eburger68
Premium,MVM
join:2001-04-28
edit:
April 11th, @06:48PM
| Silencing the Critics: IBIS
Hi All:
Bill Pytlovany of WinPatrol has revealed that he received a Cease & Desist letter today from IBIS, makers of the IBIS toolbar (also known as Huntbar):
BillP Studios under attack
»castlecops.com/postt115875.html
Full text of the letter (w/ screenshots) is here:
»www.winpatrol.com/support/ibisthreat.pdf
You can read about IBIS and their software on these pages:
Doxdesk.com - Huntbar
»www.doxdesk.com/parasite/HuntBar.html
Pest Patrol - IBIS toolbar
»www3.ca.com/securityadvisor/pest···53077909
Pest Patrol - Huntbar
»www3.ca.com/securityadvisor/pest···53072528
SpywareGuide.com - Huntbar
»spywareguide.com/product_show.php?id=426
ISS X-Force - IBIS Toolbar
»xforce.iss.net/xforce/xfdb/14378
This threat against BillP Studios comes in the wake of flurry of threats from other adware/spyware vendors against the anti-spyware community, including DirectRevenue, iSearch/iDownload, Claria, and HotBar.
Ben Edelman has started documenting these threats on his web site:
Threats Against Spyware Detectors, Removers, and Critics
»www.benedelman.org/spyware/threats/
I will post more information about this situation as it becomes available.
Best,
Eric L. Howes
|
|
Kayrac
Premium
join:2001-09-29
Lee, NH | man and that wintools crap is such a bitch to remove to.......can't someone sue them or something, or just slap these people a few times? |
|
eburger68
Premium,MVM
join:2001-04-28
edit:
April 12th, @03:05AM
| reply to eburger68
Hi All:
One part of the letter from IBIS to BillP Studios that deserves special attention:
said by IBIS:
As you well know, LLC distributes a sophisticated toolbar on a consensual basis. The company does not allow any distribution for which the user is unaware and that does not require the affirmative consent of the user.
That is quite false. In fact, it is well known that installations of IBIS Toolbar/Huntbar occur without the full, knowing, and meaningful consent of the user. In fact, the Spazbox installations documented by Suzi of Spyware Warrior and XBlock install IBIS/Websearch with no little or no warning whatsoever ( »Anatomy of a Drive-by-Install ).
Users visiting the install site with Internet Explorer will be presented an ActiveX Security Warning for a program from CDT (deceptively labeled as a “Website Access” program from “6247971 Canada Inc). Users who know enough to click the link to read the EULA will be taken to this EULA page from Winadclient:
»eula.winadclient.com/general/
Notice that the CDT Winadclient EULA page already bears copyright and other information for 180solutions. That license page doesn't even present the full EULA for IBIS/Websearch -- it contains only a clickable link to the EULA:
»www.websearch.com/legal/terms.aspx
Only then will users find out about the functionality of the IBIS software:
said by IBIS EULA:
IMPACT OF SERVICE ON YOUR BROWSER AND COMPUTER
By installing the Service you understand and agree that the following changes may be made to your Internet Explorer browser and that the following functions may be performed by the Service: install a Search Toolbar in your browser which may (i) block certain pop-up ads and pages; (ii) display links to related websites and keywords based on the information you view and the websites you visit; (iii) store non-personally identifiable statistics of the websites you have visited; (iv) redirect certain URL's including your browser default address bar search, DNS error page and Search Button page to or through the Service; (v) on Windows X2 Service Pack 2 computers use Microsoft Firewall API to open communication ports IBIS uses in the toolbar to communicate with servers and; (vi) automatically update the Service and install added features or functionality conveniently without your input or interaction unless you have chose to be notified of such update in advance.
That EULA contains a link to the IBIS Privacy Policy, which provides still more details about the company's invasive data practices:
»www.websearch.com/legal/privacy.aspx
If users click through the innocuous-looking ActiveX Security Warning box (which, after all is digitally signed with a valid certificate), they will find IBIS/Websearch has been installed to their \Program Files\Common Files\Wintools directory.
That's the best of circumstances, mind you, and it is to be expected that most users who do click through the ActiveX Security Warning box will simply have no idea that they've consented to the installation of software from IBIS or what the functionality of that software is.
