Broadband Tech > Security > Security > Sunbelt Adjusts WhenU Detections

reply to eburger68

Re: Sunbelt Adjusts WhenU Detections

reply to ghost16825
ghost16825:

I'm afraid this kind of software can't be analyzed using the "uncontentious" criteria that you've excerpted from the Sunbelt Listing Criteria. The "uncontentious" criteria you've come up with become plenty contentious once you realize all the software caught in the net of such ridid criteria, which are too focused on pure software functionality. To wit:

"Un-contentious:"

Installs via ActiveX controls
- Macromedia Flash (and hundreds of other legitimate browser plugins, including online anti-malware scanners)

(virtually uncontentious) installs via a security exploit or vulnerability
- (note: hinges on definition of exploit/vulnerability)

displays third-party advertising in pop-ups
- standard web browser

reconfigures the user's browser home page, search settings, or other user-selectable browser preferences
- numerous programs do this, including software packages that users install from their ISPs

modifies or deletes the HOSTS file
- TDS-3, Hostess

cause those PCs to establish phone connections to premium rate phone numbers (over X dollars/min)
- some folks do like premium rate dialers (and dialers are quite common and often used in Europe)

(with a comprehensive set of subcategories) collects Personally Identifiable Information
- again, plenty of programs do this

lacks an End User License Agreement
- this one nails half of the freeware on the internet, and plenty of legitimate payware as well

You'll surely protest that there's a difference between the "illegitimate" software that you meant to catch with those criteria and the "legitimate"/"innocent" software that, in a literal reading of those criteria, also happen to fit the bill. And I would agree -- there is a difference. The trick lies in putting your finger on it without being completely arbitrary in doing so -- that is to say, without resorting to hidden, assumed criteria that are contentious.

Eric L. Howes

reply to Mowergun

Well as pointed out before the main and only difference between Sunbelt and Lavasoft/MS cases is that the downgraded threat assessment was disclosed by Eric Howes first rather than being caught doing it first by the same person.

That's good. I'm sure, most other companies in the industry will learn from this. Maybe they will post a couple of warnings in security forums such as this, just in case the small notes on the website or help files isn't enough or employ another consultant who has pull with the community.

However that still doesn't address the underlying fear or feeling that Sunbelt 'sold out' or 'caved in' somehow to pressure.

This is somewhat strengthened by the fact, that Sunbelt has being perceived as being the last baston of hope. Something they have encouraged themselves by refusing to be tied to concrete citeria ,as it is something they claim allows adware companies to weasel around.

Besides I can't help but detect a note of crowing when they commented on the MS/Clara incident on their blog.

And a few weeks later, they did practically the same thing.

At any rate, if you look at past postings on sunbelt's blog, they have mentioned that Whenu is improving, plus the recent thread started by Eric to check user perception of adware so the ground work to do this, had already began.

BTW, I'm kind of confused, if there are no concrete citeria used by Sunbelt to categorise threats, what then made them decide to downgrade some whenu products, but not others?

reply to Mowergun

reply to eburger68
Has Cool Web Search applied for declassification. After all it is just an internet enhancement being unfairly maligned by its competitors.

reply to eburger68
oh well, just when we thought we were getting some fairdinkum software counterspy, tds, i realise the dcs boys are looking at a different way, but where will we be when what is considered at the forefront, back steps, before its really made its mark

i wont stop using it, but if this is the sign of the future, lets hope they dont downgrade too much adware,
going to a link with ads, no worries, but cleaning up before the next visit is something prefered

please from a user, dont forgive 'em too much, for your customers sake and yours

reply to eburger68
well, for what its worth, eburger68 and Daphne, at this point in time , i still trust you and put more faith in you than i do in M$ and Co..

oh well....knowledge IS power.

I trust Eric too but it just goes to show you not to ever get "too" comfortable with anyone LOL...

reply to wtf_seriously
My $0.02.

