Anti-Spyware Vendor Partners with Spyware Company? 274
Tuxedo Jack writes "eWeek reports that the anti-spyware vendor Aluria Software has partnered with WhenU of 'WhenUSave' and 'SaveNow' infamy. They've removed WhenU from their spyware/malware definition lists, certified their applications as safe, and they deny that money was involved. As a result, SpywareInfo and many other anti-spyware sites are delisting Aluria's 'Spyware Eliminator' from their lists of preferred software. Is this a dangerous trend for anti-spyware? Or are we just witnessing a natural evolution? I sure hope it's neither - I like my Windows boxes junkware-free, thanks (oxymoron noted)."
Dangerous Trend (Score:4, Insightful)
like anti virus companies (Score:5, Insightful)
not a new trend. (Score:5, Insightful)
Solution: stick to vendors that can be trusted. Use Spybot [safer-networking.org] and Ad-Aware [lavasoftusa.com].
Oxymoron noted? Puh-leaze (Score:1, Insightful)
I have never had spyware, viruses, MSBlast, Sobig or any other form of Bad Things.
How?
NOT BEING A DICKHEAD.
Keeping Windows spyware free is not impossible and Windows is only really a spyware magnet because of two distinct things: a) user idiocy and b) Internet Explorer, or maybe an insane combination of the two. Stop MS-bashing (OMGWTFLOLBBQ M$ ARE TEH GHEY WITH TEH BONZAY BUDDAY) and realise that for some people, Windows really is quite good. I just want to use my computer, rather than pissing around with KDE and X and kernels and other wank (this from an ex-Gentoo user).
Profitability (Score:5, Insightful)
I think in long run, anti-badthings services are going to be influenced by the bottom line. Spyware/spammers can make enough to feed themselves and pay for these services to 'certify' them.
As end-users, we need to be educated to prevent these installations in the first place.
How stupid are they, anyway? (Score:2, Insightful)
Re:like anti virus companies (Score:5, Insightful)
It's just not economical. There are plenty of virus writers already out there, because it's just too easy and there are so many computers, it happens. If an antivirus company was discovered to have done this even ONCE, then their entire business would be destroyed instantly.
Are you getting enough oxygen?
Re:Dangerous Trend (Score:3, Insightful)
Re:Oxymoron noted? Puh-leaze (Score:5, Insightful)
fake anti-adaware (Score:5, Insightful)
Since I started using adaware tools, I learned I could rely only on Spybot and Ad-Aware. Obviously, many others noticed their reliability too - just try googling for either of two, and see how many pages you can find with fake installers - some sites even distribute AdAware installations with modified malware definitions and crippled update, so your AdAware might even refuse to detect malware on your PC.
To me, it all smells so familiar... Just as M$ loves to force, bribe, coax or cajole software producers into specialising their products for Windows compatibility, so do too the malware distributers seek their fifth collumn... Similarities are far from passing.
Re:Oxymoron noted? Puh-leaze (Score:2, Insightful)
P.S. Just like the spyware companies make money off of dumb people, so do I. A very good living can be made backing up peoples files, removing spyware and viruses, installing programs as such. Businesses especially like good running computers.
I attempt to inform, if others dont want to listen, I get a good hourly rate.
As free software goes mainstream... (Score:4, Insightful)
As in: "Free, huh? Well, last time I agreed to install free software I had to spend $500 to have my PC cleaned up! No thanks!"
Re:WhenUGetSued... (Score:5, Insightful)
Take a look at these screen shots of the Bearshare install that includes WhenU [benedelman.org] and tell me it is reasonable to expect a user to press page-down 45 times to read the license.
Users are not aware they are running WhenU because the company works hard to keep them ignorant.
Oxymoron... (Score:2, Insightful)
My Windows XP box is junkware free, adware free, and spyware free. It's only an oxymoron for the morons who don't keep their systems safe with firewalls, up-to-date anti-virus definitions, and enough common sense to not click "OK" on every IE prompt that asks you to install something.
Re:like anti virus companies (Score:2, Insightful)
WhenU is certainly malware (Score:5, Insightful)
I consider any program that sits in the background and pops up ads while the bundled application is not running to be unwanted malware.
Re:Is mozilla spyware? (Score:2, Insightful)
--
The browser ID string by default isn't a huge deal because it doesn't tie info to a person. All it lets someone know is info about the software requesting resources from your site. You can go all 'tinfoil' if you want and mask it, but sometimes it has legitimate uses. It also gets abused by clueless 'webmasters' who lock out anything but IE (even though other browsers work)
The real world equivalent would be Wal*Mart counting how many people came into the store wearing hats. Not really a big deal.
The only way this is anything to worry about is with the addition of other spyware. There wouldn't be anything stopping a piece of spyware from altering the browser id string to contain a unique ID so that even if the user rejects cookies it could keep track of the user.
What? (Score:5, Insightful)
WhenU President and co-founder Avi Naider said the industry is falling on previous prejudices and lumping legitimate adware in with malicious spyware, failing to see the changes WhenU has made. (my bold)
How about NO ADWARE? The reason I got a spy/mal/adware remover was to be free from ALL adware. I don't want anybody pushing products on me when I'm on-line.
It seems Aluria has forgotten why they built an adware application in the first place.
Nothing to see here, folks. (Score:3, Insightful)
Happens all the time.