As Wayne Porter and Jan Hertens document, though, in some cases Internet Explorer users might not even see any warning or EULA whatsoever:
»www.spywareguide.com/articles/an···_72.html
In such cases, IBIS/Websearch will simply be installed with no attempt whatsoever to gain the user's consent.
Ben Edelman has documented another installation in which IBIS Toolbar was installed through a security exploit:
»www.benedelman.org/news/111804-1.html
On that page Ben offers a video of the installation.
What's so funny about the letter from IBIS to BillP Studios is that IBIS claims:
said by IBIS:
WinPatrol detects our products running processes WToolsA.exe and TBPS.exe and tries to disable them (see attached screenshots).
We believe your product was developed with clear intention of harming IBIS LLC and preventing it from distributing its applications to users and interfering with its business relationships.
Yet anyone actually familiar with WinPatrol won't be surprised to see what the screenshots reveal:
1. The first screenshot shows WinPatrol's "Startup" tab, which list IBIS WinTools (WToolsA.exe) and TBPS (TBPS.exe) along with other programs such as TrojanScanner, SpyBlocker, and WinPatrol itself. In other words, it's simply a list of non-Microsoft programs configured to start automatically with Windows.
2. The second screenshot shows WinPatrol's "IE Helpers" tab, which list installed IE browser add-ons (BHOs and toolbars), including IBIS WToolsB.dll, several add-ons from Symantec NAV, SDHelper.dll (Spyware Doctor), and two unidentified toolbar.dll files.
3. The third screenshot simply shows WinPatrol's "Active Tasks" tab, which provides a task list of running programs, including IBIS programs as well as standard Windows programs such as Wowexec.exe and Explorer.exe.
That's it. That's what IBIS claims as evidence of "clear intention of harming IBIS LLC and preventing it from distributing its applications to users and interfering with its business relationships" -- a program that lists startup programs, browser add-ons, and running tasks. WinPatrol doesn't so much as identify IBIS on those tabbed pages or even comment on the programs. It simply provides users lists of installed and/or running components of one type or another.
IBIS might as well sue Microsoft itself for creating such clearly devious and malicious programs as the Windows Task List (which, god knows, victims might use to stop IBIS programs from running), the MSConfig configuration management program (which MS must have designed in order to allow users to prevent IBIS programs from running at Startup), the Downloaded Program Files directory (which can be used to uninstall IBIS ActiveX controls), and the Internet Explorer menu/toolbar controls, which allow users to (horrors!) disable certain toolbars from displaying.
I must confess that I've been most puzzled by some of the threats issued by adware vendors lately. iSearch/iDownload threatened Suzi of Spyware Warrior, for example, when its programs weren't even discussed in her blog (the only mention was in summaries of updates to Ad-aware). Hotbar threatened CloudEight over non-existent content on their site, ordering them to "cease and decease" from bad-mouthing Hotbar's software:
»thundercloud.net/infoave/truth-rant.htm
»thundercloud.net/infoave/images/···onse.htm
And, of course, DirectRevenue threatened me over the information provided about its MyPCTuneup uninstaller on the Rogue/Suspect page, claiming that I was "misinforming" users without ever once pointing to an erroneous statement.
Just what is going on here? Are these folks truly as clueless and incompetent as they seem, or do they just not care about the truth? (Or do I already know the answer to that question?)
Eric L. Howes |
|
BillPStudios
Premium
join:2004-04-16
Scotia, NY
| reply to eburger68
Thanks for your support Eric.
As you know as a small developer we can't afford to spend our time in court. What I find interesting is IBIS can pay for attorneys but didn't bother to pay the $19.95 Plus upgrade. If they had, they would read what we really think of their products.
Our free WinPatrol program makes no judgments as to the nature of a program. As our users request, we notify them when new programs have been installed without their knowledge. It just turns out that IBIS's programs apparently has a habit of doing this. We allow users to make their own judgments.
We don't have or need any kind of vendor appeal process so nothing will change on our end.
Bill Pytlovany
BillP Studios
One last note, contrary to their zip code database used in their letter, BillP Studios is located in Scotia NY, not Schenectady. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Webmasters and Dev..
