| reply to guycad$
Re: eAnthology Mike:
1) The change will reflect where it will not download automatically, but the user will have an opt-in, opt-out experience.
2) The purpose of the internet connection is to check for the latest virus scanner updates, including virus definitions, software upgrades, etc. The information that is passed to our server is our GUID, version of the scanner, and last known update of virus definitions.
3) I am researching 3 now. Honestly, this was all done before my time so I am not quite certain. I was brought in to fix a lot of issues, and I have been working hard over the last few weeks. Will have an answer for you shortly.
dja:
The privacy policy was written a LONG time ago and is being changed. I do not know the particulars of why it was written the way it was honestly. Once again, before my arrival. |
|
| I'm glad to hear that. Taking advantage of Microsoft's foolishness in having that auto install setting is a really good way good way to permanently harm a company's reputation. Comet Cursor started off as a drive-by downloader and they've been lobbying for years to come off of the removal lists. Once you get onto those lists, it's nearly impossible to come off. It will always be considered scum regardless of what they change.
Some things to consider. Lose the GUID. I could see distinguishing between registered and unregistered, but why does it need a GUID? And you should probably make the update checking optional if it isn't. If nothing else, it is annoying for something to connect without a prompt.
--
»www.spywareinfo.com |
|
 guycad$In Search Of Free SpeechPremium
join:2002-05-02
Pompton Lakes, NJ | said by Mike Healan:
I'm glad to hear that.
To Quantic,
I'm glad to hear that as well. The person I'm helping has a real thing about privacy. She wants to always know what's going on on her computer and that no information is being collected that she does not know about 'up front'.
In fact, she's just about ready to set up a dual boot system. Downgrade her XP to either W98SE or Win2K and a Linux partition. Linux would be for all internet and email acces. Windoze for playing games.
If you want customers like her, you need to make some serious changes. What you've talked about so far is all to the good.
The fact that Microsoft insists on doing boneheaded and idiotic things like the 'auto install' crap and their continuing 'evolution' of OLE (now known as ActiveX) doesn't mean you have to doggedly follow where they lead. 
To Mike,
Thank you for your site and excellent followup.  When you feel eAnthology has cleaned up their act, please let me know. I would be willing to spend some time to 'test drive' the new and improved install process.
--
My Pictures.People who describe M$ software as 'mediocre' don't know the half of it.WinDoze Free 2003 |
|
| reply to Mike Healan
Hello all,
I am an official representative of eAcceleration. The concerns posted on this board will all be addressed. Let me begin by saying there are 12 separate concerns and I’m not sure if I can answer to all of them in one post, so there will likely be several posts summarizing the concern and our response. So let’s begin with what we consider the most important issues that need clarification. I have annotated.
1. Assuming someone has either changed their security settings to the "low" setting or has your download page(s) domain(s) in their trusted zone for some reason, is the software going to install without a prompt asking permission to install it?
Answer: There are two separate issues here. If the security settings are put on “low” the user has essentially told their browser to say "yes" automatically to any security dialog box. That is why there are people who don’t understand why they are getting a download. We have discussed this in great detail. The user has double opted in to set their browser settings to “not prompt”. We could however, put up a confirmation dialog that say’s something to the effect “Do you want to install Stop-Sign” (Yes/No) anyway. Would this be acceptable? If the user has specified us as a trusted zone, the download will occur if they click the “Scan Now” button. I don’t think we could change this, even if the security settings were higher. If you have suggestions here, please let me know. If a customer of ours has purposefully told their software that anything from us is to be trusted, then that is a trust issue between our customer and us. I’m not sure why it is even being challenged.
2. What is the purpose of the Internet connection that is made after the software is installed. What information is passed to your company?
Answer: There are two states in question here. For a person using the trial version, the only information passed is the GUID and an install ping that determines which vendor supplied us with the install. If the user signs up for our newsletter their email address is passed. The scanner will make a connection with our server before every scan to check for the account type and to see if version or virus definition updates are available. For a paid user, their GUID is associated with the email address they used to create their account and the other information they provided in association with creating their account. The scanner will check for account verification and then check for virus updates or version updates. The user account information is private and secure. It is not now nor will ever be shared with any other party except the third party payment processors. The privacy policy that we are drafting for approval by this forum will include specific text to insure that our customers’ personal information will never be given to any third party not specifically involved in the process of them paying for their accounts.
