eburger68
Premium,MVM
join:2001-04-28
2 edits | Fraternizing w/ the Enemy
Hi All:
We've been talking recently about a disturbing trend in the anti-spyware world -- namely, that of anti-spyware vendors partnering and working with adware distributors, the very companies whose applications anti-spyware programs are supposed to be targeting (see »WhenU Enters the Anti-Spyware Market , »Buying Legitimacy , and »Adware Vendors Running for Cover... ). In fact, in two of anti-spyware tests that I performed back in October, one anti-spyware app (Spyblocs/eBlocs) turned up as one of the detections instead of as one of the apps being tested. Today I happened stumble across yet another example of this disturbing trend.
A new application named Ultimate Cleaner bills itself as a free anti-spyware program (hxxp://ultimatecleaner.com/ -- note: link disabled because automated download is initiated by program's home page ). This application is quite aggressive in pushing itself on visitors to the program's home page (see 1st screenshot). Those who check the license terms, however, will notice a number of disturbing clauses ( »www.ultimatecleaner.com/terms.html ):
said by Ultimate Cleaner License:
* I understand that by accepting these terms and conditions, this program will be installed on my computer and my web browser home page will be changed in order to allow me access.
* I further understand that an accessory toolbar will be added to my web browser which will remain visible as long as the software is installed.
* I also understand that the toolbar and the bookmarked home page are inseparable from the software product I have installed, and I realize that the bookmarks and the toolbar can only be deleted together with the software.
* I understand that the software will gather information about me and the websites I visit ("Usage Data"), but will not collect information that will be used to identify me personally. This information will be used to provide me with comparative shopping opportunities when they are most relevant.
* I further understand that by installing and/or using the software I grant permission for ultimatecleaner.com to periodically display sponsors' websites to me, and to collect, use and disclose the Usage Data. The frequency of displaying the advertisements will vary depending on my use of the Internet.
* I acknowledge that the Software includes an anonymous user ID and an electronic cookie that enables ultimatecleaner.com to collect such information and to display advertising targeted at me.
* I understand that ultimatecleaner.com does not control my interaction with the websites and advertisements displayed to me, and assumes no responsibility for their content or privacy practices and policies whatsoever.
That license is completely truthful, too -- see the second screenshot, which displays the toolbar and home page.
So, at a minimum we have an alleged anti-spyware app that installs via an aggressive, automated installation process not unlike the drive-by-downloads used by many spyware and adware applications -- an inherently dishonorable practice. That's bad enough, because confused and bewildered users could wind up installing an application they don't want or need. Moreover, the application is adware-supported, which means that it competes for advertising dollars with some of the very applications that it targets -- the same kind of conflict of interest that we noted when discussing the Aluria/WhenU deal.
The situation here is actually much worse. It turns out that at least three other anti-spyware vendors have decided to advertise their own applications through the adware toolbar -- see again the second screenshot, which shows the "Privacy Software" drop-down menu. Clicking any of those menu options will spawn advertisements for applications, including:
Privacy Defender
»www.pcsecurityshield.com/pd3/default.asp
Spy Fighter
»www.spyfighter.com/?wmId=189
Spyware Avenger
»www.spywareavenger.com/?nats=NzIzNjo0Ojg
All three of the above applications, it should be noted, have already made the Rogue/Suspect Anti-Spyware page.
It should go without saying that anti-spyware vendors should never be advertising their applications through adware, though I can't say that I'm too surprised to see these three particular apps being advertised through Ultimate Cleaner.
If nothing else, this example should illustrate the kind of company Aluria has chosen to keep by partnering with WhenU. The minute Aluria made that fateful decision it became much more difficult to distinguish Aluria from the several anti-spyware applications encountered with Ultimate Cleaner, all of which, like Aluria, decided that it was perfectly appropriate to advertise through or even bundle adware.
One final note: any reputable anti-spyware scanner ought to be able to detect and remove the adware installed with Ultimate Cleaner. The relevant HJT lines are:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ucsearchportal.com/?wmId=%AffiliateID
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.ucsearchportal.com/
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\ULTIMA~1\UCTOOL~1\ucwork.dll
O3 - Toolbar: UC Toolbar - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Program Files\Ultimate Cleaner\UC Toolbar\ucwork.dll
O16 - DPF: {C40F8F85-3FC3-4C0C-AD91-6A204FAAD59F} (UCInstall Class) - hxxp://ultimatecleaner.com/install/UCInst.cab
Best,
Eric L. Howes |
|
Spy
Premium
join:2001-09-22
NE | It's amazing how some anti-spyware products are becoming more and more of what they're not supposed to be.
