Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON |  reply to Jrb2
(topic move) PestPatrol says: eAcceleration/StopSign are Clean!
Moderator Action
The post that was here, and all followups to it, were moved to a new topic .. »Infected system. Pop up ads. |
|
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
2 edits | reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Clean!
You know - maybe this company is trying to clean up there act. I'm personally not so sure. The marketing people need to do a much better job. That is for sure. And the company needs to decide on if they want to be a security company or all things to all people.
I just saw there commercial on GSN for there OOdlz game site. What self respecting security company would run such a venture? Same actors voices from there security commercials as well.
The whole aura of this company comes off as a joke to be honest.
"Your computer will be diagnosed for viruses and other threats. If any infections are found, you'll be given an opportunity to purchase a cure. You are NOT required to purchase a cure to enjoy FREE OOdlz gaming."
The marketing just screams scam to me. I know the company has sworn up, down and all around that they are in fact a legitimate company. In business to help users. I just have a hard time buying that.
Stop Sign beats Kaspersky? Let us see an unsolicited - not paid for by the company - testing of that fact.
--
Test Your Security
Benefit for Children's Oncology Group
Cable Modem Diagnostics |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
1 edit | reply to davidnason
Section 8's
StopSign's Faq's page found here
»www.stop-sign.com/faq/?pg=eantho···earch_co mp%26ss_research%26ss_research_advsup%26ss_research_updates%26ss_research_spyclean%26ss_lib_ gen%26ss_lib_av%26ss_dc001%26ss_serv_guar&ver=online&clk=1&SV=se033a&n=d_ss_clk01&dc=1#call_ss_spyware
contains a Section 8 titled "How do I reinstall eAcceleration?" which states
"Follow the prompts through the installation procedure until the Stop-Sign Threat Scanner loads. We recommend that you scan your computer twice. If you have any infected files, your scan results will be automatically sent to Support@eAcceleration.com . "
I'm not sure if this paragraph (inside a reinstall section) is acting as some sort of notice or privacy statement that any & all files that reside on a drive can be sent to StopSign depending on only the results of their scan. If that's true, any file on a system could be sent to StopSign, when you consider the possibilities of FP's.
Edit: Some clarification on section 8 from the privacy policy at
»www.eacceleration.com/privacy/?p···earch_co %26ss_faq_gen&ver=online&SV=ss_dc001&dc=1&n=d_ss_cps
"3) To assist in the Technical Support of our paying subscribers, some Stop-Sign Threat Scanner results are sent to our Technical Support group in order to assist the subscriber with virus and infection removal. These scan results include: account verification information; identification of the operating system; and which virus threats were discovered and either cured or quarantined. If any infections remain, we may require a download of the live virus file from the subscriber's computer to conduct research. This also provides the basis for a customized solution from the Technical Support group."
I honestly can't say for sure from reading it which definition of the verb "require" is intended.
»www.cogsci.princeton.edu/cgi-bin···=require
--
Dave said "By the way, 4294967295 is just another way to write -1".
|
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Clean!
Eric, thank you so much for your above responses to Keith. My own thoughts on his posts are probably libelous, so I will keep them to myself.
Also, I totally agree with Dadkins. Those results are total bullsh*t.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
eburger68
Premium,MVM
join:2001-04-28
| reply to dadkins
Re: PestPatrol says: eAcceleration/StopSign are Cl
dadkins:
You wrote:
said by dadkins  :
*cough* bullshit *cough*
StopSign beats McAfee? Panda? Norton? F-Prot?
Kaspersky?!?
Note that those ratings are attributed to "SoftLogic Group," which is a software development and outsourcing company based in Russia. It also does consulting. See:
»www.softlogicgroup.com/departmen···ting.htm
...where it says:
said by SoftLogic:
Largest customer is Acceleration Software - large software development company, that gives us its products for preliminary, alfa and beta testing.
Put mildly, we don't know what tests were conducted by SoftLogic or how they were conducted. Moreover, we don't even know that SoftLogic has a reputable history for conducting such tests. Still worse, eAcceleration is a client of SoftLogic -- making SoftLogic something less than a dependable source for comparative testing with Stop-Sign.
eAcceleration has said that it is in the process of submitting Stop-Sign to the usual, recognized malware testing venues. The results of those tests will be much more reliable or worth paying attention to.
