Forgot your password?
typodupeerror
Privacy The Almighty Buck Security Software

Anti-Spyware Vendor Partners with Spyware Company? 274

Posted by michael
from the safe-spyware-bwah-hah-hah dept.
Tuxedo Jack writes "eWeek reports that the anti-spyware vendor Aluria Software has partnered with WhenU of 'WhenUSave' and 'SaveNow' infamy. They've removed WhenU from their spyware/malware definition lists, certified their applications as safe, and they deny that money was involved. As a result, SpywareInfo and many other anti-spyware sites are delisting Aluria's 'Spyware Eliminator' from their lists of preferred software. Is this a dangerous trend for anti-spyware? Or are we just witnessing a natural evolution? I sure hope it's neither - I like my Windows boxes junkware-free, thanks (oxymoron noted)."
This discussion has been archived. No new comments can be posted.

Anti-Spyware Vendor Partners with Spyware Company?

Comments Filter:
  • Dangerous Trend (Score:4, Insightful)

    by pholower (739868) * <longwoodtrail@@@yahoo...com> on Tuesday November 02, 2004 @04:58PM (#10703911) Homepage Journal
    This is a dangerous trend. Given the majority of these ad/spyware companies don't care what their products do to the "users" computer, they can leave security holes unnoticed and allow exploits without the user even knowing there is a flaw in their computer. Windows updates can only do so much, and with companies releasing software that intends to help the user, but instead can hurt them. All the while the user is unaware. This makes me sick. Let's support the companies that work off of donations and have open source programs. This is the only way to prevent this from spreading to all of the favorite anit-ad/spyware programs.
    • by nathan s (719490) on Tuesday November 02, 2004 @05:10PM (#10704094) Homepage
      ..but to be fair, Aluria says that they're concerned with "malicious spyware." If you RTFA, they indicate that they felt that the disclosure practices and what-not are all above-ground.

      Not that this helps people installing without scanning the EULA and getting nasty little "gifts," but it's hardly malicious if you agree to it.

      *Disclaimer* I have no idea what exactly WhenU does, never had it on my system. If it IS malicious, then immediately discount this post. Regardless, I'll be busy vomiting from my over-exposure to advertising in general.
    • Re:Dangerous Trend (Score:3, Insightful)

      by mpaon (787734)
      Can it really be called a trend, with only one company? Seems a bit early to be plugging oss as the ONLY alternative. I doubt many people will be using 'Spyware Eliminator' much in the future, once more people find out about this.
    • The management over at Aluria has become more and more unresponsive in the last couple of months. After this latest news, I've finally had to remove them completely from my brief list of anti-spyware software [booksunderreview.com].

      Does anyone have a good free spyware removal tool I can add to my list? Most of the current "free" ones do ok at detection (although many aren't any better than the free tool on the page above), but refuse to remove anything because they want you to buy the removal version instead.

      In any case, Aluria
      • Re:Dangerous Trend (Score:2, Informative)

        by Anonymous Coward
        AdAware

        Spybot S&D

        I've never been shown any reason not to have faith in these software packages. If someone knows better, let me know.
        • Re:Dangerous Trend (Score:5, Informative)

          by erick99 (743982) <homerun@gmail.com> on Tuesday November 02, 2004 @05:54PM (#10704638)
          I use Adaware SE and SpyBot which I run manually once a week, each. I have Webroot's Spy Sweepter which stays in memory and provides a good level of "live" detection. Between the three programs it has been a long time since I've had a adware/spyware program on my desktop. However, it has only been through the use of all three that I have gotten to this point. I haven't found a program that will accomplish this by itself, either free or for fee. PC Magazine ran a comparison of spyware removal programs recently and came to about the same conclusion. They did rate AdAware SE as the best program, though.
      • Give Giant [giantcompany.com] AntiSpyware [giantcompany.com] a try. I am most impressed with their research center [giantcompany.com].

    • Re:Dangerous Trend (Score:3, Interesting)

      by gcaseye6677 (694805)
      I wouldn't call this a dangerous trend. I'd say it highlights the age old issue of buyer beware (or downloader beware). If you download an anti-spyware application, it is critical that you understand what it looks for and what kind of reputation it has. Even a nontechnical user can do a Google search for a product name. As soon as free spyware removers started showing up on the internet, I knew it was only a matter of time before a spyware vendor either packaged spyware as anti-spyware or made a deal with a
    • by artemis67 (93453)
      As Slashdot is now proving, when this sort of thing comes to light, it totally destroys the brand image, and the credibility of the company goes down in flames. Sales plummet, people get laid off and the company never recovers.

