how-to block ads
|
|
Share Topic
 |
 |
|
|
|
| reply to eburger68
Re: Sunbelt Adjusts WhenU Detections Eric,
I don't question the color of your hat, and please realize that I do not consider myself enough of an authority to judge your judgements. I believe you and respect your position (which is quite articulate, I might add). I don't mean to be hot-headed or rancorous.
If criteria need be established in order to CYA in legal terms, then that obviously must be done- but as I said in my previous post, I worry that thousands of "Change of Rating" requests would have a tendency to overwhelm the resources of an Anti-Ad company and I foresee and hereby predict that logical end. It is far easier for me to believe these companies are building a "Bait and Switch" rather than to surmise they have "Seen the Light" and are now noble creatures suitable for edification as bronze busts on marble columns.
As I said in my previous post- It isn't so much whether or how you rate things that I care about, it is what you do with that rating, and therein lies the friction between "your side" and "mine". The ACTION taken by the software is where all the gripe is here.
I am a service tech (as I suppose many here are). I remember back to the days when adware was first coming out and the Anti-virus companies decided that ad trojans were somehow different than a viral trojan and declared "That is not my job" thus spawning the entire Anti-ad / anti-spy industry.
That "classification", that supposed "difference" was horror-highway to those of us that had to rip tons of nasties out by hand to get a user back to normal.
The classifications being made today make me jumpy for the same reason. I rely on Anti-v\s\a\t to prevent in the first case, or to clean things up adaquately and efficiently to keep my time down and reduce cost to my client.
Even in the midst of the greatest awareness of spyware ever, it is really not uncommon for a client to bring in a box that will not run due to 100 virus and 500 spy/ad running TSR in the machine.
I envision a time when 300 of those 500 spy\ad bots are rated to "ignore" and I have to laboriously wander down the entire list hitting the pulldown and changing the "ignore" to "remove" line by line...
Privacy issues aside, in answer to your question posed to StraightShooter, it isn't the one adware left behind that is terribly harmful to to the system, it is the aggregate. This is true of ad-sponsored and purchased softwares too. Shutting off all the TSRs in a box is already a problem. There is no sense making it worse.
So here are a couple proposals to pass on to your pals at Counterspy:
1. Give me a "Select ALL /remove" option
2. Give me a separate page in the scan results for "Ad-Sponsored" software.
Include YahooBar, AOLMess, etc. (Not picking on them, just examples).
Any on that page rated as a "Known Offender" would be automatically checked for removal.
Those not so rated would not be checked.
If a "Known Offender" cleans up his act and keeps it clean for a year delist him as a Known Offender.
Of course the user may uncheck a desired software and it will stay unchecked (until I show up).
A user may also CHECK an unchecked box and it will stay checked (which is what I will do when I show up).
This would give me the added bonus of having a handy place to rip out all the ad-sponsored annoyances currently not handled as a malware...
Bruce | |
| Bruce:
You wrote:
said by roamer_1:If criteria need be established in order to CYA in legal terms, then that obviously must be done- but as I said in my previous post, I worry that thousands of "Change of Rating" requests would have a tendency to overwhelm the resources of an Anti-Ad company and I foresee and hereby predict that logical end. I worry about this as well -- not only with respect to anti-spyware companies but even more so with independent researchers and web sites, who don't have the financial resources to defend themselves legally.
One thing I've been urging the anti-spyware vendors that I talk to to do is to set up some kind of informal process or structure for sharing information about who's been approached or threatened by various adware companies. Anti-spyware companies need to cooperate more on a lot of things, but sharing information on challenges and threats would be most useful and could allow the anti-spyware industry to formulate a more coordinated and effective defense against legal challenges.
said by roamer_1:It is far easier for me to believe these companies are building a "Bait and Switch" rather than to surmise they have "Seen the Light" and are now noble creatures suitable for edification as bronze busts on marble columns. That's also a very legitimate worry, and most of the adware companies that I've seen have exhibited very little tendency or inclination to actually do the hard work of cleaning up their acts. At best, they're more interested in making cosmetic changes and then bullying anti-spyware companies into dropping their software from the detections.
In the rare case that we do encounter a company that appears to be making substantive changes, though, I find it hard to maintain that we should ignore such progress, where it can be verified.
said by roamer_1:As I said in my previous post- It isn't so much whether or how you rate things that I care about, it is what you do with that rating, and therein lies the friction between "your side" and "mine". The ACTION taken by the software is where all the gripe is here. As I've said in numerous posts here, I think that the actual behavior and functionality (the "action," as you put it) should be the primary (but not exclusive) focus, and that's exactly why I've been asking folks here over and over to tell me what specifically these three programs (WhenUSearch, ClockSync, Weathercast) do that warrants a risk rating of higher than "Low risk." So far, no one's been able to address this question square-on or back up their conclusions with evidence.
said by roamer_1:I envision a time when 300 of those 500 spy\ad bots are rated to "ignore" and I have to laboriously wander down the entire list hitting the pulldown and changing the "ignore" to "remove" line by line... That certainly would be an extreme annoyance. In fact, Lavasoft Ad-aware Personal already forces users to laboriously check every box in the scan results (one of the benefits to upgrading to the Plus or Pro versions is that you get a nice checkbox to automatically select all results in the scan results screen).
That said, I really don't think we'll get to the point where 300-500 adware/spyware programs are set to "Ignore." Here's why:
The nightmare scenario you lay out is based (I assume) on the fear that in downgrading or reclassifying one adware program, anti-spyware vendors open a Pandora's box which will quickly cause hundreds more to be downgraded. But that scenario happens only if anti-spyware vendors don't have a solid review process in place and haven't established standards of some sort to guide (but not completely determine) that review process.
