How Not To Succeed In The Anti-Spyware/ Anti-Adware Biz

Confused, Corrupt, Coopted, Co-Counseled, Cowardly or What?

Published on February 23, 2005 By kingbee In Current Events

dunno how many of you are aware of the controversy over lavasoft's adaware suddenly developing a mysterious inability to detect the presence of whenu scumware. mysterious not in the sense of being unexplained--it's clearly a consequence of lavasoft having decided to remove whenu from the database prior to issuing its most recent definition file on 2/5/2005--but more like that decision being seemingly unexplainable by lavasoft.

as nearly as i can determine, this has been going on for over a week now when a security consultant/researcher installed bearshare (a filesharing app piggbybacked with whenu) and then noticed adaware didn't report the presence of whenu as it had in the past. he checked into it a lil more before discovering the reason (no whenu information in the newest definition file).

he reported the anomaly in the forums at www.dslreports.com and brought it to lavasoft's attention at their forum. his report was picked up by spyware warrior http://netrn.net/spywareblog/archives/2005/02/13/dont-drink-the-whenu-kool-aid/ before it was seemingly deleted by lavasoft.

someone at dslreports (username: filtered 29 pages of comments into a fairly concise chronology/summary--some of which i'll quote for yall so you get the flavor and highlights (you can find the entire thing near the bottom of the page here: Link):

. Eric "The Hammer" Howes notices AdAware fails to detect WhenU, and Lavasoft had made no disclosure to that effect.

2. Lavasoft says nothing.

3. People speculate wildly.

4. Lavasoft says nothing. They delete Eric's inquiry.

5. People speculate even more wildly.

6. Lavasoft "consolidates" Eric's thread.

7. Lavasoft says nothing about WhenU.

8. More spyware omissions are noticed. Lavasoft says nothing.

9. Lavasoft says "WhenU was indeed removed from our database by research in the last definition file. This was due to WhenU not scoring more than 2 TAC points at the time. In case it turns out that the removal was incorrect, WhenU will naturally be reintroduced to the database."

10. People speculate wildly, and remove Ad-Aware.

11. Lavasoft says "WhenU was indeed removed from the database by research in the last definition file. This however was due to WhenU not scoring more than 2 TAC points at the time, 3 points being the minimum score to be included in the database. More information on the Threat Assessment Chart can be found at »www.lavasoftnews.com/ms/tac_main.htm
The TAC report will be reviewed in more detail by our R&D department and in case it turns out that the removal was incorrect, WhenU will naturally be reintroduced to the database."

12. People... blah blah blah.

13. Lavasoft says "We established our Threat Assessment Chart Inclusion procedure long before it was publicly posted and stand by its relevance of being based on behavior and intent rather than nebulous definitions or on suspicions.

Yes, we have removed WhenU (currently) and Myway (Previously) because they failed to meet our inclusion procedure threshold of 3 points or higher. You are fools for questioning our authority." Except that last line, though it does convey the gist of the longer post.

14. Microsoft (Giant AntiSpyware) and Kolla (Spybot Search and Destroy) start to look very tasty to a lot of people.

as you'll see if you start at the beginning of the thread (here: Link ) this is no simple tale. in fact, it's so convoluted and complex, it would make an excellent work of browser hijacking suspense fiction--if it wasnt so sadly true. b shows himself to be a master of understatement by characterizing the public response as wild speculation.

what began as merely wild speculation quickly rocketed off into the zone, powered by subsequent discoveries that pest patrol which once easily 'found' whenu no longer seemed able to do so. even stranger, aluria (which used to be partnered with whenu) WAS able to locate its old buddy.

as the ripples spread outward, there were bitter denunciations (lavasoft has switched sides) and earnest apologetics (lavasoft is being forced--legally, as in a libel action--to accomodate whenu). some sorta legal extortion may prove to be the case btw. apparently idownload is actively attempting to suppress its critics; in fact this whole thing may turn into a horrible mess of a big issue if just one scumware maker sues and prevails.

at the moment (once again, thanks to b for obviating any need on my part to read thru all that stuff twice), it appears as if lavasoft has developed what it considers an acceptable strategy to placate angry users.

20. Lavasoft keeps spewing: "In response to recent public discussions about the removal of certain programs from the AD-AWARE definition files, Lavasoft has developed a new policy, whereby a stand-alone uninstaller will be made available for individual programs removed from detection, and will remain available until Lavasoft completes a post-removal monitoring and reevaluation process."

21. We take this time to note that Lavasoft has at this point YET to really explain why WhenU was removed, or to simply apologize for removing WhenU, or simply apologize or for failing to divulge that removal.

22. We further note that they have RENEGED on their promise that they were "working on a new definition file, that will will include WhenU." That, or they lied.

So what we're left with at this point is a product that is no longer likely to remove ANY specific piece of spyware, because ANY spyware company with even a paper thin EULA and a lawyer with a typewriter will have Lavasoft blessing their output. Oh, and providing an "uninstaller".

