Fraternizing w/ the Enemy in Security

Fraternizing w/ the Enemy in Security http://www.dslreports.com/forum/r12237221 en Wed, 02 Dec 2009 21:17:58 EDT Wed, 02 Dec 2009 21:17:58 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12239527 badcat : Eric, Thanks from all of us for all your hard work! It's great to know that there are knowledgeable people such as yourself on the case, trying to keep the badguys under control. Have a great New Year.

Chris]]> http://www.dslreports.com/forum/remark,12239527 Wed, 29 Dec 2004 09:06:14 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12238654 TeMerc : Yet once again, amazing information Eric, thanks. There is no end to the level of which some of these vendors will stoop to.
So sad, but a reality.
--
Remember............You can NEVER be OVERPROTECTED!!]]> http://www.dslreports.com/forum/remark,12238654 Wed, 29 Dec 2004 02:53:14 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12238366 SnowyOne : This also serves as good reminder that a Thawte code signing certificate only confirms that the software has indeed come from the Publisher, who has signed it. Where Thawte doesn't actually look at the code it can't confer any label of "Safe/Good/Bad/Ugly" to any certificate (Not that I'd want SoftwarePolice on the job anyway). But I do wish they would change the wording of this easy to misunderstand statement "Thawte guarantees the software has not been tampered with and is therefore safe to install/download."
--
"You are really and truly a powerful webmaster to be able to find out all that information about me. I'll be sure to stay out of your way." ]]> http://www.dslreports.com/forum/remark,12238366 Wed, 29 Dec 2004 01:27:32 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237907 Spy : You can't run it on alternative browsers,

"Browser Requirements:
Internet Explorer 6.0 or Greater"

Therefore, 89% of the market can.]]> http://www.dslreports.com/forum/remark,12237907 Tue, 28 Dec 2004 23:57:22 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237781 eburger68 : mers2:

One quick note: I wouldn't characterize the anti-spyware test page as a list of "legitimate" anti-spyware apps. I tested a number of apps, some completely legitimate, some not.

A better page to point interested readers to is this one:

Anti-Spyware Programs: Feature Comparison
»spywarewarrior.com/asw-features.htm

All of the apps listed on that page are legit. My short list of recommended apps is here:

»spywarewarrior.com/asw-features.htm#rec

Best,

Eric L. Howes]]> http://www.dslreports.com/forum/remark,12237781 Tue, 28 Dec 2004 23:36:09 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237743 mers2 :

said by jmorlan

:

I recently had to clean up an infested machine of a relative. It had over 230 spyware objects and several viruses and trojans. They are not particularly computer literate and had asked a friend to help. The friend searched google to find anti-spyware products but couldn't tell if google's results were any good. The top google result for "spyware" is a program called "spychecker."

I have no idea whether spychecker is a legitimate program or not. But with so many rogue programs that claim to fight spyware while actually installing spyware, it is difficult for the average user to know who to trust.

I don't see it on Eric's Rogue/Suspect Anti-Spyware list. That list is invaluable for users wishing to check for anti-spyware that acutally isn't. »www.spywarewarrior.com/rogue_ant···products

Equally valuable is Eric's list of recommended anti-spyware:
»spywarewarrior.com/asw-features.htm#rec

Eric's test results of anti-spyware: »spywarewarrior.com/asw-test-guide.htm

Edited per to Eric's post below.
--
"Think for yourself and let others enjoy the privilege of doing so too." - Voltaire
]]> http://www.dslreports.com/forum/remark,12237743 Tue, 28 Dec 2004 23:30:15 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237711 antiserious :
... and the plot sickens ... thanks Eric for the heads-up, but how do you get to the average schmoo that really has no idea about all this subterfuge ... I feel sorry for anyone that doesn't have access to honest guidance ...

--
... "everybody's somebody to somebody, and nobody to everybody else" ... y.t. ...]]> http://www.dslreports.com/forum/remark,12237711 Tue, 28 Dec 2004 23:24:29 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237698 jmorlan : I recently had to clean up an infested machine of a relative. It had over 230 spyware objects and several viruses and trojans. They are not particularly computer literate and had asked a friend to help. The friend searched google to find anti-spyware products but couldn't tell if google's results were any good. The top google result for "spyware" is a program called "spychecker."

I have no idea whether spychecker is a legitimate program or not. But with so many rogue programs that claim to fight spyware while actually installing spyware, it is difficult for the average user to know who to trust.
--
NewsPlex Discussion Group]]> http://www.dslreports.com/forum/remark,12237698 Tue, 28 Dec 2004 23:22:14 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237587 mers2 : The license agreement is sure explicit, but when you're forcing a download install on unsuspecting users you can afford to be honest in the documentation that will protect you in court. Thank you Eric for providing the information on these programs. The security community needs to be very vocal on the issue of antispware companies partnering with adware/malware companies.
--
"Think for yourself and let others enjoy the privilege of doing so too." - Voltaire ]]> http://www.dslreports.com/forum/remark,12237587 Tue, 28 Dec 2004 23:07:33 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237416 Rusty Dusty : Good Grief!
What next...]]> http://www.dslreports.com/forum/remark,12237416 Tue, 28 Dec 2004 22:44:33 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237409 NanDog : Good job as usual, Eric. Thanks for the info. Although I'm sure most regular BBR Security types wouldn't go for this, it's good to know which self-espoused anti-malware apps are walking on the dark side, just in case any friends or acquaintances ask us about these programs. Most importantly, it's vital to read the EULAs for anything one downloads!]]> http://www.dslreports.com/forum/remark,12237409 Tue, 28 Dec 2004 22:43:39 EDT Re: Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237362 Spy : It's amazing how some anti-spyware products are becoming more and more of what they're not supposed to be.

