot of times it comes from feedback to SpyNet. If adware comes bundled with an ad-supported product, doesn't hijack your browser, and removes cleanly when you uninstall the software it supports, it's a only moderate threat.

MS is also a big legal target and a monster in the eyes of many smaller software companies. They'd be getting sued non-stop if MSAS indiscriminately removed the adware from ad-supported products.

I did a cleanup of a seriously crufted-up machine last night. Claria, 180Solutions, WhenU, Comet Cursors were all set to Ignore. Kazaa and BearShare were set to Quarantine, and quarantining them would have snagged the adware they came bundled with.

CoolWebSearch, VX2, and the other real bastards were rated "Critical Risk" and set to "Remove."

I set everything to "Remove" and MSAS did just that without problems. Can't really complain.