Windows AntiSpyware Downgrades Claria Detections

accihap writes "A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria (See recent /. coverage), spyware researchers have noticed that the Windows antispyware application has downgraded Claria's Gator detections and changed the recommended action from 'quarantine' to 'ignore.' Screenshots of the new default settings."

Sadly, no surprise.

[TripMaster Monkey (862126)]

Honestly...is anyone surprised by this? We all saw this coming.
Unfortunately, M$ can pull this sort of thing with near-impunity, as the only ones outraged by this are the ones who had issues with them in the first place (read: us).
The vast majority of Windows users out there are just going to shrug and say, "Oh well...if Microsoft says they're not a threat, then they must not be a threat."

Re:Sadly, no surprise.

[digidave (259925)]

But I wonder if this will affect enterprise adoption of MS Antispyware. Even the diehard Windows admins where I work will admit this revelation makes that product less attractive, which is a shame because it used to be possibly the best antispyware product around.

Re:Sadly, no surprise.

[by Anonymous Coward]

I wonder if this will affect enterprise adoption of MS Antispyware

If this indeed checks out, Microsoft Antispyware will be removed from our regional ISP's recommendation list by the end of the day. Our customer care people presently recommend it as the first tool for spyware infections due to its previous effectiveness in identifying items that several other no-fee tools did not.

Software that intentionally misleads users regarding the actual risk of unauthorized application behavior is malware, regardless of the vendor or intent.

Re:Sadly, no surprise.

[Beatbyte (163694)]

Too bad the admin's can plug the holes in the operating system more efficiently than the holes suck them dry of resources.

If anything, this shows that future Microsoft Operating Systems:
1) won't be anymore secure than previous versions
2) may even bundle Claria/Gator with their products
3) will be just as successful as their predecessors despite all of this

Re:Sadly, no surprise.

[/ASCII (86998)]

You are taking this the wrong way. What has happened is that Microsoft noticed that Claria software contains bugs which in rare cases cause it to perform actions that some users might not want without first prompting the user. These actions include a problem with the automatic upgrade facility that may accidentally cause Claria software to be installed on a computer without the user requesting this. Because of this, they have contacted Claria and asked them to rewrite their software and remove all such unintended features. Claria has of course complied, and hence their software will be removed from the spyware list.

Re:Sadly, no surprise.

[bigman2003 (671309)]

Furry Wookie- this is not pointed at you directly...but at something you said which sounds like what a ton of other people are saying:

"...take control of your life..."

A lot of the MS vs. (everyone else) debate sounds like this.

My life? How is an anti-spyware tool on my computer going to really affect my life? Or how is my computer going to help me take control of my life?

My computer is just a stupid, noisy, power-sucking box that sits on the floor. I am the one that gives it life, not the other way around. Whatever operating system it runs doesn't really affect my life at all- I just use the thing.

Just like the hedge trimmers I bought last weekend- I went to the store, bought some, and used them. It wasn't a decision that would affect my life- just those few moments as I trimmed the bushes.

My whole point is...don't confuse a computer with real life. Real life is about people, love, adventure, relationships, hardships and successes.

Computers are about reading e-mail, and surfing for porn.

Re:Sadly, no surprise.

[Zeinfeld (263942)]

Microsoft generates the default actions by looking at the feedback from people who have opted to communicate their actions to Microsoft.

Before getting into a stew it would be worthwhile considering whether it is likely that a significant number of people with Claria crap are opting to keep it.

No way would I have Claria crap on my machine but it does appear that there are people downloading the trash intentionally.

Re:Sadly, no surprise.

[rearden (304396)]

If Microsoft is going to rate spyware based on the actions taken by end users, then the product is flawed from the begining. If most users knew what caused/qualified/ acted as spyware they would not get it in the first place. I can not tell you how many times I have removed some WeatherBug or other program, and the user goes "Why, I like getting the weather" and I have to explain that all of the Pop-UPs are from the WeatherBug and they say "Why? It is just for the Weather!". I actually had one user complain to my boss that I was trying to keep her from getting the Weather!

My point being, most users don't know or understand what is in the programs, and so the determination of their adware/ non-adware status should not be left up to them.

Additionally, what is going to stop the AdWare networks from running bots that mark their programs as Keep or Ignore and thus flooding the SpyWareNet with false info.

If the change comes becuse of user feed back, then the system is flawed. If the change came because MS got paid, or threatened to be sued then MS is just corrupt.

Re:Sadly, no surprise.