      Companies work very, very hard to create a brand image. Their brand is their promise to the consumer that they are going to deliver the best product possible. It's a really stupid CEO that is willing to sell out his brand in such a blatant conflict of interest.
      • Not in monopolies (Score:5, Informative)

        by gad_zuki! (70830) on Tuesday November 02, 2004 @06:52PM (#10705270)
        If what you say is true, windows would have 1% of the marketshare by now.

        We're dealing with end users here, not experts. They just want something that works and expect their anti-virus company and anti-spyware company to deliver the goods.

        What good is branding when the company in question used to be called Gator? They simply changed their name. So long bad PR!

        Its cronyism and its killing IT. The entire spyware phenomenon can be traced to activex, which exists to tie the browser to the platform.

        That said, I've been running into a lot of OSX converts. They got sick of windows and bought a used iMac for next to nothing or 999 for an ibook with some promotion. My next machine will be an iBook too. With Mozilla and Firefox telling lazy web designers and those who make corporate policy to pay attention to standards, the shift will be even easier.
  • by Anonymous Coward on Tuesday November 02, 2004 @04:59PM (#10703919)
    reminds me of the age old question of whether anti virus companies created virii just to keep their own operations alive.

    • by Chairboy (88841) on Tuesday November 02, 2004 @05:06PM (#10704048) Homepage
      You mistyped 'age-old DUMB question'.

      It's just not economical. There are plenty of virus writers already out there, because it's just too easy and there are so many computers, it happens. If an antivirus company was discovered to have done this even ONCE, then their entire business would be destroyed instantly.

      Are you getting enough oxygen?
    • You can't create something that doesn't exist. The plural form of virus is viruses. There's no such thing as virii.
    • by null etc. (524767) on Tuesday November 02, 2004 @05:43PM (#10704506)
      This "age old" question is perhaps the stupidest conspiracy theory I've ever heard. Corporations go to great lengths to avoid lawsuits, and I can't imagine that any successful antivirus company would risk losing all of their money in a class action lawsuit by pulling such a stupid move. Why would an antivirus corporation risk writing viruses? There are plenty of socially stunted 15 year olds to do that.

      BTW the pural of "virus" is "viruses". Look it up on google.
      • by plover (150551) * on Tuesday November 02, 2004 @07:05PM (#10705407) Homepage Journal
        But you're dodging reality by handwaving it away as "stupid conspiracy theory".

        It's happened here. I'm from Minneapolis. You may know that we get snow around here in the winters. Remember, snowfall means fender-benders, and body shops hereabouts live for the winter repair season. One mild winter an employee of a local bodyshop was found guilty of driving around the city in a beat-up old wreck, sideswiping parked cars in an attempt to give his business enough work.

        Just because you "can't imagine" unethical behavior doesn't mean it won't happen. What makes you think Aluria was a "successful" company, turning a profit? When it comes time to making sure the bank has enough money to cover payroll on Friday afternoon, desperate people have been known to turn to desperate measures. Actually, we have some measure of their desperation already -- they're partnering with WhenU (which is indeed scumware no matter how you classify it.)

        I'm not saying Aluria or any antivirus company is guilty of anything criminal. I am saying that some people are more desperate than you might think, and that they may take an unethical route to drum up more business.

    • It certainly makes sense from a business standpoint.

      Indeed, why try to make a cure for the common cold when there is so much money in covering up the symptoms. Why just recently Dick Cheney said something to the effect of:

      "The problem with vaccines is that they are hard to make profitable."

      Please correct the quote (it may sound out of context) if possible.
  • by Anonymous Coward on Tuesday November 02, 2004 @04:59PM (#10703928)
    Symantec's upcoming "Sobig aint so bad" campaign promises to really ruffle feathers. I smell a payoff.
    • by Chordonblue (585047) on Tuesday November 02, 2004 @08:36PM (#10706194) Journal
      I've been going through this with Sophos (our school's anti-virus vendor) recently. The following is the beginning of an exchange between me and them. Frankly, I think that the anti-virus vendors also need to get their act together and stop all this fence sitting bullshit.