Thanks for the warning.]]> http://www.dslreports.com/forum/remark,12237362 Tue, 28 Dec 2004 22:36:28 EDT Fraternizing w/ the Enemy http://www.dslreports.com/forum/remark,12237221 eburger68 : Hi All:

We've been talking recently about a disturbing trend in the anti-spyware world -- namely, that of anti-spyware vendors partnering and working with adware distributors, the very companies whose applications anti-spyware programs are supposed to be targeting (see »WhenU Enters the Anti-Spyware Market , »Buying Legitimacy , and »Adware Vendors Running for Cover... ). In fact, in two of anti-spyware tests that I performed back in October, one anti-spyware app (Spyblocs/eBlocs) turned up as one of the detections instead of as one of the apps being tested. Today I happened stumble across yet another example of this disturbing trend.

A new application named Ultimate Cleaner bills itself as a free anti-spyware program (hxxp://ultimatecleaner.com/ -- note: link disabled because automated download is initiated by program's home page ). This application is quite aggressive in pushing itself on visitors to the program's home page (see 1st screenshot). Those who check the license terms, however, will notice a number of disturbing clauses ( »www.ultimatecleaner.com/terms.html ):

said by Ultimate Cleaner License:
* I understand that by accepting these terms and conditions, this program will be installed on my computer and my web browser home page will be changed in order to allow me access.

* I further understand that an accessory toolbar will be added to my web browser which will remain visible as long as the software is installed.

* I also understand that the toolbar and the bookmarked home page are inseparable from the software product I have installed, and I realize that the bookmarks and the toolbar can only be deleted together with the software.

* I understand that the software will gather information about me and the websites I visit ("Usage Data"), but will not collect information that will be used to identify me personally. This information will be used to provide me with comparative shopping opportunities when they are most relevant.

* I further understand that by installing and/or using the software I grant permission for ultimatecleaner.com to periodically display sponsors' websites to me, and to collect, use and disclose the Usage Data. The frequency of displaying the advertisements will vary depending on my use of the Internet.

* I acknowledge that the Software includes an anonymous user ID and an electronic cookie that enables ultimatecleaner.com to collect such information and to display advertising targeted at me.

* I understand that ultimatecleaner.com does not control my interaction with the websites and advertisements displayed to me, and assumes no responsibility for their content or privacy practices and policies whatsoever.

That license is completely truthful, too -- see the second screenshot, which displays the toolbar and home page.

So, at a minimum we have an alleged anti-spyware app that installs via an aggressive, automated installation process not unlike the drive-by-downloads used by many spyware and adware applications -- an inherently dishonorable practice. That's bad enough, because confused and bewildered users could wind up installing an application they don't want or need. Moreover, the application is adware-supported, which means that it competes for advertising dollars with some of the very applications that it targets -- the same kind of conflict of interest that we noted when discussing the Aluria/WhenU deal.

The situation here is actually much worse. It turns out that at least three other anti-spyware vendors have decided to advertise their own applications through the adware toolbar -- see again the second screenshot, which shows the "Privacy Software" drop-down menu. Clicking any of those menu options will spawn advertisements for applications, including:

Privacy Defender
»www.pcsecurityshield.com/pd3/default.asp

Spy Fighter
»www.spyfighter.com/?wmId=189

Spyware Avenger
»www.spywareavenger.com/?nats=NzIzNjo0Ojg

All three of the above applications, it should be noted, have already made the Rogue/Suspect Anti-Spyware page.

It should go without saying that anti-spyware vendors should never be advertising their applications through adware, though I can't say that I'm too surprised to see these three particular apps being advertised through Ultimate Cleaner.

If nothing else, this example should illustrate the kind of company Aluria has chosen to keep by partnering with WhenU. The minute Aluria made that fateful decision it became much more difficult to distinguish Aluria from the several anti-spyware applications encountered with Ultimate Cleaner, all of which, like Aluria, decided that it was perfectly appropriate to advertise through or even bundle adware.

One final note: any reputable anti-spyware scanner ought to be able to detect and remove the adware installed with Ultimate Cleaner. The relevant HJT lines are:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ucsearchportal.com/?wmId=%AffiliateID

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.ucsearchportal.com/

O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\ULTIMA~1\UCTOOL~1\ucwork.dll

O3 - Toolbar: UC Toolbar - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Program Files\Ultimate Cleaner\UC Toolbar\ucwork.dll

O16 - DPF: {C40F8F85-3FC3-4C0C-AD91-6A204FAAD59F} (UCInstall Class) - hxxp://ultimatecleaner.com/install/UCInst.cab

Best,

Eric L. Howes

]]> http://www.dslreports.com/forum/remark,12237221 Tue, 28 Dec 2004 22:18:11 EDT