how-to block ads
|
|
Uniqs:
24011 |
Share Topic
 |
 |
|
 novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to novaflare
Re: veloz scumware seen on comercial just now i take back any kind words about eanthology/veloz I ran a spybot scan and it turned up kazaa related files. I never had kazaa installed on my system ever. And they were not in my prescan before installing stop sign from veloz own redirect. So it would seem it installes at the very least some dlls that kazaa also makes use of. Stop sign = spyware pure and simple it installs programs that are totaly unrelated to your original download and install with out your knowlage or permision this is the very definistion of spyware.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php | | |
|
| reply to novaflare
NovaFlare:
Could you post the Spybot scan log -- or at least the relevant portions that show the files that were detected? I'd be most interested in taking a look at it.
Best,
Eric L. Howes | |
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | said by eburger68:
NovaFlare:
Could you post the Spybot scan log -- or at least the relevant portions that show the files that were detected? I'd be most interested in taking a look at it.
Best,
Eric L. Howes
sure if i saved them will have to check not exactly sure how it works lol if it saves auto i have them and will post in just a couple minutes
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php | |
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH
1 edit | reply to novaflare
stop sign veloz related
eAcceleration: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VelozSpeedup
eAcceleration: Desktop link (File, nothing done)
F:\Documents and Settings\nova flare\Desktop\Scan Now for Viruses and Threats.lnk
eAcceleration: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WebScan
eAcceleration: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eanth_critical_update_alert
eAcceleration: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EanthologyApp
eAcceleration: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{656306C3-068A-488c-9770-8AE3ED35679C}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D68CB49A-FB70-443e-B0EF-E8A4B27EBF43}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{631DA4A3-394A-4a1d-96B6-BB8513D9CDCD}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D4ED8B39-DD6A-4e2e-89E6-B9B9714E71FF}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D735E314-BE29-41d5-B3C6-7BE67E7D9411}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{83CF8444-9A11-4d27-9002-BF99CBB403F3}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E376569-EF05-403e-9771-0824A45413F9}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{41EC560D-9371-4923-B0AD-F6A9504D3AA0}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{F63C5B10-B709-4DF5-BA27-B90102AD313B}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{BB83FD23-AC96-472D-8AA2-7D8560A61D1A}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{878C1976-66AB-4454-A9B1-40CD594AC223}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{46D570D9-71C8-44E5-A76C-AADFE94442CA}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{459729AC-727D-4D97-B18A-72EE224EFEC0}
eAcceleration: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6}
eAcceleration: Common files (Directory, nothing done)
F:\Program Files\Common Files\eAcceleration
eAcceleration: Context menu handler (Registry key, nothing done)
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StopSignRCS
eAcceleration: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\eAnthology
eAcceleration: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Acceleration Software International Corporation
eAcceleration: IE extension (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{2F099F5D-7003-4441-82C2-707C7C273FEB}
eAcceleration: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E6A8EE26-1FAD-431C-99D6-8DBA1E25CD72}
eAcceleration: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D951B1F4-7399-426A-A925-D2C41FCF2002}
eAcceleration: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BB80B457-F3F6-4992-A0C3-A128D58C7FB2}
eAcceleration: Program directory (Directory, nothing done)
F:\Program Files\Acceleration Software\
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\MSEaid.Gd
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAnthSpamBlock
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAnthScanner
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAnthPopupBlock
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAnthKonx
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAnthIntro
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAnthEmailSensor
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eAnthology.eAntheAnthGen
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Eac_mindef.MDefControl.1
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Eac_mindef.MDefControl
eAcceleration: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Webcelerator.WebcBrowserHelper
eAcceleration: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{963DD0FF-4836-4DE4-9590-D7EFE8F62F8D}
eAcceleration: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{3E072AB7-3CDA-4536-8AFD-56B0FE6846B4}
eAcceleration: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EanthTutor
eAcceleration: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webscan
eAcceleration: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StopSignEac
eAcceleration: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EanthologyApp
eAcceleration: Version setting (Registry key, nothing done)
HKEY_CLASSES_ROOT\Defender.ScanGUi
eAcceleration: Version setting (Registry key, nothing done)
HKEY_CLASSES_ROOT\Defender.ScanCore
im not sure what this is exactly just that it wasnt there before the stop signn install
Kazaa.Irc.Spybot13.World: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Kazaa.Irc.Spybot13.World: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2052111302-789336058-1343024091-1003\Software\Microsoft\Windows\CurrentV ersion\Policies\Explorer\DisallowRun
Kazaa.Irc.Spybot13.World: Settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
All the rest was just trackign cookies and that sort of bs i get those all the time. Checking ebay things like that .