      I don't care if a user 'willingly' installs this crapware - these are the SCHOOL'S computers, not theirs. Our policy is to not allow these programs on our network - PERIOD. I feel that Sophos is not doing their job in helping me control some of this uninstallable crapware like CWS.

      Here's the exchange:

      **

      To whom it may concern...

      As the sole administrator of of our small school network I am responsible for the integrity of our machines - software and hardware. Like everyone, we are struggling with spyware and related issues. Recently, we've been finding spyware that is installing itself without permission and attaching itself to .DLL files. Some of these cannot be cleaned by the traditional methods (AdAware/Spybot). For instance one of these 'VX2' has been found on a few computers here. It cannot be deleted, or when it is, it mysteriously comes back.

      Question: What is the difference between a malicious spyware application and a trojan virus? What is Sophos planning to do about this type of vicious software? In short, when can I expect Sophos to start eliminating this sort of virus?

      Thanks,

      Chuck Hunnefield
      Technology Coordinator

      ***

      Chuck,

      Adware and spyware are usually considered one issue by many people. In reality, the adware and spyware lables applies to those applications that you've put on your machine intentionally. Many people are unaware of these things since they very rarely read EULAs and have no idea what's really being placed on their machines. Spyware, however, can sometimes cross into the malware catagory if it's functionality prevents a very obvious security vulnerability or if the application behaves in a way that is different to how the user was told it would behave. Malware is the umbrella term for applications that have made their way onto your machine without your consent and usually without your knowledge. Most trojans that we detect can easily be labled "malware" and vice versa.

      If you have samples of files that you believe fall under this malware heading, by all means submit it to supportus@sophos.com and our virus lab analysts will look at the sample, evaluate it's functions and determine how to classify the files. If it is found to be malicious, then we'll certainly add detection for it in our engine and/or release an IDE for it.

      If it is not malicious and is not something that'd be considered viral, then we will not currently have detection for it.

      So to briefly answer your final question, Sophos has always and will continue to detect malicious files that reside on your machines.

      Regards
      Michael ***
      Sophos Technical Support

      ***

      Michael,

      First of all, thank you for your quick response. I'm afraid I have to disagree with you about the labels 'adware' and 'spyware' being intentionally installed. Increasingly we are seeing these 'applications' (and I use this term loosely) getting installed through holes in I.E. or the OS. A perfect example would be this 'VX2' application. I feel fairly certain that nothing my users did invited this software onto their computer.

      I fully understand how difficult your situation is concerning applications willingly installed by users. Applications like Comet Cursor, Gator/Claria, Weatherbug, and Date Manager are WELL known to me. And it may well be that software like VX2 is also installed through these means; but regardless of how it got there, it's unwelcome there now. Should ANY software be allowed to install itself and/or not allow user removal? I think this is covered under the new anti-spyware law recently passed by the U.S. Congress. If an app like VX2 downloads other applications unbidden and worms it's way through
      • > And it may well be that software like VX2 is also installed through these means

        That's one way VX2 is getting installed, yes. Another is by bundling with IE exploits.

        For example the achtungachtung exploit (covered recently by Tom Liston in the SANS Internet Storm Center blog) compromises the machine then downloads a large number of spyware programs, including Transponder/VX2.

        This has been going on for some time. Mindset/BetterInternet (the company behind VX2) is quite happy to pay affiliates to load
  • by blowdart (31458) on Tuesday November 02, 2004 @05:00PM (#10703943) Homepage
    How is different from virus vendors stopping reporting on "corporate" keyloggers?
    • by Anonymous Coward on Tuesday November 02, 2004 @05:17PM (#10704205)
      I used to run a pretty big e-commerce site, and had a customer who'se credit card info was stolen off of one of those "corporate keyloggers".

      Apparently the keylogs weren't secure and someone inside the company stole his credit card info when he made a (work related) purchase from Amazon.com on his own credit card.

      If you're at work and not using your own laptop or a Knoppix disk, make sure you only use a corporate credit card when ordering online.

      Personally I think he should have sued his employer, but he wanted to keep his job.

  • by Anonymous Coward on Tuesday November 02, 2004 @05:00PM (#10703947)
    Gee, thanks for pointing that out, for a second there I thought Slashdot was promoting a Micro$oft product (you see, I substituted a dollar sign the "S", I'm FUNNY!)
  • WhenUGetSued... (Score:5, Interesting)

    by LostCluster (625375) * on Tuesday November 02, 2004 @05:01PM (#10703955)
    One problem that these anti-spyware programs are bound to run into is claims that a "spyware" program is a "legitimate business to consumer marketing connection enabler" by its makers. Afterall, in most cases the user has "agreed" to allow these programs to run by installing something without fully reading the terms of service.

