dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8625
eburger68
Premium Member
join:2001-04-28

2 edits

1 recommendation

eburger68

Premium Member

Silencing the Critics: IBIS

Hi All:

Bill Pytlovany of WinPatrol has revealed that he received a Cease & Desist letter today from IBIS, makers of the IBIS toolbar (also known as Huntbar):

BillP Studios under attack
»castlecops.com/postt115875.html

Full text of the letter (w/ screenshots) is here:

»www.winpatrol.com/suppor ··· reat.pdf

You can read about IBIS and their software on these pages:

Doxdesk.com - Huntbar
»www.doxdesk.com/parasite ··· Bar.html

Pest Patrol - IBIS toolbar
»www3.ca.com/securityadvi ··· 53077909

Pest Patrol - Huntbar
»www3.ca.com/securityadvi ··· 53072528

SpywareGuide.com - Huntbar
»spywareguide.com/product ··· p?id=426

ISS X-Force - IBIS Toolbar
»xforce.iss.net/xforce/xfdb/14378

This threat against BillP Studios comes in the wake of flurry of threats from other adware/spyware vendors against the anti-spyware community, including DirectRevenue, iSearch/iDownload, Claria, and HotBar.

Ben Edelman has started documenting these threats on his web site:

Threats Against Spyware Detectors, Removers, and Critics
»www.benedelman.org/spywa ··· threats/

I will post more information about this situation as it becomes available.

Best,

Eric L. Howes


BKayrac
Premium Member
join:2001-09-29

BKayrac

Premium Member

man and that wintools crap is such a bitch to remove to.......can't someone sue them or something, or just slap these people a few times?
eburger68
Premium Member
join:2001-04-28

4 edits

1 recommendation

eburger68

Premium Member

Hi All:

One part of the letter from IBIS to BillP Studios that deserves special attention:
said by IBIS:
As you well know, LLC distributes a sophisticated toolbar on a consensual basis. The company does not allow any distribution for which the user is unaware and that does not require the affirmative consent of the user.
That is quite false. In fact, it is well known that installations of IBIS Toolbar/Huntbar occur without the full, knowing, and meaningful consent of the user. In fact, the Spazbox installations documented by Suzi of Spyware Warrior and XBlock install IBIS/Websearch with no little or no warning whatsoever ( »Anatomy of a Drive-by-Install ).

Users visiting the install site with Internet Explorer will be presented an ActiveX Security Warning for a program from CDT (deceptively labeled as a “Website Access” program from “6247971 Canada Inc). Users who know enough to click the link to read the EULA will be taken to this EULA page from Winadclient:

»eula.winadclient.com/general/

Notice that the CDT Winadclient EULA page already bears copyright and other information for 180solutions. That license page doesn't even present the full EULA for IBIS/Websearch -- it contains only a clickable link to the EULA:

»www.websearch.com/legal/ ··· rms.aspx

Only then will users find out about the functionality of the IBIS software:
said by IBIS EULA:
IMPACT OF SERVICE ON YOUR BROWSER AND COMPUTER

By installing the Service you understand and agree that the following changes may be made to your Internet Explorer browser and that the following functions may be performed by the Service: install a Search Toolbar in your browser which may (i) block certain pop-up ads and pages; (ii) display links to related websites and keywords based on the information you view and the websites you visit; (iii) store non-personally identifiable statistics of the websites you have visited; (iv) redirect certain URL's including your browser default address bar search, DNS error page and Search Button page to or through the Service; (v) on Windows X2 Service Pack 2 computers use Microsoft Firewall API to open communication ports IBIS uses in the toolbar to communicate with servers and; (vi) automatically update the Service and install added features or functionality conveniently without your input or interaction unless you have chose to be notified of such update in advance.
That EULA contains a link to the IBIS Privacy Policy, which provides still more details about the company's invasive data practices:

»www.websearch.com/legal/ ··· acy.aspx

If users click through the innocuous-looking ActiveX Security Warning box (which, after all is digitally signed with a valid certificate), they will find IBIS/Websearch has been installed to their \Program Files\Common Files\Wintools directory.