The makers of malware detection programs could save themselves a lot of trouble by supplying their programs to the user with a complete detection databse, *but* detection is turned OFF by default in their program. In other words, with its default settings, their program detects nothing. By having the user turn detection ON, the makers of the program avoid the legal ramifications that are associated with malware companies who dislike the fact that their malware is detected.

reply to norwegian
I'm still failing to see what the big deal is here. companies regularly slam through *the* most dubious changes to databases all the time, without so much as a whisper in the "what's new" notes. Sunbelt splatter the news all over the place, and suddenly become the world's biggest sellout? Huh?

If someone is intelligent enough to be able to actually run an antispyware application, you should assume they would also be intelligent enough to understand the blurb describing what "quarantine", "ignore" and "remove" mean. Quite frankly if they can't even work out what those words on their *own* mean, with no descriptive text, then how on earth did they even manage to type in a web address to download the app in the first place?

Blindly whacking buttons is how a lot of this stuff gets onto machines in the first place. Sad but true. But if an end-user then goes to the trouble of installing applications to make good what went wrong, it is safe to say that said user will actually put a little more effort into running the tool than turning into Johnny-no-brain and mashing the keyboard with his face.

They are *not* going to sit with drool hanging out of their mouth looking up the world "ignore" on Wikipedia.

Anyone running an antispyware app wants *rid* of the programs they feel shouldn't be there. Whilst people will charge that an element of naivety, stupidity or whatever else you may call it existed in the act of becoming infected, this same assumption shouldn't be levelled at those who want to cleanse their system. They have already made the mental change and want to kick some butt. Have some faith and believe that they will actually *understand* the program's clear notices that they can change the scan options for the programs found.

And if they STILL don't get it?

That's what the program's manual / help file is for. Give a hoot - read a book.

All this panic at Sunbelt "caving in" under scary legal threats is a joke. Sunbelt are regularly hit with all kinds of stupid C&D letters, legal threats - you name it, they get it. But Alex always fires off a response, publicises it, unleashes his frankly scary legal assassins and mixes it up. This is hardly the action of a "sellout". Teacup, meet Mr Storm.

Oh, and seeing as everyone has to do this nowadays...

Half-baked disclosure: I have never, ever done any sort of paid consultancy work for Sunbelt Software ever. I swear. Please don't hurt me....

Edit: This post has been edited to make you think I added something really clever for ammunition in a later post. Muahaha!

reply to DSL_Steve
the ramifications to that, imagine a system of tools from security to .dll rebuilders to administration to .exe's all updatable on request , the more you invest in time and money, the more the fixs come , might be good for the general public too

sorry getting of topic

reply to DSL_Steve

reply to eburger68
As usual, Thanks for the info Eric.

At least Sunbelt was up front about what they did.

reply to eburger68
Thanks for the "Notice of 'Adjustment'".

As I posted (with no reply) in another recent thread on these issues, it seems apparent that any _meaningful_ "Ratings" of these applications must now include evaluations of how they inform users of what they detect, and how they inform users of any modifications to what they detect, what they do not detect, and any modifications to any classifications and "recommendations". For clarity, this does include the now employed term "adjustment".

While others (including B , CalamityJane Snowy ) have already touched on this-

This is a situation were those directly involved with a project apparently do not understand how the appearance of the usage of a PR type term like "adjustment" does nothing to bolster _their_own_ credibility, at least to this observer. When I say credibility here, please understand that I do _not_ mean truthfulness (nor knowledge, dedication, effort...), but more in the sense of independence, disclosures or not.

Reading the thread title was all that was needed to scare me into wondering if this is were the post itself was headed. Sadly, though not yet fatally, clicking on the thread confirmed that it was.

**Of course, the same question of how this application deals with past 'In the Wild' versions of all of the crapware that this particular Notice of Adjustments (NoA) covers, arrises. ***

[EDIT: Eric, I missed your Edit and change in your 1st Post, but also note that the Thread Title remains "Adjustment" oriented.]
--
How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach

reply to ghost16825

reply to eburger68
Thanks Alex,Eric&Suzi for posting up information and subsequent defence,Its a refreshing change to the stealth removal by certain other rival bot killer software.