    That may be the reason why this group caved... not that money changed hands, but the threat of a lawsuit was waived around.
    • Re:WhenUGetSued... (Score:5, Interesting)

      by lordkuri (514498) on Tuesday November 02, 2004 @05:04PM (#10704005)
      That may be the reason why this group caved... not that money changed hands, but the threat of a lawsuit was waived(sic) around.

      ah yes... free market indeed... as long as you have enough money, you can wave some papers at another company, and intimidate them into submission. We really need something to hold these companies (and their lawyers) accountable for this kind of crap.

      -lk
    • Re:WhenUGetSued... (Score:2, Interesting)

      by kfg (145172)
      They may also 'agree' to uninstall them.

      KFG
    • Re:WhenUGetSued... (Score:5, Insightful)

      by kawika (87069) on Tuesday November 02, 2004 @05:33PM (#10704393)
      Show me your proof that "in most cases the user has 'agreed' to allow these programs to run." I can certainly find proof to the contrary [pcpitstop.com].

      Take a look at these screen shots of the Bearshare install that includes WhenU [benedelman.org] and tell me it is reasonable to expect a user to press page-down 45 times to read the license.

      Users are not aware they are running WhenU because the company works hard to keep them ignorant.

    • Afterall, in most cases the user has "agreed" to allow these programs to run by installing something without fully reading the terms of service.

      With this assumption in place, fine... and now the user has decided to identify all software of that class that they "agreed" to install and decided to uninstall it (of course, you and I know there is plenty of spyware that assumes permission if you use the right kind of web browser).

      But you do bring up an interesting issue about classification. Why does co

  • Antiviruses (Score:2, Informative)

    by krunchyfrog (786414)
    We had that kind of BS with "Antivirus companies making their viruses so they'll keep on selling" kind of crap. An anti-spyware is the same as an antivirus, except it gets annoying stuff instead of dangerous stuff.
    • Re:Antiviruses (Score:3, Interesting)

      by Bagels (676159)
      It's a lot more than annoying. A six-year-old cousin of mine got redirected to a bestiality site by spyware, and his parents were afraid to go near the family computer for the next two months. When I finally found out and tried to fix it, the browser was very badly hijacked, and the computer - already old - was running ridiculously slowly because of the 20+ spyware process running in the background.
  • Lavasoft too (Score:5, Interesting)

    by hoborocks (775911) on Tuesday November 02, 2004 @05:02PM (#10703967) Homepage
    This happened with lavasoft too, right? They started some consortium on spyware and then left it when it was evident that evil practices were going on... Perhaps there needs to be a legal definition of spyware before vendors will keep constant as to their aims? The problem is with defining it is that the somewhat arbitrary nature that's necessary will backfire and be abused *cough cough DMCA cough cough*.
    • Re:Lavasoft too (Score:3, Interesting)

      by LostCluster (625375) *
      Perhaps there needs to be a legal definition of spyware

      The problem with that is that we'd end up with a law that looks like CAN-SPAM. No law can protect users from agreeing to an EULA they don't fully read... there's no way any law is going to keep WhenU from doing what they're doing since they're one of the "ethical" types that always discloses what they're doing.
    • This happened with lavasoft too, right? They started some consortium on spyware and then left it when it was evident that evil practices were going on... Perhaps there needs to be a legal definition of spyware before vendors will keep constant as to their aims? The problem is with defining it is that the somewhat arbitrary nature that's necessary will backfire and be abused *cough cough DMCA cough cough*.

      I was sitting here having similar thoughts when it came to me ... who cares about a legal definition -
      • by Anonymous Coward
        What would users do when slashdot users modded down windows and internet explorer?

        "Help, this program just removed my OS!"

  • an anti spyware that does not remove spyware? just an other company that want to go out of business

    nothing to see here ...
  • not a new trend. (Score:5, Insightful)

    by exhilaration (587191) on Tuesday November 02, 2004 @05:02PM (#10703974)
    This sounds a lot like when Microsoft allowed certain paid spammers to avoid Hotmail's spam filters [slashdot.org].