That's the best of circumstances, mind you, and it is to be expected that most users who do click through the ActiveX Security Warning box will simply have no idea that they've consented to the installation of software from IBIS or what the functionality of that software is.

As Wayne Porter and Jan Hertens document, though, in some cases Internet Explorer users might not even see any warning or EULA whatsoever:

»www.spywareguide.com/art ··· _72.html

In such cases, IBIS/Websearch will simply be installed with no attempt whatsoever to gain the user's consent.

Ben Edelman has documented another installation in which IBIS Toolbar was installed through a security exploit:

»www.benedelman.org/news/ ··· 4-1.html

On that page Ben offers a video of the installation.

What's so funny about the letter from IBIS to BillP Studios is that IBIS claims:
said by IBIS:
WinPatrol detects our products running processes WToolsA.exe and TBPS.exe and tries to disable them (see attached screenshots).

We believe your product was developed with clear intention of harming IBIS LLC and preventing it from distributing its applications to users and interfering with its business relationships.
Yet anyone actually familiar with WinPatrol won't be surprised to see what the screenshots reveal:

1. The first screenshot shows WinPatrol's "Startup" tab, which list IBIS WinTools (WToolsA.exe) and TBPS (TBPS.exe) along with other programs such as TrojanScanner, SpyBlocker, and WinPatrol itself. In other words, it's simply a list of non-Microsoft programs configured to start automatically with Windows.

2. The second screenshot shows WinPatrol's "IE Helpers" tab, which list installed IE browser add-ons (BHOs and toolbars), including IBIS WToolsB.dll, several add-ons from Symantec NAV, SDHelper.dll (Spyware Doctor), and two unidentified toolbar.dll files.

3. The third screenshot simply shows WinPatrol's "Active Tasks" tab, which provides a task list of running programs, including IBIS programs as well as standard Windows programs such as Wowexec.exe and Explorer.exe.

That's it. That's what IBIS claims as evidence of "clear intention of harming IBIS LLC and preventing it from distributing its applications to users and interfering with its business relationships" -- a program that lists startup programs, browser add-ons, and running tasks. WinPatrol doesn't so much as identify IBIS on those tabbed pages or even comment on the programs. It simply provides users lists of installed and/or running components of one type or another.

IBIS might as well sue Microsoft itself for creating such clearly devious and malicious programs as the Windows Task List (which, god knows, victims might use to stop IBIS programs from running), the MSConfig configuration management program (which MS must have designed in order to allow users to prevent IBIS programs from running at Startup), the Downloaded Program Files directory (which can be used to uninstall IBIS ActiveX controls), and the Internet Explorer menu/toolbar controls, which allow users to (horrors!) disable certain toolbars from displaying.

I must confess that I've been most puzzled by some of the threats issued by adware vendors lately. iSearch/iDownload threatened Suzi of Spyware Warrior, for example, when its programs weren't even discussed in her blog (the only mention was in summaries of updates to Ad-aware). Hotbar threatened CloudEight over non-existent content on their site, ordering them to "cease and decease" from bad-mouthing Hotbar's software:

»thundercloud.net/infoave ··· rant.htm
»thundercloud.net/infoave ··· onse.htm

And, of course, DirectRevenue threatened me over the information provided about its MyPCTuneup uninstaller on the Rogue/Suspect page, claiming that I was "misinforming" users without ever once pointing to an erroneous statement.

Just what is going on here? Are these folks truly as clueless and incompetent as they seem, or do they just not care about the truth? (Or do I already know the answer to that question?)

Eric L. Howes

BillPStudios
Premium Member
join:2004-04-16
Scotia, NY

BillPStudios to eburger68

Premium Member

to eburger68
Thanks for your support Eric.

As you know as a small developer we can't afford to spend our time in court. What I find interesting is IBIS can pay for attorneys but didn't bother to pay the $19.95 Plus upgrade. If they had, they would read what we really think of their products.

Our free WinPatrol program makes no judgments as to the nature of a program. As our users request, we notify them when new programs have been installed without their knowledge. It just turns out that IBIS's programs apparently has a habit of doing this. We allow users to make their own judgments.

We don't have or need any kind of vendor appeal process so nothing will change on our end.

