how-to block ads
|
dikbozo
join:2004-07-14
Regina, SK | reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Cl
It also appears AVG doesn't like it either. It slams the download on contact as a "WREN" trojan downloader. It does seem as if lots work is needed to clean up this act. | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
2 edits | reply to Jrb2
Re: PestPatrol says: eAcceleration/StopSign are Clean!
IE-SpyAd is Eric Burger (eBurger). I tested and it appears eAcceleration is now clean in IE-SpyAd too. (Remember to always uninstall the old IE-SpyAd before installing the new version, otherwise your Restricted Zone will grow forever.)
But I expect it will take several weeks or even a couple of months for word to get around to all the AV vendors.
That WREN detection is a signature, not heurisitic. It just means the file is detected as eAcceleration's downloader, and says nothing about what the file does.
I'm sticking up for eAcceleration because it was wrongly labeled trojan-like by a competitor, but let this be a lesson to IT company CEOs and boards to watch what your marketing folks and senior tech managers are up to.
Questionable marketing practices / unpopular marketing practices can hurt a company's image in a way that makes a difference to the bottom line that several months to appear and many months to clean up.
People will be turning up nasty topics on eAcceleration in search engines for maybe years to come.
And I'll long wonder about PestPatrol's opinions on competitor's products (although to their credit they seem to have cleaned this up very quickly when the discrepancy was brought to their attention, and on a weekend).
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) | |
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Re: PestPatrol says: eAcceleration/StopSign are Cl
said by keith2468  :
I'm sticking up for eAcceleration because it was wrongly labeled trojan-like by a competitor, but let this be a lesson to IT company CEOs and boards to watch what your marketing folks and senior tech managers are up to.
Ummm, it wasn't wrongly labled. At one time this was a serious problem.
That they have changed their product and made some very recent improvements thanks to a new developement they need to submit and wait for the results and then work on their image in this community.
It was rightly labled until then. It will take some time to undo that.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/ | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
3 edits | reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Clean!
edit:
Jane, you can have problems and be slandered anyway.
PestPatrol was alluding to its competitor being trojan-like because it used cpu cycles and it used the internet.
If StopSign was not a remote access trojan plain and simple it was improperly labelled as a trojan, notwithstanding other statements about it perhaps being accurate.
I'm pretty much assuming, based on what PestPatrol had on its website and what was in the email, about the StopSign product, that PestPatrol's language in the email was about lawyerly not admitting having done something that could get them sued. Admitting such would be dumb. It might invalidate PestPatrol's liability insurance (liability insurance often has a clause requiring the insured to cooperate in the defense).
And since StopSign still uses cpu cycles, it still uses the network bandwidth, and it still asks for a name and email address when you register -- and those were 3 of the complaints PestPatrol had against StopSign that made it trojan-like -- I don't see critical changes in 3 things that caused the "trojan-like" label.
As I understand it from PestPatrol itself, in its detailed description of StopSign, the other problems with it was that it was downloaded from the same sites as adware, and it wasn't a very good product. And I can imagine those statements perhaps being true. I run 16 security products on my machines. If any one of them was up to the task I'd be running just that one product. But where StopSign is downloaded from and whether it is any good is beside the point because those issues aren't the dispute.
Further, PestPatrol complained that StopSign delivered ads of itself in itself. Apparently this fit PestPatrol's definition of adware.
The free versions of Opera and ZoneAlarm do this too. Does PestPatrol identify ZAF and Opera free as adware?
Talk about vendor squabbling.
If PestPatrol saw worse problems why didn't they describe them? I'm only commenting on what PestPatrol said it saw and the conclusions it reached on that basis about the product having "trojan-like characteristics".
Anyway Jane, was there anything you saw in StopSign that PestPatrol didn't include in the description I read that would have made the trojan label correct?
I'm not denying StopSign had problems and missed many things.
All my security software has problems and misses many things.
Stealing computer services and stealing telecommunications services are both violations of US federal law. If publicly registered US companies are doing this, citizens of the USA should seek to have it stopped by measures stronger than quiet boycotts.
No matter what country the offending company is in, it is difficult and expensive for non-residents to have complaints against it takem seriously by law enforcement.
And security professionals and enthusiasts in other countries should return the favor by reporting companies resident in their countries that break their laws.
Anyway, that is how I see the situation. | |
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| "I'm not denying StopSign had problems and missed many things.
It was inevitable that this thread would veer off topic but I guess in a vendors forum it's difficult not to look at all the aspects of a software product. You can compare StopSign's test results here.
