dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
40546
share rss forum feed

eburger68
Premium,MVM
join:2001-04-28

4 edits

14 recommendations

Silencing the Critics: ISearch/IDownload

Hi All:

As we've seen in the past few months, companies whose software is frequently labeled "adware" or "spyware" are scrambling for cover. Some have tried to partner with anti-spyware firms. Others have tried to join industry consortiums in order to give themselves the air of legitimacy. Still others, though, have been quietly threatening anti-spyware vendors, web sites, and even individuals to get themselves removed from detections databases and to silence their critics on the internet.

We now have yet another unfortunate example of this: CastleCops has just reported that it received a "cease & desist" letter from ISearch.com/IDownload.com. You can find Paul & Robin's report as well as the text of the letter here:

»castlecops.com/article-5762-nested-0-0.html

ISearch and IDownload make a number of browser add-ons for Internet Explorer and Mozilla Firefox. You can read about two ISearch/IDownload variants at Andrew Clover's well-known and thoroughly researched doxdesk.com:

ILookup (aka HotSearchBar)
»www.doxdesk.com/parasite/ILookup.html

Pugi (aka ISearch Toolbar)
»www.doxdesk.com/parasite/Pugi.html

Some of you might remember IDownload.com from the Windows Media adware fiasco back in January. As reported in this DSLR/BBR thread:

»WMP Adware: A Case Study in Deception

...IDownload's HotSearchbar was caught using an incredibly deceptive ActiveX Security Warning box, claiming to be a "Required Media Player Version 9 Browser Update" (see 1st screenshot above) in order to exploit user confusion over the Windows Media license acquisition process, which very well might prompt bewildered users to consent to a legitimate Windows Media Player update from Microsoft itself.

Complaints about ISearch/IDownload are rife on the Net, and a simple search of any of the major "anti-spyware" forums will turn up endless user complaints. One of the better and more revealing write-ups comes from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004:

ABC News - The Search Tool That Ate My Computer
»abcnews.go.com/Technology/Silico···2&page=1

The license agreement used with some ISearch/IDownload software is also of interest ( »toolbar.isearch.com/terms.html ):

said by ISearch EULA:
2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.

3. Privacy Policy - iSearch, during the delivery and your use of the Software, does not collect any personally identifiable information about you, such as your surname, address, telephone number or e-mail address, nor does iSearch require such information from you before downloading or installing the Software. However, to enable iSearch and/or it's partners to provide and operate its Software, iSearch and/or it's partners may collect certain types of non-personally identifiable information about individuals who install the Software. This information may include your Internet protocol (IP) address, your domain, your operating system, your browser version, type and language and your Internet Service Provider.

Advertisements may be displayed of advertisers who pay a fee to iSearch and/or it's partners and you may be provided with and/or redirected to content of other parties and/or links to third party websites or content or offered the opportunity to download software from third party software vendors. iSearch and it's partners are not responsible for the privacy practices of such advertisers, content providers, third party software vendors or websites. iSearch encourages you to read the privacy policies of such advertisers, content providers, third party software vendors and websites.

iSearch and/or it's partners may use invisible tracking or counting devices known as "web bugs" to register that a particular web page has been viewed and/or "cookies" or alphanumeric identifiers that iSearch and/or it's partners transfer to your computer's hard drive through your web browser to enable iSearch and/or it's partners systems to recognize your web browser.

iSearch and/or it's partners may also collect and may use certain other types of non-personally identifiable information, including: certain of the web pages that you view, the amount of time that you spend on certain websites, your responses to ads served by iSearch and/or it's partners, certain software installed to your computer and software characteristics and preferences, non-personally identifiable information on web pages and forms, software usage characteristics and preferences, and your ZIP code. iSearch and/or it's partners may associate this information with a randomly-generated anonymous identifier for your computer and may use this information to enable the functionality of the Software, to periodically update the Software, to deliver and display ads served by iSearch and/or it's partners of advertisers who pay a fee to iSearch and/or it's partners, provide you with or redirect you to content or websites of such advertisers or other parties and offer you the opportunity to download software from third party vendors.

iSearch and/or it's partners may share non-personally identifiable aggregate information about you with third parties, including advertisers.
But, of course, IDownload is happy to certify their own software as "spyware free" (see second screenshot above) when you download programs that bundle their software.

What ISearch/IDownload won't let you do apparently, is come to your own opinion and judgment and share them with others. If you dare to do so, you could find a "cease & desist" letter from their attorneys swiftly winging itself your way.