--
new 3d chat comunity at »planetvirtuel.com
my site »spellbound.valshea.com/news.php | |
| reply to novaflare
Thanks novaflare. Now I can inform my clients to stay the hell away from it and just use what's been recommended at this forum(which is what I've been telling them anyway, but now I have more proof to show them).Saved me from finding out the hard way(again). One of our kids is a network admin. for several small(and not so small) businesses and curious what the deal was, so I told him to check this out. So now he can warn his clients. Thanks again. | |
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | said by DonoftheDead:
Thanks novaflare. Now I can inform my clients to stay the hell away from it and just use what's been recommended at this forum(which is what I've been telling them anyway, but now I have more proof to show them).Saved me from finding out the hard way(again). One of our kids is a network admin. for several small(and not so small) businesses and curious what the deal was, so I told him to check this out. So now he can warn his clients. Thanks again.
np any clue as to just what the heck this kazaa stuff is all about? its all gone now but still curious.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php | |
| reply to novaflare
novaflare:
I'm glad you posted that log, because the log doesn't tell the same story as you told earlier.
First, you didn't say whether or not you ran the Add/Remove Programs uninstaller. From the looks of the log, I'm guessing you didn't -- which is the reason we see so many eAcceleration Registry keys. If I'm wrong and you did run the vendor-supplied uninstaller first, then eAcceleration needs to improve its uninstaller.
Second, Spybot did not find any "kazaa related files," as you put it. What it found were some Registry keys -- not files -- that are not Kazaa specific. In fact, those Registry keys are perfectly normal Windows 2000/XP/2003 Registry keys used for Group Policies. See these pages from Microsoft:
»www.microsoft.com/windows2000/te···3501.asp
»www.microsoft.com/resources/docu···3626.asp
Now, I don't know what added those particular keys -- perhaps eAcceleration did. But the presence of those keys is not a surefire indication that "kazaa related files" were installed on your box. Still less are they an indication that the program that put them there is "spyware."
In fact, those keys can be used to BLOCK the execution of Kazaa -- or any other program deemed unsafe by the Admin of the computer or network. See:
»www.computing.net/netware/wwwboa···275.html
...for instructions and an example.
As I said in an earlier post, we need to be extremely careful in evaluating reported detections by AV programs and anti-spyware programs lest we succumb to galloping speculation that leads to unsupported, unwarranted conclusions.
Eric L. Howes | |
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB
3 edits | reply to novaflare
Novaflare, thankyou thankyou !!
These are the allegations that need checking, sorry I didn't catch you earlier.
The test/experiment is not on primarily whether the test software (stopsign) "is it a good product" or "does it have bugs".
The test/experiment is on whether PestPatrol's writeup of it is accurate.
quote:
Disables security software. Purports to be security software.
Adware - displays numerous popups recommending purchase of various Acceleration Software products.
Firewall Killer - interferes with operation of several personal firewalls.
Loader - quietly installs other files.
Exploit - uses social engineering and stealth tricklers to gain control of the system.
So, for each of those claims, is the PestPatrol summary an accurate summary of the products malware aspects?
So that is the first thing to answer.
Then go here, to PestPatrols full writeup:
»www.pestpatrol.com/PestInfo/S/StopSign.asp
As you scroll down past the Summary, to the actual details, you'll notice some more claims.
Are those claims true in any sense other than would be normal for other security software you've used?
And I'd suggest maybe go through the claims one-by-one, cutting and pasting the claim, and entering what you found. (You might want to do it in more than one post here, to save scrolling.)
There are 2 concerns:
1. Is the behaviour actually displayed?
2. Is the behaviour displayed as malware would display it? In other words:
- Are small security software vendors being held to a different standard than large security software vendors?
