Recently I reported on iDownload’com’s Virus Hunter, which bears a strong resemblance to the highly regarded BitDefender. (See “iDownload: A case history in unethical marketing” for more details.) I wrote to BitDefender and asked them to explain the relationship. Today, I received this reply from a spokesperson for BitDefender:

iDownload is indeed our partner and we license our technology to them; iDownload licenses further our technology to their customers under the name of Virus Hunter.

The marketing and sales operations are entirely iDownload’s responsibility (including refund policy, pricing etc). We have notified the company about the conditions under which the certifications can be used and hope such situations will be avoided in the future (as you see the respective references have been removed already).

Since I published my story two days ago, iDownload has removed the unauthorized reference to ICSA Labs.

Earlier today, I wrote about the efforts of a company called iDownload to suppress apparently accurate descriptions of their product by several anti-spyware activists.

Since that time, I have done more research on the company, and I can report exclusively that they have used the trademark of a widely respected security certification firm without authorization to sell a questionable product. Here are the details.

iDownload sells an assortment of what purport to be security products. If you visit their products page, you can see this logo and descriptive text for Virus Hunter:

The company claims the product is certified by ICSA Labs. This is a prestigious honor and not lightly awarded. ICSA Labs is a division of CyberTrust, which was formed recently by a merger of TruSecure Corporation and BeTrusted. Its staff and management number some of the world’s foremost authorities on computer security and information technology. To earn ICSA Labs certification, a product must pass a series of stringent tests, and it can be removed if it fails the testing at any time.

When I reviewed the list of certified products at ICSA Labs’ Web site, I did not see any mention of Virus Hunter. So I fired off an e-mail to Larry Bridwell, Content Security Programs Manager for ICSA Labs. I received the following response within three minutes:

VirusHunter is NOT certified by ICSA Labs nor has it ever been submitted for testing.

We have sent a letter by post requesting that the certification claim be removed.

When I looked more closely at the Virus Hunter information pages, I found all the warning signs of an operation that should not be trusted:

• No contact information for the company.
• No details of the company’s management or ownership.
• No privacy policy.
• Exaggerated claims of security, including references to a nonexistent virus lab.
• Appeals to fear: “DOWNLOAD NOW Hurry before you lose your system! If you have contracted a nasty virus, your system could be rotting away as you read this.”
• Phony testimonials, including one claim that “Virus Hunter’s engine was awarded a perfect score…” with no link or even name of the source, only a date.

The citation doesn’t mention the publication’s name, and a review of the leading publication that does tests of this sort, Virus Bulletin, does not turn up any tests of Virus Hunter – in its February 2004 issue or any other time. Interestingly, a legitimate product called BitDefender makes a remarkably similar claim in a press release on its site, dated in February 2004:

Bitdefender Standard was awarded the VB100, the Virus Bulletin certification that the product is able to detect all the viruses which are currently extant in the wild. Once again, BitDefender passed with flying colours, and the test team noticed an improvement in the overall detection rates from previous tests.

Is there a relationship between BitDefender and Virus Hunter? Yes, according to the Technology Integration section of the BitDefender Web site, which lists Virus Hunter as a “reference” on a list that includes legitimate companies like GFI, Laplink Software, and Sunbelt Software. In fact, Virus Hunter is identical to BitDefender Standard except for a few logos. See for yourself:

Virus Hunter Professional (click for larger image)

Bit Defender Standard (click for larger image)

As you can see, they’re identical except for the logo, and the text in the linked “virus warnings” on the Virus Hunter Web site is absolutely identical to listings from the BitDefender encyclopedia, which is why I stated with confidence earlier that there is no “Virus Hunter labs.”

In fact, anyone who buys this version instead of the official BitDefender product is getting ripped off.

• BitDefender Standard has a free 30–day trial. Virus Hunter doesn’t.
• BitDefender Standard costs $29.95. Virus Hunter costs $34.95 for the download, and the company charges a mandatory shipping and handling fee of $4.95 for physical delivery of a CD to customers in the Continental United States. That’s a total of $10 more than the original BitDefender product.
• BitDefender will accept a request for a refund. At the Virus Hunter site, the terms read: “iDownload maintains a strict no-refund policy.”

Now, why would anyone want to do business with this company?

Oh, one more thing. IDownload sells its software through a secure Web site. I inspected their SSL certificate and was knocked over when I saw who had issued it:

Yes, ChoicePoint, Inc., the same company that is currently “under fire for being duped into allowing criminals to access its massive database of personal information…” According to an Associated Press story, ChoicePoint has hired a retired Secret Service agent to help revamp its screening process and has “announced plans to rescreen 17,000 business customers to make sure they are legitimate.” I hope they look very closely at iDownload.