It is quite possible to have a review process in place that allows for reclassifications and de-listings without giving away the store. I can vouch for this from personal experience. Not only do I maintain several well known block lists...
»netfiles.uiuc.edu/ehowes/www/resource.htm
...but I administer the Rogue/Suspect Anti-Spyware page:
»www.spywarewarrior.com/rogue_ant···ware.htm
Both projects attract their fair share of complaints and even threats from companies of one sort or another. In both cases, though, I have occasionally reclassified or even removed domains or listed software from the block lists or the Rogue/Suspect page. Removals are very much the exception, not the norm. But I do have to provide a review process of some sort and give requests from companies due consideration. I end up rejecting far more removal requests from companies than I grant. In some cases, I've been rejecting the repeated requests from the same companies for a year or more because they haven't fundamentally changed their products or their web sites.
I must admit that when the first credible removal request hit my inbox, I was very worried that if I gave in to one, I'd effectively give away the whole store. That concern was misplaced, as it turns out. I've found it quite practical to grant removals in the rare instances where I think they are truly warranted while holding the rest of the problem actors at bay.
The bottom line is that there need be no Pandora's Box of adware de-listings, provided anti-spyware companies construct robust review processes. But it does require them to make tough calls that may not always be popular in some quarters.
said by roamer_1:Privacy issues aside, in answer to your question posed to StraightShooter, it isn't the one adware left behind that is terribly harmful to to the system, it is the aggregate. This is true of ad-sponsored and purchased softwares too. Shutting off all the TSRs in a box is already a problem. There is no sense making it worse. Well, I'll hand it to you -- that's the most credible answer I've heard yet to my question, though it still doesn't quite address the question or scenario square-on. It's also somewhat problematic, because the implied standard ("aggregate effect on the system if installed in volume") would be easily applicable to other types of completely legitimate software.
For example, I've seen boxes where the users were infatuated with cool screensavers, wallpapers, icons, custom cursors and so forth that were so completely junked up that using the system was difficult indeed. I've also seen boxes that were simply overwhelmed with the sheer number of programs installed by the OEM and running in the system tray (in fact, back in the Win9x days, tech support at OEMs used to routinely advise users to resolve their problems by disabling all the resident auto-run programs clogging the system tray).
Can anti-spyware programs start targeting all manner of programs that could bring the system to its knees? You could certainly build a cleanup and removal tool that would help users unclog their systems of all the (legitimate) garbage they or their kids installed, but that would resemble more one of the many system cleaning tools that are already on the market (and, yes, we have had proposals here at DSLR for anti-spyware vendors to revamp their programs into more general system cleaning tools).
said by roamer_1:1. Give me a "Select ALL /remove" option Good suggestion.
said by roamer_1:2. Give me a separate page in the scan results for "Ad-Sponsored" software. Include YahooBar, AOLMess, etc. (Not picking on them, just examples). Any on that page rated as a "Known Offender" would be automatically checked for removal. Those not so rated would not be checked. You're thinking along the same lines I do -- revamp the scan results in anti-spyware programs to provide more flexible, useful, and intelligible ways for presenting a wide range of potentially risky software (from the lowest of the low risk adware programs to out and out malware) to users for possible removal. Anti-spyware vendors are currently changing their scan results in just this way. See this page for a discussion of those changes with screenshots:
»www.spywarewarrior.com/asw-notes···ults.htm
Best,
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
| The bottom line is that there need be no Pandora's Box of adware de-listings, provided anti-spyware companies construct robust review processes. But it does require them to make tough calls that may not always be popular in some quarters.
IMHO, That remains to be seen. The obvious reason for spyware vendors to pursue C&D, delistings, etc. is that they are shaking up the game, looking for a way to preserve themselves. any change to the playing field will undoubtably be exploited.
Can anti-spyware programs start targeting all manner of programs that could bring the system to its knees?
No, but "anti-adware" goes right along with Anti-spyware... you could do us all a favor by ADDING emphasis to the anti-ad part... no need to distinguish between adware and ad-sponsored-ware...:D
said by roamer_1:1. Give me a "Select ALL /remove" option Good suggestion. said by roamer_1:2. Give me a separate page in the scan results for "Ad-Sponsored" software. Include YahooBar, AOLMess, etc. (Not picking on them, just examples). Any on that page rated as a "Known Offender" would be automatically checked for removal. Those not so rated would not be checked. You're thinking along the same lines I do -- revamp the scan results in anti-spyware programs to provide more flexible, useful, and intelligible ways for presenting a wide range of potentially risky software (from the lowest of the low risk adware programs to out and out malware) to users for possible removal.
Rgds,
Bruce | |
2 edits | Bruce:
You wrote:
said by roamer_1:IMHO, That remains to be seen. The obvious reason for spyware vendors to pursue C&D, delistings, etc. is that they are shaking up the game, looking for a way to preserve themselves. any change to the playing field will undoubtably be exploited. Oh, that's quite clearly their intention. But I said that it "need not happen," not that I could guarantee it WOULD not happen. It still could happen if anti-spyware companies aren't careful and disciplined. It's a possibility, but not a foregone result.
said by roamer_1:No, but "anti-adware" goes right along with Anti-spyware... you could do us all a favor by ADDING emphasis to the anti-ad part... no need to distinguish between adware and ad-sponsored-ware...:D I use the term "anti-spyware applications" because that's what most people know those programs as. Truth be told, I've never liked the term "spyware" for all kinds of reasons. In fact, I often write "spyware/adware" just to be clear that I most certainly do include advertising software within the scope of programs that I'm discussing. And if you take a look at the Sunbelt Listing Criteria...
