republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Silencing the Critics: IBIS
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
IPs From China »
« msn suprise  
AuthorAll Replies

eburger68
Premium,MVM
join:2001-04-28

4 edits		reply to eburger68
Re: Silencing the Critics: IBIS

Hi All:

One part of the letter from IBIS to BillP Studios that deserves special attention:

said by IBIS:
As you well know, LLC distributes a sophisticated toolbar on a consensual basis. The company does not allow any distribution for which the user is unaware and that does not require the affirmative consent of the user.
That is quite false. In fact, it is well known that installations of IBIS Toolbar/Huntbar occur without the full, knowing, and meaningful consent of the user. In fact, the Spazbox installations documented by Suzi of Spyware Warrior and XBlock install IBIS/Websearch with no little or no warning whatsoever ( »Anatomy of a Drive-by-Install ).

Users visiting the install site with Internet Explorer will be presented an ActiveX Security Warning for a program from CDT (deceptively labeled as a “Website Access” program from “6247971 Canada Inc). Users who know enough to click the link to read the EULA will be taken to this EULA page from Winadclient:

»eula.winadclient.com/general/

Notice that the CDT Winadclient EULA page already bears copyright and other information for 180solutions. That license page doesn't even present the full EULA for IBIS/Websearch -- it contains only a clickable link to the EULA:

»www.websearch.com/legal/terms.aspx

Only then will users find out about the functionality of the IBIS software:

said by IBIS EULA:
IMPACT OF SERVICE ON YOUR BROWSER AND COMPUTER

By installing the Service you understand and agree that the following changes may be made to your Internet Explorer browser and that the following functions may be performed by the Service: install a Search Toolbar in your browser which may (i) block certain pop-up ads and pages; (ii) display links to related websites and keywords based on the information you view and the websites you visit; (iii) store non-personally identifiable statistics of the websites you have visited; (iv) redirect certain URL's including your browser default address bar search, DNS error page and Search Button page to or through the Service; (v) on Windows X2 Service Pack 2 computers use Microsoft Firewall API to open communication ports IBIS uses in the toolbar to communicate with servers and; (vi) automatically update the Service and install added features or functionality conveniently without your input or interaction unless you have chose to be notified of such update in advance.
That EULA contains a link to the IBIS Privacy Policy, which provides still more details about the company's invasive data practices:

»www.websearch.com/legal/privacy.aspx

If users click through the innocuous-looking ActiveX Security Warning box (which, after all is digitally signed with a valid certificate), they will find IBIS/Websearch has been installed to their \Program Files\Common Files\Wintools directory.

That's the best of circumstances, mind you, and it is to be expected that most users who do click through the ActiveX Security Warning box will simply have no idea that they've consented to the installation of software from IBIS or what the functionality of that software is.

As Wayne Porter and Jan Hertens document, though, in some cases Internet Explorer users might not even see any warning or EULA whatsoever:

»www.spywareguide.com/articles/an···_72.html

In such cases, IBIS/Websearch will simply be installed with no attempt whatsoever to gain the user's consent.

Ben Edelman has documented another installation in which IBIS Toolbar was installed through a security exploit:

»www.benedelman.org/news/111804-1.html

On that page Ben offers a video of the installation.

What's so funny about the letter from IBIS to BillP Studios is that IBIS claims:

said by IBIS:
WinPatrol detects our products running processes WToolsA.exe and TBPS.exe and tries to disable them (see attached screenshots).

We believe your product was developed with clear intention of harming IBIS LLC and preventing it from distributing its applications to users and interfering with its business relationships.
Yet anyone actually familiar with WinPatrol won't be surprised to see what the screenshots reveal:

1. The first screenshot shows WinPatrol's "Startup" tab, which list IBIS WinTools (WToolsA.exe) and TBPS (TBPS.exe) along with other programs such as TrojanScanner, SpyBlocker, and WinPatrol itself. In other words, it's simply a list of non-Microsoft programs configured to start automatically with Windows.

