Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON | reply to eburger68
Re: Pest Patrol: Claria Temporarily Removed
»CA Reloads, Goes Gator Huntin' |
|
TeMerc
join:2004-01-22
Phoenix, AZ
| reply to eburger68
Here is some info from CA\PP:
PestPatrol, which is marketed by Computer Associates International Inc., uses a strict, 21-point Spyware Scorecard to determine whether to flag a piece of software as a privacy or security threat.
"We use a behavior-based list of criteria, and we make that list public. If your software meets any of the criteria, you're classified as spyware in our database," said Tori Case, director of security management at eTrust PestPatrol.
That approach, Case argued, sets up a structure for a legitimate adware vendor with good intentions to "clean up their act" in an open, transparent way.
In stark contrast to the PestPatrol approach, anti-spyware players such as Webroot Software Inc., Sunbelt Software and newcomer Microsoft Corp. deliberately avoid limiting or restricting the definition criteria.
"The adware vendors want you to use strict definitions so they can play games and work around those lists. That's why PestPatrol is having problems with delisting and relisting," said Eric Howes, an anti-spyware advocate who provides consulting services for Sunbelt. "The minute you set up these definition lists, you are setting yourself up for cat-and-mouse games."
"A better approach is to define a set of objectionable practices. Many people want to focus on the quality and functionality of the software, but that doesn't work because there's a lot of deceptive intent [from adware vendors]," Howes said in an interview with eWEEK.com.
"You have to focus on the business practices and outline a list of objectionable behavior. Yes, it can be subjective, but that's the only way it works in the interest of the consumer," Howes said.
Next page:
PestPatrol's Tori Case defended the company's use of a rigid definition formula, which is revisited and updated to accommodate new threats.
"We revisit the scorecard every 90 days to make modifications to reflect the changing nature of the spyware market. That's how we address the issues of a company playing games. It's a rapidly evolving world out there, and we have systems in place to deal with it," Case said.
She said the vast majority of vendor appeals do not result in big changes to the PestPatrol product, and even when detections are removed, old versions of the adware program are still detected and deleted.
"We're very committed to the approach we've taken with the scorecard. That's not going to change anytime in the future," Case added.
PestPatrol's Case said she agrees. "Hindsight is 20-20 for all of us. Some big mistakes were made in COAST that we can all learn from. Although there is a place for certification [of adware applications], it should not be within an anti-spyware group. We need to build a wall to avoid those conflict-of-interest issues."
Full read:
»www.eweek.com/article2/0,1759,1781753,00.asp
--
Remember............You can NEVER be OVERPROTECTED!!»temerc.com/ |
|
Martinus
Premium
join:2001-08-06
EU
| reply to eburger68
I think Nancymca  has a point. Why not let end users choose whether they want to block or not an app which has had a suspect track?
--
From the GSV "Ethics Gradient" |
|
Nancymca
Security Goddess, retired.
Premium
join:2001-09-30
Voorheesville, NY
 ·Verizon Online DSL
| reply to mers2
It's also an issue of how creative they are willing to be (or *not*, so far....). We had a similar problem several years back when the author of Netbus sold it to a company that wanted to market it as a remote networking tool. We compromised with their wishes (legit) and the reality of the millions of copies out in the wild. There still is an option in BOClean to "NOT detect the Netbus trojan". Check the configuration screen on your BOClean, or the website:
»www.nsclean.com/supboc.html
So, I see no reason why any anti-trojan/spyware/malware company sees fit to not cover known malware, especially when compromises such as we made cover the users who wish to use such as tools. In 4 years of covering spyware we haven't deleted one of them from the database.
--
Anticookie software invented here.
Antitrojan software perfected here.
www.nsclean.com |
|
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to R2
said by R2 :What should a company do that previously made a "malware" or "spyware" ridden piece of software, but now wants to come clean? It is enough to simply clean up their act and then petition the AS vendors to remove them from their lists? I would have to say that that is BS -- complete and total. If you previously made a "bad" program and you now want to change your image, you need to change the program as well. That means changing the file names, changing the registered Class ID numbers, changing all the registry entries. You can keep the name similar -- "Gator2" for example -- but you are going to have to change the name if you want to change your image. Absolutely. Changing how a program is installed (possibly without consent), or what it does, doesn't automatically eliminate all the copies that are already out there. If you pull the definitions from spyware/adware scanners, or no longer remove it manually because it is no longer deemed "bad", that potentially leaves an installed base out there from when it was considered malware.
