The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Given the fact that data protection measures in most places are sloppy at best, I question sharing this type of information in this manner:
Virginia’s public and private colleges and universities soon will be required to submit the names and Social Security numbers of tens of thousands of students they accept each year to state police for cross-checking against sexual offender registries.
Link here.
Alex Eckelberry
I don’t often write pieces lambasting Microsoft. I have close friends who work for the company (incidentally, some of the brightest people I know), my company is a Gold Partner and we’re also in business with Microsoft. And, I am one of those who believe that the computing world has actually been made a better place by Microsoft.
My beef is never with the people. My beef is with a number of strategic decisions that have been made by the company that should scare a lot of people. So please, to my friends at Microsoft, don’t take this personally. This stuff just needs to be said.
It’s bad enough that Microsoft is getting in to all aspects of security. But now they are going to kill their competition through predatory pricing.
What is predatory pricing? From Wikipedia:
Predatory pricing is the practice of a dominant firm selling a product at a loss in order to drive some or all competitors out of the market, or create a barrier to entry into the market for potential new competitors. The other firms must lower their prices in order to compete with the predatory pricer, which causes them to lose money, eventually driving them from the market. The predatory pricer then has fewer competitors or even a monopoly, allowing it to raise prices above what the market would otherwise bear.
We already know that Microsoft loses money on most of its business (it primarily makes money on the operating system). But now we see that Microsoft is endangering the entire security ecosystem with ruthless, Standard Oil-style pricing.
Start with OneCare: It is arguably a security suite, but just for the sake of simplicity, let’s just consider it an antivirus product. OneCare costs $49.95 for three PCs, an average of $16.65 per machine. (I’m going to ignore the fact that Amazon.com is blowing out OneCare at $19.95, or an average of $6.65 per machine—which is even worse — and Microsoft’s offer to its millions of OneCare beta testers all getting it for $19.95 as well.).
Let’s look at their price, versus the market leaders: Symantec and McAfee. Both of these companies have AV products that retail for $39.99. But they also have three-user offerings, at $69.99 (McAfee) and $89.99 (Symantec). Here’s what that looks like on a per-user basis:
| Norton Antivirus | VirusScan | |
| $30.00 | $23.33 | |
| OneCare price advantage ($16.66 per user) | -44% | -29% |
Incredibly, Microsoft has priced themselves almost 50% below the market leader, and no one has said a peep.
Now, let’s move to the enterprise side, specifically virus protection for Microsoft Exchange. Remember that enterprise sales are the bread and butter of companies like Symantec and Trend. This is where the money is made.
Examine the latest pricing for Microsoft Antigen, the old Sybari product re-branded under Microsoft’s new Foreforont line of security products. We see a per-user pricing for Antigen for Exchange of $.90 per month, per user, for a five-user shop.
The pricing in this case is obfuscated because Microsoft has gone away from the traditional industry model of charging a perpetual license fee and then annual maintenance. Instead, they charge a monthly price per seat. So you would need to multiply the number of months against an expected period of ownership (I’ve used two years for my examples) to do a comparison.
Let’s look at the prices of Antigen against three leading antivirus products for Exchange: Trend ScanMail for Microsoft Exchange, Symantec Mail Security for Exchange and McAfee GroupShield (these are the current market leaders in securing Exchange).
Here is how Antigen costs compared to the other security products, over a two-year period:
| Year 1 | Year 2 | Total | |
| Trend ScanMail for Microsoft Exchange | $33.0 | $13.2 | $46.2 |
| Symantec Mail Security for Exchange | $37.0 | $20.8 | $57.8 |
| McAfee GroupShield | $38.0 | $15.2 | $53.2 |
| Microsoft Antigen | $10.8 | $10.8 | $21.6 |
Or, looking at it another way:
| Trend | Symantec | McAfee | |
| Year 1 | $33.0 | $37.0 | $38.0 |
| Year 2 | $13.2 | $20.8 | $15.2 |
| Total | $46.2 | $57.8 | $53.2 |
| Antigen price advantage | -53% | -63% | -59% |
As we can see here, Microsoft has priced themselves over 60% less than Symantec, an astonishing difference in price. Microsoft has effectively low-balled the entire antivirus industry in one fell swoop. And their product includes five antivirus engines, not just one. This is even a price drop from Antigen’s former pricing (even several years ago, Antigen for Exchange prices started at $27.50 per user for the first year and then went down in volume).