    Solution: stick to vendors that can be trusted. Use Spybot [safer-networking.org] and Ad-Aware [lavasoftusa.com].

  • by wo1verin3 (473094) on Tuesday November 02, 2004 @05:03PM (#10703986) Homepage
    (and for those that don't RTFA) .... they are the backend behind AOL's anti-spyware application which is means potentially millions of users are affected by this.
  • ... update their lists and consider Aluria's software as spyware.
    • How does Aluria's software qualify as spyware? It does not meet the specifications that are generally agreed upon between anti-spyware software manufacturers - it simply "overlooks" certain well-known spyware/adware/malware. While it should be added to your "Do Not Use" List, it does not qualify to be spyware.
  • Why would they announce this kind of thing in a public press release? I mean, its the equivalent of a fireworker announcing to his team he maried a pyro. Maybe the software DOES comply with their standard... now, maybe their standard is a little low... I don't know anything about WhenU, so I can't judge on that. WhenU website even have a link to "anti-spyware portal"... confusing.
    • WhenU [whenu.com] posted a press release [whenu.com] on their web site. That is good for them. They make themselves look better and suggest to advertisers that their ads will be seen on more computers.

      Aluria [aluriasoftware.com] didn't post any press releases [aluriasoftware.com] about this. All they have is the Spyware SAFE [aluriasoftware.com] page for WhenU, which they must have now that they've certified it. I still think they shot themselves in the foot, just by certifying WhenU, but they certainly didn't go out of their way to publicize it.

  • Profitability (Score:5, Insightful)

    by fembots (753724) on Tuesday November 02, 2004 @05:04PM (#10704015) Homepage
    Wasn't it not long ago we had this story about Yahoo Anti-Spy Favors Yahoo's Adware Partners [slashdot.org]?

    I think in long run, anti-badthings services are going to be influenced by the bottom line. Spyware/spammers can make enough to feed themselves and pay for these services to 'certify' them.

    As end-users, we need to be educated to prevent these installations in the first place.
  • by LegendOfLink (574790) on Tuesday November 02, 2004 @05:04PM (#10704017) Homepage
    Does this mean the only anti-spyware solution we can trust is or should be open source?

    I would think yes.

    Anybody else?
  • Evil people taking over organizations designed to defeat them is nothing new. It's just like what the Mafia did to the police, or what the Church of $cientology did to the Cult Awareness Network.
  • They should obviously know they'll lose a ton of business this way. My guess is that a TON of money was involved.
  • Test them all (Score:5, Interesting)

    by MoeMoe (659154) on Tuesday November 02, 2004 @05:06PM (#10704047)
    I think it might be a good idea for an online tester to get a hold of all the popular Adware/Spyware removers and test them out side-by-side to figure out who "forgot" to block a given companies ads... Atleast then we could figure out who's on our side and who's on theirs...
    • 1: Install every piece of spyware on the planet

      Does this *already* sound like a bad idea to anyone else? :)
      • Re:Test them all (Score:3, Informative)

        by ScrewMaster (602015)
        Well, the current Spybot definition file has almost 20,000 entries, so it would be tedious at best. Almost as tedious as developing the definition file in the first place.
  • Aluria... who? (Score:5, Informative)

    by g_adams27 (581237) on Tuesday November 02, 2004 @05:07PM (#10704063)


    Can't say I've ever heard of Aluria's Spyware Eliminator. I've got my triumvirate of anti-spyware tools, and I'm satisfied:

    No need to limit yourself to just one, either - run all three!

  • by RealAlaskan (576404) on Tuesday November 02, 2004 @05:09PM (#10704081) Homepage Journal
    Any business is for sale. If you want to be sure that you're getting the real deal, go to the amateurs.

    Anyone know of any Libre anti-spyware for Windows? I don't use MS products except at work, so don't have to worry about such things.

  • It's not exactly the same but this looks awfully close for what the FTC's going after Spamford Wallace for. Given that this looks like a highly dubious financial move for the company.
  • What's the big surprise? This just means that actions are taking place in public with spyware that people have suspected with virii for years.

    Just because they're wearing tin foil doesn't mean that they might not have a point.

    ~D
  • fake anti-adaware (Score:5, Insightful)

    by Andr0s (824479) <dunkelzahn@rocketmail.com> on Tuesday November 02, 2004 @05:23PM (#10704281)
    Bah.