--
TheJoker |
|
fatdcuk
Premium
join:2005-02-20
England
| reply to twig49
 no don't remove ad aware,its still one of the better software's about even thou lavasoft have been caught humping the hound recently as well but there's no reason to remove their software.
are you only using the one anti-spyware software ?
if you are,i suggest reading the following article
»windowssecrets.com/050127/#story1
HTH:)
back on topic,totally agreed with R2,someone need's to spell this out in plain english to the bot killer vendor's;) |
|
twig49
join:2004-10-28
Plainview, TX | reply to eburger68
Wait a sec... Has Ad-Aware fallen to this as well? Should I remove it? If so, what do you guys recommend as an alternative? |
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
·Verizon Online DSL
|  reply to R2
said by R2 : If you previously made a "bad" program and you now want to change your image, you need to change the program as well. That means changing the file names, changing the registered Class ID numbers, changing all the registry entries. You can keep the name similar -- "Gator2" for example -- but you are going to have to change the name if you want to change your image. I agree 100%! The malware companies fouled their own nests... wrecked the reputation of their named software by the nasty behavior they designed in. If these outfits get a sudden burst of integrity, great! But the burden is, and should remain, totally on THEM to make the necessary name changes - exactly as R2 writes. The anti-malware houses should only have an obligation to test the "new", renamed versions to see if they really are cleaned up... but they should keep on removing the old garbage. The malware outfits need to understand that it's all really part of a process called "natural consequences" or "assuming responsibility for what you've done".
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs:
| reply to eburger68
Hmmm... Interesting.
What should a company do that previously made a "malware" or "spyware" ridden piece of software, but now wants to come clean? It is enough to simply clean up their act and then petition the AS vendors to remove them from their lists?
I would have to say that that is BS -- complete and total. If you previously made a "bad" program and you now want to change your image, you need to change the program as well. That means changing the file names, changing the registered Class ID numbers, changing all the registry entries. You can keep the name similar -- "Gator2" for example -- but you are going to have to change the name if you want to change your image.
Therefore, if the company was serious about revamping itself, the "clean" program would NOT be detected by AS programs -- because those programs rely on finding specific files or specific registry entries. If the company did not bother to modify these aspects of the program, then the company is NOT serious!
They realize that even if the NEW, improved version is clean, the older versions still exist in the wild. And these older programs still have malware on them.
There should NEVER be a program that is known to contain spyware to be REMOVED from a definition list. If the company is serious about cleaning themselves up they would have NO problem modifying file names and Class ID number.
There should be no reason for Pest Patrol -- or any other vendor -- to change their mind about a program that is know to be bad. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI | reply to BSofDeath
As a hobbyist, I'll always appreciate the Pro's view.  |
|
BSofDeath
join:2004-08-27
Canada
| reply to eburger68
You're right, there. That'd be ideal. But with there being hundreds of spyware programs trying to infect machines, and more and more people getting computers (what, with prices falling in both hardware and broadband), there aren't enough techies around to do everything manually. We HAVE to depend on automated scanners. Else it'd take 10x the time to fix one machine, since Windows has so many vectors for intrusion.
And have you tried to educate users? They'll do whatever they "damn well please" anyway (quote from one of my users).
But tomorrow's another day. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to BSofDeath
It almost sounds like an over dependence on automated scanners. At the professional level I'd think any exorcism would include a manual check of the registry run values etc.. which would show what's running, starting, where & when etc...
Shorter version, they should make cleaning faster, but they shouldn't replace or be a substitute for a tech's skill. |
|
BSofDeath
join:2004-08-27
Canada
| reply to eburger68
...and the users get the shaft again. I'm getting tired of this ongoing spyware battle. Anyone else?
Hmm... more like the front-line techies like us who are getting the shaft.
We can't MAKE users NOT use their computers (and thus get spyware), but it's up to us to fix them or provide the TOOLS to fix them (which is hard enough since no one spyware removal program works 100%). Couple that with a user base who "...don't give a #$%& about this computer $&$%", and ya wonder why techies/admins get fed up.
Then the tools themselves get sabotaged? Ugh. Who do you trust? It's clear that past performance can't justify trust anymore, if spyware removal authors can turn about-face, take some cash from the 'baddies', and betray us whenever they want.
BlueScreenOfDeath
I think I'm becoming a casualty of the war. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
1 edit | reply to stessylt
Nothing wrong with having an opinion, That post was a joke! My "opinion" is that I have the right to an opinion... we *ALL* do!
DHAO My A**!
 |
|
stessylt
@co.u
 from:
dadkins
| reply to spy1
Hey Pete
You are displaying an opinion..:D:D:p:p:o
You know, the sort of thing that you don't have to have about everything (as per the famous (??) post on the LS forums a while ago.)