Bill Pytlovany
BillP Studios

One last note, contrary to their zip code database used in their letter, BillP Studios is located in Scotia NY, not Schenectady.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

said by BillPStudios:

Thanks for your support Eric.

As you know as a small developer we can't afford to spend our time in court.
When will EFF or someone step up with a vendor defense fund for this kind of nastiness?

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

1 edit

Zhen-Xjell

EFF has stepped up in the past, more recently the Apple intellectual property court cases.

However, I've just now put this up on the front page Eric and Bill:

»castlecops.com/article-5 ··· 0-0.html

We need to teach these folks we're not bending, nor weaving. We're doing the right ethical thing.

mers2
Premium Member
join:2004-03-20
USA

mers2 to eburger68

Premium Member

to eburger68
As long as there are any anti-spyware vendors who bow to pressure from the adware companies there will be this type of legal harassment. We need to show our strong support for those companies like WinPatrol that do not buckle.

Thanks again, Eric for keeping us informed.
Betaflye
Premium Member
join:2005-04-08
Canada

Betaflye to eburger68

Premium Member

to eburger68
Thanks for keeping us informed, it's sad when companies can pressure the fine folk who help people by providing information about scumware. One can only hope it's a trend that doesn't continue in the future.
suzi5
Premium Member
join:2004-05-01

suzi5 to eburger68

Premium Member

to eburger68
I've blogged this here:

»netrn.net/spywareblog/ar ··· tacking/

Justin wrote:
quote:
When will EFF or someone step up with a vendor defense fund for this kind of nastiness?
Yes, there are resources available including legal advice. This site is good, too:

»chillingeffects.org

There are links the to the law schools at UC Berkley and UCSF. Both have resources available to help, though not financially but with guidance and contacts.

Since I was threated by iDownload, I've received offers of pro bono help from 3 different attorneys.

mers2
Premium Member
join:2004-03-20
USA

mers2

Premium Member

said by suzi5:

I've blogged this here:

»netrn.net/spywareblog/ar ··· tacking/

Justin wrote:
quote:
When will EFF or someone step up with a vendor defense fund for this kind of nastiness?
Yes, there are resources available including legal advice. This site is good, too:

»chillingeffects.org

There are links the to the law schools at UC Berkley and UCSF. Both have resources available to help, though not financially but with guidance and contacts.

Since I was threated by iDownload, I've received offers of pro bono help from 3 different attorneys.
It's good to know that there is help available and that there are attorneys stepping up to provide legal assistance.

BonezX
Basement Dweller
Premium Member
join:2004-04-13
Canada

BonezX to eburger68

Premium Member

to eburger68
if these people(spyware crapware) are basically selling you a fake of a program, why aren't they arrested ?

there are people selling fake watches in plain sight, but they aren't arrested.

this looks like it has to do with the companies knowing they can get away with spoofing/faking/selling information because the police and government won't do anything about them, but will actually allow them to go after companies that are working for the betterment of the average(sub average) computer user.
bedelman0
Premium Member
join:2004-06-20
Cambridge, MA

bedelman0 to eburger68

Premium Member

to eburger68
Eric asked: "Are these folks truly as clueless and incompetent as they seem?"

My sense is that most spyware firms aren't generally spending the money to hire top-notch attorneys to rigorously conduct research and letter-writing. More likely, the folks are overworked, hurried, and (most importantly) lacking in a full understanding of these technologies. So much the better for those who receive the demand letters and threats -- it means the demands are more likely to be vague, overstated, or nonsensical.

As to the EFF: I wouldn't count on them for assistance on spyware issues. Recall that the EFF has spoken out in support of Gator, see »www.eff.org/IP/gator/ . Apparently the EFF thinks about Gator as if users had intentionally chosen to run Gator, or as if users actually want Gator. In contrast, those of us with actual knowledge of Gator understand that it's a rare user who requested Gator or who knowingly and with full information accepted its installation.

BillPStudios
Premium Member
join:2004-04-16
Scotia, NY

BillPStudios to eburger68

Premium Member

to eburger68
What surprises me is we haven't seen more class action suits against these companies. We all know folks who have spent hours if not days trying to clean up their systems. I frequently hear from folks after they end up formatting their drives. The folks we do help are so grateful, we had one who wanted to tattoo our Scotty logo on his arm.