But incredibly, it gets worse! Antigen for Gateways, which is designed to run off the Exchange box, is even less — a mere $.65 per user per month, or $15.60 over two years!
We don’t know what Microsoft plans to price Forefront Client Security, but one can assume from their pricing here, it’s going to be ruthless.
What should be disturbing about of this all is that we very well might see Microsoft owning a majority in the security space. Despite what their PR flacks tell us, they are hell-bent on getting your business. Look at the Forefront website for yourself. These people mean business. Maybe I’m jaded, as I’ve spent most of my career working for companies that got pummeled by Microsoft (Borland, Quarterdeck, etc.).
Stifling innovation? You bet. What venture capitalist will invest in the next great security idea or product? What entrepreneur will start a new company in the security space, given the risks of competing with Microsoft?
And it’s not just startups. For example, after Microsoft announced the acquisition of Giant Company, a senior executive at a major security company told me that they weren’t going to bother coming out with antispyware functionality, since Microsoft had already made that product free. While that company has since changed their mind, it was a chilling conversation.
It’s one thing that Microsoft has destroyed competition in browsers, languages, word processors, spreadsheets, presentation packages, and all the rest. In some cases, the competitors practically asked to be killed (for example, WordPerfect and Lotus both were laughably late in coming out with Windows support).
But it’s another thing to kill competition in the security space. Because the security landscape has changed. There is now a tremendous incentive to hack Windows, because there’s just so much money to be made by the bad guys. It’s free market economics — energy goes where there is a profit. So Vista will get hacked, there will be zero-day attacks, there will be evolving forms of viruses and malware. And Microsoft security products will be targeted. In a world where Microsoft has a hegemony on security, the implications may be far reaching, possibly to our own national security.
So what does the security industry need to do? Well, stopping Redmond in its march for world domination is for Microsoft’s own good. Destroying their own developer ecosystem is the worst possible thing they could do. After all, there’s always someone waiting in the wings to take over. I won’t suggest what I think should be done. But something does need to happen.
Alex Eckelberry
Usually we put our weekly TechTips section into one larger blog posting. However, with wireless fast becoming the easiest and most economical way to set up a home network, we figured we’d make this subject its own blog post. So here are some basic tips for securing your wireless router/access point and computers with wireless adapters:
Deb Shinder
Vista Corner
This is a new section we’ll be doing during the transition from XP to Vista. Each week we’ll tell you about a cool new Vista feature.
This week, I want to talk about the Aero Glass interface. It requires a supporting video card (my Radeon 600 series card works) but it gives your applications a very sophisticated look. You can adjust the transparency effect from completely opaque to completely transparent. The good thing is that, unlike some of the transparent window add-ons I tried for XP, and unlike the terminal window transparency feature in Mac OS X, only the window’s “frames” are transparent, so you can still read any text inside the window with no problems. To adjust the transparency effect, you right click the desktop and select Personalize, then click Visual Appearance. Here you can choose a preset color and transparency combination or adjust the transparency level using a slider bar.
What will you do without FrontPage?
As you may know, FrontPage is going away after FP 2003, and there there won’t be a FrontPage 2007 in the new Office. Microsoft will still support FP 2003, at least for now. And you’ll now have two different new Microsoft web design programs to choose from. SharePoint Designer 2007 is included with the Office 2007 public beta and as the name implies, it’s specifically made for creating web sites that run on SharePoint services. You can read more about it here.
For non-SharePoint sites, Expression Web Designer is part of the Expression family that also includes Express Graphic Designer and Expression Interactive Designer. Microsoft has released a Community Technology Preview that you can download and try out for free here.
You may lose settings after installing, repairing or upgrading
When you install, repair or upgrade Windows XP, you might lose some or all of your program settings and templates, as well as data stored in the All Users folder. That means you may find that you’re missing items from the Startup group, Start menu shortcuts, and files stored in the Shared Documents folder. This happens if you reinstall Windows in the same folder using the Upgrade option, use the “R” selection to repair Windows from the installation CD, or upgrade XP Home (OEM version) to XP Pro. To prevent this from happening to you, see KB article 312369.
How to set performance options in XP
You can use the System tool in Control Panel to change performance options and control how programs use memory, manually manage processor time allocation, and change visual effects to conserve resources so as to make XP perform faster. This can be especially helpful if you have a relatively slow processor and/or limited amount of RAM. Find out how by reading KB article 308417.