3. In the versions bundled with other software, are the installers configured to allow for opting out of your software, or is it required to install your software for the installation of the original program to proceed?
Answer: All of our distribution agreements for bundling with third parties include an opt-out or opt-in dialog in which the user can choose not to install our products. We are not aware of any Third party distributors who are offering our products in such a way that the user has no way to say “no”. If you know of any exceptions to this, please let us know and we will make sure that they either make the necessary changes or we will no longer distribute with them.
4. I could see distinguishing between registered and unregistered, but why does it need a GUID?
Answer: We need the GUID for several reasons. We can protect ourselves from rampant piracy of our software. The uninstall and install pings that are sent to our servers for trial users, use a GUID to provide us not with personal information, but with insight into whether or not people are enjoying using the product. We must pay our distributors. This is done by unique GUID. Without this information a vendor could easily design a bot to download and install our products over and over.
5. Why do our products attempt to make internet connection?
Answer: Account status verification, virus updates, version updates, to download email for email sensor, and install or uninstall of the product.
6. Why don’t you cure during the trial period?
Answer: For the same reason this site has a basic version and a premium version. We are a business that provides a service and we expect to be paid for our labors. The prevailing attitude during the late 90’s was “give everything away for free”. This bankrupted companies by the hundreds and created the adware type business models that you still see attempting to make a legitimate business out of a non-sustainable business model. We offer a fair value for our subscription package and we help thousands of people a month remove viruses and other malicious code from their computers. What we “do” functionally, to get paid, are all good things.
7. Why does the scan now button download Stop-Sign?
Answer: Even a so called “online scan” as touted by other companies still has to download code onto the users machine in order to scan. The only difference is that they have to download that code every time they “online scan”. For us to scan, we also have to download code onto the users machine in order to perform the task they have requested. The difference is that our process allows them to then scan as frequently as they like without having to download again. What is the users intent when they ask for a scan? They want a scan performed. What needs to happen for any company to then perform this task? They have to download code to the users machine and then scan it. There is nothing unethical going on here.
8. How do you uninstall eAnthology? Why was it difficult before?
Answer: We have recently released a new version specifically to address the uninstall issues that had developed. The old uninstall format was design to allow the user who is trying eAnthology to uninstall a single feature without having to uninstall programs of the eAnthology that they were enjoying. We also didn’t want to have multiple entries in add/remove programs for each feature they decided to try. We started to have this problem occur as we started adding new programs for our user to try. Unfortunately this format came across as confusing and created a ton of technical support. We immediately began a redesign and the current uninstall format works the way we had originally meant for it to work. Our goal is to let people try our products easily, and easily let them uninstall them. That way in the future if we do make a release of a product they might enjoy, they will not be afraid to install.
9. Why does email sensor insert itself into the user email flow?
Answer: The email sensor allows the user to delete and filter email before the email is downloaded, so that they needn’t download unnecessary email. This prevents inbox bloat and gives the user the option to delete duplicates and oversized email before they start having email get bounced. Virus detection is also performed to keep email that is infected from ever having a chance to activate. We also plan to add a spam blocking feature. It is in development now. This feature will also filter through the incoming email using the user’s preferences to automatically delete spam before it is even downloaded.
10. What is the difference between the first download page and the second download page and why do I get both?
Answer: Browsers vary. About 20% of people either have their browsers set not to run ActiveX components or they have a browser that will not accept this format. The second page is an offering of a direct download, so that they can download if they want to.
11. Why didn’t the trial scanner pick up the Benjamin virus found by Nod32?
Answer: The trial version only does a light scan the first time it scans. On the second scan it will perform a deep scan by default unless the user has configured the settings to only perform light scans. Users do not like waiting for deep scans the first time through. The second scan by default operates in background mode which is designed only to function if the user is not using their mouse or keyboard for a minimum of 10 minutes. This makes scanning and getting virus updates as painless an unobtrusive as we can make it for the user. Our scanner will pick up the Benjamin virus on a deep scan and a paid version automatically cures it.