- Are small security software vendors being held to a different standard than vendors of other common products?
(a) Browser hijacks and popups are not acceptable.
However, freeware software containing advertising that appears only in the freeware panels themselves, or on the support website: Opera does this and it is well thought of, Hotmail, QuickTime, RealPlayer, lots of products have ads like that and we don't label them adware (although RealPlayer comes close).
So does this thing do browser hijacks, or does it merely have advertising in itself like Opera does?
(b) Disables other security software.
In the details PestPatrol corrects or clarifies this and says it recommends the user uninstall some software and offers to uninstall other software for the user.
Is this security software that has to be uninstalled security software that monitors the same thing?
In other words, you generally can't run 2 email monitors at the same time, you generally can't run 2 AV monitors at the same time -- most of us here know that -- is it simply that? Is it simply an install step to prevent conflicts between 2 programs trying to hook into windows in the same place?
Or is the test software actually disabling security software without permission?
Or is it asking the user to disable software and not replacing it with its own functions? (What I mean is, if it asks to disable the firewall, does it have its own firewall that it puts in place?)
(c) Allegedly it installs games, and adds more games later.
Does it do this without permission? I guess that means reading the fine print too, but if it is only in the fine print that would be a concern to me. If it is in big letters in the advertising or download page, well then it isn't hidden, so what is malware about that?
Does it install other unrelated software?
Keep in mind that some products use other products to install, or to get updates, or to be services for the program the user sees. This is a common practice, why re-invent the wheel.
But is it installing unrelated software and what?
And some of that software may not appear for a few days maybe.
(d) Does it allow remote control of the computer?
Is a port opened and left listening, like some remote access trojans do, as opposed to the common practice of security software opening a port to get signature file and program updates, downloading the updates, and closing the port?
Any idea of what remote control functions it allows?
The steps in here can help you figure out with program is using which port: »Security »What is using port XXX on my computer?
(e) Apparently it wastes internet bandwidth. Is there anything to that claim?
Does it use up bandwidth like a virus or P2P product?
Or does it slow things down a similar amount to what legitimate products performing the same functions do?
Some bandwidth will legitimately be consumed by the update process, and repeatedly checking for new updates. Kaspersky can be set to do it as frequently as hourly, which these days is reasonable. Windows 98SE will do that every 3 minutes if you let it, and I'd say that is wasteful, but in in the future that might be entirely appropriate.
(f) Apparently there is also a performance impact.
It is supposed to be anti-malware security monitor software. Legitimately there must be a some performance impact.
In monitoring mode is this impact noticable sitting there without a stop watch?
Is the performance impact more noticable than your AV when timed with a watch? You could time copying a folder with your AV off and then on. And then time copying the same folder with the test software off and on.
Or listen to some streaming audio for a bit. Again, AV off, AV on, test software off, test software on. What is the effect on quality?
(g) "Tries to capture your name, email address, and phone in the guise of helping their support department."
Is it doing anything here that other products don't do?
The thing to do would be to register.
If you register, do you get more unsolicited phone calls from marketing companies?
Do you get spam sent to a fresh alphanumeric email address that you register with? What type of spam?
You could make up a new free hotmail or yahoo address to register. A new alphanumeric hotmail address, so it won't get dictionary addressed spam. (Last year, a new email address made with my first and last name (keithtarrant) got spam on day two, before I had even used it to email anyone else. An email address made with my first name and some numbers (keith938383) didn't get spammed until it was used for 3 weeks.)
(h) "Purports to be security software."
So is it actually security software, or does it merely purport to be security software?
We now know it detects the Eicar test file.
This is not doing a beta test and trying to break it. If you go to a coolwebsearch site on a system that has all the Microsoft Update "Service Packs and Critical Fixes", does it let CWS install? Does it let it function?
Keep in mind, if CWS gets installed you'll see pop-ups and advertising from CWS, so be sure to do the test for whether the test software causes pop-ups and advertising first.
Also, the test software company will apparently take you through the steps to remove CWS, although maybe that is just with the paid version.