»research.sunbelt-software.com/li···eria.cfm
...you'll notice that "adware" functionality is a big part of what Sunbelt considers in its review process. And for my own thoughts on useless labels like "spyware" and "adware," see:
»netfiles.uiuc.edu/ehowes/www/junkware.htm
»netfiles.uiuc.edu/ehowes/www/ftc···ents.htm
Quite frankly, I'm sick of silly arguments that revolve around labels.
said by roamer_1:Ummm... so remind me again... what were we arguing about? I doubt anyone here would take exception to the scenarios above... Actually, when I discussed flexible presentation methods within scan results earlier in this discussion thread, they were widely dismissed by people who insisted that there should be no distinctions made, that "flexibility" was tantamount to "sell-out," and that all adware/spyware programs should be presented to users in the same way and handled in the same way with no exceptions. That's part of what was being argued about.
Best,
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
1 edit | Eric,
Actually, when I discussed flexible presentation methods within scan results earlier in this discussion thread, they were widely dismissed by people who insisted that there should be no distinctions made, that "flexibility" was tantamount to "sell-out," and that all adware/spyware programs should be presented to users in the same way and handled in the same way with no exceptions. That's part of what was being argued about.
Well, perhaps it got missed in the fray...
As discussed between you and I earlier:
If you added a page to the scan results wherein all ad-sponsored software (as opposed to adware)were listed, and where "Known Offenders" were pre-checked for removal... where I could also remove all the Doh-ware like YahooBar, AolMess (just to name two)... well that would be a big gain to me! I would be sayin "Hell Yes"! (providing explicitly that "Known Offenders" are prechecked for removal, and that "Known Offender" status has a real, un-watered effect and a long and serious probationary period).
It's the "ignore" action that got me baked.
And that is the gist of the downgrade as I see it... that WhenU now only meets the criteria of "ad-sponsored" rather than spyware or adware. Well fine, then EXPAND the software to include "ad-sponsored" software too...
It has been bandied about here that these types of programs are actually desireable to users- That dog don't hunt.
Users desire EVERYTHING. especially if it is free and has bouncy, flashy bits...
The people you are talking to here are the guys that have to tell those users "You can't have that. All this crap is pluggin up your box."
This is another whole facet to the war on the ground, and people are scared that you guys (in general) are gonna drop the ball and leave us in "Add and Remove" hell. You've got to remember that we don't have a fancy server down in IT preventing users from installing crap we don't want.
I have a particular client (doesn't everyone?) who needs my service on a semi-monthly basis. She is inordinately fond of electronic pets and free internet games. She LOVES emoticons and font packages. She has downloaded every screensaver known to man... and she just doesn't get it. No matter how often I explain it to her, no matter what preventive software I load on... And her teenage daughter is just as bad. They both are clueless, the worst I've got... but they are very far from alone.
So just because it is desired by the user (lets not even talk about underage kids "legally" installing on the family box) does not mean that it is good for the user. They aren't ever gonna read a EULA and don't care what it says. They glaze over when I start talking geek...They just expect me to show up, waive my ju-ju beads, mutter some x-rated incantations, and exorcise the evil they have let into their lives.
So be a pal... make it better. Expand into ad-sponsored "legitimately" installed Doh-ware... you'll make my day.
Regards,
Bruce
EDIT: Ladies, please don't flame me because my representation involved only those of the fairer sex... I have plenty of male users that are nearly as bad as the two I mentioned...
B | | |
|
 iam xSungazerPremium
join:2005-02-23
ॐ | said by roamer_1:Eric, It's the "ignore" action that got me baked. Users desire EVERYTHING. especially if it is free and has bouncy, flashy bits... The people you are talking to here are the guys that have to tell those users "You can't have that. All this crap is pluggin up your box." I have a particular client ..... She is inordinately fond of electronic pets and free internet games. She LOVES emoticons and font packages. She has downloaded every screensaver known to man... and she just doesn't get it. No matter how often I explain it to her, no matter what preventive software I load on... And her teenage daughter is just as bad. They both are clueless, the worst I've got... but they are very far from alone. So just because it is desired by the user (lets not even talk about underage kids "legally" installing on the family box) does not mean that it is good for the user. They aren't ever gonna read a EULA and don't care what it says. They glaze over when I start talking geek...They just expect me to show up, waive my ju-ju beads, mutter some x-rated incantations, and exorcise the evil they have let into their lives. Regards, Bruce you said it very well roamer1, i have someone closer to home thats exactly like the client{and her daughter!} you mentioned, namely my little sister! 
she is almost a mirror image in terms of behaviour to the 2 ladies mentioned above, and it is me, who has to clean up her pc everytime as a result!
she says to me " oh but i dont know how my pc became so slow........... i dont know how to remove all this,......... its too complicated...."
i dont mind the practice, but i, in turn would like to transfer this job to an anti-spyware application, because they can do a much thorough and efficient and complete job than i could ever do manually.
but i am just dreading the day that she runs an antispyware app. only to be given 3 options,{she cant understand what this'qurantine' business is} for 10 detected things that she has no idea, wether to keep or delete. | |
| reply to roamer_1
Bruce:
You wrote:
said by roamer_1:I would be sayin "Hell Yes"! (providing explicitly that "Known Offenders" are prechecked for removal, and that "Known Offender" status has a real, un-watered effect and a long and serious probationary period). And the known offenders would have to be determined by some set of criteria that themselves would have to be drafted. Moreover, hanging a "known offender" status on vendors because of reputation issues would be an invitation to still further complaints and legal threats. This looks to me like yet another attempt to insert a "because-it's-WhenU" trump card into the review process.