Eric L. Howes |
|
eburger68
Premium,MVM
join:2001-04-28
4 edits | reply to keith2468
Keith2468:
Jane was right on the money when she responded to your previous posts. This business of ignoring, misquoting, and misrepresenting what Pest Patrol had on its pages about Stop-Sign and what others reported about Stop-Sign's behavior has got to stop, Keith. You have repeatedly and continually ignored whatever does not fit your particular (and particularly flawed) view of Stop-Sign's reported past behavior. Still worse, you have engaged in rank speculation about Pest Patrol's motives for reporting what it did about Pest Patrol (e.g., Stop-Sign was targeted because one researcher had a "bad day" or because Pest Patrol decided to pick on small competitors, et al), all without the slightest bit of evidence.
This latest post of yours is simply too much, as you're now at the point of inventing information and claims that you falsely attribute to Pest Patrol -- all the while continuing to ignore (and even refuse to look at) the evidence that's been pointed out to you.
Before I go through your latest claims one by one, let's establish just what Pest Patrol had on its site. It had three pages:
* TrojanDownloader.win32.Wren.a
»www.pestpatrol.com/pestinfo/t/tr···en_a.asp
This page classified Stop-Sign's stub downloader as a "trojan downloader" -- not a trojan. "Downloader" was defined on that page as:
said by Pest Patrol:
Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
That is, techically speaking, accurate. It was described as a "trojan downloader" (as opposed to a normal, non-malicious downloader) because of Stop-Sign's deceptive, drive-by-download installations and its trickler-like behavior after it was installed.
Note that this page applies to the downloader itself, not the entire Stop-Sign program.
* DownloadReceiver
»www.pestpatrol.com/PestInfo/d/do···iver.asp
This page described one specific software component used by eAcceleration:
said by Pest Patrol:
DownloadReceiver is a component used by eAcceleration (Acceleration Software International Corporation) to download and install their Webcelerator software. It also runs an advertising process called systimer.exe, on startup.
Note that this page also applies to one specific component, not the entire Stop-Sign program, and it too does not describe this software component as a "trojan."
* StopSign
»www.pestpatrol.com/PestInfo/S/StopSign.asp
This page contained a more complete write-up of the full Stop-Sign program. Pest Patrol's summary of Stop-Sign read as follows:
said by Pest Patrol:
Disables security software. Purports to be security software.
Adware - displays numerous popups recommending purchase of various Acceleration Software products.
Firewall Killer - interferes with operation of several personal firewalls.
Loader - quietly installs other files.
Exploit - uses social engineering and stealth tricklers to gain control of the system.
Note that this neither does this page label Stop-Sign itself as a trojan.
With this brief context established, let me address your latest claims.
said by Keith2468:
PestPatrol was alluding to its competitor being trojan-like because it used cpu cycles and it used the internet.
Nowhere did the Pest Patrol write-up say anything like this. Pest Patrol never accused Stop-Sign itself of being a "trojan" -- you've changed "trojan downloader" (used for the downloader itself) into "trojan," and they are two different things. Moreover, when Pest Patrol did discuss the impact on system performance, it did not use that discussion as reasons to label Stop-Sign a "trojan." What Pest Patrol said was:
said by Pest Patrol:
Some impact on resources:
* Upon boot, DR-Fetcher Executable, eAnthology Download module, eAnthology Manager,Stop-Sign Threat Scanner GUI, eAnthology Manager will all connect quietly to the Internet - a loss of bandwidth.
* During operation, EANTHO~1.EXE (4,048 Kb) and DEFSCA~1.EXE (4,220 Kb) will both remain resident - an 8 Mb loss of available memory in a user's machine.
* With an open Internet connection, this will retrieve 28 Mb or more of software without any explicit user request - a loss of available storage.
Notice the modest language ("some impact") as well as the straightforward description of specific behavior and impacts on system resources. Nowehere does Pest Patrol accuse Stop-Sign of being a "trojan" just because it used CPU cycles or accessed the Internet -- that's your own invention.
said by Keith2468:
If StopSign was not a remote access trojan plain and simple it was improperly labelled as a trojan, notwithstanding other statements about it perhaps being accurate.
Now you've changed "trojan" to "remote access trojan," a still worse misrepresentation of what Pest Patrol wrote. Again, Pest Patrol described the downloader itself -- not the full program -- as a "trojan downloader," not a "remote access trojan." A "trojan downloader" and a "remote access trojan" (like NetBus or BackOrifice) are two completely different things.
said by Keith2468:
I'm pretty much assuming, based on what PestPatrol had on its website and what was in the email, about the StopSign product, that PestPatrol's language in the email was about lawyerly not admitting having done something that could get them sued. Admitting such would be dumb. It might invalidate PestPatrol's liability insurance (liability insurance often has a clause requiring the insured to cooperate in the defense).