Search Companion starts when you double click a folder
If you have a problem where double clicking a folder or drive makes the Search Companion start and the the drive or folder doesn’t open, it may be because you’ve configured settings for other actions that are associated with drives or folders. To fix the problem, you can edit the Registry. For instructions on how to do so, see KB article 321186.
Deb Shinder
In this blog, we often take a look at how the Internet and related technologies have changed our world and how we live our lives. It’s been a long time since I had to endure the process of “pounding the pavement” to look for a job, but it’s a task many people face every day. Back in the olden days, finding a new job meant typing, retyping and re-retyping your résumé until it was perfect, mailing it out in response to ads and other leads, making lots of phone calls to your contacts within your field of expertise, and hitting the streets for interviews.
All of those activities are still part of the job hunting process, but today’s technology has wrought a number of significant changes. Whether you’ve just graduated with a shiny new degree, been laid off or fired, quit to pursue a more satisfying type of work or work environment, are making a mid-life career change or discovered retirement wasn’t all it’s cracked up to be and want to go back to work – whatever the reason you’re in the job market – modern technology can make job hunting both easier and more difficult than it was in the past.
For one thing, getting that résumé right (at least the formatting, if not the content) is simpler and less time consuming than it was before the advent of personal computers. Spell checkers help you avoid embarrassing mistakes, templates help you put it all together in a way that’s familiar and acceptable to employers, and you can even buy special software (some of it free or inexpensive, such as ResumeBuilder) that contain wizards to help you structure it in one of several different styles depending on your targeted employer. These programs can also publish your résumé to a web site, send it to a database of contacts, or even translate it into different languages.
Probably only our older readers will remember the suspense, hope and frustration of sitting by the phone, afraid of missing a call from a potential employer. Now most of us have cell phones so we can be reached wherever we go and voice mail for those occasions when we’re not immediately reachable. There’s no longer much danger of missing out on an opportunity because of a missed phone call.
Then there’s the process of finding those potential employers in the first place. Once upon a time, we were pretty much limited to classified newspaper ads and word-of-mouth from friends. If you were open to relocating, you might find job leads in a distant city by buying its paper or through professional trade journals/magazines. The Internet has changed all that. Web boards such as Monster.com and Craig’s List have job postings from all over the country and world that you can access easily. And because the cost of posting those ads is low or free, employers are more likely to advertise and the ads are more likely to be descriptive enough so you don’t waste so much time making calls only to find out you don’t fit the requirements.
The best way to get a job, though, is still through actually knowing someone at the company or in the industry. The Internet has made that easier, too – our circles of friends and acquaintances are no longer so limited to people in our own geographic areas. I have friends all over the globe who work in all sorts of different fields (especially my own, the tech industry). Many of them I’ve known and corresponded with for a decade or more; some of them I’ve also met in real life and some I haven’t. But I know many of them would be happy to help if I were looking for a job in their cities or with a company with which they were associated.
Of course, not all of the changes that technology has brought to job hunting work in the job hunter’s favor. Because everyone else has all this technology, too, there may be far more competition for a given position than there would have been before. And if you’re tempted to exaggerate your qualifications a bit, there’s a greater likelihood that you’ll be found out since computerized records and low cost global communications make it easier for employers to check out your references now.
Even if you don’t lie on your résumé, your past can still come back to haunt you electronically during your job search. Sophisticated Internet search techniques have made it possible for employers to go way beyond verifying where you went to school and whether you were really a vice president or just a janitor at the company you listed in your employment history. Many more companies now do fuller background checks using the Internet. A simple Google search on your name can turn up all sorts of interesting information that an employer might not think to ask about (or might even be prohibited by law from asking) in a job interview.
A couple of months ago (in the April 14 issue, to be exact), I did an editorial called “Online is Forever,” in which I talked about how some of the records of our online activities never go away. This promises to be even more of a problem for the generation that grew up with the Internet. I did my share of foolish things when I was young, but at least I didn’t do them on a public network where the whole world could see – and save copies with a simple right click.
This recent New York Times article that was reprinted in my local newspaper recounts how employers are looking up job candidates on social networking sites and other Web sources and dropping them like hot potatoes when they discover explicit photos, inappropriate comments and descriptions of drinking, drug use and sexual activities. Link here.