You'll be upsetting somebody.. |
|
spy1
Welcome to Amerika
Premium
join:2002-06-24
Charlotte, NC
| reply to canuk1
said by canuk1 :I find it quite telling that the same outrage that went on and on here toward Lavasoft/AdAware is not showing over this. I have to wonder, is there a double standard at work? I agree with mers2 - it's more a matter of the customer-base size than a double-standard of any kind - also, we're only two or three days into this since it was first posted here.
You also have to realize that a lot of people turned their backs on PestPatrol a long time ago due to the agonizingly frequent F/P issues, the closing of their forums (so people couldn't complain publicly in a centralized place about the many real issues with the program).
IOW, I'd have never recommended PP to my worst enemy to start with, so I'm certainly not going to get upset if they erode whatever their remaining customer-base is now through shooting themselves in the foot like this.
It's just another example of stupidity and short-sightedness on the company level. They could have announced openly (in a place on the website where you didn't have to hunt for it) that they were going to review their stance on - whatever - detection first before pulling the detections.
That would have given everyone time to present their views, additional information as to why it should remain on the list (if any), etc. If they would simply have done that, they'd have given themselves the chance to see what kind of backlash they were going to suffer from the Internet community and their customers - plus they'd have had a chance to (a) show that they were giving - whatever - company a fair shake (useful litigation-wise) before making their decision and (b) they'd have been showing that they cared what their customers (you know - the ones who are PAYING FOR THEIR FRIGGING PROGRAM TO START WITH) think!.
Returning to the "I'm not upset about this." mindset ( ) - it's all really probably a moot issue anyway - I notice that Netfixer posted a notice that CA was putting out a " new version offers significant enhancements to help protect your PC from unauthorized access, information theft and diminished system performance." and that "support for older versions will be discontinued in the future."
That should pretty much kill the program all by itself, so why get upset about dropped detections due to cowardice in the meantime? Pete
--
Compaq Presario 7110US, 1.3GHz ThunderBird, 1GB RAM, 160GB HD, WinXP Pro w/SP2, TDS-3, WormGuard, Port Explorer v2.000, Process Guard v.3.150, The Cleaner Pro v.4.1 b.4252, TrojanHunter v.4.1 Build 903, NOD32, XP ICF, ALL javacool programs, SBS&D, SPYCOP |
|
fatdcuk
Premium
join:2005-02-20
England
| reply to eburger68
quote:
reply to eburger68
Hi All:
Two quick updates to this story.
First, as Karl Bode noted in his news story, CA has now corrected the link to the uninstall info:
»www3.ca.com/content/default.aspx?CID=6..
Second, CA's vendor appeals process is explained in more detail on this page:
eTrust PestPatrol Vendor Appeal Process
»www3.ca.com/Content/default.aspx?CID=6..
Best,
Eric L. Howes
since its obvious to all that the vendor appeal will now render the tool pest patrol ineffectual for periods of time,since it is open to exploitation by any vendor of ****ware dose this tool still merit the label of 'trusted application' by your goodself ? |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
| reply to eburger68
Even if they do decide Claria is OK now, what about all the versions that are in the wild and will continue to be in the wild for an unknown time? This was also mentioned repeatedly in the Ad-Aware/WhenU debacle. If Claria has truly "cleaned up their act", why don't they just rename their new product and the files and folders it might/would install? Wouldn't that avoid detection?
Personally, I don't use this product, but I find this trend very disturbing and removing a formerly known threat while it's being reviewed only serves to expose thousands of Pest Patrol users to Claria's software. Maybe that's all they really want?
Seems like more smoke and mirrors to me.  |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| reply to TeMerc
If I may add to TeMerc's post... Leave the current definitions of the older crap and if found clean, not detect/remove the new BS. That older crap will be around for a while, and even if Gator/Claria does cleanup the "new and improved" version, that old s*** will still infect people's systems. |
|
TeMerc
join:2004-01-22
Phoenix, AZ
| reply to eburger68
The good thing I see, as opposed to the Lavasoft WhenU debacle is they are making an effort to disclose to the users. Not a great effort, mind you, but an effort.
If I were a paying customer, or an IT professional I would want something, like say a mass email to let me know what they were contemplating to give me a heads up.
That aside, I completely disagree with the idea of pulling the defs out while they are 'reevaluated' or whatever it is they want to call it.
The primary problem being Claria has foisted its crap upon millions and millions of users, and most, by this survey here:
»pcpitstop.com/gator/Survey.asp
said they didn't want it. So what if they submit a 'clean version' of their newly improved load of crap?
At the very least, an extended waiting period of time should be implemented, to assure they have actually abided by their claim, with monitoring done by the users, and the feedback given to PP\CA, and until then, keep them in the defs.
--
Remember............You can NEVER be OVERPROTECTED!!»temerc.com/ |
|