Fuckin common sense people; run multiple scanners. (Score:3, Insightful)
Every time I find a scanner, I say "hey, it's free" download it, update it weekly, set the batch file to run the apps. It's a common security tactic called LAYERING. You've got 3 levels to network secuirty; instrustion prevention, instrusion detection, and intrusion elimination. Preventing intrustions is as simple as using firefox and some common sense, detecting and eliminating them are as simple as layering spyware scanners. I routinely find that one scanner catches what the other doesn't, and one regular deletion of a cookie catch catches what a number won't.
Take, for example, what I consider a good firewall setup; don't run 1 firewall, run 2 or 3. Preferably on different machines so an exploit on one firewall doesn't lead to the machine getting r00ted and your extra firewalls being useless.
As for what this is, this is bullshit. Frankly, EULA's hold up in court, but they're BS; you can copyright a program just like you can copyright a song (songs have octaves and time, computer's have on/off and time), but you CANNOT tell me that using it on a computer is copying, just like you cannot tell me playing a roll of sheet music on a player piano is copying, even if that piano happens to buffer the music entirely before playing it.
Frankly, I look at it this way. Most programs say you may not distribute the application. Now, wait a minute, I'm distributing it on my computer, from chip to chip, in it's entirety (take a good night of gaming) so technically, there's an arguement there that the software vendor is falsely advertising their software and inciting their customers into commiting copyright infringement. Either way, they lose. The problem here is EULA's, and they're being abused like no tommaow by these big corps to make a buck. I believe in letting them have their copyright (although, with today's copyright system being so fucked as it is, I only do so at my own discretion, but my discretion will take a long, long time to explain, so I won't go into it here).
As for a solution to this, well, there's a couple of ways to solve the problem. Frankly, my favoire would be r00ting them and cleverly disassembling the infrastructure of their company piece by piece. However, considering this is probably some grubby CS student clicking at the looking glass, I'd think it would be far more entertaining to send some convincing people over to his general neck of the concrete jungle to convince him that mabye this isn't the thing he should be doing for a living.
Barring that, I think it would be even funnier if we got some of the slashdot crowd to, say, go over to a website that pilfers this kind of wares, install the app, then file a class action lawsuit asking for $500 is removal costs per infected machine. If we succeed, we can make a tidy profit AND knock out spyware vendors.
Re:Lavasoft too (Score:5, Insightful)
To be useful, a list such as this becomes public. If it allows for anonymous entries, it will quickly be poisoned by spyware authors putting in legitimate entries such as word.exe, outlook.exe, etc. If it's poisoned and damages legitimate users' computers, it will prompt a quick outcry and a quicker death.
But if it's privately maintained (as in having secret moderators blessed with crypto keys that have to sign entries) other things have to be considered. First, moderators who become publicly known will find themselves subject to lawsuits and legal harrasment (see the spywareinfo.com site for an example of someone who has bee harrassed non-stop.) So secrecy becomes paramount. The other is that the software can't become too cumbersome to use for the average Jane and Jack Doe. Trust me, Aunt Margaret doesn't want you to explain how to verify and add trusted public keys to her keyring -- she only wants "the popup thingies to stop".
Yes, it would be possible using newsgroups to distribute signed updates anonymously. And it would be possible to keep the keyholders secret, and to allow for keyring updates to add and delete moderators. But someone has to take the risk of hosting and distributing the software, and that public entity is going to be the target of every spyware author's DDoS attacks simultaneously. Legitimate hosting services won't want to touch it. Would you voluntarily sign a contract that virtually guarantees you'll be the victim of a 30,000 machine zombie attack?
It's also going to take some seriously experienced crypto + Win32 coders to write a perfectly secure client first time around. And once it's written, the next issue is the "who updates it?" battle. The original author will wisely keep the master key private, but he or she may not want to put out the hundreds of monthly updates required. (Ask Patrick Kolla, the author of Spybot S&D, how much time he has to put into researching spyware, checking for signatures, and providing removal code and instructions.) It's a full-time task that will probably take a group of analysts and coders. (An anonymous submission process won't work, because the spammers are certain to poison that well, too.) Finally, how do you vette all these coders and analysts to make sure you don't accidentally let in the next Spamford Wallace?
Sorry to be so negative, but it's a huge undertaking with lots of risk and almost no chance of payback. Only a big established company with lots of backing could afford something like this. There's your answer! Get IBM to sponsor it, they're always looking for goodwill projects, and anything to twist the knife in Microsoft makes them happy. That, plus they have more lawyers than Manhattan has taxicabs.
Re:like anti virus companies (Score:2, Insightful)
Hmm. Enron, HealthSouth, Arthur Andersen, and Adelphia Communications were all instances of firms "cooking their books", which is merely the fraudulent misrepresentation of financial statements. That's a far cry from going out and infecting thousands of computers with a virus whose damage could reap billions of dollars in punative damages from a court ruling.
Global Crossing was simply a vendetta case of an employee gone wrong.
It's MUCH more unlikely that an anti-virus corporation would conspire to create new viruses. That's just like saying that firewall manufacturers go out and hack computers, or security firms go out and steal credit cards.
That you can't imagine a successful antivirus company risking legal ramifications to ramp up business says less about corporate wisdom and more about your defective imagination.
Oh, believe you me, I have imagination. And I'll use it to build you a foil hat to protect you from the mind-control rays.
Surprised? (Score:3, Insightful)
Wake up. There is orders of magnitude more money on the advertising and blackmarket side.