The Legacy Sunbelt Software Blog

CNET writes about the subject of adware vendors trying to clean up their act. They mention WhenU. 

Even though we tend to be fairly grumpy and cynical about adware on this blog, we have noticed that WhenU has vastly improved their practices from a year ago, and hats off to Bill Day (formerly the CEO of About.com brought in to clean up WhenU).   We informally vote them as “most improved adware company in the last 12 months”.

If only some of the other adware vendors like Claria, 180 solutions and Direct Revenue were improving at the same rate.  (This doesn’t mean we are necessarily pointing out the practices of any specific adware vendor like Claria, 180 solutions and Direct Revenue , it’s just a general statement.)

And no, we are not removing WhenU from our database.  I just felt in the interest of fairness that we should point out that their improvements are a Good Thing for the consumer.  

Alex Eckelberry

Update on Hotbar. The company now has a law firm — Proskauer Rose, one of the top firms in the country.  Hotbar used to send their Cease and Desist letters all by themselves (our response to them here).  

So we just got a letter saying “stand by for more”. 

I guess we’re waiting for the other foot to drop.  Will be interesting to see what they say.

Alex Eckelberry

 

Check out Sunbelt’s new spyware research center. See the Top 10 spyware threats or learn more about specific types of adware and spyware.

Microsoft has officially announced why Claria was downgraded.

“…In January, Claria filed a request for Microsoft to reevaluate some of its products. Upon review of their software against our criteria, we determined that continued detection of Claria’s products was indeed appropriate. We also decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors. At the end of March, we communicated to Claria the result of our analysis through our standard process.

We take software analysis for Windows AntiSpyware (Beta) very seriously and handle all vendor requests in the same manner. All software is reviewed under the same objective criteria, detection policies, and analysis process. Absolutely no exceptions were made for Claria…”

As noted in another post earlier today, the issue does not stop at Claria (also see SpywareWarrior’s post on this today).

Alex

This is big.  A huge percentage of Claria’s distributions revolve around Kazaa.

Maybe Claria can now look to BitTorrent as a distribution medium.

Alex Eckelberry
(Thanks to techdirt)

While the news has been that Microsoft downgraded the Claria listing, we have reports now that there are a number of other items that have been downgraded to “Ignore” status, including certain WhenU adware programs, WebHancer and Ezula Toptext.  So the Claria downgrade is quite likely part of a bigger picture regarding Microsoft’s listing criteria for adware.

Image courtesy of Sunbelt Research
Click to enlarge

Image courtesy of Eric Howes
Click to enlarge

Image courtesy of Eric Howes
Click to enlarge

Alex Eckelberry

Follow-up from our earlier blogs on BitTorrent being used by Direct Revenue (here and here):

Top spyware researcher Dave Methvin has discovered another use of BitTorrent to spread adware.  The BT file (generally a pornographic video) includes 180Search Assistant from 180Solutions, Golden Retriever from ShopAtHomeSelect, and Internet Optimizer from Avenue Media. 

The adware files themselves are installed from servers under the control of 180 Solutions/CDT.

There is more in Dave’s article here.

VitalSecurity’s PaperGhost also did his own research on this as well, here.

Alex Eckelberry 

Bill Day at WhenU just plucked $15 mill from Trident Capital, rounding out his total funding to $35 mill. 

Alex

A bunch of Sunbelters are going to the Microsoft Worldwide Partner conference this week.  If you’re there, feel free to drop on by to hang out and get a t-shirt.

 

Hacked.  Register story here.  What the hack looked like here.

From beSpacific, the FTC has released the US SAFE WEB Act, a legislative recommendation for Congress.

It’s apparently focused on giving the FTC the power to go after cross-border spam, spyware and fraud.

A hypothetical case of how the Act might help the FTC in combating spyware here.

A summary of the Act here.

A spiffy marketing briefing here.

Draft of the Act itself here

And some more explanations here.

Alex Eckelberry

 

Everyone, according to this Security Focus article.

(Thanks to techdirt).

 

(Thanks Eric Howes at SpywareWarrior for the image)

UPDATE: While the news has been that Microsoft downgraded the Claria listing, we have reports now that there are a number of other items that have been downgraded to “Ignore” status, including certain WhenU adware programs, WebHancer and Ezula Toptext. So the Claria downgrade is quite likely part of a bigger picture regarding Microsoft’s listing criteria for adware. Click here.

A post on BroadBand reports by Eric Howes is reporting that a number of Claria programs are set to a default action of “Ignore” in Microsoft Antispyware.

What this means is that while Microsoft Antispyware will still find Claria adware, in most cases, it will have a recommended action of “Ignore” (versus “Quarantine” or “Remove”). I’m not talking cookies, I’m talking the actual adware programs.

