Forgot your password?
typodupeerror
Privacy Microsoft IT

Microsoft Denies Claria got Spyware Exception 275

Posted by timothy
from the it's-better-than-worse dept.
daria42 writes "Microsoft has denied its AntiSpyware application has given adware-maker Claria special treatment. The denial has been issued amid reports MS is looking to buy Claria, and is in response to security researchers' reports stating AntiSpyware had downgraded the threat level posed by Claria's adware products. The downgrade in threat level merely represented an effort to be "fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors," according to a statement published by Microsoft." As reader jfengel writes, though, "they neglected to mention what software that might be, nor did they publish the analysis."
This discussion has been archived. No new comments can be posted.

Microsoft Denies Claria got Spyware Exception

Comments Filter:
  • Spy Sweeper too (Score:5, Interesting)

    by professorhojo (686761) * on Monday July 11, 2005 @08:43AM (#13031945)
    I don't know if you guys know this, but Webroot's Spy Sweeper is also delisting obvious spyware. Microsoft is not alone in this! I personally think this is going to become a real problem with most spyware scanners unless laws are brought on to fight spyware more aggressively and some kind of standard list is defined like there is for viruses.
  • by Da Fokka (94074) on Monday July 11, 2005 @08:50AM (#13031970) Homepage

    Please take off your tin foil hats, guys!

    One might say that Microsoft is primarily responsible for the entire spyware issue (although I suspect Firefox's track record would be worse, albeit better than IE, if it were as popular). But MS AntiSpyware is a fine piece of software, however. It's easy to use and does its work better than many of its competitors.

  • by bigman2003 (671309) on Monday July 11, 2005 @08:50AM (#13031973) Homepage
    As a relatively big fan of many Microsoft products...(hey, it's how I make a living!)

    Any attempt to incorporate software like Gator into Windows, or an attempt to allow software like Gator greater control...will mean I am no longer a card-carrying member of the fan club.

    Seriously, I have spent way too much time cleaning that junk off of my daughter's computer. The MS anti-spyware program works well now, but if they disable it for their 'partners' it will royally suck.

    And then I'll have to eat crow for quite a while.
  • Re:Ad-Aware (Score:4, Interesting)

    by Mad-Mage1 (235582) <infosecguy...mb@@@gmail...com> on Monday July 11, 2005 @08:52AM (#13031986) Homepage
    Excpet for the fact that Ad-Aware already had A HUGE problem recently w/ delisting of products, specifically When-U. I know many who no longer use it as the first tool against spyware, merely for thoroughness.
  • by binkzz (779594) on Monday July 11, 2005 @08:56AM (#13032016) Journal
    is that they're also using AntiSpyware for motivating people to remove competing products. For instance, MSN Plus and RealVNC will come up in a search, and although I don't particularly like MSN Plus myself, I don't think it's really fair.

    The small print says they may not be actual spyware, but potentially dangerous items, most unknowledgable people will just remove them anyway, because it's the default option.

  • by kahei (466208) on Monday July 11, 2005 @08:58AM (#13032026) Homepage

    It's not a fine piece of software. It _was_ one and it has been intentionally made otherwise.

    I'm keeping my tinfoil hat firmly on. Imagine if Ford bought the company that checks for defects in cars, and the next week all Ford defects were considered as desirable behavior. Imagine if Monsanto bought the company that decides whether Bovine Growth Hormone is bad for you, and the next week it was announced that BGH is just fine... actually, you don't really have to imagine that.

    This is a tiny attempt to extend to the software industry what is already standard in the 'traditional' industries; the use of quality and safety regulating entities to discourage competition rather than to protect the consumer.

    I _will_ say that I don't expect MS to be as evil about it as Monsanto et al for a good many years yet.

  • by FidelCatsro (861135) <[fidelcatsro] [at] [gmail.com]> on Monday July 11, 2005 @09:00AM (#13032033) Journal
    Does anyone know of any OSS that is dedicated to the removal of ad-ware and spyware.
    I manage a number of windows machines at the office and wit he recent declassification's without good explanation that has occurred in the sector i have lost all faith in most of the products .
    An OSS solution would be wonderful (hell i would rather switch the machines to linux , but that is not an option right now due to certain programs that are required by the company) .
    Commercial solutions always to me seem rather susceptible to legal action for the classification and or bribery.
  • by Arthur B. (806360) on Monday July 11, 2005 @09:04AM (#13032051)
    MS antispyware should rather show the threat level the user represents to the computer by analyzing the number of unused files squirreled on the desktop, viruses & spywares on the system, time spent on configuration panel, number of time a double click is performed when a single click is expected etc.
  • by Hortensia Patel (101296) on Monday July 11, 2005 @09:11AM (#13032076)
    We should go and tell them what we think about Claria and Gator, not to mention their general business ethics.