12. Why does the trial version show pop-ups?
Answer: The Pop-ups you are referring to are the “Buy Now” type pages that a trial user will see at the end of every scan. We need people to subscribe in order to stay in business. That’s why we ask them to subscribe. Notice: The pop-ups you are referring to never belong to a third party. We are not trying to derive advertising dollars through affiliate payouts here, we are simply asking the user to explore what we have to offer and please subscribe. These pages do not exist in the paid version.
Summary-
There are many concerns that you have all contributed to this forum. Unfortunately none of the people on this forum have spoken to the effectiveness of our product. It is very good. I have a spread sheet prepared by a third party in Russia that we have contracted to compare how our product works in comparison to many of the top AV products. Please write to me if you would like to see it and I will send you the file. There are changes being made already based on the comments and suggestions of the contributors to this forum. Those changes include a complete re-write of our user agreement and privacy policy to reflect our responsibility to protect any information our customers have trusted us to hold; changes to the download format for those with browser settings on “low”; complete disclosure of why our products connect to our servers and what the information is shared during this process. I also would like to offer those who have contributed in this forum a month of full functionality if you would like to objectively review the software and service that is included.
You may contact me at:
Aaron Crisp
colonel@eacceleration.com
1-360-598-3684 |
|
 Zhen-XjellProlific BunnyPremium,VIP,ExMod 2001-04
join:2000-10-08
Bordentown, NJ | said by Colonel35:
Hello all,
I am an official representative of eAcceleration. The concerns posted on this board will all be addressed. Let me begin by saying there are 12 separate concerns and I’m not sure if I can answer to all of them in one post, so there will likely be several posts summarizing the concern and our response.
Welcome to Broadband Reports. In approving your post I'd just like to comment that your replies be kept to the same thread concerning this issue. But it appears you may already know that from reading your answers.
--
Computer Cops | ZXList |
|
| reply to Colonel35
said by Colonel35:
Hello all,
1. Assuming someone has either changed their security settings to the "low" setting or has your download page(s) domain(s) in their trusted zone for some reason, is the software going to install without a prompt asking permission to install it?
No - Security setting on Medium. And it was NOT on your site, it was an ad on a trusted site. I, nor my friend, never clicked to scan anything. See this post for exactly what happened:
»Virus/Trojan Help Needed
If your product is good and effective and safe, you should seriously look at the underhanded "hijacking" of innocent internet browsers who wish to only close your annoying ad, because it has an X BOX to do so....but that is NOT what it does. You downloaded software onto my system that immediately wanted to access the internet without my permission and my firewall stopped it. The two files were EACDownload folder: cnry.exe and defscan.something.
--
It takes a disaster to make a woman out of a female |
|
| reply to Colonel35
said by Colonel35:
1. Assuming someone has either changed their security settings to the "low" setting or has your download page(s) domain(s) in their trusted zone for some reason, is the software going to install without a prompt asking permission to install it?
Answer: There are two separate issues here. If the security settings are put on “low” the user has essentially told their browser to say "yes" automatically to any security dialog box. That is why there are people who don’t understand why they are getting a download. We have discussed this in great detail. The user has double opted in to set their browser settings to “not prompt”. We could however, put up a confirmation dialog that say’s something to the effect “Do you want to install Stop-Sign” (Yes/No) anyway. Would this be acceptable? If the user has specified us as a trusted zone, the download will occur if they click the “Scan Now” button. I don’t think we could change this, even if the security settings were higher. If you have suggestions here, please let me know. If a customer of ours has purposefully told their software that anything from us is to be trusted, then that is a trust issue between our customer and us. I’m not sure why it is even being challenged.
People often to forget to lock the front door of their homes. People leave their keys in their car when they go into the mall to go shopping. People turn on file sharing and don't run firewalls. People fiddle with their computer settings without understanding what they are doing and they put web sites in their trusted zones, sometimes without realizing the implications.
I trust you would understand why the act of walking into one of those front doors or taking one of those cars for a spin would be challenged. It's called exploiting foolishness, and it's what nearly every single virus and trojan does to infect its victim. Is this the sort of activity you wish to willingly associate yourself with?