On the other hand, the right kind of online reputation can bring employers to you, even when you aren’t looking. Even though I’m happily self-employed, I’ve been contacted by recruiters from a number of companies (including big names like Microsoft) who want me to apply for their openings because they’ve seen my work and read about me on the Web.
Obviously, technology can work for you or against you in getting that dream job. What do you think? Overall, do the Internet and other high tech services and devices benefit job hunters or work to their detriment? If you’ve conducted a job search recently, did the ‘Net play a role? Have you ever lost (or gotten) a job because of your online reputation? Should employers be allowed to consider your “offtime” online activities in the hiring decision or is that an invasion of your privacy? If you’re in the position of hiring people, do you use the Internet to check out applicants?
Deb Shinder
A vulgar new worm has been found spreading that is taking advantage of the 2006 World Cup Soccer games. The worm arrives as an E-mail attachment with one of the following subjects and message bodys:
Subjects:
1. Soccer fans killed five teens
2. Crazy soccer fans
3. Please reply me Tomas
4. My tricks for you
5. Naked World Cup game set
6. My sister whores, shit i dont know
Message Bodies:
1. Soccer fans killed five teens, watch what they make on photos. Please report on this all who know.
2. Crazy soccer fans killed two teens, watch what they make on photos. Please report on this all who know.
3. I wait your photos from New York. I sent my pics where i naked for you. Please reply me. Linda Salivan
4. Nudists are organising their own tribute to the world cup, by staging their own nude soccer game, though it is not clear how the teams will tell each other apart. Good photos 😉
5. Emily Carr was an artist know for her prudery, but now the Portrait Gallery of Canada has aquired a nude self-portrait. View photos.
Upon execution, the worm copies itself to the following location:
%Sysdir%msctools.exe
Attempts to download additional malware:
http://couple{removed}.com/tumbs/dianaimg.exe
The worm also attempts to disable the following processes:
AVP32.EXE
AVPCC.EXE
AVPM.EXE
AVP.EXE
iamapp.exe
iamserv.exe
FRW.EXE
blackice.exe
blackd.exe
zonealarm.exe
vsmon.exe
VSHWIN32.EXE
VSECOMR.EXE
WEBSCANX.EXE
AVCONSOLE.EXE
VSSTAT.EXE
OUTPOST.EXE
REGEDIT.EXE
NETSTAT.EXE
TASKMGR.EXE
MSCONFIG.EXE
NAVAPW32.EXE
UPDATE.EXE
msctools.exe
The worm then uses a built-in mail engine to send copies of itself to addresses that have been harvested from the infected machine. The worm avoids sending itself to addresses containing the following strings:
temps
abuse
admin
webmaster
support
submit
service
sendmail
secur
samples
ripe
privacy
postmaster
panda
nothing
mydomai
mozilla
linux
kernel
inpris
icrosoft
ibm.com
google
example
contact
certific
borlan
berkeley
anyone
policy
apache
webmin
webmist
random
local
anonymous
addres
kaspersk
microsof
norton
symantec
virus
reply
report
Adam Thomas
Malware Research
We’ve known this for a long time, but now it’s statistically confirmed. At Tech Ed, Microsoft lavishes all kinds of food (much of it candy and junk) on the attendees. If you haven’t gone, it’s quite an experience — there is food everywhere. You could basically float through the show on a massive sugar high.
So, realizing that this show only had about 13,000 people attending it, here are the official food stats for TechEd:
But the health conscious where there in force. Salads and water were consumed:
Alex Eckelberry
(Thanks Scott, who got this off of Microsoft’s TechEd site for attendees)
John Zuccarini was the notorious cybersquatter who ultimately got prison time for cybersquatting children’s sites and redirecting them to porn..
Patrick and Adam have been researching some old Xupiter stuff and came across something curious. John Zuccarini had been an affiliate of Xupter, and Patrick rechecked Zuccarini’s old yes-yes-yes.com that was mixed up with Xupiter.
Well, yes-yes-yes.com now redirects to a new site, challengedavinci.com. It then links to lynxtrack.com and passes to usa-bibles.com.