Thanks for the warning. |
|
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
 ·Rainier Connect fr..
| reply to eburger68
Good job as usual, Eric. Thanks for the info. Although I'm sure most regular BBR Security types wouldn't go for this, it's good to know which self-espoused anti-malware apps are walking on the dark side, just in case any friends or acquaintances ask us about these programs. Most importantly, it's vital to read the EULAs for anything one downloads! |
|
Rusty Dusty
join:2002-11-23
Littleton, NH | reply to eburger68
Good Grief!
What next... |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
·AT&T DSL Service
| reply to eburger68
The license agreement is sure explicit, but when you're forcing a download install on unsuspecting users you can afford to be honest in the documentation that will protect you in court. Thank you Eric for providing the information on these programs. The security community needs to be very vocal on the issue of antispware companies partnering with adware/malware companies.
--
"Think for yourself and let others enjoy the privilege of doing so too." - Voltaire |
|
jmorlan
Hmm... That's odd.
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| reply to eburger68
I recently had to clean up an infested machine of a relative. It had over 230 spyware objects and several viruses and trojans. They are not particularly computer literate and had asked a friend to help. The friend searched google to find anti-spyware products but couldn't tell if google's results were any good. The top google result for "spyware" is a program called "spychecker."
I have no idea whether spychecker is a legitimate program or not. But with so many rogue programs that claim to fight spyware while actually installing spyware, it is difficult for the average user to know who to trust.
--
NewsPlex Discussion Group |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
| reply to eburger68
... and the plot sickens ... thanks Eric for the heads-up, but how do you get to the average schmoo that really has no idea about all this subterfuge ... I feel sorry for anyone that doesn't have access to honest guidance ...
--
... "everybody's somebody to somebody, and nobody to everybody else" ... y.t. ... |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
·AT&T DSL Service
1 edit | reply to jmorlan
said by jmorlan  :I recently had to clean up an infested machine of a relative. It had over 230 spyware objects and several viruses and trojans. They are not particularly computer literate and had asked a friend to help. The friend searched google to find anti-spyware products but couldn't tell if google's results were any good. The top google result for "spyware" is a program called "spychecker." I have no idea whether spychecker is a legitimate program or not. But with so many rogue programs that claim to fight spyware while actually installing spyware, it is difficult for the average user to know who to trust. I don't see it on Eric's Rogue/Suspect Anti-Spyware list. That list is invaluable for users wishing to check for anti-spyware that acutally isn't. »www.spywarewarrior.com/rogue_ant···products
Equally valuable is Eric's list of recommended anti-spyware:
»spywarewarrior.com/asw-features.htm#rec
Eric's test results of anti-spyware: »spywarewarrior.com/asw-test-guide.htm
Edited per to Eric's post below.
--
"Think for yourself and let others enjoy the privilege of doing so too." - Voltaire
|
|
eburger68
Premium,MVM
join:2001-04-28
1 edit | mers2:
One quick note: I wouldn't characterize the anti-spyware test page as a list of "legitimate" anti-spyware apps. I tested a number of apps, some completely legitimate, some not.
A better page to point interested readers to is this one:
Anti-Spyware Programs: Feature Comparison
»spywarewarrior.com/asw-features.htm
All of the apps listed on that page are legit. My short list of recommended apps is here:
»spywarewarrior.com/asw-features.htm#rec
Best,
Eric L. Howes |
|
Spy
Premium
join:2001-09-22
NE
1 edit | reply to eburger68
You can't run it on alternative browsers,
"Browser Requirements:
Internet Explorer 6.0 or Greater"
Therefore, 89% of the market can. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·Clearwire Wireless
 ·RoadRunner Cable
| reply to eburger68
This also serves as good reminder that a Thawte code signing certificate only confirms that the software has indeed come from the Publisher, who has signed it. Where Thawte doesn't actually look at the code it can't confer any label of "Safe/Good/Bad/Ugly" to any certificate (Not that I'd want SoftwarePolice on the job anyway). But I do wish they would change the wording of this easy to misunderstand statement "Thawte guarantees the software has not been tampered with and is therefore safe to install/download."
--
"You are really and truly a powerful webmaster to be able to find out all that information about me. I'll be sure to stay out of your way." |
|
TeMerc
join:2004-01-22
Phoenix, AZ | reply to eburger68
Yet once again, amazing information Eric, thanks. There is no end to the level of which some of these vendors will stoop to.
So sad, but a reality.
--
Remember............You can NEVER be OVERPROTECTED!! |
|
badcat
join:2000-10-18
Glastonbury, CT | reply to eburger68
Eric, Thanks from all of us for all your hard work! It's great to know that there are knowledgeable people such as yourself on the case, trying to keep the badguys under control. Have a great New Year.
Chris |
|