    On the contrary, we should encourage them to integrate obnoxious adware into every aspect of the browser and OS. If that doesn't persuade the world to switch, nothing will.
  • Re:Wonderful (Score:5, Interesting)

    by orthogonal (588627) on Monday July 11, 2005 @09:11AM (#13032077) Journal
    So MS denies something they clearly did wrong, what's new?

    You, sir, are entirely unfair!

    Microsoft clearly said The downgrade in threat level merely represented an effort to be "fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors,"

    It's entirely consistent. Microsoft has consistently held their software offerings to, ahem, an improved standard.

    I mean, have you ever looked at how Microsoft's C++ compilers, um, pioneered their own standard, entirely different -- and, so long as you don't like correct exception handling, consistent RTTI, or the availability of a Standard library, entirely better -- from the ANSI/ISO standard. Or look at the, um, improvements to JavaScript and the browser DOM.

    Or just look at the XML for Word docs. Ok, well absent a non-disclosure agreement you can't actually look at it, but trust Microsoft it's entirely consistently inconsistent with anything else out there.

    How anyone can say Microsoft isn't being consistent in its approach I just don't understand at all.
  • by dtfinch (661405) * on Monday July 11, 2005 @09:19AM (#13032132) Journal
    Is that Claria isn't the only malware to get this exception?
  • Re:Spy Sweeper too (Score:5, Interesting)

    by GlassUser (190787) <<ten.resussalg> <ta> <todhsals>> on Monday July 11, 2005 @09:37AM (#13032232) Homepage Journal
    For me, I am interested in open source spyware removal. I would like a product designed by people with a mindset like mine (anti all spyware). One of the issues is that anti-spyware/virus companies are getting sued by adware companies for slander etc. for calling the adware, well, adware.

    The needed mechanism is already in windows. All we need to do is find and distribute hashes of known spyware (software permissions policy, or something like that, it works by hash, filename, certificate, and maybe location). Windows will then simply refuse to execute (if it's an executable, or load it if it's a library or control).
  • by Khyber (864651) <techkitsune@gmail.com> on Monday July 11, 2005 @10:00AM (#13032424) Homepage Journal
    Let me give you something to test, you'll most likely enjoy this.

    If you've got a spare machine that can handle a 2k/XP install, install either of those OS on the computer. Grab MS Anti-Spyware, Grab Ad-Aware, and Spybot S&D. Install all of them.

    Let MS-AS be your default scanner/detector of on the fly spyware threat detection instead of Spybot. Now go find a webpage (or deliberately install thru some other program) the ISTsvc (Internet Search Toolbar) spyware. Now, run either ad-aware, or spybot, and try to remove it. Worked, right? Ooops, notice how MS just trusted a change to your computer? Okay, that's detcting spyware being removed. You should get another notification immediately afterwards showing that another change has been allowed within windows. Go to MS-AS security section, look up all the alerts you've gotten. Scroll down that list. Notice a trusted change by MS-AS allowing ISTsvc to reinstall itself on your computer?

    Now, I admit I may not be totally correct. I have yet to do a vice-versa and allow Spybot S&D to be the on the fly detection program. But from what I've noticed, companies providing anti-spyware solutions seem to have incentive to sneakily allow some unwanted stuff on your computer; they eventually want you to pay for their full version of the program, which you'll hope will do the job even more thoroughly. They've set out a mousetrap in order to try to make more money off of you.
  • by aysa (452184) on Monday July 11, 2005 @10:05AM (#13032465)
    "We firmly believe that people should have complete control over what runs on their computers," Microsoft added.

    Good news, this means they will have to drop the Trusting Computing idea altogether... errr if this was truly an "effort to be fair and consistent "

  • by Chris Mattern (191822) on Monday July 11, 2005 @10:09AM (#13032500)
    cygnusx wrote:

    But stop calling [Scoble] a brown-noser when we know nothing about you or your biases.


    Some of his questions in the Ballmer interview:

    * Why does Microsoft care about developers?

    * Microsoft is a leader in transparency and blogging. Why did you allow blogging?

    * Coming up with tough questions for you is hard. If you were in my position what tough questions would you ask Microsoft's CEO?

    I'm sorry. That's a man brown-nosing just as hard as he can.

    Chris Mattern
  • by ajs318 (655362) <sd_resp2 AT earthshod DOT co DOT uk> on Monday July 11, 2005 @10:15AM (#13032554)
    Amen to that.

    Where is the Open Source anti-adware, anti-spyware stuff? I don't see a spyware removal tool for Linux. Oh ..... there wouldn't need to be one, would there? We could just comment out the spyware-ish bits before compiling, and distribute the resulting patchfile. On Gentoo, that would probably be part of the ebuild scripts. OK then, what about Open Source spyware removal for Windows?