»www.stop-sign.com/research/compa···k01&dc=1
--
Dave said "By the way, 4294967295 is just another way to write -1". | |
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
1 edit | *cough* bullshit *cough*
StopSign beats McAfee? Panda? Norton? F-Prot?
Kaspersky?!?
--
Nuke 'em all, let God sort 'em out. | |
eburger68
Premium,MVM
join:2001-04-28
4 edits | reply to keith2468
Re: PestPatrol says: eAcceleration/StopSign are Cl
Keith2468:
Jane was right on the money when she responded to your previous posts. This business of ignoring, misquoting, and misrepresenting what Pest Patrol had on its pages about Stop-Sign and what others reported about Stop-Sign's behavior has got to stop, Keith. You have repeatedly and continually ignored whatever does not fit your particular (and particularly flawed) view of Stop-Sign's reported past behavior. Still worse, you have engaged in rank speculation about Pest Patrol's motives for reporting what it did about Pest Patrol (e.g., Stop-Sign was targeted because one researcher had a "bad day" or because Pest Patrol decided to pick on small competitors, et al), all without the slightest bit of evidence.
This latest post of yours is simply too much, as you're now at the point of inventing information and claims that you falsely attribute to Pest Patrol -- all the while continuing to ignore (and even refuse to look at) the evidence that's been pointed out to you.
Before I go through your latest claims one by one, let's establish just what Pest Patrol had on its site. It had three pages:
* TrojanDownloader.win32.Wren.a
»www.pestpatrol.com/pestinfo/t/tr···en_a.asp
This page classified Stop-Sign's stub downloader as a "trojan downloader" -- not a trojan. "Downloader" was defined on that page as:
said by Pest Patrol:
Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
That is, techically speaking, accurate. It was described as a "trojan downloader" (as opposed to a normal, non-malicious downloader) because of Stop-Sign's deceptive, drive-by-download installations and its trickler-like behavior after it was installed.
Note that this page applies to the downloader itself, not the entire Stop-Sign program.
* DownloadReceiver
»www.pestpatrol.com/PestInfo/d/do···iver.asp
This page described one specific software component used by eAcceleration:
said by Pest Patrol:
DownloadReceiver is a component used by eAcceleration (Acceleration Software International Corporation) to download and install their Webcelerator software. It also runs an advertising process called systimer.exe, on startup.
Note that this page also applies to one specific component, not the entire Stop-Sign program, and it too does not describe this software component as a "trojan."
* StopSign
»www.pestpatrol.com/PestInfo/S/StopSign.asp
This page contained a more complete write-up of the full Stop-Sign program. Pest Patrol's summary of Stop-Sign read as follows:
said by Pest Patrol:
Disables security software. Purports to be security software.
Adware - displays numerous popups recommending purchase of various Acceleration Software products.
Firewall Killer - interferes with operation of several personal firewalls.
Loader - quietly installs other files.
Exploit - uses social engineering and stealth tricklers to gain control of the system.
Note that this neither does this page label Stop-Sign itself as a trojan.
With this brief context established, let me address your latest claims.
said by Keith2468:
PestPatrol was alluding to its competitor being trojan-like because it used cpu cycles and it used the internet.
Nowhere did the Pest Patrol write-up say anything like this. Pest Patrol never accused Stop-Sign itself of being a "trojan" -- you've changed "trojan downloader" (used for the downloader itself) into "trojan," and they are two different things. Moreover, when Pest Patrol did discuss the impact on system performance, it did not use that discussion as reasons to label Stop-Sign a "trojan." What Pest Patrol said was:
said by Pest Patrol:
Some impact on resources:
* Upon boot, DR-Fetcher Executable, eAnthology Download module, eAnthology Manager,Stop-Sign Threat Scanner GUI, eAnthology Manager will all connect quietly to the Internet - a loss of bandwidth.
* During operation, EANTHO~1.EXE (4,048 Kb) and DEFSCA~1.EXE (4,220 Kb) will both remain resident - an 8 Mb loss of available memory in a user's machine.
* With an open Internet connection, this will retrieve 28 Mb or more of software without any explicit user request - a loss of available storage.
Notice the modest language ("some impact") as well as the straightforward description of specific behavior and impacts on system resources. Nowehere does Pest Patrol accuse Stop-Sign of being a "trojan" just because it used CPU cycles or accessed the Internet -- that's your own invention.
said by Keith2468:
If StopSign was not a remote access trojan plain and simple it was improperly labelled as a trojan, notwithstanding other statements about it perhaps being accurate.