This is a little past testing PestPatrol's report, but I'm also curious what the test software's telephone support is like. Investigating that depends on how outgoing you are. But if you are up to it, give SS a phone call, see how long it takes them to answer, and so on.
------------
You get the idea. If you get stuck, let me know. I'll be back tomorrow evening.
And again, thanks !!!
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) | |
4 edits | reply to novaflare
keith2468:
So far as I can tell the Pest Patrol write-up stems from the earlier versions of eAcceleration's -- specifically, the versions that got eAcceleration sued and justly earned the company a poor reputation. Thus, I don't think you'll find many reports of similar behavior in the current versions.
What you'd need to do to fully test Pest Patrol's claims is get your hands on an earlier version of Stop-Sign --preferably late 2002/early 2003.
The earliest Pest Patrol write-up listed on The Internet Archive ( »www.archive.org/ ) is from April 29, 2003. That version doesn't seem to be accessible at the moment for some reason. The July 4, 2003 version is, and it's pretty much the same as the write-up that appears on Pest Patrol's site now. I have another version from September of 2003 -- again, substantially similar to what appears today.
Since I've tested the latest version of Stop-Sign, let me briefly comment on the claims that you identify.
quote:
Disables security software. Purports to be security software.
The version I installed did not prompt me to uninstall other security software such as Ad-aware, which previous Stop-Sign versions did (see Pest Patrol's write-up for screenshots of the dialog boxes). I should note that I have Ad-aware and Spybot installed in non-standard locations, however, even on a full system scan Stop-Sign did not flag those apps as "attackware."
eAcceleration's software, we might note, was targeted by Ad-aware, Spybot, and others for its deceptive advertising and underhanded installation techniques, which have been well documented in previous DSLR threads. eAcceleration's response was to target Ad-aware and Spybot as "attackware." From my tests with the latest version of Stop-Sign, that behavior seems to have stopped.
quote:
Adware - displays numerous popups recommending purchase of various Acceleration Software products.
The version of Stop-Sign that I tested displayed an HTML "scan report" at the end of each system scan that essentially doubled as an advertisement for the full version of Stop-Sign.
If you install another Stop-Sign component (say, the pop-up blocker) without the "Threat Scanner" (i.e., the anti-malware component), the eAcceleration Software Station application (which is a kind of central software module management application like the McAfee Security Center) displays a garish advertisement on one of the tabs for the Threat Scanner, which can be downloaded and installed separately.
Stop-Sign does install a few games as well as shortcuts for an email service named kon-X (an admittedly poor choice of names). I did not sign up for the email service or play any of the games so I cannot report on their characteristics. While I'm suspicious of these "extras," they did not intrude on my trial of the Stop-Sign Threat Scanner.
This added software is perfectly in keeping with the central philosophy of the eAcceleration software package, which is designed to present the user with a range of software services that can be installed, uninstalled, and subscribed to through the eAcceleration Software Station. Indeed, the bulk of any Stop-Sign install is the Software Station, which is as much a running advertisement for eAcceleration's other offerings as it is a softare module management application. That is what eAcceleration appears to most want installed on users' systems, as it allows the company to present users (potential subscribers) with a range of other applications and services.
In sum, there are advertisements here and there for the full version of Stop-Sign as well as other of eAcceleration's offerings, however, the advertising is not nearly as aggressive and intrusive as has been reported in earlier versions. Thus, the advertising appears to have been toned down from the earlier versions that Pest Patrol is reporting on.
quote:
Firewall Killer - interferes with operation of several personal firewalls.
It did not interfere with my personal firewall. There is a firewall component within the full Stop-Sign package. Again, that component can be installed separately from the other components. Perhaps earlier versions caused conflicts with other personal firewall versions.
quote:
Loader - quietly installs other files.
As I reported in several earlier posts, eAcceleration is still using stub downloaders, though their behavior is nowhere near as aggressive and underhanded as that reported by Pest Patrol. The behavior and functionality reported by Pest Patrol is more akin to a "trickler" application popular among many spyware vendors, and I observed nothing like that on my box with the current version of Stop-Sign.