We have seen one recently »Direct Revenue Class Action but I would love to see more. Even if the lawyers get all the settlement it will still teach them a lessen and keep them occupied.

Bill
thedip
join:2001-02-09
Beaver Falls, PA

thedip

Member

Hey Bill, I love WinPatrol, I use the plus version, and recommend it to friends. When I first saw its functionality I thought, 'this is one app that no crapware company can say is targeting them with detections (like ss&d, adaware,etc).' I would have never thought that one would come up with such a ludicrous claim as IBIS has. Just goes to show how desperate they are getting.
seafsee
join:2004-09-13

seafsee to eburger68

Member

to eburger68
Since so many wind up putting money into the hands of malware producers accidentally by being seduced into possibly buying a bad program, or by a drive-by download, computer users can make a statement by supporting the products they find useful and enjoy.

This extends to supporting the forums where they spend the most time. Freeware is wonderful. If you want to win the fight, you got to back the folks in the trenches.

Try hitting that PayPal button and getting a premium membership, or sending $10 for that freeware that yanked your rear end out of crapware hell
starjax
join:2005-04-12
Dallas, TX

starjax to eburger68

Member

to eburger68
With all of the documentation present not only do we have sufficient evidence for legislation, but enough for several class action lawsuits. For example I spend 4 hour a day either at work, for personal clients, or through various forums helping people remove spyware/adware/malware from their systems. 4x5x$100=20,000 in direct costs spent. What if this causes valuable r&d date to be lost, or a doctors pc to loose pertinent patient data, then the cost becomes very high indeed.

I keep asking myself, why can't we update the RICO laws so we can go after all of these.... evil doers? I mean they are conducting themselves in a manner that defrauds the consumer, their own clients, as well as mail fraud. Not to mention that in many cases that botnets (distribution partners) are spreading phishing scams, spam mail, and malware all at the same time. This is well documented at honeypot.org.

Bravo to all of you for "banding together" to fight the evil. I highly respect you all for your efforts.

RandallPod
join:2004-02-07
Starkville, MS

RandallPod to BillPStudios

Member

to BillPStudios
I've been wondering the same thing, concerning suits against the malware vendors, for some time now as well.

Something else that seems to me would be a good idea, would be to have a survey on some site(s) where a user could provide information concerning their personal experiences regarding these so-called "useful" programs. Perhaps asking questions along the lines:

What program is it?
Were you aware it had been installed?
Did you want this program?
What were the positive effects of this program?
What were the negative effects of this program?
If you uninstalled this program, how difficult was it?
Did you require help with the uninstallation?
How much time did you and/or others spend removing this program?

Then ask anyone that you help with removal of any adware/spyware to go take the survey.

Seems to me something like this might be a pretty potent weapon in a legal defense against these lawsuits, perhaps even a counter suit.

Just my 2 copper coins.

gracie7
Geek Goddess
Premium Member
join:2003-07-15
confusion

gracie7 to BillPStudios

Premium Member

to BillPStudios
said by BillPStudios:

Thanks for your support Eric.
indeed, and know that you have the very vocal support of a lot of us in the position of often recommending (and, conversely, warning against) products. this is a disturbing trend, and kudos for not caving!

you probably don't remember but my partner and you had a long discussion back a few years about the security of the gateway keyboard thingie ; we both are rooting for you! let us know any further way we can help.

those of us who rely on anti-malware programs have a vested interest in keeping them as clean and "pressure-resistant" as possible!

simplysup
Premium Member
join:2004-03-30
UK

simplysup to eburger68

Premium Member

to eburger68
IBIS have now turned their attention to us as well - here's the letter I received today:

»www.simplysup.com/tremov ··· ibis.jpg

I'm now considering my reply - any lawyers with knowledge of UK law out there?