You worried earlier about anti-spyware vendors getting buried by petitions and legal threats -- this is the surest way to achieve that outcome.
said by roamer_1:It's the "ignore" action that got me baked. And that is the gist of the downgrade as I see it... that WhenU now only meets the criteria of "ad-sponsored" rather than spyware or adware. Well fine, then EXPAND the software to include "ad-sponsored" software too... Sunbelt does not make targeting decisions by starting with labels, which I've already explained are useless as the basis for targeting decisions, and then determining threat levels. We start with the specific practices, behaviors, and functionality included in the Listing Criteria...
»research.sunbelt-software.com/li···eria.cfm
...so telling Sunbelt to include "ad-sponsored" software is simply pointless -- Sunbelt doesn't even USE such a label or category. The categories we do use are assigned at the end of the entire evaluation process and are more designed to provide a simple description of the software for users. We could throw the labels out tomorrow and still do reviews of software, but it is the criteria we look to, not the labels.
If you want to suggest changes, start with the Listing Criteria. If there are behaviors, functionality, or practices that you think are ommitted, then please suggest them -- it's always possible that we've missed something.
Truth be told, I don't even know what you mean by "ad-sponsored" software and how that would differ from the wide range of software most folks already call "adware." These labels are a dead-end street -- they're pointless and useless as the basis for targeting decisions.
said by roamer_1:It has been bandied about here that these types of programs are actually desireable to users- That dog don't hunt. Users desire EVERYTHING. especially if it is free and has bouncy, flashy bits... The people you are talking to here are the guys that have to tell those users "You can't have that. All this crap is pluggin up your box." In other words, Sunbelt should start basing its targeting and evaluation decisions not on what its customers and users want, but what some IT guys think is appropriate for them.
Sorry: that dog just died.
Adware vendors would make so much legal hay with that targeting philosophy. I can see the courtroom now:
* Adware vendor's legal team shows the judge all the notice and disclosure provided during installation -- notice screens, EULAs, you name it -- and demonstrates how users must indicate their consent to the installation of the software.
* Anti-spyware vendor's legal team then replies that such may be true, but the anti-spyware vendor has polled IT admins, who know better than than the users themselves what those users need.
* Adware vendor's legal team then brings in five outraged users who really did want the screensavers and the talking purple monkey and were distraught when the anti-spyware program removed it.
* Anti-spyware vendor's legal team brings in five IT admins who all roll their eyes in unison and explain how the users shouldn't have been downloading that trash to begin with.
No, I'm afraid that's not going to work.
said by roamer_1:This is another whole facet to the war on the ground, and people are scared that you guys (in general) are gonna drop the ball and leave us in "Add and Remove" hell. You've got to remember that we don't have a fancy server down in IT preventing users from installing crap we don't want. If you work in a corporate environment and are dealing with recalcitrant users who won't follow company policy, then you need an enterprise level anti-spyware product that gives the admins more administrative control over the software that gets installed on the company's computers. Sunbelt offers such a product, as do a number of other anti-spyware vendors.
But we can't take a consumer product and turn it into a poor-man's backdoor admin tool for IT admins to exert control over their know-nothing clients.
said by roamer_1:So be a pal... make it better. Expand into ad-sponsored "legitimately" installed Doh-ware... you'll make my day. And who will be paying the legal bills of anti-spyware vendors once they start targeting such software and hanging scarlet letters on the ones that IT admins really hate?
I'm sorry, but most of the ideas you've offered in this latest post are simply not practical or advisable for anti-spyware companies, who are already faced with a minefield of trouble as it stands.
Best,
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
 sybilleNot only "just visiting"Premium
join:2004-04-06
France | said by eburger68:said by roamer_1:
The people you are talking to here are the guys that have to tell those users "You can't have that. All this crap is pluggin up your box." In other words, Sunbelt should start basing its targeting and evaluation decisions not on what its customers and users want, but what some IT guys think is appropriate for them. Sorry: that dog just died. I agree with this, although I notice that your hypothetical example focuses on the ASW vendor being taken to court.
It is understandable that the ASW vendor would want to protect its interests and avoid such a situation.
However, what if the customers and users want something that is not in the interest of the ASW vendor?
For example, what if customers and users want am ASW program that will identify all programs made by WhenU as being equally undesirable?
This would not be in the interest of the ASW vendor that wants to protect itself from being sued, but it's certainly something that customers and users could desire.
How could such a conflict of interest be resolved most usefully?
Even if we do not have "hard numbers" to demonstrate what customers and users want in the particular case under consideration at present, it does not seem far-fetched to me to suppose that the interests of customers and users would differ from and possibly conflict with those of any company, including those of an ASW vendor. | |
| Sybille:
You wrote:
said by sybille:It is understandable that the ASW vendor would want to protect its interests and avoid such a situation. However, what if the customers and users want something that is not in the interest of the ASW vendor? For example, what if customers and users want am ASW program that will identify all programs made by WhenU as being equally undesirable? This would not be in the interest of the ASW vendor that wants to protect itself from being sued, but it's certainly something that customers and users could desire. How could such a conflict of interest be resolved most usefully? Actually, this isn't quite as big of a problem as the previous hypothetical that I was responding to. A few observations and points:
1) The more that anti-spyware vendors can demonstrate that the features and performance of their applications reflect the actual preferences of their users, the stronger a position they'll be in. It's much sounder for anti-spyware vendors to point out that what adware vendors might object to is actually wanted by the customers of anti-spyware applications.