Once the stub downloader finished the initial install of Stop-Sign (and related applications), all further downloads were either automatic definition updates (which can be disabled), installation of new eAcceleration components through the eAcceleration Software Station application at the option of the user, or downloads of advertising for the "scan report" web pages. The uninstall from Add/Remove Programs worked well, and I observed no further attempts to re-install Stop-Sign after I had elected to uninstall the application.
quote:
Exploit - uses social engineering and stealth tricklers to gain control of the system.
Again, I think the Pest Patrol write-up is referring to earlier versions of eAcceleration's software, advertising, and installation techniques. I have been able to locate no recent advertising on any web sites that even remotely resembles the unethical, deceptive advertising that eAcceleration was using in 2002-2003 to foist its software on unwitting users. While eAcceleration is still using stub downloaders that are automatically installed and launched via web pages, users must visit eAcceleration's web pages to initiate that download and installation process.
As I remarked in an earlier post, eAcceleration has a well deserved reputation for unconscionable behavior, and other anti-malware vendors were and are well within their rights to target eAcceleration's software given its prior actions -- actions for which the company remains wholly unrepentant. That the company had to be sued in order to end its unethical behavior does not inspire confidence, and its continuing refusal to admit any wrong-doing -- not to mention its pathetic attempts to claim the mantle of victim itself -- ought to serve as a warning to users.
That said, most of the very worst behavior described in the Pest Patrol write-up seems to have ended, and the company's software is now merely an overhyped package of software services in search of subscribers. Users can hardly be blamed, though, for remaining wary.
Best,
Eric L. Howes | |
2 edits | said by eburger68:
Stop-Sign does install a few games as well as shortcuts for an email service named kon-X (an admittedly poor choice of names)
kon-X? Eric, you are trully being very generous here. The choice of this name is probably the most candid feature of the application.
So, basically, what we have here - and let's wipe out everything regarding the stub downloader - is a security app which in its trial version doesn't clean anything but where the retail version installs a few games? A few games???
This may be a whole new marketing concept from someone fresh from Harvard or Northwestern University which the big AV players still have not discovered and thus risk losing market share to this revolutionary bundle. It strikes me as a strange philosophy though. "We won't clean your box with the trial version but you will be able to play several games with the retail one". Amazing.
Now, if we go back to basics, what is this AV record regarding malware? How is heuristics? What about signatures? Is there any objective reason, even an economic one, why anyone would or should buy Stop-Sign rather than say, McAffee, NAV, KAV, BitDefender, NOD32, Panda et al?
--
From the GSV "Ethics Gradient" | |
| reply to novaflare
Hi All:
To give you a better sense of just what eAcceleration is really pushing on users, I thought it might help to show you a few representative screenshots of the eAcceleration Software Station, which I discussed in my previous post.
Screenshot # 1 shows a key tab from the Software Station which allows uers to install and uninstall eAcceleration software modules. The other visible tab titles should give you a good sense for just what eAcceleration hopes users will use the Software Station for (buy, buy, buy).
Screenshot # 2 shows another tab from the Software Station, following a system scan. Again, the marketing and advertising mixes freely with scan reporting -- with often hilarious results, as you can see. "My Infections" is the kind of clueless attempt at personalization that could only have been produced by marketing stiffs who checked their brains at the door.
All of "my infections," I might add, were false positives (the Threat Scanner flagged CWShredder, ScriptSentry, and a few other innocent apps as malware).
In any case, I hope this gives you a better sense for the eAcceleration software package, which is much more than an anti-malware scanner.
Best,
Eric L. Howes | |
 habyaPremium
join:2003-05-29
Huntsville, AL | reply to novaflare
I must say I like their little googley eyed icon, it's great. | |
1 edit | reply to Martinus
Martin:
You wrote:
said by Martinus:
So, basically, what we have here - and let's wipe out everything regarding the stub downloader - is a security app which in its trial version doesn't clean anything but where the retail version installs a few games? A few games???
Actually, what you have is a software and service management application (the eAcceleration Software Station) that can be used to install and subscribe to a number of software services, the anti-malware scanner being only one among several.
said by Martinus:
This may be a whole new marketing concept from someone fresh from Harvard or Northwestern University which the big AV players still have not discovered and thus risk losing market share to this revolutionary bundle. It strikes me as a strange philosophy though. "We won't clean your box with the trial version but you will be able to play several games with the retail one". Amazing.