    But the point is that all the Open Source software available for Windows is there by accident. It wasn't written for Windows, it just was ported to Windows from some unix variant. Nobody writes GPL software with Windows in mind -- it's just that some Windows user manages, with more or less effort, to persuade it to compile, and is obliged by the licence to make the source available. {If anybody persuaded BSD-licenced code to compile under Windows, they probably would keep it closed-source -- and maybe even disable some options in an effort to extort money out of users}.

    My computer is my property, and I have the right to determine what software runs on it. Installing software without my explicit consent is at least trespass {which is a civil offence and grounds to sue} and may constitute criminal damage {which is a crime, so dial 999 and let the police deal with it}. These things were already offences long before computer-specific legislation was passed. The use of confusing language to persuade someone to install software may additionally constitute Burglary Artifice. If it's a Crown Court, then the odds are in your favour -- out of a jury of 12 people, how likely do you think it is that none or only one have experienced PC trouble due to spyware?

    You know, I often wonder what would life have been like if, way back in early 1976, some members of the Homebrew Computer Club had dragged Bill Gates {the author of that letter [cryptnet.net]} into the gents' and given him a bloody good hiding. That has to be my second choice for an "if I could alter the course of history" fantasy.
  • by Goeland86 (741690) <goeland_86.yahoo@fr> on Monday July 11, 2005 @10:16AM (#13032557)
    Well MS is badly placed for any kind of critics towards other companies. Didn't MS themselves put spyware onto people's computers before they got nailed for it?

    This denial just proves once again MS' dishonesty towards customers, may they be corporate or individuals.

    Why don't people act upon the fact that MS is just lying so blatantly? Oh sure, their lawyers are good, but lawyers can't do anything against massive boycott!

    Action, to the streets dammit! Make piles of MS CDs to melt!
  • How they do that (Score:3, Interesting)

    by jamesl (106902) on Monday July 11, 2005 @10:19AM (#13032587)
    Windows AntiSpyware (Beta): Analysis approach and categories

    http://www.microsoft.com/athome/security/spyware/s oftware/isv/analysis.mspx/ [microsoft.com]

    This white paper provides an overview of the approach and criteria categories currently used by the Microsoft research team to analyze and classify software.

  • by doublem (118724) on Monday July 11, 2005 @10:21AM (#13032609) Homepage Journal
    FUD???

    Dude, I have sources. [gamesindustry.biz] It's not FUD, it's what Microsoft has been announcing all along. There are major architecture changes taking place (Video card and processor for example), and they won't be able to either emulate or embed the original XBOX hardware on the new XBOX.

    To quote the article linked above:

    The problem, it says, is down to hardware incompatibility - since the current Xbox uses an Intel processor, but the 360 will use IBM's PowerPC architecture, while NVIDIA's graphics solution is being replaced with an ATI one.


    On the flip side:

    Sony and Nintendo have already confirmed that their next-gen consoles - the PS3 and Revolution - will play all the games in their respective back catalogues, offering consumers a huge choice of titles at launch.


    Here's the deal, MS will be recompiling a lot of games to run on the new hardware. Why they expect this to work without any problems I don't know. They're switching processors for crying out loud. How do they plan to get these recompiled games out to customers without charging them for a new copy, they haven't said. They've made a lot of promises about things just "working" but the fact that at the very least a recompile is necessary means at the moment they're spewing a lot of vapor and marketing but not any substance.
  • Re:Ad-Aware (Score:5, Interesting)

    by Flyboy Connor (741764) on Monday July 11, 2005 @10:46AM (#13032820)
    Seriously folks, when will the madness stop? You can't patch a broken design combined with user unawareness by semi-working cannot be trusted commercial programs!

    Interesting comment, which reminded me of a story:

    I once worked for a bank, where there was a computer that processed all electronic banking files. The majority of the programs on this computer were written by a guy I worked with. This guy considered himself a programming god, while I thought he was below average.

    Now, one of the quite critical programs that ran on this computer was in the habit of crashing occasionally. The guy attributed this to an OS fluke, and instead of debugging the program and resolving the error, he wrote a program that simply checked whether the crashing program was running, and if it wasn't, would restart it.

    Without our department knowing, the crashes increased in frequency. We didn't know this, because the crashing program was restarted all the time. Unfortunately, at a certain point in time the crashes occurred about every few seconds, and our system basically went down. I was part of the team that analysed and resolved the problem, and, of course, we found that it was a basic DESIGN flaw in the crashing program. I won't go into details, but basically, with some knowledge of file transfer protocols, this flaw would have been avoided.

    Now, why is this story on topic? Because Windows is JUST like this crashing program, Microsoft is JUST like the guy who wrote the crashing program, and AntiSpam/AntiVirus/Firewalls are JUST like the program that restarted the crashing program.

