|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
TOP STORY — info you need to make Windows work Adware makers threaten critics By Brian Livingston It's bad enough that adware, which can have negative effects on our PCs, has already infected an astonishing number of machines — 80% in one U.S. study. Now, on top of everything else, adware makers are pressuring anti-adware advocates to stop listing their programs as candidates for removal. In the newest development, iDownload.com has sent cease-and-desist letters to several anti-adware sites. Some of the Webmasters I've spoken with say they received the letters on Feb. 15 or 16. Sites that have confirmed to me that they've received the letters include Castle Cops, Spyware Warrior, Spyware Guide, and Sunbelt Software, the maker of the CounterSpy adware removal program. The letters, copies of which have been sent to me by some of the recipients, object to the descriptions of iSearch on these sites and demand that the references be removed. One iDownload letter, from attorney Mark D. Hopkins, a partner in the Austin, Texas, office of Savrick Schumann Johnson McGarr Kaminsky & Shirley, says in part:
At this point in our story, I'd like to stop for a moment. Let's be clear why I prefer to use the term "adware," not "spyware," for the class of products we're talking about. As I wrote in the Jan. 27 newsletter, adware doesn't need to "phone home" in order to slow down a PC, conflict with other software, or pose security risks. For this reason, I believe it's pointless to try to divide adware into subcategories, such as "malware" and "spyware." I define adware as: A secondary computer program (1) that is installed as a result of a person using a primary, sought-out program or Web site, or the Internet in general, and (2) that generates revenue or other benefits for the promoter of the secondary program. It's the "revenue or other benefits" part that causes problems for PC users. A secondary program — one that users didn't seek out — can only generate benefits for its promoter if the secondary program becomes installed. Such programs, therefore, have no financial incentive to tell users about potential downsides. These programs have a powerful financial incentive to disclose only possible benefits — or to not say anything at all before installing — in order to run on as many machines as possible. Such programs, therefore, can never be said to have gained fully informed consent from computer users. Please note that the above definition of adware doesn't cover a legitimate category of programs: "ad-supported software." This includes the free Opera browser, which displays ads within its window, or Google ads, which are also displayed within the primary window. Only when such ads become divorced from the primary program is there a breakdown of responsibility. This disconnect leads to a high potential for PC users' machines to be slowed down or exposed to other risks. If I thought "spyware" was a meaningful term, I'd use it regardless of any legal threats. But it's a vague and imprecise term, and I urge the computer industry to abandon it. |
 Windows Secrets Newsletter Issue 48 — 2005.02.24 • Top Story: Adware makers threaten critics • eWeek selects CounterSpy Enterprise • Index of Reviews • Google Search secrets • Finding what you need • Finding more information • What's behind the Internet curtain • Even saving pictures is dangerous with IE 6 • Hackers can turn your mouse against you • Peer-to-peer patching pain • Upgrade MSN 6.x or else! • Windows Media doesn't, oops, does need a patch • Firefox IDN bug and IE revisited • XP SP2 patches missed by PM software • Two coding errors is SP2 need patching • Kernel rootkits: a near-undetectable infection • MS warns of new-style rootkits • "Ghostbuster" may help uncover kernel infections • Wacky Web Week • Useful Links NEWSLETTER CONTROL PANEL • Windows Secrets home page • How to subscribe • Change your delivery address • Change your preferences • Access past free issues • Submit a Windows tip • Get subscription help CIRCULATION: over 145,000 |
|
Cease-and-desist as a software feature Having said that, I strongly defend the right of anyone to call a computer program "crapware" or any other term that may be the writer's own personal opinion. My own investigation of the situation reveals that some people who received letters from iDownload haven't written anything that could remotely be considered defamatory. Suzi Turner, the owner and Webmaster of Spyware Warrior, said in a telephone interview that one of her sites that received a cease-and-desist letter, NetRN.net, had never even written an article about the iSearch Toolbar before now. A search of her site that I conducted using the Google index confirmed this. Turner has periodically reprinted in her postings an updated listing of software programs identified by Ad-Aware, a well-known anti-adware utility from Lavasoft. Over several months, the words "iSearch Toolbar" were included a few times in these lists. But Turner herself had never even written as much as a complete sentence about the software. iDownload's CEO responds The iDownload.com site provided me with conflicting information about iSearch when I inquired. The company, which is based in New York City, doesn't publish a telephone number on its site. I submitted the following question, therefore, to iDownload's Live Help service: "Letters regarding the iSearch Toolbar?" This cryptic query was apparently enough to trigger a standard response. Within a few moments, a tech identified as Mark provided the following reply in the Live Help window:
Mark's statement obviously conflicted with attorney Hopkins' letters, in which he stated that iSearch was "iDownload's software product." So I sent an overnight letter to iDownload's headquarters, requesting a telephone interview. When iDownload's CEO, Arlo Gilbert, called me, I asked which companies had received a cease-and-desist letter from iDownload's attorney. "It would not be in our best interest to share that list," Gilbert said. He did assert that the letter was having the desired effect. "The majority of sites we've contacted have taken down or properly classified iSearch," Gilbert stated. When asked to name some of the sites that had complied, Gilbert answered, "I'm not going to share that information. It would be shooting a gift horse in the mouth." Gilbert added, "The people who are profiting off this information and have not reclassified the information will be sued." When asked for the names of some companies that iDownload has filed suits against, Gilbert said, "We're not going to reveal it," but added that the suits were a matter of public record that could be looked up. Two telephone messages seeking the names of the companies being sued were left with Mark Hopkins' office, including one left with an assistant. These calls were not returned within two days' time. Expert opinions on iSearch The iSearch Toolbar has received a lot of interest from experts on adware, who have a lot to say about it and iDownload. Eric Howes, a noted anti-adware program tester (see the Jan. 27 newsletter), has written extensively about iDownload in the DSLReports forum. In a Feb. 21 posting, Howes says iDownload last year distributed an add-in program known as the HotSearchBar. This program displayed a dialog box, according to Howes, that represented itself as "Required: Media Player Version 9 Browser Update." A screen shot of this dialog box, provided by Howes, is shown below:  According to Howes, clicking Yes did not install a Media Player upgrade but instead loaded HotSearchBar. Many PC users would be likely to click Yes when presented with such a dialog box, because media files often require updated codecs or Media Player versions. The fact that the signature of the program was "verified" by Thawte, a certificate authority, provided additional assurance to users. Regarding the iSearch Toolbar specifically, Howes points to an analysis by Andrew Clover at his Doxdesk.com anti-adware site. Clover states in that analysis that iSearch is a variant of Pugi, which he calls "a family of customised toolbars/browser hijackers." He adds, "Pugi/iSearch is installed by ActiveX drive-by-downloads triggered by Windows Media DRM licensing... and also through exploitation of IE security holes." Additionally, Symantec's Security Response database lists the iSearch Toolbar. It says of iSearch, "It is a search hijacker and also tracks user activity on a remote server at isearch.com." Finally, PC users should take note of the End User License Agreement posted by iSearch at Toolbar.iSearch.com/terms.html. In addition to agreeing to numerous other conditions merely by installing iSearch, you agree that the program may "without any further prior notice to you... install software from iSearch affiliates; and install Third Party Software." When you install adware, you never know what you're really going to get. Anti-adware apps reverse course on WhenU This one cease-and-desist outbreak might not be so important if it weren't for the fact that a few anti-adware programs mysteriously removed some other adware programs from their detection lists recently. Ad-Aware and Pest Patrol, an anti-adware program from Computer Associates, raised security experts' hackles this month when the two utilities quietly delisted WhenU software. WhenU distributes, among other things, Save.exe, which PC PitStop and other rating systems report to be adware. Eric Howes reports that WhenU was inexplicably missing from Ad-Aware's Feb. 5 update file. According to Howes, Pest Patrol also stopped identifying WhenU around the same time. Both companies, furthermore, stopped listing WhenU in their online databases of adware. As if this didn't anger security experts enough, the two anti-adware companies said nothing about the changes in their regular user notifications of additions and deletions to their databases. Howes says users received no notice of the shifts, causing all sorts of suspicions to fly. In a statement on a Lavasoft forum, employee Chris Fry confirmed on Feb. 15, "WhenU was indeed removed from our database by research in the last definition file. This was due to WhenU not scoring more than 2 TAC points at the time. In case it turns out that the removal was incorrect, WhenU will naturally be reintroduced to the database." "TAC points" are behaviors listed in Lavasoft's so-called Threat Assessment Chart. The company considers a program that exhibits three or more of these behaviors to be a risk to PC users and eligible to be removed by Ad-Aware. Surprisingly, an adware program can both display ads as its primary function (gaining one TAC point) and have no apparent way to uninstall it (another point) and still fall below Ad-Aware's three-point