No one ever accused this bunch of being geniuses.
Then again, they had to come up with a Plan B after Plan A attracted the unwelcome attention of trial lawyers. (One can imagine the company's CEO has a folder on his desktop titled "My Class Action Lawsuits.")
said by Martinus:
Now, if we go back to basics, what is this AV record regarding malware? How is heuristics? What about signatures? Is there any objective reason, even an economic one, why anyone would or should buy Stop-Sign rather than say, McAffee, NAV, KAV, BitDefender, NOD32, Panda et al?
The anti-malware scanner is slow and prone to false positives -- at least in my experience. It does appear to use heuristics, however, the user is never warned of this -- or even that heuristics are known to produce false positives. Still worse, there appears to be no way to turn off the use of heuristics. I discovered their use only by examining the plain text scan logs.
Not surprisingly, I couldn't recommend this software over any of the other reputable anti-malware scanners that you mention.
Best,
Eric L. Howes | |
| reply to eburger68
Here is my latest Herpes! |
"My Infections". Like, you have "My Documents", "My Music", etc.
Can come in handy if you have guests at home and want to show them the pictures from your latest trip to Greece: "Look, here are My Pictures. Isn't that a great sunset or what? But wait, let's now look at My Infections".
--
From the GSV "Ethics Gradient" | |
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | You will have the added bonus of showing your guest " My Scars" since DrWeb is in fact doing that surgery at Stop Sign on an Accelerated basis.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ | |
Hickerx2God Bless The U.S. Military
join:2001-03-04
Franklinville, NY | reply to Martinus
LMAO:D:D
Looks more like the diary of a VD patient | |
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to eburger68
said by eburger68:
novaflare:
I'm glad you posted that log, because the log doesn't tell the same story as you told earlier.
First, you didn't say whether or not you ran the Add/Remove Programs uninstaller. From the looks of the log, I'm guessing you didn't -- which is the reason we see so many eAcceleration Registry keys. If I'm wrong and you did run the vendor-supplied uninstaller first, then eAcceleration needs to improve its uninstaller.
Second, Spybot did not find any "kazaa related files," as you put it. What it found were some Registry keys -- not files -- that are not Kazaa specific. In fact, those Registry keys are perfectly normal Windows 2000/XP/2003 Registry keys used for Group Policies. See these pages from Microsoft:
»www.microsoft.com/windows2000/te···3501.asp
»www.microsoft.com/resources/docu···3626.asp
Now, I don't know what added those particular keys -- perhaps eAcceleration did. But the presence of those keys is not a surefire indication that "kazaa related files" were installed on your box. Still less are they an indication that the program that put them there is "spyware."
In fact, those keys can be used to BLOCK the execution of Kazaa -- or any other program deemed unsafe by the Admin of the computer or network. See:
»www.computing.net/netware/wwwboa···275.html
...for instructions and an example.
As I said in an earlier post, we need to be extremely careful in evaluating reported detections by AV programs and anti-spyware programs lest we succumb to galloping speculation that leads to unsupported, unwarranted conclusions.
Eric L. Howes
Accualy i ran spybot and adaware first but didnt remove it. Then used adremove to remove it. And it left some behind prob about 1/3 of the entries were left in place. As for the kazaa keys im not sure where those came from eanthology had to add those they were not their previous to the install. So what ever they are good or bad they wernt put in their by me now did i choose to have them placed there dureing the install. Imo Thats not a good thing to be doing period.
It seems they are trying to clean up their act to me but need to do more. Ive been emailing a rep back and forth and have offered to beta test new versions of eanthology if they can promixe me that it has no spyware and if they drop the missleadign advertiseing. Ive already doen things to it that they aggree shouldnt happen the mess it left in the registry. So we shall see If they drop the what i will call crap advertiseing then i will beta test for them. Maybe i can get them to include a clean option for their free virus scanner while striping out other advanced fetures like hell i dont know popupblocker firewall etc.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php | |
keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to novaflare
That is what I expected: bickering and libel between competitors, and hurting consumers by taking away their choices, and discouraging other companies from entering the industry.