Needless to say, I shall not be removing detection.
bedelman0
Premium Member
join:2004-06-20
Cambridge, MA

bedelman0

Premium Member

Simplysup, I have added your report to my Threats page. »www.benedelman.org/spywa ··· /threats

I may have occasion in the coming days to prepare some comprehensive analysis of IBIS, e.g. documenting installations with limited or no user consent and/or documenting other problematic practices. If so, I'll be sure to post a link in this thread.
Goldengamego
Premium Member
join:2004-02-22
Okemos, MI

1 edit

Goldengamego to BillPStudios

Premium Member

to BillPStudios
said by BillPStudios:

Thanks for your support Eric.

As you know as a small developer we can't afford to spend our time in court. What I find interesting is IBIS can pay for attorneys but didn't bother to pay the $19.95 Plus upgrade. If they had, they would read what we really think of their products.

Our free WinPatrol program makes no judgments as to the nature of a program. As our users request, we notify them when new programs have been installed without their knowledge. It just turns out that IBIS's programs apparently has a habit of doing this. We allow users to make their own judgments.

We don't have or need any kind of vendor appeal process so nothing will change on our end.

Bill Pytlovany
BillP Studios

One last note, contrary to their zip code database used in their letter, BillP Studios is located in Scotia NY, not Schenectady.
never mind I should fix my glasses

simplysup
Premium Member
join:2004-03-30
UK

simplysup to bedelman0

Premium Member

to bedelman0
said by bedelman0:

Simplysup, I have added your report to my Threats page. »www.benedelman.org/spywa ··· /threats
Thanks Ben. I was going to mail you with the details, so that you could add the report to your Threats page, but now I don't need to

BillPStudios
Premium Member
join:2004-04-16
Scotia, NY

BillPStudios to simplysup

Premium Member

to simplysup
Hi Nigel,

In a way I'm glad to see that we're not alone in getting these letters. Our 2nd letter
»www.winpatrol.com/suppor ··· eat2.pdf
came from the same Czech office as yours.

In your case, they at least seem to be familiar with your software. WinPatrol doesn't do any of the things they mention in their letter to us. All they did was show screen shots showing their applications and other programs they use to protect themselves from their own apps.

We're treating this as a form letter sent to companies hoping to scare them into submission. We have not responded and don't expect too. I think they already know they're wrong and I don't need to remind them.

Thanks,
Bill

ahulett
Premium Member
join:2003-02-02
Little Elm, TX

ahulett to eburger68

Premium Member

to eburger68
I wonder if they sent a letter to Microsoft. After all, Task Manager lists those running processes, and we can't have that!!!

EGeezer
Premium Member
join:2002-08-04
Midwest

2 edits

EGeezer to eburger68

Premium Member

to eburger68

Licensing terms

You know, I wonder if anti-crapware vendors/providers put the same language about possible removal and disabling of other software in their license terms, would that be a helpful protection?

The crapware vendors have been using the EULA as a defense, and it seems that careful construction of the EULA would make it difficult for crapware vendors to blast away at vendors whose terms claim essentially the same rights as the crapware vendors.

For example, pulling and customizing a quote from some terms posted above;
said by possible sample:
By installing you understand and agree that changes may be made to your browser and system and that the following functions may be performed by (insert crapware removal product here): install an application which may (i) block certain pop-up ads and pages; (ii) block some programs from providing links to related websites and keywords that were presented based on the information you view and the websites you visit; (iii) block the storing and transmission of statistics of the websites you have visited; (iv) Block the redirect of certain URL's including your browser default address bar search, DNS error page and Search Button page to or through some other services or applications; (v) on Windows X2 Service Pack 2 computers block the use of Microsoft Firewall APIs to open communication ports some applications use in the toolbar to communicate with some servers and; (vi) block the automatic update of certain programs or applications that may install added features or functionality without your input or interaction.

You further agree that by installing this program that you are rescinding any EULA agreement with any application that may be disabled or removed.

Basically, you're taking the same language and using the same "rights" that the crapware vendors claim - that is, to notify by EULA that your anticrapware application may cause some other programs to quit functioning. This then becomes the USER's informed choice if they click "yes".

The last paragraph would provide confirmation of a direct desire of the user to no longer agree to the terms of the crapware, creating a firm legal condition that would allow the program and the user to remove the crapware.

Lawyers, what do you think?