What's amusing, Keith, is that you would slight Pest Patrol for being slippery in using "lawyerly" language when you've just finished inventing information to falsely to attribute to Pest Patrol. I would suggest that before you decide to lecture anyone else about libelous behavior that you get your own house in order and stop inventing information and motives for Pest Patrol, as you've done in these several recent threads about Stop-Sign repeatedly.
said by Keith2468:
And since StopSign still uses cpu cycles, it still uses the network bandwidth, and it still asks for a name and email address when you register -- and those were 3 of the complaints PestPatrol had against StopSign that made it trojan-like -- I don't see critical changes in 3 things that caused the "trojan-like" label.
Here you go again, inventing things out of whole cloth and attributing them to Pest Patrol. See above for a summary of what in fact were Pest Patrol's main complaints against Stop-Sign. None of them involved merely "using CPU cycles" or "network bandwidth" in such a way that the program itself became a "trojan." Pest Patrol straightforwardly described the impact on system performance -- that's it, that's all. Even the request during registration for personal information Pest Patrol never described as "trojan-like" -- it described it merely as a "privacy issue."
said by Keith2468:
Further, PestPatrol complained that StopSign delivered ads of itself in itself. Apparently this fit PestPatrol's definition of adware.
The free versions of Opera and ZoneAlarm do this too. Does PestPatrol identify ZAF and Opera free as adware?
Pest Patrol's complaint was quite specific -- it was not merely "delivering ads of itself in itself." Specifically, Pest Patrol noted:
said by Pest Patrol:
Adware - displays numerous popups recommending purchase of various Acceleration Software products.
Note that this advertising is described as a bit more intrusive than the advertising in Opera or Zone Alarm. Moreover, it goes beyond delivering ads only for Stop-Sign. Pest Patrol even quoted eAcceleration's own license agreement:
said by Pest Patrol:
Advertising: Yes. The license agreement states "End Users also agree to allow Provider to display online advertising for our own products, if they are not paid subscribers."
said by Keith2468:
Talk about vendor squabbling.
This was not a mere vendor squabble, Keith. The complaints against Stop-Sign originated among users (see once again the earlier threads here at DSLR that you seem so keen on ignoring), and Pest Patrol (and many others) targeted Stop-Sign based on complaints like those.
Moreover, if you're going to characterize this as a "squabble," you ought to at least be able to suggest what this "squabble" was about and provide evidence for it -- and you can't. You've simply attributed to Pest Patrol ill motives without the least bit of evidence -- something you've done repeatedly in these several threads on Stop-Sign.
said by Keith2468:
If PestPatrol saw worse problems why didn't they describe them? I'm only commenting on what PestPatrol said it saw and the conclusions it reached on that basis about the product having "trojan-like characteristics".
They did describe worse problems -- you've just ignored them. Moreover, Pest Patrol never used the description "trojan-like characteristics" to describe Stop-Sign. That's your own invention.
said by Keith2468:
Anyway Jane, was there anything you saw in StopSign that PestPatrol didn't include in the description I read that would have made the trojan label correct?
Pest Patrol never labeled Stop-Sign itself as a "trojan," so your question to Jane is completely off-point.
said by Keith2468:
I'm not denying StopSign had problems and missed many things.
All my security software has problems and misses many things.
The problems with with earlier versions of Stop-Sign and the download/installation process that was used to foist that software on users' systems went way beyond "missing things."
said by Keith2468:
Stealing computer services and stealing telecommunications services are both violations of US federal law. If publicly registered US companies are doing this, citizens of the USA should seek to have it stopped by measures stronger than quiet boycotts.
No matter what country the offending company is in, it is difficult and expensive for non-residents to have complaints against it takem seriously by law enforcement.
And security professionals and enthusiasts in other countries should return the favor by reporting companies resident in their countries that break their laws.
And here you lapse into utter absurdity. Pest Patrol never accused Stop-Sign even remotely of "stealing computer services and stealing telecommunications" such that its actions would rise to the level of being a violation of federal law.
said by Keith2468:
Anyway, that is how I see the situation.
And your view of the situation is quite mistaken and self-blinkered, primarly because you've ignored the evidence that is available, refused to look at evidence, attributed ill motives to Pest Patrol without the least bit of evidence, and seriously misrepresented (and even falsely quoted) what Pest Patrol did say about Stop-Sign.
Eric L. Howes |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
1 edit | reply to SnowyOne
Re: PestPatrol says: eAcceleration/StopSign are Clean!
*cough* bullshit *cough*
StopSign beats McAfee? Panda? Norton? F-Prot?
Kaspersky?!?
--
Nuke 'em all, let God sort 'em out. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to keith2468
"I'm not denying StopSign had problems and missed many things.