But do you have any links to the story of eAdvantages legal history anyway? (I'm too disillusioned to go back through the 10 pages of posts.)
PestPatrol, and companies that seem to be following PestPatrol's guidance in this, are recognizing the current version of StopSign -- so they are keeping up with the version changes.
They must see that the allegedly harmful files they claim used to be there are no longer there. And they write signatures to detect the new apparently innocent files.
For the download stub, "download stub" is just the term for a little download program. These days security and other products use them mainly to protect the download from alteration by malware. Either PestPatrol always knew the stub was just a downloader, and summarized it as a trojan, or they updated their signature file to recognize the new innocent downloader and kept the old summary description.
But the proof will be if PestPatrol fails to remove the StopSign from its malware list now.
To my value system calling a product a trojan or spyware when it doesn't fit the standard description of that (or as it no longer is), and removing it, is worse than calling it attackware and asking the user to remove it.
And that is especially true when the other companies attack you first. There is a principle of self-defense.
StopSign isn't the only product to be treated like this. I think this is partly why investors and entreprenures don't get into the IT security field more, why we have so many products done part-time between contracts or by students. (I use their products and I'm very grateful, but to keep up with CWS and things like that requires an organized team working full time.)
Okay, I tried all of the free AV scanners before I added them here: »Security »What are some web based virus scanners and encyclopedias?
I think they pretty much all promote the paid-for version every time you run a scan, often before and again more prominently afterwards. There is one that even has a pop-up promoting the full version.
And the free scanner here: »www.mwti.net/antivirus/free_utilities.asp
works by downloading a .exe. It doesn't install like a full application package, but it doesn't run as a web application either.
Possibly if you'd installed the firewall part of StopSign it would have asked you to uninstall ZoneAlarm or Sygate. But the installation instructions and FAQs of ZoneAlarm and Sygate recommend the exact same thing -- you are only supposed to run one software firewall at time (although Windows ICF is sometimes an exception).
If I understand correctly you didn't install the anti-virus monitor, just the scanner. So perhaps if you'd installed the anti-virus monitor it would have prompted you to uninstall any other AV monitor. Again that is an industry standard recommendation, not something specific or special about StopSign: do not run more than one anti-virus monitor at a time. And KAV 5 also does a check to ensure that no other AV is running when it is installed.
You think eAdvantage is bad for dirty tricks on consumers?
You have no idea (and I really have no idea, just a few examples) of what goes on that we don't see.
IBM was once fined because its technicans were physically sabotaging competitors photocopiers in public libraries. That was back in the 1970s. I can't recall the settlement, but it might have been $10m. It was reported in Time Magazine if anyone wants to check on the amount.
Then there is the industrial espionage.
When you work at IBM, if you are writing on a whiteboard that is visible through the windows, even if on the third floor, you are supposed to always draw the blinds. There is a sticker to remind you of this on the white board. So IBM has seen expionage attacks on itself too.
And there is getting a process written into an industry standard without telling others on the standards committee that you hold a patent on it.
I'll just end up with the security companies that find obscure vulnerabilities, create defenses against them, put those defenses for sale on the market, and publicize the vulnerability openly, including sample code and coding tips for getting around unrelated protective measures built into the OS. Protection racket or what? (The practice has been dying out over the past 2 years.)
This thing with StopSign never had the ring of truth about it.
I figure if you have a paid help desk assisting customers in the removal of adware, there is no way your product could be real adware -- otherwise your help desk staff would never be able to close a call -- the customers would complain about symptoms as long as your product was installed.
This is an embarrassing profession to be in.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) | |
2 edits | Keith2468:
You wrote:
quote:
That is what I expected: bickering and libel between competitors, and hurting consumers by taking away their choices, and discouraging other companies from entering the industry.
I fail to see how any consumer's "choice" has been taken away in all this.
quote:
But do you have any links to the story of eAdvantages legal history anyway? (I'm too disillusioned to go back through the 10 pages of posts.)
Name Game posted some information on page 3 of this thread:
»veloz scumware seen on comercial just now
There's another story here:
»www.bigclassaction.com/press_rel···ble.html
quote:
PestPatrol, and companies that seem to be following PestPatrol's guidance in this, are recognizing the current version of StopSign -- so they are keeping up with the version changes.