Microsoft dropped the ball in allowing that setting to exist. As people became more savvy about spyware being bundled into certain software, another means of getting it onto a person's computer had to be found, and in the last several months it has been through exploiting that activex setting. Software found to be installing in this manner without built-in controls to prevent it happening without user action gets itself included on the removal lists of the various adware removal programs.
I suggest you send an email to Jamie Rosen at Comet Cursor and ask how their lobbying to be removed as a target of spyware removal is going if you doubt what will happen if your software ends up on such a list. If either Spybot or Ad-aware start to target it, the other will also include it as a target because they are very competitive. Once both of those have you on their target list, the lesser-known companies will follow suit and no amount of aggressive marketing will make up for the loss of revenue that this will result in.
Bear this in mind when your software is updated. As you yourself state, people are confused about where they have gotten the software. If they didn't get a prompt or a notice that something was going to be installed, they will interpret that as a hijack, and then they will start contacting Lavasoft and others like it asking them to add a new target.
It's not up to us here on this forum. When a certain number of angry users start asking for it to be targeted, that's what is going to happen because those programs' popularity depends on satisfied users. And nothing makes a person angrier than a program that installs without asking first.
--
»www.spywareinfo.com |
|
| Adaware targets it already. Great post, Mike. this one hits people with their security settings on Medium, not just Low.
I would REALLY like to see this company change it's ways and make it with the real world...am hoping this discussion will bring about postive results.
Am I being the optimist too much again? I hope not.
--
It takes a disaster to make a woman out of a female |
|
|
|
guycad$In Search Of Free SpeechPremium
join:2002-05-02
Pompton Lakes, NJ | reply to Colonel35
said by Colonel35:
Hello all,
I am an official representative of eAcceleration.
...
There are many concerns that you have all contributed to this forum. Unfortunately none of the people on this forum have spoken to the effectiveness of our product. It is very good. I have a spread sheet prepared by a third party in Russia that we have contracted to compare how our product works in comparison to many of the top AV products. Please write to me if you would like to see it and I will send you the file. There are changes being made already based on the comments and suggestions of the contributors to this forum. Those changes include a complete re-write of our user agreement and privacy policy to reflect our responsibility to protect any information our customers have trusted us to hold; changes to the download format for those with browser settings on “low”; complete disclosure of why our products connect to our servers and what the information is shared during this process. I also would like to offer those who have contributed in this forum a month of full functionality if you would like to objectively review the software and service that is included.
You may contact me at:
Aaron Crisp
colonel@eacceleration.com
1-360-598-3684
This is an excellent reply. Naturally, given that the readership here is already very security conscious (read: highly skeptical at all times) we are and will continue to be following this closely.
While you have done a good job of picking out our various concerns, I'd like to suggest an ordering of importance which I hope will be helpful. Naturally, this represents my own opinion and perspective. All the usual YMMV et al apply.
I tend to group our concerns into three areas. In order, these are 'privacy', 'computer integrity' and 'product functionality'.
Perceived, actual, looks like, or questionable privacy practices are 'verboten'. This is number one. This includes things like one sided 'terms of service'. 'Opt out' requirements (ie: you're automatically in unless you opt out - we much prefer informed opt in). Sharing of customer information with 'business partners'. So on and so forth.
Computer integrity. Any uninformed or obfuscated changes to a (potential) customer's computer are also 'verboten'. However, given that this kind of thing can be 'fixed' at the user's end, it's not as bad over all as the privacy issue. Note that it is still forbidden, but I can allow a little more time for the fixes required to repair the situation. As a side note: among informed users, Microsoft's activeX silent install option is considered to be Yet Another M$ Security Blunder. And that's when we're being polite about it.
Functionality of product. As I stated early on and as was brought up by others, releasing a trail version of an AV which is crippled in it's ability to detect viruses rather than crippled in a different manner is definitely not the best marketing decision. Bluntly, (and I don't really like to used the term because I prefer to be a little more politically correct) it's stupid. Trial versions can be crippled in a number of ways which still show the power of the product. Like: 1) detect virus but not clean it, 2) detect virus and clean it but limit to 30 - 60 - 90 days, 3) detect virus and clean it and display obnoxious splash screen each time that happens (warning: be absolutely certain there are no false positives or you'll be hung out to dry), and more.