It should go without saying that the "uninstaller" scheme is ludicrous. "Here, buy this pill to cure your ailment. What's that? You want it to WORK? Oh, then swallow this one too, and this, and this just in case..."

The EULA argument is stupid and, ultimately, pointless. (I think just about all spyware has had EULAs for YEARS now.) Properly written spyware-dependent applications will simply STOP FUNCTIONING once an antispyware program neuters the malware. The EULA doesn't effectively get broken because the user is immediately DENIED use of the spyware-dependent application!

Last point on the Lavasoft forum admins, who have taken the brunt of the heat due to Lavasoft's cowardice and irresponsibility to their customers. I'm not quite clear on how much they are responsible and how much they're not. Poor Corrine seems quite blameless, but this Jerry Skinner fellow seems to be the public mouthpiece for the frightened, cowardly management team at Lavasoft. He appears to be drinking the KoolAid, if not part of the management team himself. In any case, it's a very strange turn of events, and more labyrinthine than I expected.

does adaware have any chance of restoring its previously good name or neutralizing the mistrust it so foolishly brought upon itself? i doubt it...but time will tell.

as far as time...and timing go...it seems microsoft's new anti-spyware technology sure came online at an amazingly fortuitous moment no? (not that gates & crew have anything approaching a spotless record with this kinda thing...remember problems with windows media player?)

and they say ya cant buy luck.

(which may also be taken as grim irony by those of you who've purchased anti-spyware/adware software...never considering the possibility the developer might be sleeping with the enemy.)

Comments

Danny Bassette

on Feb 23, 2005

I have been waiting to hear something like this since spyware removing software came out. So now people will run multiple removers to make sure they cover each others holes. How long until the spyware hunters start reporting each other as spyware?

kingbee

on Feb 23, 2005

How long until the spyware hunters start reporting each other as spyware?

i really shoulda been more emphatic about reading thru the entire thread. check it out Link within the first 10 pages, youll find a couple instances of exactly the scenario youre suggesting

Gene Nash

on Feb 23, 2005

So now people will run multiple removers to make sure they cover each others holes. How long until the spyware hunters start reporting each other as spyware?

As I said in response to Brad's article about Alexa, these companies have a financial interest not only in making the spyware threat seem as big as they can, but also in proclaiming as many programs as they can get away with as being spyware.

Not surprisingly, LavaSoft was the company I blasted in that thread for listing Alexa as spyware with an undeserved 3 TAC points while by my count, based on their criteria, Google deserves a full 5 TAC points but isn't mentioned at all. My conclusion was, "I find LavaSoft's rankings and advice laughable."

That entire cottage industry is a joke.

dabe

on Feb 23, 2005

Holy shit! I had no idea, as I have always trusted Ad-aware to be one of the best. As a matter of fact, now that I have my new computer, I was going to send them money and register a copy, just because I felt they deserved it. Now I'm wondering, and glad I didn't send them the money yet.

I use Spybot S&D, also, but where do we go from here? This pisses me off.

kingbee

on Feb 23, 2005

That entire cottage industry is a joke.

hmmmm would microsoft give away a free product solely outta a need to dominate a cottage industry market. the joke gets exponentially funnier.

apparently lavasoft has done something similar in the past (removed scumware from its definition file without any notification, thus opening themselves to the same kinda distrust, been caught and resorted to stonewalling the issue). as a guy i worked with once hipped me to the fact (after hearing me ranting about the idiocy of a third person i knew who'd managed to get himself busted in a 'john sting' while on duty and driving a company vehicle)that i didn't need associates so stupid as to be a danger to everyone around them.

that goes double for software.

kingbee

on Feb 23, 2005

Now I'm wondering, and glad I didn't send them the money yet.

if you're able to use hijackthis (it does require a lil knowledge), send its author the money...even tho it's free.

(you may wanna read thru the entire thread at dslreports--using a lil bit of discretion because im not gonna vouch for every claim made there--cuz a number of spyware/adware cleaners were discussed. i dont recall if spybot s&d was one or--if it was--what was said about it at the moment)

kingbee

on Feb 23, 2005

hmmmm would microsoft give away a free product solely outta a need to dominate a cottage industry market. the joke gets exponentially funnier

dammit, i cant seem to edit these two sentences. i meant to insert a ? after the first one, followed by: *hooting loud enuff to attack spotted owl hunters*

pmgrady

on Feb 23, 2005

Never fully trusted lavasoft, and that is why I still have spybot, hijack this and spyware doctor (rarely use last one)

Gene Nash

on Feb 24, 2005

hmmmm would microsoft give away a free product solely outta a need to dominate a cottage industry market.

Listen, I think Britney Spears is ugly, but if I could make a name for myself by marrying her....

[quick edit... it originally said "by humping her".]

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!