[bhtooefr (649901)]

Typical infection process of a Claria app, if it's downloaded legitimately (I don't recall Claria's stuff doing drive-by downloads):

1. User sees "Free password manager", "Free calendar thingy", or "Keep your computer clock up to date" (on the last one, not knowing that their XP box has a built-in NTP client, and easy to set up, too)
2. User downloads, and installs, not reading the EULA (as they've been taught - it's all legalese BS, after all, but there's often a string of legalese in the EULAs of these apps that boils down to "this is spyware")
3. User wonders why computer is running so slow, so he/she calls a friend over to remove the spyware. Said friend mentions something about "Claria junk", and removes it.
4. User sees that their little clock thingy isn't working right, and redownloads it.
5. User again realizes that their computer is running slow, but hears about this "Microsoft AntiSpyware" thingy that helps it go faster, so they download it.
6. On the first scan, it says "OMG! There's Claria on here!" (not really, but that'd be the general gist of the screen to a user). The user remembers that when the friend cleaned stuff off, Claria was the thing that when removed, broke the clock thingy, so he/she tells it not to erase. Default behavior is to send the actions to SpyNet, so it went to SpyNet that he/she chose to keep it.
7. 
   
   Does that sufficiently explain it?

It's worrying...

[taskforce (866056)]

...how quickly corps like MS will sell out their customers to make a quick buck. This is not only found in the Spyware arena but also with companies such as Intel embedding DRM into their chips when coaked by the various entertainment industries.

And people trust a firewall to them

[syntap (242090)]

Why would anyone rely on a security product of any kind owned by the same people as the OS? Not only are users subjected to this kind of tomfoolery, but in general marketing a security product for your own operating system is like correcting your own spelling test... best left to a third party.

Spyware works because Microsoft designed their softwarein such a way that lets it work. The premise of trusting their anti-spyware tools is ludicrous.

Re:And people trust a firewall to them

[Speare (84249)]

I really like your analogy, mind if I repeat it?

Marketing a security product for your own operating system is like correcting your own spelling test.

I might just have to go make up some more bumper stickers or something.

Confirmed

[Steinfiend (700505)]

First thing is we need to make sure these images are real. We have been caught with faked images many times before. If they are then I think all it really does is reinforce the need to run multiple anti-spyware utilities.

When a for-profit organization releases a product that can adversely (or positively) affect another for-profit organization we must expect, at least sometimes, to have some negative effects on the consumer. Its a capitalist society and companies are free to do anything and everything they need to maximize profits, within the scope of the law.

I guess it's "just" typical MS

[mytec (686565)]

This sort of thing boils my blood. There is a certain level of trust I have with a vendor who provides detection and removal of spyware, etc. I've not payed as much attention as maybe I should have, but what other vendors are strong in detecting spyware that don't give in or at least haven't thus far? The product they purchased from Giant was really good to boot. Doesn't take look for the MS taint to occur, does it?

Unrelated, I get the impression, MS doesn't need more competent competition to fail. Instead, they need to continue doing just what they are doing. Between moves like this, the failure to manage projects, etc. they are hurting themselves just fine and making everything that isn't MS look better.

Every so often the MS marketing machine almost gets me to believe they might be changing. The developer blogs have helped a lot in that respect. Then MS does something like this. On the one hand they say they are concerned about this threat and then, not too long into the future, they pull a move like this which says the exact opposite.

Photoshop?

[stinerman (812158)]

I'd like to see independent evidence before jumping to conclusions [slashdot.org]. Anyone want to install Gator and test it themselves? :-)

Re:Photoshop?

[crimoid (27373)]

Just tried to let IE install one of their apps and MS AntiSpyware caught it, flagging it with Moderate.

To their credit though you had to dig to find the Moderate label. The first thing a user will see is a rather largish (scary looking) red box encouraging them to block the software.

Conflict of interest

[Divide By Zero (70303)]

Consumer Reports doesn't accept outside advertising - it'd compromise their ability to do their job.

This is why you want your anti-spyware company making anti-spyware software and nothing else. Of all the software I've installed at one point or another, I remember Gator (along with later versions of Kazaa) being the worst about installing obnoxious unwanted software, not mentioning it, and then the software is a pain in the ass to remove. It clearly SHOULD be targeted by any software out there purporting to keep the user's best interests in mind, but Microsoft the Fox is, once again, guarding the henhouse that is your computer.

Anybody who puts their sole trust in a MS spyware-protector deserves what they get, especially when MS starts buying up spyware companies.

I can confirm

[Slayback (12197)]

Just yesterday I was helping a neighbor clean-up his girlfriend's parents' computer (how do I get roped into things like that?) So, I install the 3 big ad-removers; Spybot S&D, Adaware, and MS AntiSpyware. I ran the MS one first since Spybot kept crashing when doing the cleanup (very mean buggers). I noticed that the Claria stuff was all set to ignore after it detected it. I didn't think much of it and set all of them to quarantine, but I did think it was a little odd.