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
| said by BillPStudios  :Thanks for your support Eric. As you know as a small developer we can't afford to spend our time in court. When will EFF or someone step up with a vendor defense fund for this kind of nastiness? |
|
Zhen-Xjell
Prolific Bunny
Premium,ExMod 2001-04
join:2000-10-08
Bordentown, NJ
clubs: 
edit:
April 11th, @09:52PM
| EFF has stepped up in the past, more recently the Apple intellectual property court cases.
However, I've just now put this up on the front page Eric and Bill:
»castlecops.com/article-5891-nested-0-0.html
We need to teach these folks we're not bending, nor weaving. We're doing the right ethical thing.
--
Lee Ho Fook's
Microsoft MVP Windows-Security 2005 |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T DSL Service
 ·Charter Pipeline
| reply to eburger68
As long as there are any anti-spyware vendors who bow to pressure from the adware companies there will be this type of legal harassment. We need to show our strong support for those companies like WinPatrol that do not buckle.
Thanks again, Eric for keeping us informed.
--
God put me on this Earth to accomplish a certain number of things. Right now, I am so far behind I will never die. |
|
Betaflye
Premium
join:2005-04-08
Canada | reply to eburger68
Thanks for keeping us informed, it's sad when companies can pressure the fine folk who help people by providing information about scumware. One can only hope it's a trend that doesn't continue in the future. |
|
suzi
Premium
join:2004-05-01
| reply to eburger68
I've blogged this here:
»netrn.net/spywareblog/archives/2···tacking/
Justin wrote:
quote:
When will EFF or someone step up with a vendor defense fund for this kind of nastiness?
Yes, there are resources available including legal advice. This site is good, too:
»chillingeffects.org
There are links the to the law schools at UC Berkley and UCSF. Both have resources available to help, though not financially but with guidance and contacts.
Since I was threated by iDownload, I've received offers of pro bono help from 3 different attorneys.
--
aka Suzi, Spyware Warrior |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T DSL Service
·Charter Pipeline
| said by suzi :I've blogged this here: » netrn.net/spywareblog/archives/2···tacking/Justin wrote: quote:
When will EFF or someone step up with a vendor defense fund for this kind of nastiness?
Yes, there are resources available including legal advice. This site is good, too: » chillingeffects.orgThere are links the to the law schools at UC Berkley and UCSF. Both have resources available to help, though not financially but with guidance and contacts. Since I was threated by iDownload, I've received offers of pro bono help from 3 different attorneys. It's good to know that there is help available and that there are attorneys stepping up to provide legal assistance.
--
God put me on this Earth to accomplish a certain number of things. Right now, I am so far behind I will never die. |
|
BonezX
Basement Dweller
Premium
join:2004-04-13
Canada
| reply to eburger68
if these people(spyware crapware) are basically selling you a fake of a program, why aren't they arrested ?
there are people selling fake watches in plain sight, but they aren't arrested.
this looks like it has to do with the companies knowing they can get away with spoofing/faking/selling information because the police and government won't do anything about them, but will actually allow them to go after companies that are working for the betterment of the average(sub average) computer user. |
|
bedelman
Premium
join:2004-06-20
Cambridge, MA
| reply to eburger68
Eric asked: "Are these folks truly as clueless and incompetent as they seem?"
My sense is that most spyware firms aren't generally spending the money to hire top-notch attorneys to rigorously conduct research and letter-writing. More likely, the folks are overworked, hurried, and (most importantly) lacking in a full understanding of these technologies. So much the better for those who receive the demand letters and threats -- it means the demands are more likely to be vague, overstated, or nonsensical.
As to the EFF: I wouldn't count on them for assistance on spyware issues. Recall that the EFF has spoken out in support of Gator, see »www.eff.org/IP/gator/ . Apparently the EFF thinks about Gator as if users had intentionally chosen to run Gator, or as if users actually want Gator. In contrast, those of us with actual knowledge of Gator understand that it's a rare user who requested Gator or who knowingly and with full information accepted its installation. |
|
BillPStudios
Premium
join:2004-04-16
Scotia, NY
| reply to eburger68
What surprises me is we haven't seen more class action suits against these companies. We all know folks who have spent hours if not days trying to clean up their systems. I frequently hear from folks after they end up formatting their drives. The folks we do help are so grateful, we had one who wanted to tattoo our Scotty logo on his arm.