Why should a company bother changing its business practices when it can simply silence critics of those practices with legal threats?

Eric L. Howes


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13
said by eburger68:

Why should a company bother changing its business practices when its can simply silence critics of those practices with legal threats?
Why indeed. It is only through the counter pressure of their malpractice being unmasked and documented thanks to yours and similar efforts that anyone, who opposes them, stand a chance

Cudni
--
Whether you think that you can, or that you can't, you are usually right.
Help yourself so God can help you..it does exactly what it says on the sig


jack b
Gone Fishing
Premium,MVM
join:2000-09-08
Cape Cod
kudos:1

1 recommendation

reply to eburger68
Okay. So the terms Spyware, foistware, malware, heats em up.
Let's call a duck, A Duck.
It's Scumware, plain and simple.
There.

eburger68
Premium,MVM
join:2001-04-28

3 edits

1 recommendation

reply to eburger68
Hi All:

Edit: Link removed from this post. Sorry folks. Didn't realize the link was dead.

Best,

Eric L. Howes


dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18
Dead link?

eburger68
Premium,MVM
join:2001-04-28
reply to eburger68
Hi, again:

Also of interest: ISearch software has been getting some unwelcome attention lately because it is stealth-installed by the Bube.d (aka Win32.Beavis) virus. See CalamityJane's excellent write-up here at DSLR/BBR:

»Bube.d (aka Win32.Beavis) Removal

...as well as the Viruslist.com Analyst's weblog for Feb. 10:

»www.viruslist.com/en/weblog

said by VirusList.com:
The file infecting AdWare saga continues

Roel February 10, 2005 | 15:28 MSK

We are currently seeing an increase in cases which involve file infecting AdWare.

These new viruses are more sophisticated than the one we previously reported and append malicious code to Windows' explorer.exe. The viruses belong to the Virus.Win32.Bube family.

For example, Virus.Win32.Bube.d downloads AdWare and Trojans, including: AdWare.ISearch.d, Trojan-Clicker.Win32.Agent.bn, Trojan.Win32.LowZones.ai and PornWare.Dialer.Salc.

Disinfection in this case is tricky, as explorer.exe is an important Windows process. Additionally, the malware tries to prevent removal by disabling system restore, infecting the explorer.exe residing in %sysdir%\dllcache and lowering overall system security.

Things can get extra complicated as an AV can block access to the infected explorer.exe. This is why we provide the following removal instructions.

Please note that this removal guide does not apply to KAV 5 series. KAV 5 can disinfect explorer.exe in normal mode. However a full system scan is still required to delete or disinfect other malicious files.

* Boot into safe mode.
* Start a full system scan
* While the scan is running, kill the explorer.exe process via taskmanager.
* Disinfect all files detected as Virus.Win32.Bube.
* Reboot.
* The system is now clean of Virus.Win32.Bube.

Notes:
* Make sure to use the extended bases to remove the AdWare that Virus.Win32.Bube. may have downloaded..
* Security related system settings may have been altered by Virus.Win32.Bube, so check your settings after disinfection.
If anyone knows of others on the Net who may have received letters from ISearch/IDownload, I would encourage you to get them to post their own experiences with ISearch/IDownload so that we can get a sense for just how widespread the threats against the anti-spyware community may be.

Best,

Eric L. Howes


Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK

2 recommendations

reply to eburger68
said by eburger68:

One of the better and more revealing write-ups came from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004:

ABC News - The Search Tool That Ate My Computer
»abcnews.go.com/Technology/Silico···2&page=1
It's no wonder people become so infested with "digital lice." Although it may only be an ActiveX applet to see if I have Flash on my computer (how would/could I check this) every page I went to on the article above, WinXP SP2 gave me the warning that Windows prevented an ActiveX applet from being installed. No big deal for me, my security settings gave me ample warning and I don't willy nilly click yes to anything on the internet.

I am sorry to hear that the owners of Castle Cops are being threatened with legal action. With many users becoming aware of the dangers that await them and taking actions to secure their computers, it seems that the revenue streams of purveyors of spyware, adware, and scumware are taking desperate actions to stop the loss of the income. In my opinion, iDownload.com doesn't have a leg to stand on in this matter. Google iDownload.com and you get a list of a lot of unhappy folks desperately trying to get the crapware off their computers. I didn't find a single thread where a computer owner was happy to have this product on their computer.

I, for one, would like to see a top notch privacy advocate/attorney assist Castle Cops pro bono in exposing iDownload.com and it's ilk for the scumbags they truly are.

JMO
--
Rocky is, was, and always will be Dawg E. Dawg.


mers2
Premium,MVM
join:2004-03-20
USA
kudos:8

1 recommendation

reply to eburger68
We in the security community must support those sites/programs that stand up to these companies. Those who can, please donate money. Those who can't afford to donate please offer your encouragement and support. We can't afford to let the scumware comapanies win. The example of the havock wreaked with Bube.d and their association with it indicates what kind of company ISearch really is.

spooler0
Premium
join:2004-11-17
reply to eburger68
said by eburger68:

Edit: Sorry folks. Didn't realize the link was dead.
Best,
Eric L. Howes
What link is dead? The ABC news article link appears live.


CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8
reply to eburger68
Eric, thanks for this post. Go get 'em Tiger


seqrets
Premium
join:2001-05-03
Nederland, TX
reply to eburger68
I always appreciate your informative post!

Thank You!


sig
Premium
join:2001-05-05

1 edit

1 recommendation

reply to jack b
said by jack b:


Okay. So the terms Spyware, foistware, malware, heats em up.
Let's call a duck, A Duck.
It's Scumware, plain and simple.
There.
...crapware, sleazeware, a plague, a pox, a pustulent boil on the body intenet or, as Martha might say, definitely "not a good thing."

eburger68
Premium,MVM
join:2001-04-28

1 recommendation

reply to spooler0
spooler:

That post originally had a link to a discussion at CastleCops that is not publicly accessible (Admins only). I removed the link once I realized that it wouldn't work for most people. Sorry for the confusion.

Best,

Eric L. Howes


antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
Reviews:
·Comcast
reply to eburger68

... amazing ... another reason to love ActiveX ...

... Eric, the links at doxdesk reference a lot of addresses linked to ILookup and Pugi - do they all appear in IESpyAd ? ...

--
... "Nobody's perfect - well, there was this one guy, but we killed Him" ... Christopher Moore, 'Lamb' ...

eburger68
Premium,MVM
join:2001-04-28
reply to eburger68
antiserious:

Yes, those domains have been in IE-SPYAD for a long time. There are some newer ones that will be added in the next update.

Best,

Eric L. Howes


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to eburger68
I think, to thumb their noses at ISearch, Castle Cops should simply call it "trackware" or "adware" or just call it what it is: "Crapware."

Libel is, after all, only prosecutable if the statements are false, right? And, libel also requires malice...
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that.

groundling

join:2003-02-08
canada
"And, libel also requires malice... "

Not in Canada or most Commonwealth countries.

Supreme court of Canada
"criticized U.S. law because it "exacts a major social cost by deprecating truth in public discourse." In other words, U.S. libel law makes truth in public debate less important than the debate itself."
Hill v. The Church of Scientology (1995

Just pointing out that notions about legality are limited.
Your laws are not necessarily mine.
( see file trading, copyright etc.)


salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
reply to eburger68
Is there any legal definition of "spyware" for a lawsuit like this? Or is the public perception of the term enough to proceed?

Just wondering...

Bobby_Peru
Premium
join:2003-06-16

2 edits

1 recommendation

reply to sivran
said by sivran:

I think, to thumb their noses at ISearch, Castle Cops should simply call it "trackware" or "adware" or just call it what it is: "Crapware."

Libel is, after all, only prosecutable if the statements are false, right? And, libel also requires malice...
Good points, though the crapmiesters have more than one avenue of approach here. (Also, the malice requirement in the US is for a "public official" or "public figure".)

OK, the time is now certainly past for what is left of the CRAPWARE Detection and Removal community to stop typing, set aside some time even from R&D, and pick up their phones, band together and develop strategies to deal with these scum pro-actively, both on a individual, and on a united front. Unfortunately, this will involve retaining council that is fully competent in this area.

NOW.

It's also way past time to start gathering and collating data on the total COSTS to people to deal with the results of this crapware. The anticrapware Forums themselves have a wealth of this data.

I hope this is well underway by this late, but not yet too late, point.