threshold. In my opinion, any one "TAC point" should be enough to empower a PC user to remove such a program. The uproar among Ad-Aware users over the change grew so furious that Lavasoft has been forced to post a separate uninstaller for WhenU. Michael Wood, a Lavasoft forum administrator, has also announced that the company is going to re-evaluate its entire threat-assessment scoring system. For its part, PestPatrol restored seven variants of WhenU software, including Save.exe, to its detection database on Feb. 17, according to the company's New and Improved Detections page. (This page may soon be updated, making the listing for update 05021721 inaccessible, when the next Pest Patrol update comes out.) All this activity is enough to make your head spin. What's obvious is that there's big money at stake now for companies who think it's fine to install software on users' PCs to display ads. The anti-adware battles are only beginning. To send us more information about adware, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print. ^ THE SECURITY BASELINE — the minimum you need for safe computing eWeek selects CounterSpy Enterprise Every PC needs a complete set of the six building blocks shown below for protection against hacker attacks. In this section, which appears in every issue, we summarize the top ratings from trusted reviewers. eWeek Magazine reviewed in its Feb. 14 issue several programs that offer centralized anti-adware management for medium to large businesses. Sunbelt Software's CounterSpy Enterprise was the winner, with eWeek describing it as "the best mix of management, reporting and cleaning capabilities we've seen." The magazine said CounterSpy Enterprise caught a few more unwanted traces than Webroot Spy Sweeper Enterprise 2.0, which was a close second. We've added CounterSpy Enterprise to the Security Baseline as a business candidate, while continuing to recognize Microsoft AntiSpyware and Webroot Spy Sweeper as the winners of previous tests focused on individual PC users.
FORWARDING INSTRUCTIONS — news gains value when it's shared Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/050224. |
|
INDEX OF REVIEWS — our directory of
product shootouts
The Index of Reviews In this section, we link to respected expert reviews of the best Windows-compatible hardware products available today. Only head-to-head ratings of competing products — not individual reviews of single products — are indexed here. The links below lead to information from U.S. sources. For information from sources in other countries, enter the name of a reviewed product into a search box at one of the following links: Canada / U.K. / Elsewhere
|
|
HERE'S A TIP — you'll get a better newsletter if you choose the paid version You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are:
Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for them at least once every calendar quarter. To upgrade, simply make a contribution of any amount that you choose If you do this by March 9, 2005, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. ^ |
|
ELECTRONIC BOOKSHELF — new e-books from the editors
WACKY WEB WEEK — playing for you the Internet's greatest bits
USEFUL LINKS — more stuff that's good to know Prefetch search results with Browster Browster 1.0 downloads pages that are linked to in Google, Yahoo, and a few other popular sites. You can also use Browster manually on any link. It might save you a lot of time. (By Brian Livingston, Datamation) More info A preview of Internet Explorer 7 Bill Gates publicly revealed during his RSA Conference 2005 keynote address that his company would ship IE 7 before Longhorn. My first IE 7 preview focuses on separating fact from speculation. (By Paul Thurrott, SuperSite for Windows) More info Now see your data in a tableau Forget about using Microsoft Excel to try to analyze your corporate data. By the end of March, a new product will be announced called Tableau 1.0. I guarantee it'll change the way you look at your company's cash flows. (By Brian Livingston, Datamation) More info ^ ABOUT YOUR SUBSCRIPTION — we're here to serve you The Windows Secrets Newsletter (formerly Woody's Windows Watch and Brian's Buzz on Windows) is published twice a month, except for breaks in July and December. The newsletter is published on the first and third Thursdays after Patch Tuesday (the 2nd Tuesday of each month, when Microsoft generally releases new Windows patches). Publisher: The newsletter publisher is WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston is the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books. Associate Editor: Paul Thurrott is the author of Windows XP Home Networking and Great Digital Media with Windows XP and the author or coauthor of several other books. Contributing Editors: Susan Bradley, Chris Mosby. Research Director: Vickie Stevens. Program Director: Ian Maddox. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Briefing Session, Windows Patch Watch, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/signup. Our Ironclad Privacy Guarantee: (1) We will never sell, rent, or give away your address to any outside party, ever; (2) We will never send you any unrequested e-mail, besides newsletter updates; and (3) All unsubscribe requests are always honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter, Copyright © 2005 by WindowsSecrets.com LLC. All rights reserved. ^ |