It was inevitable that this thread would veer off topic but I guess in a vendors forum it's difficult not to look at all the aspects of a software product. You can compare StopSign's test results here.
»www.stop-sign.com/research/compa···k01&dc=1
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
3 edits | reply to davidnason
edit:
Jane, you can have problems and be slandered anyway.
PestPatrol was alluding to its competitor being trojan-like because it used cpu cycles and it used the internet.
If StopSign was not a remote access trojan plain and simple it was improperly labelled as a trojan, notwithstanding other statements about it perhaps being accurate.
I'm pretty much assuming, based on what PestPatrol had on its website and what was in the email, about the StopSign product, that PestPatrol's language in the email was about lawyerly not admitting having done something that could get them sued. Admitting such would be dumb. It might invalidate PestPatrol's liability insurance (liability insurance often has a clause requiring the insured to cooperate in the defense).
And since StopSign still uses cpu cycles, it still uses the network bandwidth, and it still asks for a name and email address when you register -- and those were 3 of the complaints PestPatrol had against StopSign that made it trojan-like -- I don't see critical changes in 3 things that caused the "trojan-like" label.
As I understand it from PestPatrol itself, in its detailed description of StopSign, the other problems with it was that it was downloaded from the same sites as adware, and it wasn't a very good product. And I can imagine those statements perhaps being true. I run 16 security products on my machines. If any one of them was up to the task I'd be running just that one product. But where StopSign is downloaded from and whether it is any good is beside the point because those issues aren't the dispute.
Further, PestPatrol complained that StopSign delivered ads of itself in itself. Apparently this fit PestPatrol's definition of adware.
The free versions of Opera and ZoneAlarm do this too. Does PestPatrol identify ZAF and Opera free as adware?
Talk about vendor squabbling.
If PestPatrol saw worse problems why didn't they describe them? I'm only commenting on what PestPatrol said it saw and the conclusions it reached on that basis about the product having "trojan-like characteristics".
Anyway Jane, was there anything you saw in StopSign that PestPatrol didn't include in the description I read that would have made the trojan label correct?
I'm not denying StopSign had problems and missed many things.
All my security software has problems and misses many things.
Stealing computer services and stealing telecommunications services are both violations of US federal law. If publicly registered US companies are doing this, citizens of the USA should seek to have it stopped by measures stronger than quiet boycotts.
No matter what country the offending company is in, it is difficult and expensive for non-residents to have complaints against it takem seriously by law enforcement.
And security professionals and enthusiasts in other countries should return the favor by reporting companies resident in their countries that break their laws.
Anyway, that is how I see the situation. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to keith2468
Re: PestPatrol says: eAcceleration/StopSign are Cl
said by keith2468 :
I'm sticking up for eAcceleration because it was wrongly labeled trojan-like by a competitor, but let this be a lesson to IT company CEOs and boards to watch what your marketing folks and senior tech managers are up to.
Ummm, it wasn't wrongly labled. At one time this was a serious problem.
That they have changed their product and made some very recent improvements thanks to a new developement they need to submit and wait for the results and then work on their image in this community.
It was rightly labled until then. It will take some time to undo that.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/ |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
2 edits | reply to Jrb2
Re: PestPatrol says: eAcceleration/StopSign are Clean!
IE-SpyAd is Eric Burger (eBurger). I tested and it appears eAcceleration is now clean in IE-SpyAd too. (Remember to always uninstall the old IE-SpyAd before installing the new version, otherwise your Restricted Zone will grow forever.)
But I expect it will take several weeks or even a couple of months for word to get around to all the AV vendors.
That WREN detection is a signature, not heurisitic. It just means the file is detected as eAcceleration's downloader, and says nothing about what the file does.
I'm sticking up for eAcceleration because it was wrongly labeled trojan-like by a competitor, but let this be a lesson to IT company CEOs and boards to watch what your marketing folks and senior tech managers are up to.
Questionable marketing practices / unpopular marketing practices can hurt a company's image in a way that makes a difference to the bottom line that several months to appear and many months to clean up.
People will be turning up nasty topics on eAcceleration in search engines for maybe years to come.
And I'll long wonder about PestPatrol's opinions on competitor's products (although to their credit they seem to have cleaned this up very quickly when the discrepancy was brought to their attention, and on a weekend).