They must see that the allegedly harmful files they claim used to be there are no longer there. And they write signatures to detect the new apparently innocent files.
It's entirely possible that Pest Patrol would be targeting updated versions of files without recognizing that the context of their installation had changed.
quote:
For the download stub, "download stub" is just the term for a little download program. These days security and other products use them mainly to protect the download from alteration by malware. Either PestPatrol always knew the stub was just a downloader, and summarized it as a trojan, or they updated their signature file to recognize the new innocent downloader and kept the old summary description.
Like others in this thread, you're letting terms and names get the best of you. I used the term "stub downloader" in a purely bare bones functional sense. That a program can be described as a "stub downloader" does not mean it can't also be described as a trojan downloader. Again, the context of installation and use is critical.
quote:
But the proof will be if PestPatrol fails to remove the StopSign from its malware list now.
And what should Pest Patrol do for customers who may have picked up Stop-Sign entirely unintentionally through the older download and installation processes -- the ones eAcceleration was using before it was forced to change its business practices?
quote:
To my value system calling a product a trojan or spyware when it doesn't fit the standard description of that (or as it no longer is), and removing it, is worse than calling it attackware and asking the user to remove it.
And that is especially true when the other companies attack you first. There is a principle of self-defense.
Pest Patrol and others in the industry were well within their rights to target Stop-Sign, given their unethical installation practices. Did you happen to read the previous threads here at DSLR in which those installation practices were exhaustively discussed?
quote:
If I understand correctly you didn't install the anti-virus monitor, just the scanner. So perhaps if you'd installed the anti-virus monitor it would have prompted you to uninstall any other AV monitor. Again that is an industry standard recommendation, not something specific or special about StopSign: do not run more than one anti-virus monitor at a time. And KAV 5 also does a check to ensure that no other AV is running when it is installed.
The resident monitor is installed as part of the threat scanner. Besides, it's already been well documented that earlier versions of Stop-Sign prompted consumers to let it remove programs like Ad-aware and Spybot S&D.
quote:
You think eAdvantage is bad for dirty tricks on consumers?
You have no idea (and I really have no idea, just a few examples) of what goes on that we don't see.
That others in the industry may have engaged in unethical behavior is no reason to excuse eAcceleration for doing so. Just because "everybody does it" doesn't mean we have to ignore eAcceleration when it "does it."
quote:
Then there is the industrial espionage.
I'm sorry, but I don't quite follow this. Where does industrial espionage fit into to all this?
quote:
This thing with StopSign never had the ring of truth about it.
And here you done what so many others have done in this thread -- cherry-picked facts to suit a particular view and ignored those that didn't fit. eAcceleration's unethical behavior is well-documented at this point, and you can't simply wave it away.
To reiterate: eAcceleration does seem to be in the process of reforming its practices, but it was forced to do so under the duress of legal action and remains utterly unrepentant about its previous behavior. While there may come a time when eAcceleration can be trusted again -- perhaps after it has satisfactorily settled the legal complaints against it and established a solid track record for trustworthy behavior -- we are not there yet.
Eric L. Howes | |
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to novaflare
well keith as i told the rep in my email
I will help them to rebuild their reputation if they can show me a few simple things
1 ditch the free scan and scaretatic advertisements from both tv and web
2 make the product easyer to install and uninstall i mean realy easy as in click a couple times installed click a couple more times uninstalled. (programs barely need to be installed realy a few reg entries and unzipping)
They take those 2 steps ill try stop sign once more and put it through its paces if it shows promise ill work with them further in a beta tester type deal to try and break the sucker in odd ways causeing the uninstaller to go stupid things like that.
Thing they need to do soon lose the other various names quit trying to get customers by hideing who they are/were by useing half a dozen names. Cut back to one or to say veloz and stop sign like stop sign made by veloz something of that nature.
Id also like to see people in the know at the company posting here often under a accoutn not anonomously. By in the know i do not mean customer service rep or help desk personal get a programer in here some one who the compunity cant talk to about isues that will crop up.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php | |
|