2) The trick here is that -- I hate to say it -- users are fickle and engage in self-contradictory behavior. Polls do show that most folks don't want spyware/adware on their systems. They hate it. But they don't always act in a manner consistent with that expressed wish because, as Bruce already pointed out (and which the study I referenced earlier also emphasizes), users like the freebie goodies as well. Moreover, as I noted several times earlier, users can even be divided themselves over what constitutes undesirable software in some cases.
So, we can get into situations where "what normal users want" isn't always clear and simple, esp. when a software vendor puts very clear forms of notice and disclosure in front of them and the users click through, apparently indicating their consent.
Note: I don't happen to think that much of what passes for "notice and disclosure" among adware vendors is meaningful because of all kinds of problems which I can't get into right at the moment. There are going to be some forms of notice and disclosure that are so clear, conspicuous, and straightforward that it becomes difficult for me to look at them and imagine how users could get through without knowing what they were installing. Those situations are very much the exception at present, though.
3) When user intent or desire becomes murky or divided, the best thing anti-spyware vendors can do is add "extra checks" (for lack of a better term at the moment) into their anti-spyware apps to get a better sense of what users' real intentions and desires are.
For example, forcing users to change the default in some cases from "Ignore" to "Remove" is one way to do that, because it allows anti-spyware vendors to claim that the users made the affirmative, unambiguous choice to remove the software of their own volition.
There other "extra checks" that anti-spyware vendors can build in to strengthen the case that the removals were the actual desire and intent of the user, but the above is one example.
I know that some folks here will read this and say, "I know what I want! It's not so difficult to figure out, and I'm completely consistent in my actions." That's all very well and good, but things do get a bit murkier when we're dealing with less knowledgeable users who don't always act consistently.
Best,
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
2 edits | reply to roamer_1
Bruce:
OK, this is a bit embarrassing. Last night you wrote:
said by roamer_1:
So here are a couple proposals to pass on to your pals at Counterspy:
1. Give me a "Select ALL /remove" option
I chirpily said that it was a good suggestion. Had I explored the dim recesses of my memory first, however, I would have told you that CounterSpy already HAS such an option -- see the first attached screenshot above.
Notice the "Set a single action for all items" link next to the "Take Action" button. That link brings up a dialog box (see the second screenshot) that allows you do configure all detected items to for "Remove" or "Quarantine," no matter what the default action is.
I guess I didn't remember that such an option existed because in the testing I do, I never use it. I always inspect each detection one by one and select or verify the actions for each detection.
My apologies for the oversight and confusion.
(Note: the screenshots above are from CounterSpy 1.5 beta, but the same option and dialog box exist in the current release version 1.0.29.)
Best,
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
sybilleNot only "just visiting"Premium
join:2004-04-06
France | reply to eburger68
I fully agree that what users want is convoluted. If it were not, the users would not install unwanted software in the first place, for example.
I think your idea to require that users clarify their intentions by means of different checks is a very good one. It both helps protect the ASW vendor and can serve to educate the user.
In that case, the aims of the two parties converge, at least to some extent.
I doubt this would be the case in each instance.
I still believe that what users want, in so far as it can be determined and however complex it may be, could run counter to the interests of the ASW vendor.
I didn't see that you responded to that concern in particular.
Of course, you're not required to respond, either. | |
1 edit | Sybille:
You wrote:
said by sybille:I still believe that what users want, in so far as it can be determined and however complex it may be, could run counter to the interests of the ASW vendor. I didn't see that you responded to that concern in particular. It's always possible that there could be instances in which their interests are not identical. The better that anti-spyware vendors can discern or compel users to announce their true intentions and preferences, the less likely that will be a problem. In fact, it's in the interests of anti-spyware vendors to align their programs with users' desires and intentions.
I agree, though, that convergence can never become perfect union.
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
| reply to eburger68
Eric,
You wrote:
This looks to me like yet another attempt to insert a "because-it's-WhenU" trump card into the review process.
You worried earlier about anti-spyware vendors getting buried by petitions and legal threats -- this is the surest way to achieve that outcome.
Not exactly- You had said something to the effect that past reputation could be taken into account, but could not be an "end all" criteria, I simply proposed that if the company offered no spyware in any way for a reasonable period (1 yr was the example) then the delisting would take place- Perhaps I read you wrong. It seems you are now saying that past reputation cannot be a factor whatsoever! (?)
Perhaps you could flesh out how you see "past reputation" being applied?
Sunbelt does not make targeting decisions by starting with labels, which I've already explained are useless as the basis for targeting decisions
I understand perfectly that labels are useless for targeting decisions (and I agree with your writings to that effect), but they are awfully handy in discussions. One saves alot of time labeling a creature a "duck" rather than explaining all the features that separate it from other avians in general every time a duck is described... Perhaps with a few well placed labels we might stop talking past each other.
Truth be told, I don't even know what you mean by "ad-sponsored" software and how that would differ from the wide range of software most folks already call "adware." These labels are a dead-end street -- they're pointless and useless as the basis for targeting decisions.
I was trying to delineate software that has install, notification, keeps ads within itself, and has an uninstall etc. Features you (seem to) describe as making it legitimate, though it is still adware. To me there is no difference, but if you need to define a legal difference, so be it.