ChallengeDavinci.com is a new site, registered under John Zuccarini! Who knows if it’s a real name or fake, but it certainly is intriguing. John might be out of prison now (he was sentenced in early 2004 for 2 1/2 years), he could be running the site from prison, or someone could have just used his name.
challengedavinci.com
RSP: domaindiscount24.com
URL: http://www.dd24.net
created-date: 2006-04-30
updated-date: 2006-04-30
registration-expiration-date: 2007-04-30
owner-contact: P-JRZ45
owner-organization: Coral Island Traders Ltd
owner-fname: John Zuccarini
owner-lname: Zuccarini
owner-street:
owner-country: GB
owner-phone: +442075539764
owner-fax: +44.8452264624
owner-email: raveclub@london.com
Of course, the “free bible” is, um, a dubious claim…
Alex Eckelberry
Windows Vista is coming and will be here sooner than some might think. By now everybody has probably seen the new graphical changes with the new Aero and Aero Glass user interfaces and heard all about the new User Account Control (UAC) security improvements designed to make the operating system more secure.
But what about the “under-the-hood” changes in the Vista kernel? There are lots of exciting changes being made in the areas of performance, scalability, reliability, and security.
I had the opportunity to attend TechEd this year in Boston and listened to Mark Russinovich and David Solomon present a talk on some of the new kernel features, such as:
The changes being made for Windows Server “Longhorn” will be a superset of the changes being made in Vista. Many of these changes will be merged back in to Vista with Vista Service Pack 1, which will probably be available sometime after “Longhorn” ships.
This is a summary of the session, to get the full details go to here.
Scott Dorman
The road to hell is paved with good intentions, etc., etc.
Mandatory Labeling Bill Threatens Free Speech on the Internet – New legislation allowing for the imprisonment of Web site operators who fail to label adult-oriented material — including sexual health information — would undermine First Amendment free speech protections and do nothing to protect children on the Internet. The Internet SAFETY Act (S. 3499) would require Web site operators who post adult-oriented material to place markers on every Web page containing such content. Violators would face prison terms up to 15 years. CDT believes the measure would have a profoundly damaging chilling effect, deterring bloggers, artists and even health advocates from posting legitimate information that could expose them to jail time. June 15, 2006
Link here.
Alex Eckelberry
Zango is now bundling a viewer called “Eyetide”. This is a bit perplexing, since in the past, Zango had relied on the DRM capabilities in Windows Media Player for viewing videos and the like. Now, they are installing this new viewer.
Nowhere is it disclaimed that this viewer is downloaded, btw. You simply get it by clicking on something like Jessica Simpson in the News.
The typical Zango install screen, and then BOINK here comes Eyetide:
When asked about Eyetide, a 180Solutions representative said that Eyetide was merely one of their partners.
Alex Eckelberry
Update: I just got this from a 180 spokesperson:
“…since Eyetide is a partner of ours, a collection of their screensavers is made available to the Zango network of users. The user must have the Eyetide Viewer component in order for the Eyetide application to work so it is included in the download. As you likely noticed in the “Jessica Simpson in the News” screensaver download, you not only had to accept the Zango UCI, but you also had to accept the Eyetide terms before the download would complete. Likely what led to your confusion is if you clicked on the “Jessica Simpson in the News” icon in the “What’s New” section of our homepage, you do not get the additional text that explains that it is a screensaver…this is a technical bug that we’re currently in the process of straightening out. If you go to this page http://www.zango.com/Destination/catalog/listing.aspx?tag=downloads.screensaver on our website and scroll down to the “Jessica Simpson in the News” download, you’ll see how it is supposed to expand to provide more info”
You know, the US Constitution is a drag to read. So why bother?
Prosecutors can use evidence seized by police during a home search even though officers violated the Constitution by failing to knock or announce their presence before entering, the U.S. Supreme Court ruled.
…Dissenting Justice Stephen Breyer said the ruling “destroys the strongest legal incentive to comply with the Constitution’s knock-and-announce requirement.” Justices John Paul Stevens, Ruth Bader Ginsburg and David Souter joined Breyer’s opinion.
Link here.
Alex Eckelberry
(Thanks Marc)
English-language users can get an updated version of the Sunbelt Kerio Personal Firewall, available here (those who use the translated version will get the same update in the near future).
This is version 4.3.246 and fixes are variety of issues and also fully migrates the licensing to Sunbelt servers, as opposed to Kerio’s.
Change list:
· Resolves a stability issue that would occur in some circumstances.