As many know, we get antispyware database updates from Microsoft as part of a prior arrangement. So we did a brief check of our database updates from Microsoft, and found the change to “Ignore” occurred on March 31. (We continue to list Claria in our own database with a default action of “Quarantine” as we don’t bother to use the Microsoft threat treatments, only the actual threat data, such as MD5 hashes, file names, etc.)

Note that Hotbar is in their database but is set to “Quarantine”.

At any rate, does this mean that Claria will, in fact, be purchased by Microsoft? Not necessarily. It could mean, however, that the two companies are working together in some other capacity, or that Claria has successfully lobbied Microsoft to change the default action. Or, it’s a simple oversight.

Alex Eckelberry
President

From News.com: “A patch for the flaw is not available. As an interim measure, the software giant advises people to set their Internet and local intranet security zone settings to “high” before running ActiveX controls.

 

From BeSpacific, Deloitte just released their 2005 Global Security Survey on financial institutions.

 

 

Direct Revenue Appoints Andrew Reiskind Chief Privacy Officer.

Reisking previously worked for Weil, Gotshal & Manges and most recently he was with interactive marketing firm Modem Media.

He has his work cut out for him.  As Eric Howes notes:

Among the more onerous and objectionable practices currently associated with DR’s software are the fact that

* DR’s software is often illegally stealth-installed through security exploits

* DR’s software is often installed through ActiveX, drive-by-downloads that offer poor notice & disclosure

* DR’s software employs resuscitators to thwart the removal of its software

* DR’s software may arbitrarily remove other software from users’ PCs

* DR’s software provides no locally installed uninstaller (MyPCTuneUp doesn’t count as an uninstaller, even if an “Add/Remove Programs” entry points to it, because the MyPCTuneUp.com site is poorly disclosed to users, may not be accessible if a PC is severely infested with adware, and is reportedly unreliable in removing DR’s software.)

Alex Eckelberry
(thanks Eric)

This is sure starting to look like a hoax.

From Good Morning Silicon Valley, Silicon Beat reports that Magdalena Yesil, who is on the board of Claria (representing US Venture Partners) says that there is no deal. According to SiliconBeat:

“I sit on the board, and I would know if there was such an offer,” she told us, “and I haven’t heard of such an offer.” She said the company has a board meeting at 1:30pm today. About an alleged deal, she repeated: “That is significant enough that I would have known about it.” We’ll try McFadden again this afternoon.

(Also, see latest post here)

Alex Eckelberry

Dave Morgan makes an interesting post on Online Media Daily.

It’s pro the Grokster ruling (but he has an interesting viewpoint as to why). 

One example:

“File-sharing services have inflicted harm for money. While most of the attention file-sharing services have garnered focused on how they helped consumers bypass the out-dated business models of the recording industry, little attention has been paid to their involvement in the development and growth of the spyware and adware industries. For those that may not have been aware of this, a majority of the spyware and adware downloads that have occurred over the past several years were “bundled” with file-sharing software and with virtually no awareness on the part of the consumer. For this, the file-sharing services have received tens of millions of dollars. File-sharing services are not Don Quixotes, they have been making lots of money. As a result of their efforts, we have tens of millions of spyware applications infecting computers and dozens of bills in Congress and state houses trying to remedy the file-sharing caused spyware problem. Do you think that it’s a coincidence that the leading anti-spyware bill in Congress was sponsored by Sonny Bono’s widow? “

Alex Eckelberry

Rumor has it that Microsoft is in talks to buy Claria. (Also, Microsoft Watch tidbit here)

How many times in the dozens of acquisitions that Microsoft has made has there been any advance rumor? Answer? Never, at least to my knowledge.

I have been on the far outside periphery of two of their recent acquisitions, Sybari and Giant Company. The secrecy surrounding these acquisitions rivals the internal machinations of the NSA. So secretive, in fact, that they didn’t contact Giant’s closest partner (Sunbelt) prior to the acquisition of Giant Company (which we do understand).

One of our speculations is that the rumor is a trial balloon, done only to quell an internal debate at Microsoft. Maybe this one was leaked on purpose. There were internal battles in MS about the idea of buying Claria, and someone internally said “let’s leak this, and see what the audience reaction is”. In other words, are they just testing the waters?

Or, quite possibly, it’s pure fiction. I really can’t get my mind around why Microsoft would want to buy a company that makes software that generates pop-ups.

Alex Eckelberry

According to a recent survey by SurfControl, computer misuse by men causes a surge in spyware on office PCs. Read an article here and here.

The survey of 300 men and women showed that male workers consistently made more regular use of the online facilities and PC technologies that often act as the source of malicious threats.

SurfControl asked office workers how frequently they made use of programs most likely to be a threat.

While men are more than twice as likely to use USB ports and to run CD-Rom and DVD media daily, they are three times more likely to download free software everyday in the office.

Programs which could install spyware on office computers include:

–Personal instant messaging and web-based e-mail
–Downloading and swapping free video and music files
–Playing online games, recreational surfing
–Downloading free software
–Using removable media such as DVD, CD-Rom and USB flash drives