As far as discussing the virtues / flaws of one AV over another, I assure you that we do a lot of that here.
Right now, the ball's in your court so to speak. Tell us when you've implemented the fixes and we'll check them out. Whatever you've done right, we'll tell you. Whatever you've done wrong, we'll tell you that as well (and maybe castigate you a little bit in the process )
After the fixes are in place, then we'll move on to whether the product is worthwhile.
You should realize that many of us here are active in helping out people (friends, relatives and strangers) whom are much less computer literate. To them, their computer literally is an appliance. As a result, most of us believe strongly that drive by downloading is a serious offense. Regardless of the utility and functionality of the program.
While all of us here have very strong opinions, there is generally respect for other people's opinions. Plus, Wild Cat Boy clamps down pretty harshly on flames, which is all to the good.
So we may give you a very hard time, but, we will give you a listen and the opportunity to do right.
--
My Pictures.People who describe M$ software as 'mediocre' don't know the half of it.WinDoze Free 2003 |
|
guycad$In Search Of Free SpeechPremium
join:2002-05-02
Pompton Lakes, NJ | reply to Mike Healan
Geez Mike! I guess I have to type faster! |
|
guycad$In Search Of Free SpeechPremium
join:2002-05-02
Pompton Lakes, NJ | reply to CalamityJane
said by CalamityJane:
Am I being the optimist too much again? I hope not.
I much prefer to be an optimist.  |
|
| Hello GuyCad,
Thanks for your summary of areas of concern and we do appreciate that you have given us the opportunity to make changes before weighing in your final judgement. I've just spent the last few days working with all of the departments concerned in order to begin the process of making the changes that are required. Your optimism is not in vein. I will post each of the changes as they come. Most of these changes should be live by the end of next week.
Colonel35 |
|
| reply to Mike Healan
Hello Mike,
We are fixing the enabled ActiveX issue by adding in prompts despite the improper settings. I have worked the last couple days closely with our developers and they have this code ready to go to our testing/integration department by Monday. It won't long before this change will be live.
Aaron |
|
guycad$In Search Of Free SpeechPremium
join:2002-05-02
Pompton Lakes, NJ | reply to Colonel35
said by Colonel35:
Hello GuyCad,
Thanks for your summary of areas of concern and we do appreciate that you have given us the opportunity to make changes before weighing in your final judgement.
Colonel35
You're welcome.
--
My Pictures.People who describe M$ software as 'mediocre' don't know the half of it.WinDoze Free 2003 |
|
 djaThe 'd' is silent ... unlike the member.Premium
join:2002-03-25
Niagara | reply to Colonel35
said by Colonel35:
We are fixing the ActiveX issue by
adding prompts despite the improper settings.
I don't want to dampen the conciliation process,
but our forum members are the least likely to have
improper settings, and you're implying that
system misconfiguration is responsible.
My download began, when I clicked the
close "X" of a popup.
If there is misconfiguration here
it on your end sir, as a close "X" means
'CLOSE' not, 'please begin my download'.
References to misconfiguration,
on the part of our members is
condescending and untrue.
I wish you well in your endeavor.
And in the interest of Security
offer you a link to a site which will
provide you with a means by which to
test the configurations of your own device.
»www.gfi.com/emailsecuritytest/
Please keep in mind that I passed all exploit attempts
yet my misconfiguration was responsible for
the forced download of your product.
--
the "d" is silent ... unlike the member |
|
 HutchMy Throne is the DunnyPremium
join:2000-10-14
Out House | said by dja:
I don't want to dampen the conciliation process,
but our forum members are the least likely to have
improper settings, and you're implying that
system misconfiguration is responsible.
My download began, when I clicked the
close "X" of a popup.
If there is misconfiguration here
it on your end sir, as a close "X" means
'CLOSE' not, 'please begin my download'.
References to misconfiguration,
on the part of our members is
condescending and untrue.
I wish you well in your endeavor.