2. The second screenshot shows WinPatrol's "IE Helpers" tab, which list installed IE browser add-ons (BHOs and toolbars), including IBIS WToolsB.dll, several add-ons from Symantec NAV, SDHelper.dll (Spyware Doctor), and two unidentified toolbar.dll files.

3. The third screenshot simply shows WinPatrol's "Active Tasks" tab, which provides a task list of running programs, including IBIS programs as well as standard Windows programs such as Wowexec.exe and Explorer.exe.

That's it. That's what IBIS claims as evidence of "clear intention of harming IBIS LLC and preventing it from distributing its applications to users and interfering with its business relationships" -- a program that lists startup programs, browser add-ons, and running tasks. WinPatrol doesn't so much as identify IBIS on those tabbed pages or even comment on the programs. It simply provides users lists of installed and/or running components of one type or another.

IBIS might as well sue Microsoft itself for creating such clearly devious and malicious programs as the Windows Task List (which, god knows, victims might use to stop IBIS programs from running), the MSConfig configuration management program (which MS must have designed in order to allow users to prevent IBIS programs from running at Startup), the Downloaded Program Files directory (which can be used to uninstall IBIS ActiveX controls), and the Internet Explorer menu/toolbar controls, which allow users to (horrors!) disable certain toolbars from displaying.

I must confess that I've been most puzzled by some of the threats issued by adware vendors lately. iSearch/iDownload threatened Suzi of Spyware Warrior, for example, when its programs weren't even discussed in her blog (the only mention was in summaries of updates to Ad-aware). Hotbar threatened CloudEight over non-existent content on their site, ordering them to "cease and decease" from bad-mouthing Hotbar's software:

»thundercloud.net/infoave/truth-rant.htm
»thundercloud.net/infoave/images/···onse.htm

And, of course, DirectRevenue threatened me over the information provided about its MyPCTuneup uninstaller on the Rogue/Suspect page, claiming that I was "misinforming" users without ever once pointing to an erroneous statement.

Just what is going on here? Are these folks truly as clueless and incompetent as they seem, or do they just not care about the truth? (Or do I already know the answer to that question?)

Eric L. Howes
to forum · permalink · · 2005-04-11 19:55:02 · Reply to this

bedelman
Premium
join:2004-06-20
Cambridge, MA

 Eric asked: "Are these folks truly as clueless and incompetent as they seem?"

My sense is that most spyware firms aren't generally spending the money to hire top-notch attorneys to rigorously conduct research and letter-writing. More likely, the folks are overworked, hurried, and (most importantly) lacking in a full understanding of these technologies. So much the better for those who receive the demand letters and threats -- it means the demands are more likely to be vague, overstated, or nonsensical.

As to the EFF: I wouldn't count on them for assistance on spyware issues. Recall that the EFF has spoken out in support of Gator, see »www.eff.org/IP/gator/ . Apparently the EFF thinks about Gator as if users had intentionally chosen to run Gator, or as if users actually want Gator. In contrast, those of us with actual knowledge of Gator understand that it's a rare user who requested Gator or who knowingly and with full information accepted its installation.
to forum · permalink · · 2005-04-12 01:42:14 · Reply to this
Forums » Up and Running » Security » SecurityIPs From China »
« msn suprise  

Monday, 09-Nov 20:31:51 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [68] VoIP Over 3G Still Not Working For iPhone
· [64] Verizon Keeps Swinging At AT&T
· [32] Bill Would Force ISPs To Block Financial Scams
· [17] Mediacom Hints At 50, 100 Mbps Speeds
· [13] Clearwire To Get Another $1.5 Billion
· [9] 15 States Have Now Gotten Broadband Mapping Money
· [5] AT&T Launching New 7.2 Mbps 3G Modem
· [2] Monday Morning Links
Most people now reading
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· Divorce advice... [General Questions]
· Blown out Ballasts [Home Repair & Improvement]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· My cat is reluctant to exercise. [General Questions]
· 60 Minutes piece on cyber security last night [Security]
· So I'm finishing up my back porch ... [Home Repair & Improvement]
· Know when to run! [Home Repair & Improvement]
· How in the world am I going to get into college? [General Questions]
· Framed for child porn 151; by a PC virus [Security]