Anyways, CONFIRMED.

Reasonable Explanation

[CrazyWingman (683127)]

Come on now, all, there is probably a completely reasonable explanation for this. You know, like their software can only handle 1023 programs being classified as "Quarantine". They just had to clear some out to make room. :P

Friggin' M$.

Slashdot Users: Stop Fixing Windows

[Bronz (429622)]

We've all put up with fixing Windows for a living or maybe circle of family and friends. If your really unlucky, both. When I think about the time I've put into getting spyware off my [Pastor's, Father's, Sister's] computer, and then consider that Microsoft is (inexplicably?) getting into the Spyware game themselves, it's time to stop.

At this point I'm only supporting OS X and recommending anyone to get a Mac Mini when applicable. The world has moved on, the browser is the new platform, and it's time to stop supporting Microsoft if they continue to make the user experience miserable.

People might still complain a Mac Mini is expensive, but if you stop fixing Windows for them -- those Best Buy Geek Squad visits aren't cheap, either.

Claria = Gator = Spyware = Microsoft

[gadlaw (562280)]

I don't know why anyone would think otherwise. Everything that Microsoft puts on your computer wants to call back home and report on what you do and how you do it. Everything Claria trys to put on your computer wants to call back home and report your every action and keystroke. So running any 'Microsoft spyware' in the first place is like letting a burglar watch your home. What did you expect would eventually happen?

the price of desire

[handy_vandal (606174)]

A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria (See recent /. coverage), spyware researchers have noticed that the Windows antispyware application has downgraded Claria's Gator detections and changed the recommended action from 'quarantine' to 'ignore.'

A week after I start dating some totally hot babe, event though she's a nagging idiot, I've downgraded my idiot detections and changed my recommended action from "quarantine" to "ignore".

-kgj

Re:first post

[Storm (2856)]

Indeed. In fact, I have to constantly remind the Windows evangelists that the entire spyware and virus problem has created a cottage industry, and as long as Microsoft can make money off of it, they will choose never to solve it.

Re:Let the conspiracy theories fly!

[dustmite (667870)]

One has to wonder if companies such as Microsoft do things like this intentionally or, as the comment in the article indicated, simply miss some things in the wash?

Of course this was done intentionally. GAIN must be the most widespread and well-known spyware out there, do you think that a team of people working on one of the world's biggest anti-spyware programs accidentally thought it was not a threat and should be set to "ignore"? Or do you think someone "accidentally" modified the status in the database by clicking a few wrong buttons, and that quality control didn't check before a product release that their anti-spyware program happens to ignore the world's biggest spyware? There is just no way this happened by mistake.

Re:Take off the tin-foil hats...

[ramblin billy (856838)]

Yes, it's true that the usual reaction to MS stories tends to be kneejerk criticism often without much evidence of thought or rational balance. The baby gets the old heave ho along with the bath water more times than not. I usually urge a more reasonable approach based on the real contributions that MS has made to the IT industry and the fact that most major corporations behave the same way. I may not agree with MS's methods, but I try to keep an open mind, always aware of what MS has always represented. That said...NOT THIS TIME!

It's bad enough that the most pernicious and persistant tattle tale software on a MS box is probably the operating system. Take for example the index files in WIN98 that have never been explaned, the automatic updates in apps that can't be disabled, and services that reinstall themselves behind your back. I really do buy the 'least common denominator' explanation for a lot of these 'features', most users really don't understand their computers enough to maintain them, much less integrate new codecs, standards, and protocols. I do believe that making the default behaviors in many programs more update and security focused was a necessary step. MS often gets a bad rap for problems users could avoid by performing their recommended chores, especially installing patches. Bill Gates has recently touted a new focus on security, wanting to win back some customer trust. Whew, it was nice to see MS finally starting to turn in a new direction. Maybe I should have known better. The attitude expressed in this situation seems to be "Oh that's OK, it's just us, your friendly neighborhood MS. It was bad when those other guys did it, but you can trust us! By the way, could you enter your 16 digit authentication code and explain what that new unsupported by XP hardware is, since we really can't trust you?"

Microsoft could take the lead in creating really secure, customer oriented products. Maybe they would make a little less money if they gave up the drive to control every part of the industry. Would that kill them? IT is past the point where it needs one firm hand on the tiller to keep from sinking. Microsoft has the power and influence to change the face of software development. They could help make the world a better, freer place. Too bad the accountants have taken over from the dreamers.

billy - say it ain't so Bill...