Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Discussion Starter · #1 ·
In my endless search for malware related issues and keeping up on the latest developments of the security industry I came across several blogs blogging about the latest news from the Anti-Spyware Coalition. At present they are trying to come up with a definition of what spyware really is.

http://www.antispywarecoalition.org/documents/definitions.htm

Now....those of us that remember the organization "COAST" know that when you have members that are somewhat sympathetic to adware/spyware vendors it calls into question that organizations resulting conclusions. I was surprised to find which companies belong to this Anti-Spyware Coalition that we are supposed to trust to defend us against these bad guys. Here they are....

Aluria
AOL
Blue Coat Systems
Canadian Coalition Against Unsolicited Commercial Email
Canadian Internet Policy and Public Interest Clinic
Center for Democracy & Technology
Computer Associates
CyberSecurity Industry Alliance
Dell, Inc.
EarthLink
F-Secure Corporation
HP
ICSA Labs
LANDesk
Lavasoft
McAfee Inc.
Microsoft
National Center for Victims of Crime
Panda Software
PC Tools
Safer-Networking Ltd.
Samuelson Law, Technology & Public Policy Clinic at Boalt Hall, UC Berkeley School of Law
Sophos
Symantec
Tenebril
Trend Micro
Webroot Software
Websense
Yahoo! Inc.


Now....I highlighted several in RED for a reason as I want to see if your understanding match’s mine. According to the Anti-Spyware Coalitions own definitions...several of these company’s already fall into the a "Browser Hijacking" category.

  • Hijackers
  • System Modifying Software
  • Used to modify system and change user experience: e.g. home page, search page, default media player, or lower level system functions. Without appropriate consent, system modification is hijacking.

On to the "Goodies".....

Aluria

Was one of the first to DELIST WhenU from their detection database. Why? Because Aluria (a Spyware detection program) went into partnership with WhenU (a known adware company)

AOL

Makers of that great AOL/AIM toolbar that doesn't even comply with their own privacy statements. Makers of AIM IM that installs Viewpoint without any consent from the user.

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Dell

Installs a "Browser Hijacker" Myway/Mysearch on all new Dell PC's
http://www.doxdesk.com/parasite/MySearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll



EarthLink

Installs a "Browser Hijacker" along with so much junk it's unreal...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mo...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe


HP

Installs "Browser Hijacker" on their PC's

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop


Microsoft

Delists several adware/spyware products from their MS Antispyware utility and sets them to "Ignore". Basically telling you they are OK to keep.

Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer

Yahoo! Inc

Installs a "Browser Hijacker" when user installs SBC for internet access. Several ISP providers (BT, LongPond and others) also install this same hijacker.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btyahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll




Now I ask you....are these the kind of companys you want to rely on to set the standards for what adware/spyware definitions should be?
 

·
Registered
Joined
·
6,574 Posts
Not to mention the connection between Vundo and Dell/Myway.

MB. You should really voice these concerns (in writing if you wish) at one of these summits. They should all be notified, especially those listed above... to leave our pcs alone!!!! :mad:

In my opinion Dave, since a few in the list fall under our definition of adware,spyware/undesirable programs, maybe this is why they are trying to define the term 'spyware'? You know - butter up the concept so that they are not considered to be such venders????
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Ugh.....here we go again.

I've been leaving some of those alone. Armed with this info, shall I kill them all?

:4-gun: :4-guns:
 

·
Registered
Joined
·
6,574 Posts
No Bob.

Just stick to our normal removals. As discussed with MB, removing some of the others can result in that particular service not working correctly - which in some cases includes their connection or functionality of the internet. (i.e AOL, Earthlink, Net Zero etc etc..)
 

·
Bearded Tech Monkey
Joined
·
1,058 Posts
I think we will find the purpose of "defining" spyware is ultimately going to be geared toward future legislation. We are seeing more & more cases of malware abuse brought to the courts who all seem to be dealing with them in different ways. I think heavier & specific legislation of malware is in the near future. Companies like these know that when it comes to legality, it's all in the definitions. An organization with members like these is likely to infuence the way lawmakers & courts define spyware, and therefore may be able to make themselves loopholes before the ink even dries.

I think any 'definitions' this organization puts forth should be reviewed closely, and if found to leave holes, denounced very loudly!
 

·
Registered
Joined
·
6,574 Posts
I say they actually ask the experts who deal with spyware daily to define malware. Those considered or are known to be malware/adware/spyware should have no say in the matter.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Discussion Starter · #7 ·
For the most part..they are Rich. Whats an unknown factor..is those companys I listed true stance on adware/spware. I mean if Microsoft (one of the biggest companys with an army of lawyers) caves to those adware/spyware makers how can you lend anything to their opinion on the subject?
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top