And in the interest of Security
offer you a link to a site which will
provide you with a means by which to
test the configurations of your own device.
»www.gfi.com/emailsecuritytest/
Please keep in mind that I passed all exploit attempts
yet my misconfiguration was responsible for
the forced download of your product.
I second that statement dja.
--
Regards JD |
|
 sigPremium
join:2001-05-05 | reply to Colonel35
quote:
...Unfortunately none of the people on this forum have spoken to the effectiveness of our product. It is very good. I have a spread sheet prepared by a third party in Russia that we have contracted to compare how our product works in comparison to many of the top AV products. Please write to me if you would like to see it and I will send you the file.
Perhaps someone here may be interested in providing truly independent testing of StopSign (there are forum members with some reputation in the PC security field and websites on which to post their results). But I suspect many of us frankly would not want a security product on our HD's from a company currently engaged in such product delivery and marketing practices. It's about trust. "The medium is the message" and all that.
Additionally, you should already know that any testing results from a contractor hired by a vendor are inevitably regarded as suspect. It's been a matter of frequent discussion here recently how AV testing can be skewed to favor one product over another. That's precisely why AV vendors submit their products to independent testing entities such as the Virus Bulletin, whose logo still appears on your site. |
|
| reply to guycad$
Hello All,
This is an official update from eAcceleration Corp.
Here are the changes that we have made so far based on the original statement that we made.
1. The "Privacy Policy" has been updated. You can find it here to review: »www.eacceleration.com/privacy/
2. The VB logo was removed. We do use Dialog Science scanner engine and we do have permission from them to advertise this fact. For the record, our site never claimed that Stop-Sign had won the VB 100% award in any way, but due to possible misinterpretation we have made this adjustment to the site. We provided the link in order to allow people to research the effectiveness of the Dialog Science scanner engine we use.
3. We have added a component that will prompt a dialog even if a user has set their security settings to "enable" signed ActiveX or have their browser security settings on "Low".
4. I have asked the development team to use a clean sweep type program in order to verify that the uninstallers they build are getting everything. The information provided here helped in tracking down these files and new uninstallers are being built. For the record, the files that we had not properly uninstalled were not spyware as some here have asserted. They were however detritus and thanks to those who noted them here, we are taking care to make cleaner uninstallers that won't leave estranged files behind. |
|
guycad$In Search Of Free SpeechPremium
join:2002-05-02
Pompton Lakes, NJ | Hello Arron,
These are all excellent responses. I'll make double sure that Mike sees them as well.
I'm very impressed with your repsonsiveness as I'm sure others will be.
Be sure to post back as I'm sure there will be other responses as well.
Best regards,
Guy
--
My Pictures.People who describe M$ software as 'mediocre' don't know the half of it.WinDoze Free 2003 |
|
sigPremium
join:2001-05-05 | reply to Colonel35
quote:
The VB logo was removed. We do use Dialog Science scanner engine and we do have permission from them to advertise this fact. For the record, our site never claimed that Stop-Sign had won the VB 100% award in any way, but due to possible misinterpretation we have made this adjustment to the site. We provided the link in order to allow people to research the effectiveness of the Dialog Science scanner engine we use.
While you may use the Dialog Science scanner and have their permission to advertise that fact, that doesn't equate to having the VB's permission to use their logo to promote your product. It is a difference with a distinction. Good move to remove the logo.
And again, use of the DS scanning engine doesn't in itself make the two products equivalent. Who provides the virus sig updates? A company can use a scanning engine from another product but develop and provide its own updates. Thus the performance of the two products may not be equivalent, depending upon the timeliness and effectiveness of the updates and perhaps other elements of product design as well.
As for the popups which before evidently could trigger unexpected downloads...it seems rather unlikely that a casual visitor to your site (or one captured by a banner on another site) would have previously designated eAnthology as a "trusted domain." Unless there is some other mechanism by which this could happen. What domain would that be? eAnthology or some other domain?
A current subscriber might have made it a trusted domain, but then one wonders why would a current subscriber who already has the product interact with this dialogue at all which could automatically initiate another download? This dialog is not how a current eAnthology subscriber would get program updates, is it? |
|