We have seen one recently »Direct Revenue Class Action but I would love to see more. Even if the lawyers get all the settlement it will still teach them a lessen and keep them occupied.
Bill |
|
thedip
join:2001-02-09
Beaver Falls, PA
| Hey Bill, I love WinPatrol, I use the plus version, and recommend it to friends. When I first saw its functionality I thought, 'this is one app that no crapware company can say is targeting them with detections (like ss&d, adaware,etc).' I would have never thought that one would come up with such a ludicrous claim as IBIS has. Just goes to show how desperate they are getting. |
|
seafsee
join:2004-09-13
| reply to eburger68
Since so many wind up putting money into the hands of malware producers accidentally by being seduced into possibly buying a bad program, or by a drive-by download, computer users can make a statement by supporting the products they find useful and enjoy.
This extends to supporting the forums where they spend the most time. Freeware is wonderful. If you want to win the fight, you got to back the folks in the trenches.
Try hitting that PayPal button and getting a premium membership, or sending $10 for that freeware that yanked your rear end out of crapware hell |
|
starjax
join:2005-04-12
Dallas, TX
| reply to eburger68
With all of the documentation present not only do we have sufficient evidence for legislation, but enough for several class action lawsuits. For example I spend 4 hour a day either at work, for personal clients, or through various forums helping people remove spyware/adware/malware from their systems. 4x5x$100=20,000 in direct costs spent. What if this causes valuable r&d date to be lost, or a doctors pc to loose pertinent patient data, then the cost becomes very high indeed.
I keep asking myself, why can't we update the RICO laws so we can go after all of these.... evil doers? I mean they are conducting themselves in a manner that defrauds the consumer, their own clients, as well as mail fraud. Not to mention that in many cases that botnets (distribution partners) are spreading phishing scams, spam mail, and malware all at the same time. This is well documented at honeypot.org.
Bravo to all of you for "banding together" to fight the evil. I highly respect you all for your efforts. |
|
RandallPod
join:2004-02-07
Starkville, MS
| reply to BillPStudios
I've been wondering the same thing, concerning suits against the malware vendors, for some time now as well.
Something else that seems to me would be a good idea, would be to have a survey on some site(s) where a user could provide information concerning their personal experiences regarding these so-called "useful" programs. Perhaps asking questions along the lines:
What program is it?
Were you aware it had been installed?
Did you want this program?
What were the positive effects of this program?
What were the negative effects of this program?
If you uninstalled this program, how difficult was it?
Did you require help with the uninstallation?
How much time did you and/or others spend removing this program?
Then ask anyone that you help with removal of any adware/spyware to go take the survey.
Seems to me something like this might be a pretty potent weapon in a legal defense against these lawsuits, perhaps even a counter suit.
Just my 2 copper coins. |
|
gracie
Geek Goddess
Premium
join:2003-07-15
confusion
| reply to BillPStudios
said by BillPStudios :Thanks for your support Eric. indeed, and know that you have the very vocal support of a lot of us in the position of often recommending (and, conversely, warning against) products. this is a disturbing trend, and kudos for not caving!
you probably don't remember but my partner and you had a long discussion back a few years about the security of the gateway keyboard thingie  ; we both are rooting for you! let us know any further way we can help.
those of us who rely on anti-malware programs have a vested interest in keeping them as clean and "pressure-resistant" as possible!
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
simplysup
Premium
join:2004-03-30
UK
| reply to eburger68
IBIS have now turned their attention to us as well - here's the letter I received today:
»www.simplysup.com/tremover/ibis.jpg
I'm now considering my reply - any lawyers with knowledge of UK law out there? 
Needless to say, I shall not be removing detection.
--
Nigel |
|
bedelman
Premium
join:2004-06-20
Cambridge, MA
| Simplysup, I have added your report to my Threats page. »www.benedelman.org/spyware/threats
I may have occasion in the coming days to prepare some comprehensive analysis of IBIS, e.g. documenting installations with limited or no user consent and/or documenting other problematic practices. If so, I'll be sure to post a link in this thread. |
|