Now you've changed "trojan" to "remote access trojan," a still worse misrepresentation of what Pest Patrol wrote. Again, Pest Patrol described the downloader itself -- not the full program -- as a "trojan downloader," not a "remote access trojan." A "trojan downloader" and a "remote access trojan" (like NetBus or BackOrifice) are two completely different things.
said by Keith2468:
I'm pretty much assuming, based on what PestPatrol had on its website and what was in the email, about the StopSign product, that PestPatrol's language in the email was about lawyerly not admitting having done something that could get them sued. Admitting such would be dumb. It might invalidate PestPatrol's liability insurance (liability insurance often has a clause requiring the insured to cooperate in the defense).
What's amusing, Keith, is that you would slight Pest Patrol for being slippery in using "lawyerly" language when you've just finished inventing information to falsely to attribute to Pest Patrol. I would suggest that before you decide to lecture anyone else about libelous behavior that you get your own house in order and stop inventing information and motives for Pest Patrol, as you've done in these several recent threads about Stop-Sign repeatedly.
said by Keith2468:
And since StopSign still uses cpu cycles, it still uses the network bandwidth, and it still asks for a name and email address when you register -- and those were 3 of the complaints PestPatrol had against StopSign that made it trojan-like -- I don't see critical changes in 3 things that caused the "trojan-like" label.
Here you go again, inventing things out of whole cloth and attributing them to Pest Patrol. See above for a summary of what in fact were Pest Patrol's main complaints against Stop-Sign. None of them involved merely "using CPU cycles" or "network bandwidth" in such a way that the program itself became a "trojan." Pest Patrol straightforwardly described the impact on system performance -- that's it, that's all. Even the request during registration for personal information Pest Patrol never described as "trojan-like" -- it described it merely as a "privacy issue."
said by Keith2468:
Further, PestPatrol complained that StopSign delivered ads of itself in itself. Apparently this fit PestPatrol's definition of adware.
The free versions of Opera and ZoneAlarm do this too. Does PestPatrol identify ZAF and Opera free as adware?
Pest Patrol's complaint was quite specific -- it was not merely "delivering ads of itself in itself." Specifically, Pest Patrol noted:
said by Pest Patrol:
Adware - displays numerous popups recommending purchase of various Acceleration Software products.
Note that this advertising is described as a bit more intrusive than the advertising in Opera or Zone Alarm. Moreover, it goes beyond delivering ads only for Stop-Sign. Pest Patrol even quoted eAcceleration's own license agreement:
said by Pest Patrol:
Advertising: Yes. The license agreement states "End Users also agree to allow Provider to display online advertising for our own products, if they are not paid subscribers."
said by Keith2468:
Talk about vendor squabbling.
This was not a mere vendor squabble, Keith. The complaints against Stop-Sign originated among users (see once again the earlier threads here at DSLR that you seem so keen on ignoring), and Pest Patrol (and many others) targeted Stop-Sign based on complaints like those.
Moreover, if you're going to characterize this as a "squabble," you ought to at least be able to suggest what this "squabble" was about and provide evidence for it -- and you can't. You've simply attributed to Pest Patrol ill motives without the least bit of evidence -- something you've done repeatedly in these several threads on Stop-Sign.
said by Keith2468:
If PestPatrol saw worse problems why didn't they describe them? I'm only commenting on what PestPatrol said it saw and the conclusions it reached on that basis about the product having "trojan-like characteristics".
They did describe worse problems -- you've just ignored them. Moreover, Pest Patrol never used the description "trojan-like characteristics" to describe Stop-Sign. That's your own invention.
said by Keith2468:
Anyway Jane, was there anything you saw in StopSign that PestPatrol didn't include in the description I read that would have made the trojan label correct?
Pest Patrol never labeled Stop-Sign itself as a "trojan," so your question to Jane is completely off-point.
said by Keith2468:
I'm not denying StopSign had problems and missed many things.
All my security software has problems and misses many things.
The problems with with earlier versions of Stop-Sign and the download/installation process that was used to foist that software on users' systems went way beyond "missing things."
said by Keith2468:
Stealing computer services and stealing telecommunications services are both violations of US federal law. If publicly registered US companies are doing this, citizens of the USA should seek to have it stopped by measures stronger than quiet boycotts.
No matter what country the offending company is in, it is difficult and expensive for non-residents to have complaints against it takem seriously by law enforcement.
And security professionals and enthusiasts in other countries should return the favor by reporting companies resident in their countries that break their laws.
And here you lapse into utter absurdity. Pest Patrol never accused Stop-Sign even remotely of "stealing computer services and stealing telecommunications" such that its actions would rise to the level of being a violation of federal law.
said by Keith2468:
Anyway, that is how I see the situation.