Its got to be said that One unpleasent software by a company dose not automatically render all of its software as automatically nasty and that is the catch22 that all vendors are in.
Where as most of your rival vendors(eg Lavasoft drop detections at the whiff of lawsuit,Hotbar;)).You mount a defence based apon a genuine review of a product and probaly the best set of definitions of what constitutes malware/adware etc.

The knockers/alarmists posting in this thread are missing the point that your software is still calling a spade a spade when it comes down to individual software.

Anyone with half a brain who actually takes the time to read the PDF file or look into to how Sunbelt defends itself against threatened/real legal action can see that you are no sell out(s) and are genuinely motivated to serve your customers.

Keep it up:)

For the alarmists/knockers with reference to Lavasoft&WhenU-

WhenU products (all,Good&Bad alike)were removed from their database because in LS eyes they were TAC=2 and no longer worthy of detection.
In all theories different WhenU software should have generated different TAC ratings so who knows the motives for their total removal from detection except LS.

It took LS over a month to redefine their TAC inorder to reintroduce a known entity(WhenU products) to their detections.

The smart money would be on a threatened lawsuit despite all the rhetoric from LS to the contrary.

I personally do not trust Lavasoft since they have a proven track record of acting unethically where as the openess displayed by Sunbelt inspires trustworthiness:)

hi Fcukdat

Sunbelt is hardcore. Alex is totally dedicated to going head to head with companies. because of their position as an enterprise antispyware vendor, they simply *cannot* cave in like other products because of the well known intolerance of IT network managers and the like. remove even the stupidest, non-threatening program from the database? okay thanks, and we'll just be cancelling your order of your enterprise software too. i dont see the issue with upgrading and downgrading individual software. big deal. move on.

if a company straightens up and sorts out some of its programs, keeping those programs as "EVIL!! EVIL!!!" on their database would confuse an end user who sees everyone else calling it a reduced threat, yet sunbelt are calling it one of the apocalypse horsemen. wouldnt that look a little screwy?

hell, downgrade it and make space on the naughty list for someone else who deserves the spot a little bit more. times change, companies fix certain programs and screw up others. the reality is, there IS no black and white with regards definitions, though its all so much hot air. just like the antispyware coalition, and its obsession with semantics and "what things are called". who *cares*?

the answer to all of your problems is here:

Do you want it on your system or not?

To the best of my knowledge, Sunbelt's application still gives you that choice.

non-legal disclaimer: Sunbelt Software have not had me consulting for them in the time it took me to make this second post

reply to eburger68
I'm sure the research paper is very good. Of that I have no doubt as I respect Eric's research to always be thorough.

However, the hype created in the earlier thread lead many new readers to this forum to think that Adaware was bad for them to use.
»Re: ASW Vendors in La-La Land
That is my disappointment. Make another product look bad, so yours can look better is how that looks now.
I have to wonder about this:
»www.adwarereport.com/mt/archives/000073.html and this new development just makes one wonder if Aluria is still evil or just ahead of it's time? Hmmmmm.

I really hate to see people scared to use a good product and making "trust" issues on great big soapboxes really annoys me because of the end result in how all that influences the new user.
»Who's uninstalling Ad-aware?
Those types of threads created out of the hysterial in the La-La-Land thread actually did have people afraid to use Adaware based on those comments.
Once again, I'll bow out of this one because I don't do software wars. Ya'll can have at it and each other, but I'm just very disappointed that it has come down in this manner.

The fact is, there is nothing really wrong with any of them. Them being Adaware, Spybot, MSAS CounterSpy, Spysweeper, etc. or any of the recommended cleaners folks here are using that are most commonly talked about. You will have to start getting used to changing your thinking, and get ready for Gator/Claria to be delisted as well. Times are a'changing. And if these major Adware companies are cleaning up their acts, that is a very good thing for the community actually. It does not mean, however, that the new reader should take all of these hysterical posts to "dump this or dump that" as a kneejerk reaction that will influence people towards one product or another. They need to use several these days to get it all and protect themselves from the annoyances of Adware. What bothers me is that the folks getting the really nasty stuff might overlook the very help they need because of what is said in these bomb-dropping threads that I expect we will see more of in the future. Back to the real wars for me...I have spyware nasties to fight.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals)