eburger68
Premium,MVM
join:2001-04-28
4 edits | Silencing the Critics: ISearch/IDownload
Hi All:
As we've seen in the past few months, companies whose software is frequently labeled "adware" or "spyware" are scrambling for cover. Some have tried to partner with anti-spyware firms. Others have tried to join industry consortiums in order to give themselves the air of legitimacy. Still others, though, have been quietly threatening anti-spyware vendors, web sites, and even individuals to get themselves removed from detections databases and to silence their critics on the internet.
We now have yet another unfortunate example of this: CastleCops has just reported that it received a "cease & desist" letter from ISearch.com/IDownload.com. You can find Paul & Robin's report as well as the text of the letter here:
»castlecops.com/article-5762-nested-0-0.html
ISearch and IDownload make a number of browser add-ons for Internet Explorer and Mozilla Firefox. You can read about two ISearch/IDownload variants at Andrew Clover's well-known and thoroughly researched doxdesk.com:
ILookup (aka HotSearchBar)
»www.doxdesk.com/parasite/ILookup.html
Pugi (aka ISearch Toolbar)
»www.doxdesk.com/parasite/Pugi.html
Some of you might remember IDownload.com from the Windows Media adware fiasco back in January. As reported in this DSLR/BBR thread:
»WMP Adware: A Case Study in Deception
...IDownload's HotSearchbar was caught using an incredibly deceptive ActiveX Security Warning box, claiming to be a "Required Media Player Version 9 Browser Update" (see 1st screenshot above) in order to exploit user confusion over the Windows Media license acquisition process, which very well might prompt bewildered users to consent to a legitimate Windows Media Player update from Microsoft itself.
Complaints about ISearch/IDownload are rife on the Net, and a simple search of any of the major "anti-spyware" forums will turn up endless user complaints. One of the better and more revealing write-ups comes from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004:
ABC News - The Search Tool That Ate My Computer
»abcnews.go.com/Technology/Silico···2&page=1
The license agreement used with some ISearch/IDownload software is also of interest ( »toolbar.isearch.com/terms.html ):
said by ISearch EULA:
2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.
By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.
In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.
3. Privacy Policy - iSearch, during the delivery and your use of the Software, does not collect any personally identifiable information about you, such as your surname, address, telephone number or e-mail address, nor does iSearch require such information from you before downloading or installing the Software. However, to enable iSearch and/or it's partners to provide and operate its Software, iSearch and/or it's partners may collect certain types of non-personally identifiable information about individuals who install the Software. This information may include your Internet protocol (IP) address, your domain, your operating system, your browser version, type and language and your Internet Service Provider.
Advertisements may be displayed of advertisers who pay a fee to iSearch and/or it's partners and you may be provided with and/or redirected to content of other parties and/or links to third party websites or content or offered the opportunity to download software from third party software vendors. iSearch and it's partners are not responsible for the privacy practices of such advertisers, content providers, third party software vendors or websites. iSearch encourages you to read the privacy policies of such advertisers, content providers, third party software vendors and websites.
iSearch and/or it's partners may use invisible tracking or counting devices known as "web bugs" to register that a particular web page has been viewed and/or "cookies" or alphanumeric identifiers that iSearch and/or it's partners transfer to your computer's hard drive through your web browser to enable iSearch and/or it's partners systems to recognize your web browser.
iSearch and/or it's partners may also collect and may use certain other types of non-personally identifiable information, including: certain of the web pages that you view, the amount of time that you spend on certain websites, your responses to ads served by iSearch and/or it's partners, certain software installed to your computer and software characteristics and preferences, non-personally identifiable information on web pages and forms, software usage characteristics and preferences, and your ZIP code. iSearch and/or it's partners may associate this information with a randomly-generated anonymous identifier for your computer and may use this information to enable the functionality of the Software, to periodically update the Software, to deliver and display ads served by iSearch and/or it's partners of advertisers who pay a fee to iSearch and/or it's partners, provide you with or redirect you to content or websites of such advertisers or other parties and offer you the opportunity to download software from third party vendors.
iSearch and/or it's partners may share non-personally identifiable aggregate information about you with third parties, including advertisers.
But, of course, IDownload is happy to certify their own software as "spyware free" (see second screenshot above) when you download programs that bundle their software.
What ISearch/IDownload won't let you do apparently, is come to your own opinion and judgment and share them with others. If you dare to do so, you could find a "cease & desist" letter from their attorneys swiftly winging itself your way.