And your view of the situation is quite mistaken and self-blinkered, primarly because you've ignored the evidence that is available, refused to look at evidence, attributed ill motives to Pest Patrol without the least bit of evidence, and seriously misrepresented (and even falsely quoted) what Pest Patrol did say about Stop-Sign.
Eric L. Howes | |
eburger68
Premium,MVM
join:2001-04-28
| reply to dadkins
dadkins:
You wrote:
said by dadkins :
*cough* bullshit *cough*
StopSign beats McAfee? Panda? Norton? F-Prot?
Kaspersky?!?
Note that those ratings are attributed to "SoftLogic Group," which is a software development and outsourcing company based in Russia. It also does consulting. See:
»www.softlogicgroup.com/departmen···ting.htm
...where it says:
said by SoftLogic:
Largest customer is Acceleration Software - large software development company, that gives us its products for preliminary, alfa and beta testing.
Put mildly, we don't know what tests were conducted by SoftLogic or how they were conducted. Moreover, we don't even know that SoftLogic has a reputable history for conducting such tests. Still worse, eAcceleration is a client of SoftLogic -- making SoftLogic something less than a dependable source for comparative testing with Stop-Sign.
eAcceleration has said that it is in the process of submitting Stop-Sign to the usual, recognized malware testing venues. The results of those tests will be much more reliable or worth paying attention to.
Eric L. Howes | |
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Clean!
Eric, thank you so much for your above responses to Keith. My own thoughts on his posts are probably libelous, so I will keep them to myself.
Also, I totally agree with Dadkins. Those results are total bullsh*t.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
1 edit | reply to davidnason
Section 8's
StopSign's Faq's page found here
»www.stop-sign.com/faq/?pg=eantho···earch_co mp%26ss_research%26ss_research_advsup%26ss_research_updates%26ss_research_spyclean%26ss_lib_ gen%26ss_lib_av%26ss_dc001%26ss_serv_guar&ver=online&clk=1&SV=se033a&n=d_ss_clk01&dc=1#call_ss_spyware
contains a Section 8 titled "How do I reinstall eAcceleration?" which states
"Follow the prompts through the installation procedure until the Stop-Sign Threat Scanner loads. We recommend that you scan your computer twice. If you have any infected files, your scan results will be automatically sent to Support@eAcceleration.com . "
I'm not sure if this paragraph (inside a reinstall section) is acting as some sort of notice or privacy statement that any & all files that reside on a drive can be sent to StopSign depending on only the results of their scan. If that's true, any file on a system could be sent to StopSign, when you consider the possibilities of FP's.
Edit: Some clarification on section 8 from the privacy policy at
»www.eacceleration.com/privacy/?p···earch_co %26ss_faq_gen&ver=online&SV=ss_dc001&dc=1&n=d_ss_cps
"3) To assist in the Technical Support of our paying subscribers, some Stop-Sign Threat Scanner results are sent to our Technical Support group in order to assist the subscriber with virus and infection removal. These scan results include: account verification information; identification of the operating system; and which virus threats were discovered and either cured or quarantined. If any infections remain, we may require a download of the live virus file from the subscriber's computer to conduct research. This also provides the basis for a customized solution from the Technical Support group."
I honestly can't say for sure from reading it which definition of the verb "require" is intended.
»www.cogsci.princeton.edu/cgi-bin···=require
--
Dave said "By the way, 4294967295 is just another way to write -1".
| |
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
2 edits | reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Clean!
You know - maybe this company is trying to clean up there act. I'm personally not so sure. The marketing people need to do a much better job. That is for sure. And the company needs to decide on if they want to be a security company or all things to all people.
I just saw there commercial on GSN for there OOdlz game site. What self respecting security company would run such a venture? Same actors voices from there security commercials as well.
The whole aura of this company comes off as a joke to be honest.
"Your computer will be diagnosed for viruses and other threats. If any infections are found, you'll be given an opportunity to purchase a cure. You are NOT required to purchase a cure to enjoy FREE OOdlz gaming."
The marketing just screams scam to me. I know the company has sworn up, down and all around that they are in fact a legitimate company. In business to help users. I just have a hard time buying that.
Stop Sign beats Kaspersky? Let us see an unsolicited - not paid for by the company - testing of that fact.
--
Test Your Security
Benefit for Children's Oncology Group
Cable Modem Diagnostics | |
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON |  reply to Jrb2
(topic move) PestPatrol says: eAcceleration/StopSign are Clean!
Moderator Action
The post that was here, and all followups to it, were moved to a new topic .. »Infected system. Pop up ads. | |
|