· Fixes to the documentation
· Several minor GUI fixes
· Corrected minor licensing errors
· Changed licensing from Kerio to Sunbelt
· Changed updates from Kerio to Sunbelt
· Updated the advertising block list
· Performance improvements when web filtering is enabled
Alex Eckelberry
As many of you know, iFramecash(dot)biz is down (as well as its related site, extrememoney(dot)biz). This is a nasty group that runs exploits through ads.
Well, they are actually running just fine, thank you — albeit at a different site, iframemoney(dot)biz. In fact, here’s the whole happy bunch:
| 81.95.146.85 | iframemoney biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xarwiroozc biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xcytxcxqrb biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xdnsupulub biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xepvdhdnzs biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xffsktxdul biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xgbgsfmdis biz | Charles | Manuel | admin@spyfix.biz | |
Of course, in typical style, their site is replete with the black car and funky techno music. After all, the life of a spyware scum must be glamorous, no? (Hey Boris, let’s pwn some machines and then hit teh disco yah!)
Alex Eckelberry
(Thanks to Sunbelt researcher Patrick Jordan and our friends at MAD)
We’re not the first to report this (Bleeping Computer has it already). However, it’s worth noting Trust Cleaner as another rogue antispyware app.
It even features a fake Google hijacked page…
All on the same IP address:
mswindowssearch. com — the location of the hijacked Google page.
trustcleaner. com and trustinbar. com — where you can get Trust Cleaner.And some more:
813aw0nr01jsxfj374ca. com
adelinatech. com
adsforsite. com
azebar. com
blablablablablablablablabla. com
fandl. net
finditanyway. com
globosoft. info
googlecaches. com
trustclicks. com
trustincash. com
trustincontextual. com
trustinpopups. com
trustinsearch. com
Alex Eckelberry
Earlier this week, I was at TechEd in Boston.
It’s a charming city as always, and the new convention center is really nice.
However, getting back and forth to the hotels was a mess. The city is a maze of little streets, and there is constant construction. It’s incredible — Boston has been in a perpetual state of construction since the beginning of time.
So Microsoft provides nice buses to go back and forth, but the traffic in Boston is something just short of hell. I forgot my business cards in my hotel on Monday morning and had to go all the way back, and it was a long ride.
And coming back Tuesday meant I avoided a strike. That’s right: The buses went on strike! Typical northeast nonsense. (Note: The actual effect was apparently fairly minor.)
Next year, Microsoft plans on holding TechEd in New Orleans, which is not my favorite idea (this is a city that soaked for a month in a toxic sludge fed by three superfund sites and is still barely back on its feet). Perhaps Microsoft is feeling charitable and is trying to help rebuild the city, but I’m not sanguine on being there.
Note to Microsoft: Great cities for tradeshows: Vegas. Orlando. New York. Tampa.
Alex Eckelberry
On July 11, 2006 and October 10, 2006, Microsoft will end all public assisted support for Service Pack1 (SP1) (see affected products). After this date, Microsoft will no longer provide any incident support options or security updates for this retired service pack under the policies defined by the Microsoft Support Lifecycle policy.
So please, if you’re not running SP2, upgrade. It’s absolutely insane and highly dangerous not to be running SP2. Link here.
Alex Eckelberry
We’ve been doing a fair amount of work on cleaning up our research center, and now there’s a nifty new thingie on the front page of our research center — live stats of spyware being removed from CounterSpy users’ systems.
It’s a general and approximate representation of a sample of our users but it’s interesting to play with (we did have a version floating around in the past but it was not broadly known about — except for one writer who mentioned it in his newsletter).
You can see the live stats here.
And here’s something curious — recently we saw a number of ancient pieces of adware on the top-10 list:
I’ll quote from an internal email from Eric Howes, Sunbelt’s director of malware research:
The culprit is the new rogue anti-spyware app, TitanShield AntiSpyware. Incredibly enough, this app loads a bunch of bogus spyware/adware, which is then proceeds to detect.
The bogus spyware/adware conists of both garbage dummy files named and located like the originals of the above threats as well as Registry keys that actually match the above threats.
CounterSpy is detecting both the Reg keys and, in some cases, the files (based on file name/path match) and reporting that the PCs are infected with those ancient spyware/adware programs, when in fact what’s really going on is that TitanShield loaded a bunch of bogus apps.
It’s hard to call these false positives, and the junk really should be removed. It’s just that the users’ PCs aren’t infested with the above apps but rather TitanShield AntiSpyware.
Pretty incredible, eh?
Alex Eckelberry