I was suggesting an expansion of detect/remove to cover that "group" as well (AolMess and YahooBar were suggested earlier as examples of inclusion), so that these morphing companies could not say they were being unfairly singled out.
I am against the idea that since the user was stupid enough to install it there should be no easy way to remove it and it must be relegated to A/R simply because it supplies an uninstall routine, or that it would be "Line item only" for removal.
In other words, Sunbelt should start basing its targeting and evaluation decisions not on what its customers and users want, but what some IT guys think is appropriate for them.
Sorry: that dog just died.
I didn't mean that in any legal way- I was just suggesting that "user wants" are not an effective platform in this forum. We all know what the user wants, and it is generally not thought of as a good thing... at least not with me. Whether that is legally defensible wasn't the point. Sorry if I was not clear on that.
However, since you raised the point (and with any couched threat unintended), you would be suprised how many of your users ARE your users only with the blessing of their local guru or tech. If it doesn't fly with me, you can bet my users will be elswhere- especially when it comes to security software. My previous post aside, most of my users listen to me and accept my recommendations. I say this only to highlight the point that you do well to be here (and other places like in kind) and pound this out in an acceptable fashion.
But we can't take a consumer product and turn it into a poor-man's backdoor admin tool for IT admins to exert control over their know-nothing clients.
But you also can't take away the ability of the program to do the meat and potatos work that we rely on it to do. As I said before, CYA legally... fine. but give me a "Select all /remove" and keep detecting... Or a global option to select all... so that I can override the suggested action.
I know that you are holding your nose while you do this. I understand that you don't like these companies any more than I do. But in the midst of it you seem to be making the case for a type of "acceptable" level of adware, rather than a rally to "how do we beat 'em now?" which is an uncomfortable residue of this discussion.
So what are you saying in a general sense (not WhenU particularly for the moment)? Is there no productive way that Anti-Spy can assist if an adware drops below a certain level? And if such is the case, where might that level be defined? And if defined, How does one prevent further slippage (herein lies the brow of the proverbial slippery slope)?
And who will be paying the legal bills of anti-spyware vendors once they start targeting such software and hanging scarlet letters on the ones that IT admins really hate?
I didn't figure there would be any. Adware is within your pervue (at least traditionally). There are lots of mass uninstallers out there (regedit comes to mind), so that concept shouldn't be a problem... If the "known offender" thing is what is in the way, then just give me a PUP (Spybot S&D) page with a "Select all" in settings. Then I can cherry pick the acceptable ones out of the list rather than checking the whole list except three or four...
I'm sorry, but most of the ideas you've offered in this latest post are simply not practical or advisable for anti-spyware companies, who are already faced with a minefield of trouble as it stands.
*sigh* that is odd, as this post was basically a recap of a previous one which I felt you found acceptable (re: What were we arguing about?)
Regards,
Bruce | |
| reply to eburger68
said by eburger68:Bruce: otice the "Set a single action for all items" link next to the "Take Action" button. That link brings up a dialog box (see the second screenshot) that allows you do configure all detected items to for "Remove" or "Quarantine," no matter what the default action is. I guess I didn't remember that such an option existed because in the testing I do, I never use it. I always inspect each detection one by one and select or verify the actions for each detection. My apologies for the oversight and confusion. (Note: the screenshots above are from CounterSpy 1.5 beta, but the same option and dialog box exist in the current release version 1.0.29.) Best, Eric L. Howes Apologies not required.
Beauty day. Make it GLOBAL, Make it stick.
Regards,
Bruce | |
| reply to roamer_1
Bruce:
You wrote:
said by roamer_1:
Not exactly- You had said something to the effect that past reputation could be taken into account, but could not be an "end all" criteria, I simply proposed that if the company offered no spyware in any way for a reasonable period (1 yr was the example) then the delisting would take place- Perhaps I read you wrong. It seems you are now saying that past reputation cannot be a factor whatsoever! (?)
Perhaps you could flesh out how you see "past reputation" being applied?
I'm sorry, but the pre-checked boxes still amount to the same thing as a default action of "Remove," and you want those pre-checked boxes to be determined on the basis of a "known offender" status, which is itself reputation, which takes us right back to the original argument that some made in this thread, which was: "WhenU ought to be set to 'Remove' by default because it's WhenU." That's why I called it merely "another attempt to insert a 'because-it's-WhenU' trump card into the review process."
said by roamer_1:
I understand perfectly that labels are useless for targeting decisions (and I agree with your writings to that effect), but they are awfully handy in discussions. One saves alot of time labeling a creature a "duck" rather than explaining all the features that separate it from other avians in general every time a duck is described... Perhaps with a few well placed labels we might stop talking past each other.
Well, we're talking about the nitty targeting decisions here. For general coversation, labels can be handy. Beyond that, though, they become problematic. We like to think that the world is so simple that we can "call a duck a duck." But when we're dealing with anti-spyware targeting decisions, things are a bit more complicated because different people have different ideas as to what's a duck in some cases -- and we've seen as much right here in this thread.
said by roamer_1:
I was trying to delineate software that has install, notification, keeps ads within itself, and has an uninstall etc. Features you (seem to) describe as making it legitimate, though it is still adware. To me there is no difference, but if you need to define a legal difference, so be it.
I was suggesting an expansion of detect/remove to cover that "group" as well (AolMess and YahooBar were suggested earlier as examples of inclusion), so that these morphing companies could not say they were being unfairly singled out.