Why should a company bother changing its business practices when it can simply silence critics of those practices with legal threats?
Eric L. Howes |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| said by eburger68  :Why should a company bother changing its business practices when its can simply silence critics of those practices with legal threats? Why indeed. It is only through the counter pressure of their malpractice being unmasked and documented thanks to yours and similar efforts that anyone, who opposes them, stand a chance
Cudni
--
Whether you think that you can, or that you can't, you are usually right.
Help yourself so God can help you..it does exactly what it says on the sig |
|
jack b
Gone Fishing
Premium,MVM
join:2000-09-08
Cape Cod
clubs: | reply to eburger68
Okay. So the terms Spyware, foistware, malware, heats em up.
Let's call a duck, A Duck.
It's Scumware, plain and simple.
There. |
|
eburger68
Premium,MVM
join:2001-04-28
3 edits | reply to eburger68
Hi All:
Edit: Link removed from this post. Sorry folks. Didn't realize the link was dead.
Best,
Eric L. Howes |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA | Dead link? |
|
eburger68
Premium,MVM
join:2001-04-28
| reply to eburger68
Hi, again:
Also of interest: ISearch software has been getting some unwelcome attention lately because it is stealth-installed by the Bube.d (aka Win32.Beavis) virus. See CalamityJane's excellent write-up here at DSLR/BBR:
»Bube.d (aka Win32.Beavis) Removal
...as well as the Viruslist.com Analyst's weblog for Feb. 10:
»www.viruslist.com/en/weblog
said by VirusList.com:
The file infecting AdWare saga continues
Roel February 10, 2005 | 15:28 MSK
We are currently seeing an increase in cases which involve file infecting AdWare.
These new viruses are more sophisticated than the one we previously reported and append malicious code to Windows' explorer.exe. The viruses belong to the Virus.Win32.Bube family.
For example, Virus.Win32.Bube.d downloads AdWare and Trojans, including: AdWare.ISearch.d, Trojan-Clicker.Win32.Agent.bn, Trojan.Win32.LowZones.ai and PornWare.Dialer.Salc.
Disinfection in this case is tricky, as explorer.exe is an important Windows process. Additionally, the malware tries to prevent removal by disabling system restore, infecting the explorer.exe residing in %sysdir%\dllcache and lowering overall system security.
Things can get extra complicated as an AV can block access to the infected explorer.exe. This is why we provide the following removal instructions.
Please note that this removal guide does not apply to KAV 5 series. KAV 5 can disinfect explorer.exe in normal mode. However a full system scan is still required to delete or disinfect other malicious files.
* Boot into safe mode.
* Start a full system scan
* While the scan is running, kill the explorer.exe process via taskmanager.
* Disinfect all files detected as Virus.Win32.Bube.
* Reboot.
* The system is now clean of Virus.Win32.Bube.
Notes:
* Make sure to use the extended bases to remove the AdWare that Virus.Win32.Bube. may have downloaded..
* Security related system settings may have been altered by Virus.Win32.Bube, so check your settings after disinfection.
If anyone knows of others on the Net who may have received letters from ISearch/IDownload, I would encourage you to get them to post their own experiences with ISearch/IDownload so that we can get a sense for just how widespread the threats against the anti-spyware community may be.
Best,
Eric L. Howes |
|
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
 ·MTA Online
| reply to eburger68
said by eburger68 :One of the better and more revealing write-ups came from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004: ABC News - The Search Tool That Ate My Computer » abcnews.go.com/Technology/Silico···2&page=1 It's no wonder people become so infested with "digital lice." Although it may only be an ActiveX applet to see if I have Flash on my computer (how would/could I check this) every page I went to on the article above, WinXP SP2 gave me the warning that Windows prevented an ActiveX applet from being installed. No big deal for me, my security settings gave me ample warning and I don't willy nilly click yes to anything on the internet.
I am sorry to hear that the owners of Castle Cops are being threatened with legal action. With many users becoming aware of the dangers that await them and taking actions to secure their computers, it seems that the revenue streams of purveyors of spyware, adware, and scumware are taking desperate actions to stop the loss of the income. In my opinion, iDownload.com doesn't have a leg to stand on in this matter. Google iDownload.com and you get a list of a lot of unhappy folks desperately trying to get the crapware off their computers. I didn't find a single thread where a computer owner was happy to have this product on their computer.