    Since I started using adaware tools, I learned I could rely only on Spybot and Ad-Aware. Obviously, many others noticed their reliability too - just try googling for either of two, and see how many pages you can find with fake installers - some sites even distribute AdAware installations with modified malware definitions and crippled update, so your AdAware might even refuse to detect malware on your PC.

    To me, it all smells so familiar... Just as M$ loves to force, bribe, coax or cajole software producers into specialising their products for Windows compatibility, so do too the malware distributers seek their fifth collumn... Similarities are far from passing.
  • by mi (197448) <slashdot-2012@virtual-estates.net> on Tuesday November 02, 2004 @05:25PM (#10704305) Homepage
    Will its reputation be marred by association with these "free gifts"?

    As in: "Free, huh? Well, last time I agreed to install free software I had to spend $500 to have my PC cleaned up! No thanks!"

  • Spyware/*nix (Score:5, Interesting)

    by RAMMS+EIN (578166) on Tuesday November 02, 2004 @05:25PM (#10704311) Homepage Journal
    Spyware will become a serious threat to operating systems of choice as well, once they become a bit more popular. It's exactly the kind of software that operating system level security cannot stop, namely, software willingly (if not knowingly) installed by the user.

    Seeing that a lot of software for *nix systems needs to be installed as root, spyware could potentially bypass any OS security mechanisms, and there will be no end to the potential damage.

    I think this situation needs addressing. Distributions supporting and simplifying installing software by regular users (as opposed to systemwide installation by the superuser) would be a good first step, with many additional benefits.
  • Oxymoron... (Score:2, Insightful)

    by 1000101 (584896)
    "I like my Windows boxes junkware-free, thanks (oxymoron noted)."


    My Windows XP box is junkware free, adware free, and spyware free. It's only an oxymoron for the morons who don't keep their systems safe with firewalls, up-to-date anti-virus definitions, and enough common sense to not click "OK" on every IE prompt that asks you to install something.

  • by dtfinch (661405) * on Tuesday November 02, 2004 @05:36PM (#10704427) Journal
    I've caught shareware sites bundling my software with WhenU malware, without my permission, and without giving clear indications to users, causing problems for my customers and endangering my reputation.

    I consider any program that sits in the background and pops up ads while the bundled application is not running to be unwanted malware.
  • Here's a clip from their joint press release with WhenU

    From the desktop, WhenU software examines keywords, URLs and search terms currently in use on the opted-in consumer's browsers and then presents highly relevant advertising and services.

    This is from their own press release! Who in their right mind would stake the reputation of their company on a declaration that such a product is not spyware?

  • Not only is Aluria certifying WhenU with its "Spyware SAFE Certification Program", but it is also providing WhenU with a spyware removal tool [whenu.com] too. This helps give WhenU an "air of respectability."

    What I don't get, though is why anyone would consciously agree to have adware installed on their desktop that would examine keywords, URLs and search terms. Even if no data is collected and all is kept encrypted, why would anyone want ads popping up while they are working (or whatever) on their computer?
  • Spyware companies should be prosecuted to the fullest extent of the law. I had spyware installed on my computer from just visiting a website by accident. I then had to buy an anti-spyware program to get rid of the damn thing. Turns out that the two fuckers are in league with each other! I called my credit card company and issued a chargeback. The POS spyware program that invaded my system was the most fucking annoying thing ever. It sucked all of my bandwidth and would open IE windows even if I was no
  • by Anonymous Coward on Tuesday November 02, 2004 @05:53PM (#10704626)
    Aluria Software creates "Spyware Safe" icons for spyware!

    Just the other day, my wife asked to have something called "Weatherbug" installed. I told her that I would install it for her, as long as it had no spyware.

    It sure made me feel better when I went to http://www.weatherbug.com/ and saw the "Spyware Safe" icon from Aluria.

    Well, right before the install of weatherbug, I cleaned the system, rebooted, and cleaned again to be 100% sure.

    Right after the software about 35 items were found by Ad-Aware SE PE....so much for "Spyware Safe"!.

    Aluria is just that...A LURE...a way to scam you!

    I'm glad to now know that Aluria's "Spyware Safe" icon is really just scam.