Actually, Sunbelt already does include similar applications in its database: Download Accelerator Plus and Weatherbug, for example. But Sunbelt doesn't include those apps because they fit some general label. They're included because they trip particular targeting criteria -- criteria which were developed with an eye towards what could cause users significant problems.
said by roamer_1:
I am against the idea that since the user was stupid enough to install it there should be no easy way to remove it and it must be relegated to A/R simply because it supplies an uninstall routine, or that it would be "Line item only" for removal.
First, what's not "easy" about Add/Remove Programs (assuming the uninstaller does the job as advertised? It seems that you want a general uninstallation utility for all manner of applications, but anti-spyware apps are not that kind of beast. They selectively detect and present applications of a certain quality based on certain criteria, which suggests to users that the selected/detected apps are somehow less desirable or more problematic than the ones not selected/detected. And once they do that, they've got take great care in how they select/detect/present.
Anti-spyware vendors can detect and present a wide range of different apps to users, but they must have some good rational for doing so (e.g., the app verifiably could present a problem or threat to users of some sort). Moreover, they must take special care in presenting applications that could be wanted and voluntarily installed by users, as I've explained in several other posts. That's where "Low risk adware" adware categories come from -- from an attempt to treat these types of applications differently.
It looks like you to want an easy way to erase all the default presentation differences, because you think it would suit your needs. But erasing those presentation differences could cause problems for other users -- tech gurus with clueless clients are not the only ones using anti-spyware apps.
said by roamer_1:
However, since you raised the point (and with any couched threat unintended), you would be suprised how many of your users ARE your users only with the blessing of their local guru or tech. If it doesn't fly with me, you can bet my users will be elswhere- especially when it comes to security software. My previous post aside, most of my users listen to me and accept my recommendations. I say this only to highlight the point that you do well to be here (and other places like in kind) and pound this out in an acceptable fashion.
Fine, but tech gurus are not the only ones using the anti-spyware applications, and anti-spyware vendors can't enshrine their preferences as the defaults just because they might feel they ought to be, esp. once we're dealing with types of software where the users themselves are divided and have differing needs and expectations.
Now, what anti-spyware companies CAN do is build in features that allow users of all kinds to customize the behavior of the anti-spyware programs to suit their particular needs -- a "Select/Remove All" button is a very simple example of that. A user-customizable "blacklist" (which I also discussed earlier today) is another example of that. But those kinds of preferences have to be incorporated into the product's performance through your own expressed customization/preference selecting actions. The defaults for anti-spyware applications, by contrast, have to be very carefully selected, and they may not absolutely match your own preferences.
said by roamer_1:
But you also can't take away the ability of the program to do the meat and potatos work that we rely on it to do. As I said before, CYA legally... fine. but give me a "Select all /remove" and keep detecting... Or a global option to select all... so that I can override the suggested action.
I know that you are holding your nose while you do this. I understand that you don't like these companies any more than I do. But in the midst of it you seem to be making the case for a type of "acceptable" level of adware, rather than a rally to "how do we beat 'em now?" which is an uncomfortable residue of this discussion.
So what are you saying in a general sense (not WhenU particularly for the moment)? Is there no productive way that Anti-Spy can assist if an adware drops below a certain level? And if such is the case, where might that level be defined? And if defined, How does one prevent further slippage (herein lies the brow of the proverbial slippery slope)?
It's not a matter of "acceptable" vs. "unacceptable" adware: it's a matter of finding ways to deal with applications that users can very well regard differently. As I've said several times, anti-spyware vendors can't just use your preferences as the defaults for the behavior and performance of their applications; they have to accommodate a wide range of users, and once we get down to handling what you're calling "ad-sponsored software," your preferences aren't universally held and could cause problems for other users if enshrined as the default preferences within anti-spyware applications.
said by roamer_1:
I didn't figure there would be any. Adware is within your pervue (at least traditionally). There are lots of mass uninstallers out there (regedit comes to mind), so that concept shouldn't be a problem...
But those kinds of applications don't selectively detect and present software based on the kinds of criteria that anti-spyware apps do. And users don't necessarily interpret the "results" presented to them by system cleaning applications in the same way as they do the "results" from "anti-spyware" apps.
As I said before, it looks like you want a general system cleaning app, and anti-spyware applications can come to resemble such applications, but the evolution isn't easy because of the expectations (from users, vendors, admins, etc.) that are brought to bear on anti-spyware apps, which started their lives closer to the "malware cleaning" side of things rather than the "system cleaning" side of things.
said by roamer_1:
If the "known offender" thing is what is in the way, then just give me a PUP (Spybot S&D) page with a "Select all" in settings. Then I can cherry pick the acceptable ones out of the list rather than checking the whole list except three or four...
Such a thing is easily implemented. Your suggestion from a later post to "make it global, make it stick," is more problematic without building checks or safety features for less knowledgeable users. You know enough to "select all" and then cherry pick the "acceptable ones," but I can already hear the complaints from users who didn't fully understand that the detected apps may not all be "bad" and who blindly selected that global option: "This @$#$%F*&S)#W! anti-spyware program said my screensaver and weather program were viruses and removed them!" And then we're right back to square one.
Best,
Eric L. Howes
--
Microsoft MVP
Sunbelt Software Consultant
Spyware Warrior | |
ghost16825Use security metricsPremium
join:2003-08-26 | reply to eburger68
said by eburger68:That's all very well and good, but things do get a bit murkier when we're dealing with less knowledgeable users who don't always act consistently. ...which goes back to the point about assumed user knowledge.
--
Admin of the Kerio 2x-like open source project:
http://sourceforge.net/projects/kerio/
http://kerio.sourceforge.net/
| |
| OK I have to rant here. First let me say that I skipped about 16 pages of posts but from what I've seen it all looks the same anyway.