I, for one, would like to see a top notch privacy advocate/attorney assist Castle Cops pro bono in exposing iDownload.com and it's ilk for the scumbags they truly are.
JMO
--
Rocky is, was, and always will be Dawg E. Dawg. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| reply to eburger68
We in the security community must support those sites/programs that stand up to these companies. Those who can, please donate money. Those who can't afford to donate please offer your encouragement and support. We can't afford to let the scumware comapanies win. The example of the havock wreaked with Bube.d and their association with it indicates what kind of company ISearch really is. |
|
spooler0
Premium
join:2004-11-17
| reply to eburger68
said by eburger68 :Edit: Sorry folks. Didn't realize the link was dead. Best, Eric L. Howes What link is dead? The ABC news article link appears live. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL |  reply to eburger68
Eric, thanks for this post. Go get 'em Tiger  |
|
seqrets
Premium
join:2001-05-03
Nederland, TX
clubs: | reply to eburger68
I always appreciate your informative post!
Thank You! |
|
sig
Premium
join:2001-05-05
1 edit | reply to jack b
said by jack b :Okay. So the terms Spyware, foistware, malware, heats em up. Let's call a duck, A Duck. It's Scumware, plain and simple. There. ...crapware, sleazeware, a plague, a pox, a pustulent boil on the body intenet or, as Martha might say, definitely "not a good thing." |
|
eburger68
Premium,MVM
join:2001-04-28
| reply to spooler0
spooler:
That post originally had a link to a discussion at CastleCops that is not publicly accessible (Admins only). I removed the link once I realized that it wouldn't work for most people. Sorry for the confusion.
Best,
Eric L. Howes |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
| reply to eburger68
... amazing ... another reason to love ActiveX ...
... Eric, the links at doxdesk reference a lot of addresses linked to ILookup and Pugi - do they all appear in IESpyAd ? ...
--
... "Nobody's perfect - well, there was this one guy, but we killed Him" ... Christopher Moore, 'Lamb' ... |
|
eburger68
Premium,MVM
join:2001-04-28 | reply to eburger68
antiserious:
Yes, those domains have been in IE-SPYAD for a long time. There are some newer ones that will be added in the next update.
Best,
Eric L. Howes |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
 ·RoadRunner Cable
| reply to eburger68
I think, to thumb their noses at ISearch, Castle Cops should simply call it "trackware" or "adware" or just call it what it is: "Crapware."
Libel is, after all, only prosecutable if the statements are false, right? And, libel also requires malice...
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. |
|
groundling
join:2003-02-08
canada
| "And, libel also requires malice... "
Not in Canada or most Commonwealth countries.
Supreme court of Canada
"criticized U.S. law because it "exacts a major social cost by deprecating truth in public discourse." In other words, U.S. libel law makes truth in public debate less important than the debate itself."
Hill v. The Church of Scientology (1995
Just pointing out that notions about legality are limited.
Your laws are not necessarily mine.
( see file trading, copyright etc.)
 |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State | reply to eburger68
Is there any legal definition of "spyware" for a lawsuit like this? Or is the public perception of the term enough to proceed?
Just wondering... |
|
Bobby_Peru
Premium
join:2003-06-16
2 edits | reply to sivran
said by sivran :I think, to thumb their noses at ISearch, Castle Cops should simply call it "trackware" or "adware" or just call it what it is: "Crapware." Libel is, after all, only prosecutable if the statements are false, right? And, libel also requires malice... Good points, though the crapmiesters have more than one avenue of approach here. (Also, the malice requirement in the US is for a "public official" or "public figure".)
OK, the time is now certainly past for what is left of the CRAPWARE Detection and Removal community to stop typing, set aside some time even from R&D, and pick up their phones, band together and develop strategies to deal with these scum pro-actively, both on a individual, and on a united front. Unfortunately, this will involve retaining council that is fully competent in this area.
NOW.
It's also way past time to start gathering and collating data on the total COSTS to people to deal with the results of this crapware. The anticrapware Forums themselves have a wealth of this data.
I hope this is well underway by this late, but not yet too late, point.
To do otherwise, seems to me, to increase the odds that the crapmeisters will prevail to an unpleasant degree.
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~** |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to salzan
said by salzan :Is there any legal definition of "spyware" for a lawsuit like this? Or is the public perception of the term enough to proceed? Maybe someone should patent the whole idea of spyware so as to create a definition that would hold up in court.
--
Boundlessly expands the sky and nothing stops the white clouds from freely flying about. |
|