    -wpg
  • What? (Score:5, Insightful)

    by canfirman (697952) <pdavi25@NOSPAM.yahoo.ca> on Tuesday November 02, 2004 @05:59PM (#10704710)
    Am I missing something when I read:

    WhenU President and co-founder Avi Naider said the industry is falling on previous prejudices and lumping legitimate adware in with malicious spyware, failing to see the changes WhenU has made. (my bold)

    How about NO ADWARE? The reason I got a spy/mal/adware remover was to be free from ALL adware. I don't want anybody pushing products on me when I'm on-line.

    It seems Aluria has forgotten why they built an adware application in the first place.

  • by karlandtanya (601084) on Tuesday November 02, 2004 @06:32PM (#10705070)
    For profit "watchdog" organization sells out to bad guys.


    Happens all the time.

  • by TyrranzzX (617713) on Tuesday November 02, 2004 @06:48PM (#10705228) Journal
    I run adaware, spybot, bazooka, teatimer, antivir, CWS shredder, AVG, and a few custom scanners I'v made myself for personal uses (batch file for deleting all cookies and IE cache). They all run via a batch script sunday while I'm doin' laundry and washin' dishes. I come back, press "ok" a few times, and it's tidy again.

    Every time I find a scanner, I say "hey, it's free" download it, update it weekly, set the batch file to run the apps. It's a common security tactic called LAYERING. You've got 3 levels to network secuirty; instrustion prevention, instrusion detection, and intrusion elimination. Preventing intrustions is as simple as using firefox and some common sense, detecting and eliminating them are as simple as layering spyware scanners. I routinely find that one scanner catches what the other doesn't, and one regular deletion of a cookie catch catches what a number won't.

    Take, for example, what I consider a good firewall setup; don't run 1 firewall, run 2 or 3. Preferably on different machines so an exploit on one firewall doesn't lead to the machine getting r00ted and your extra firewalls being useless.

    As for what this is, this is bullshit. Frankly, EULA's hold up in court, but they're BS; you can copyright a program just like you can copyright a song (songs have octaves and time, computer's have on/off and time), but you CANNOT tell me that using it on a computer is copying, just like you cannot tell me playing a roll of sheet music on a player piano is copying, even if that piano happens to buffer the music entirely before playing it.

    Frankly, I look at it this way. Most programs say you may not distribute the application. Now, wait a minute, I'm distributing it on my computer, from chip to chip, in it's entirety (take a good night of gaming) so technically, there's an arguement there that the software vendor is falsely advertising their software and inciting their customers into commiting copyright infringement. Either way, they lose. The problem here is EULA's, and they're being abused like no tommaow by these big corps to make a buck. I believe in letting them have their copyright (although, with today's copyright system being so fucked as it is, I only do so at my own discretion, but my discretion will take a long, long time to explain, so I won't go into it here).

    As for a solution to this, well, there's a couple of ways to solve the problem. Frankly, my favoire would be r00ting them and cleverly disassembling the infrastructure of their company piece by piece. However, considering this is probably some grubby CS student clicking at the looking glass, I'd think it would be far more entertaining to send some convincing people over to his general neck of the concrete jungle to convince him that mabye this isn't the thing he should be doing for a living.

    Barring that, I think it would be even funnier if we got some of the slashdot crowd to, say, go over to a website that pilfers this kind of wares, install the app, then file a class action lawsuit asking for $500 is removal costs per infected machine. If we succeed, we can make a tidy profit AND knock out spyware vendors.
  • by Anonymous Coward on Tuesday November 02, 2004 @07:26PM (#10705597)
    I'm the owner/lead programmer of a somewhat popular media playback software.

    WhenU mailed me a few times, which I ignored (I get quite a few of these adware requests). Then a few days later the phone rings (and I'm no U.S. citizen, this was an international call).

    I didn't ask them where they got my name and number, but since it's only listed on my DNS records and no where on the site, I guess they actually went through the minor trouble of looking it up.

    I had no plan on incoporating any spyware into my software, but I find it interesting hearing their pitch every once in a while.

    At first they contacted me using a low-level employee which asked me if I want to arrange a "call" with their senior whatever in order to discuss this. I told them that I had no intention of incorporating their software into my own (installer), but they really wanted me to talk to their higher-up person. The tone they used made it sound as if this person was "important". I found it all very funny and was interested in their pitch.

    The next day I got a phone call from their director of something or other. This person (woman) was quite articulate and held quite a bit of technology information (she wasn't a lackey, she knew her stuff).