To do otherwise, seems to me, to increase the odds that the crapmeisters will prevail to an unpleasant degree.
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~**


hpguru
Curb Your Dogma
Premium
join:2002-04-12
reply to salzan
said by salzan:

Is there any legal definition of "spyware" for a lawsuit like this? Or is the public perception of the term enough to proceed?
Maybe someone should patent the whole idea of spyware so as to create a definition that would hold up in court.
--
Boundlessly expands the sky and nothing stops the white clouds from freely flying about.


catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East

1 recommendation

reply to eburger68
I believe this highlights how deep the tentacles of the dark side of the marketing industry run.
While we have battled here and on other sites to restore ownership of property and privacy to the computing community the cancer has silently grown on the naive and unaware to the point of hubris.
This battle won't be won in civil court.. it requires strong consumer legislation which from the looks of things won't be coming any time soon.


Grail Knight

Premium
join:2003-05-31
Valhalla
kudos:6
I agree with you on that one.


TakeTheFifth

join:2004-04-20
Anjou, QC
reply to salzan
said by salzan:

Is there any legal definition of "spyware" for a lawsuit like this? Or is the public perception of the term enough to proceed?

Just wondering...
See below from the web site of the «legal firm» responsible for that letter...

ADVERTISEMENT
Unless otherwise indicated, attorneys listed in this Web site are not Certified by the Texas Board of Legal Specialization. None of the attorneys listed in this Web site is certified as an "expert" or "specialist" pursuant to any authority governing the practice of law in the State of Texas.


Peas in a pod

thedip

join:2001-02-09
Beaver Falls, PA
reply to eburger68
quote:
those domains have been in IE-SPYAD for a long time. There are some newer ones that will be added in the next update.

First off, thanks for all your work, Eric, on both reporting news and creating the above mentioned IE-SPYAD.

My question:
Would companies like iSearch have any legal argument against people who make hosts file lists or restricted sites lists which are promoted as stopping the companies that send out spyware? Basically for the same 'incorrect classification' that castlecops is getting hammered for?

suzi5
Premium
join:2004-05-01
reply to eburger68
Wayne Porter has posted an article with links about the practices of iSearch & iDownload.

"Deceptive Is as Deceptive Does"

»www.revenews.com/wayneporter/arc···429.html

He mentions "savage behavior".
--
aka Suzi, Spyware Warrior

KyeU

join:2003-12-31
Canada

1 recommendation

reply to eburger68
said by C and D Letter:
iSearch does not qualify as Spyware. iSearch is a toolbar that in no way attempts to
remain hidden or evade detection. Continuing, unlike Spyware, iSearch does not gather any
personally identifiable information about end users, does not collect data about the user's web
usage, does not collect any information entered into web forms, does not share information with
third parties, does not send or cause to be sent unsolicted e-mail, and does not install items such
as dialers on the end user's computer.
Ok then, I will try to download it and see if it TRIES to phone home.

I'm pissed off at this.

KyeU

join:2003-12-31
Canada

3 edits

1 recommendation

Um, can anyone help?

I get this page when I try to download one of their products:

»idbl.idblg.com/swdelivery/activa···eld.y=15

Where's spyware "software" when you want it?

EDIT: Found it! »toolbar.isearch.com/

I will install this spyware-free program now.

TeMerc6

join:2004-01-22
Phoenix, AZ

1 recommendation

reply to eburger68
If there is one thing that comes to light with all of this back and forth, is to try somehow, to get a clear and specific term to address what most sensible users would not want installed on their systems, regardless of whether it is adware, spyware or malware.

When researching HJT logs for users, and coming across the many sites now providing information as to the legitimacy of the items being researched, the one thing they have in common, is a simple and plain 'X' next to the file. Maybe the answer to this situation has been right in front of our eyes. Perhaps we should just call it all X-wares.

Then, these companies would not have to complain so much, it is generic enough.
--
Remember............You can NEVER be OVERPROTECTED!!»temerc.com/


sybille
Not only "just visiting"
Premium
join:2004-04-06
France

1 edit
said by TeMerc6:


Maybe the answer to this situation has been right in front of our eyes. Perhaps we should just call it all X-wares.
While I agree that there's a huge problem with terminology at present, the letter "X" is already spoken for in relation to Linux and Mac OS X. X11 (XFree86 and X.Org) is the basis of the graphical desktop and includes different drivers; there are lots of applications that run in X and have names like Xedit, Xpdf, Xchat - X-this and X-that.

So maybe, for the sake of clarity, we could find a different letter or name (K is taken, too, BTW).

(Someone will probably come along to say that these other systems are X-ware in TeMerc6 See Profile's sense of the term....that's just what we'd like to avoid.)


dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18

1 edit

2 recommendations

C-ware(C = crap).

C-ware encompases spyware/adware/malware/whatever-you-want-to-call-it-ware.