I think this thread is a perfect example of one of the major problems that plagues this industry today. This industry has developed a regrettably zealous and uninformed following. By that I mean that absolutely nothing any of these companies ever does will ever work as an apeasement to the large group of individuals that 1. Do not do their own research, 2. Take the word of self-appointed "experts", and 3. Allow their mentality to be formed by the highest common denominator, or simply, follow the herd.
From what I've seen here about the only thing that would satisfy the majority of these posters is to plant a nuke at each and every one of these adware companies and delisting antispyware companies and wipe them out. Unfortunately this is the kind of juvenile mentality that these antispyware companies are up against. It doesn't matter that these companies typically stock themselves with anywhere from 5 to 100 real experts that evaluate and fight this stuff everyday, publish legitimate research, and have the background to actually decide what stuff is harmful and what is not, as seen with Lavasoft and Pest Patrol one zealot starts a rampage about a delisting that 1,000 blind sheep jump on board with and naturally a commercial company has to cave. It's a disservice, to the antispyware companies, to the delisted companies, and believe it or not to the end user. This mentality is so rampant that often an end user that doesn't spend 10 hours a day often receives this extremist advice in some forum from some 13 yr old kid who received the same advice from an "expert" and they take it as gospel and voila, we're crowning another tin foil beanie chief. Now the antispyware company providing that end user with the solution has to take 3 days to calm down and explain to that user how their information is wrong.
I would venture to say that 95% of people in these forums have no formal education in regards to spyware evaluation, detection, and removal. Their education is solely in HJT logs and what someone else has told them is bad. Find me 10 people that have researched every entry on their own and based their decision on that and I'll come to your house and brush your teeth. I would also say that 85% of these people do not do their own research and accept what is spoon fed to them. You spend 3 hours a day on Hijack This logs you say? Great, from that I want you to tell me every distribution method that application takes advantage of as well as provide me with a detailed analysis of captured packet sniffer logs. Along with that I will need to know the company that produces the application, including registrar, address, and contact info. While you're at it go ahead and disassemble all the executables and dlls and get me a detailed report on those.
While we are on the subject and you have your assignments lined up you might as well provide us with every correspondence, contract, agreement, and conversation that has taken place between every antispyware company and every adware company or researcher that they have dealt with. I'm sure this will help you to prove the "conspiracy". Transparency is your argument to that? Well folks unfortunately we live in a corporate world and there's things called NDA's or Non Disclosure Agreements that are typically precursors to any kind of exchange of proprietary technology and information, which of course is a necessity to an honest and partial evaluation.
Now I'll use what I've seen in this thread as a perfect example. I've seen Eric Howes posting in this forum and references to his research. I'll be frank and say that I'm no fan of that rogue antispyware list. While I do believe it serves a purpose and can be informative to those who know how to filter out the biased leaning in favor of Lavasoft I have seen that thing quoted left and right, up and down, 9 ways to Sunday by this zealous following. Up until the point when he justified the Sunbelt changes you all thought Eric and that list was the best thing since sliced bread. Once his research came out and he justified the claims of Sunbelt you people turned on him, tried to chew him up, and spit him out. Absolutely zero weight was given to the fact that he actually did perform and provide non-biased research to back up the decision.
I don't think you can find in any other industry, firewall, antivirus, or otherwise, such a close minded, uninformed, blinder view of progression than in the spyware industry. It suffers from a mentality that is a cancer to the greater good. With such a blind outlook on things you have to realize, if an adware or whatever company honestly cleans up its act and justifies non-detection, only to have the antispyware company have to cave to a herd following public, we're never going to see an end to the problem. What encouragement do these guys have at all if their best efforts go for nill because of an uninformed public? They might as well keep exploiting loopholes and achieving installs and just deal with the antispyware removals than attempt to spend money righting their wrongs.
OK I think I've ranted enough and hopefully you understand my point. I think it applies to life as it does to the industry and I'll provide a couple recommendations to what should be done.
Lessons:
1. Do your own research
2. Use what your told as a factor of your research, not an excuse to do your research
3. People are grownups and need to accept some of the responsiblity over what they do. Your hand wasn't held when installing Windows, why can't we expect the same responsibility for an install dialog?
Resolution:
1. A non-biased researcher standard needs to be created, such as an MCSE or MVP for antispyware studies. This standard could be collaberated on by antispyware developers and open to the public for testing.
2. Subject the standard to strict revocation until we balance the industry. You start slanting in a bias manner or providing pure opinions in your advice, bye bye certification.
3. DO YOUR OWN RESEARCH. DO YOUR OWN RESEARCH. DO YOUR OWN RESEARCH. God, Buddha, and all others gave you a mind of your own and you didn't spend 13+ years in school to be told what to believe by others.
4. Use SaranWrap, not tin foil. This has got to be the most important of all. And no, antispyware vendors didn't kill JFK, build and isolate Area 51, hide Martians, start the FreeMasons and New World Order, pollute the water with pacifying hallucinogens, or turn a blind eye to Pearl Harbor | |
 antiseriousThe Future ain't what it used to bePremium
join:2001-12-12
Scranton, PA | said by IndustryBurnout:
First let me say that I skipped about 16 pages of posts but from what I've seen it all looks the same anyway.
... and that's as far as I got, except to scroll through your verbose blather to get to the 'post reply' button ...
... but thanks for stopping by ...  ... always swell to hear from a burnout ...
--
... "Do You Know Where Your Towel Is ?" ... | |
|