    She insisted that WhenU is working with the gov to make sure they are not outside the law (slashdot was running a story about law changes that may effect spyware), she actually said they were championing the law.

    I asked her about the "spying" portion of their software. She assured me that the ad-selection was done locally on the host computer and no-data was sent to their servers.

    In the end I asked/told her something very simple:
    1. Does the user see more ads when using your software (yes).
    2. Does your software appear as spyware on spyware removal tools (yes, but they are working on it).
    3. Don't you think that by attaching a software that is detected as spyware will ruin the reputation of my own software? (no answer).
    4. Can I validate what their program actually does? (no)

    I told her there was no way I'm risking the prestine reputation of my software and making my users angry.

    But as you can see, WhenU is really pushing hard...
  • EULA (Score:3, Interesting)

    by Naito (667851) on Tuesday November 02, 2004 @07:36PM (#10705691)
    it strikes me that viruses and spyware/adware/malware whatever you want to call it only differ from each other in that spyware contains an EULA. They're really both equally damaging to productivity, and I dare say that many spyware programs are harder to get rid of than viruses!

    Why is it that spyware writers are free from prosecution? If virus writers wrote an EULA that was as unlikely to be read as those by common spyware programs, even if it stated explicetly that "this program is known as a virus, it will delete all your data and spread to other computers. Click yes if you agree to this", would that make virus authors immune to prosecution??
  • by serutan (259622) <snoopdoug@geekaz3.1415926on.com minus pi> on Tuesday November 02, 2004 @07:41PM (#10705742) Homepage
    In other news, the FBI announced that it will partner with the RIAA and MPAA in a pioneering move to trim the federal budget through privatization. The newly repurposed agency will be called the FBIP, Federal Bureau of Intellectual Property, and its primary mission will be to enforce entertainment copyrights, trademarks and patents. Former RIAA chief Hilary Rosen, slated to head the FBIP, said protection Intellectual Property is the key to the safety of American consumers. "Terrorists don't want artists to be compensated for their work," said Rosen. "They hate our freedoms. Plus their music really sucks."
  • by BillX (307153) on Tuesday November 02, 2004 @08:27PM (#10706127) Homepage
    In arguing about the recent actions of Aluria, the discussion will inevitably be steered toward whether WhenU (is, is not) malware/spyware/crapware/*ware, i.e. whether it is right or wrong for Aluria to decide they don't fit Aluria's definition of a threat, and de-list WhenU. This conveniently sidesteps larger and much more ominous issues:

    1) The amalgam (Aluria+WhenU) is now a competeting product to other spyware removers. (Aluria+Whenu) could more legitimately bring suit against AdAware/Spybot/etc. for the "anti-competitive" practice of removing WhenU.

    As Eric L. Howes notes [broadbandreports.com],

    "It now appears that the Aluria scanner is actually bundled or integrated into the WhenUSearch Toolbar. In other words, by removing the WhenUSearch toolbar, other anti-spyware vendors will effectively be removing a competing anti-spyware product. Still worse, WhenU itself is now a competitor to other anti-spyware vendors."

    2) The amalgam (Aluria+WhenU) can worm onto a click-happy user's system due to its existing title of "spyware eliminator", and summarily remove competing ad-belchers from that system (how convenient!). Now WhenU's promotions aren't being drowned out by Gator/Claria, Bargain Buddy and all their other popup-spewing friends you are likely to find on a spyware-prone (read: novice user) computer.

    Do note that AOL is partnered with Aluria; AOL version 9 bundles Aluria Spyware Eliminator--so we're talking about a potentially enormous market here.
  • Surprised? (Score:3, Insightful)

    by Duncan3 (10537) on Tuesday November 02, 2004 @11:46PM (#10707140) Homepage
    You're surprised there is more money in the spam and spyware then the anti of them?

    Wake up. There is orders of magnitude more money on the advertising and blackmarket side.
  • by Animats (122034) on Wednesday November 03, 2004 @12:46AM (#10707489) Homepage
    Ironport [ironport.com] sells both rackmount spam filters and rackmount spam senders. They own SpamCop. They also operate the Bonded Spammer [bondedsender.com] program, which "certifies" spammers as OK to bypass spam filters. They're definitely playing both sides of the street. The New York Times picked up on this [nytimes.com] last year.

    Oh, yeah, Ironport claims their multimillion e-mail per hour senders are only for use by good guys. Right.

C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup

Working...