    What I expect to find, in the not-too-distant future, is that our Windows systems will simply stop running because the patch programs need all computing resources to keep Windows from going down. And the only way to resolve this, is a redesign. Which should be done by people who know how to design a good system, and not by a marketing company.

  • by astrashe (7452) on Monday July 11, 2005 @11:58AM (#13033507) Journal
    I'd like to try that because it would be interesting, but I'm sure that what you say is correct.

    I don't dispute that they're letting some things through, and that the decisions they make about what gets through aren't always in the end user's best interest.

    I don't have a lot of experience with spyware, because I mostly run linux, and on windows I find that it's not too hard to avoid it in the first place. I'm not an expert. But the other day I had to clean off someone else's machine that was infect with the IBIS toolbar.

    I couldn't get rid of it with spybot or ad-aware. They'd find a bunch of junk and clean it off, but you'd reboot and it would come back.

    When I ran the MS tool, it found more than 500 files and registry entries for it, and it cleaned them off. When I rebooted, it didn't boot cleanly (missing files were being referenced in the registry), and I thought "oh no, here we go". Then I started to get pop up windows about things trying to make changes. It told me to rerun the scanner. I did, rebooted again, and it was clean.

    This is speculative on my part, and I could be wrong -- so people, please don't yell at me too much if I am, I'm aware I'm on shaky ground here -- but I had the impression that the MS tool was tagging things as spyware *because* they were trying to change registry entries and hijack the browser.

    In other words, they weren't just using a file name, or a signature of a file to tag something as spyware, they were looking at the behavior of the thing. If a process tries to do something nasty, they follow it back to the source, and nuke it.

    If that's what it's doing (and again, I think, but don't know, that it is), it's a big innovation. It's a good way you to fight spyware that generates lots of random files with randomized data and random names to reinstall itself.

    MS, for all of their flaws (and they have plenty, I don't want to be an apologist) has vast resources and a lot of smart people. Their tool lets people report back on infestations automatically. They can throw people at the problem and code for new problems almost as soon as they arise.

    They understand the OS better than anyone, obviously, and can use that knowledge to track down the source of reinstalls more effectively than comparatively small outsider shops.

    That doesn't take away from the negativity of their deals with the devil. That sucks, they shouldn't do it, and they're really shooting themselves in the foot over the long run by making those deals, because no one has a bigger stake in making windows solid and trustworthy than MS, and this crap really undermines that effort.

    But if you have IBIS, and you need to get rid of it, their tool is terrific. If you have that problem, don't let the fact that they've decided to be deliberate bad at ISTsvc removal prevent you from using it for IBIS. That's really all that I'm saying.

    Don't stop running spybot or ad-aware. But add the MS tool to your arsenal. It does a lot of good stuff.

    I will try to run your expiriment so I can learn more about this... thanks for posting about it.

  • by Nom du Keyboard (633989) on Monday July 11, 2005 @12:18PM (#13033713)
    Think about it folks. Would Microsoft EVER admit they had done this? Screw over the users for crass commercial gain.

    Let me give you a hint.

    NO!

    So if they're going to make any statement about it at all, this is the one it will be. Anybody having trouble understanding this?

  • by Tezkah (771144) on Monday July 11, 2005 @12:22PM (#13033745)
    MSNger Plus! is a great program, but it asks you to install an adware IE toolbar when you install it. The last time I ran MS Antispyware it recommended that you keep it.

    At least MSNger Plus! doesn't automatically check the "Yes, install this" box for the adware, you'd have to ignore the warnings, then click "YES, INSTALL THIS" to get it. I use MSNger Plus! and don't have any spyware at all.
  • Re:Spy Sweeper too (Score:4, Interesting)

    by jc42 (318812) on Monday July 11, 2005 @05:45PM (#13037040) Homepage Journal
    That question is not as relevant as the question of WHY the webcam can be turned on by unknown entities in the first place.

    Well, a few years ago I worked in a lab that was developing video conferencing software. One of the guys had a cool tool that he liked to demo. He's ask you if your machine had a camera, and if so, what's the hostname or IP address. He'd type it into his program's "host" widget, and if it was a Windows machine, a few seconds later the view from the camera would appear on his screen. It didn't matter whether the camera was on or off; his program remotely turned it on. It also turned on the microphone, if there was one.

    You can probably imagine the effect this had on a lot of users.

    One fun thing was the people who would ask if there's anything that can be done about it. He would basically say "Well, I know how to remotely turn the camera off, if that's what you mean. But that doesn't do you a lot of good, because someone else can come along and just turn it back on, if they know what I know." He'd also say that his code only works with Windows machines; no other system that he knew of had the glaring security holes that allowed such remote access.

    All this came out of a few guys' research into what it took to get their conferencing software running on Windows.

    Dunno if it still works, though. It's been a few years.

"Our vision is to speed up time, eventually eliminating it." -- Alex Schure

Working...