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) |
|
dikbozo
join:2004-07-14
Regina, SK | reply to davidnason
Re: PestPatrol says: eAcceleration/StopSign are Cl
It also appears AVG doesn't like it either. It slams the download on contact as a "WREN" trojan downloader. It does seem as if lots work is needed to clean up this act. |
|
Jrb2
Premium
join:2001-08-31
| reply to Bubba
Re: PestPatrol says: eAcceleration/StopSign are Clean!
said by Bubba :
Verdict is still out personally....but when IE-Spyad removes eAcceleration/eAnthology/StopSign....it causes me to keep a keen eye open for further developements.
OK, thanks Bubba !
Thanks also to Eric and other posters.
I posted too quickly ; oops...
I think I need to take my words back.
Sorry ! |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| reply to davidnason
quote:
Does your "The battle is over. preempt any further discussion on the matter?
My feeling is we talk about problems in all kinds of security software all the time, and this product should be no different. As users talk about its real problems that we ourselves actually encounter with it. As non-users, compare it with other products.
If someone has their own credible proof that the law against theft of computer or the law against theft of telecommunications services was broken by a publicly traded US company, and they live in the USA, then as a good citizen (and as a professional if that is what they are), they have a duty to report that to the police and have it investigated and dealt with properly.
Those who were in the forum 6 months ago saw a couple of other vendors squabbling openly about each others products. That happens. Then they take a breath and get sensible again.
It would have served no good purpose, and it would have played into the hands of the blackhats, for the rest of us to keep throwing the vendors' past squabble up their faces after they'd made up.
Blackhats love it when the whitehats waste time, energy and resources squabbling.
As for convincing some of you that many vendors sometimes collaborate in ways other than just sharing suspicious files:
- We all visit forums and we see what is discussed. That constitutes one more form of sharing.
- And we've all seen press reports of what goes on at BlackHat Briefings and that is another form of sharing.
So if you think about it, we already know more is being shared than just files, but I can accept that the implications of this sharing, and how it relates to the symptoms we are seeing, is not necessarily obvious to everyone.
And then you have school teacher logic. If 20 out of 50 students all have the same odd mistake on a test, it indicates collaboration. And if some students put down the answer without showing the work (like Kaspersky in this instance, has a signature but has no write-up) that indicates collaboration or outside assistance. Of course in the real world of IT collaboration of isn't cheating.
I know this won't convince everyone about what is collaborated on, but that is okay.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| reply to davidnason
Verdict is still out personally....but when IE-Spyad removes eAcceleration/eAnthology/StopSign....it causes me to keep a keen eye open for further developements.
"For a list of additions and changes to the most recent common list from which both AGNIS and IE-SPYAD were built, see this summary".
---------------------------------------
Additions & Changes to AGNIS & IE-SPYAD
---------------------------------------
==============================
Additions & Changes (8/8/04)
==============================
; eAcceleration/eAnthology/StopSign
; ---------------------------------
; accelerationsw.com (disable & move)
; buttonware.com (disable & move)
; buttonware.net (disable & move)
; clicksales.com (disable & move)
; downloadsales.com (disable & move)
; eacceleration.com (disable & move)
; eanthology.net (disable & move)
; homepageware.com (disable & move)
; oodlz.com (disable & move)
; signupsales.com (disable & move)
; stop-sign.com (disable & move)
; veloz.com (disable & move)
; webcelerator.com (disable & move) |
|
Jrb2
Premium
join:2001-08-31
| reply to davidnason
It is absolutely unclear for me why someone would try to give some credits to his/her product by starting a thread with the title "PestPatrol says: eAcceleration/StopSign are Clean!"
Are you serious?
Do you really think that that is a good recommendation?
PP, infamous for its false positives, infamous for not updating its site, infamous... well the list could go on.
PP being a member of COAST together with for example "noadware". |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| reply to davidnason
Sorry but, it looks like PestPatrol STILL has it listed as of Aug.9,2004 @ 9:50 AM PST...
--
Nuke 'em all, let God sort 'em out. |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to keith2468
said by keith2468 :
That many AV and ASW products detected the downloader is merely because many AV and ASW vendors share files amongst themselves in different groups. With so many low hazard files, and during busy times, they don't do their own fresh research to confirm that the file is really a genuine threat.
So one AV analyst somewhere has a bad day, or gets a bee in his bonnet, and it is during a busy time of the year, and the next thing one knows 30 AV and ASW products end up with a false positive.
I do not believe that for one single moment. If that were the case, all the AV's would have the same definitions and all would detect the same nasties. This is patently not true. You only have to read the complaints in the main Security forum where one AV detects something and the others don't.
I know they share samples, but I don't believe they share analysis of them.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
SugarnSpyce
join:2004-08-06
Australia | reply to SugarnSpyce
I want to thank David for all his help with removing Accelerator from my computer. He is very professional and I wish him and his company all the best in the future. |
|
