Category: Spyware

Dear Microsoft: Why should we trust you to detect spyware?

Yesterday, in an update to my post about the ongoing Microsoft/Claria rumors, I wrote:

The real story is that Microsoft has decided that high-profile adware makers who achieve a minimum threshold of disclosure (including Claria and WhenU) will be able to get an “Ignore” rating.

Microsoft earned a tremendous amount of goodwill earlier this year when it released a beta version of Windows AntiSpyware. That goodwill is vanishing at an alarming rate thanks to the rumors that Microsoft plans to buy Claria, a company that made its fortune as a leading distributor of spyware and adware. To compound the problem, Microsoft apparently relaxed its standards for certain high-profile adware companies, Claria included, earlier this year. This post details how much damage Microsoft is doing to itself and offers two admittedly controversial recommendations for how they can recover.

Continue reading “Dear Microsoft: Why should we trust you to detect spyware?”

Boing Boing gets a big shovel, spreads BS

Follow the bouncing distortion:

It starts on CNET, with a story that quotes anonymous “sources” saying Microsoft is “in discussions to buy controversial adware maker Claria.” (The New York Times runs a similar story later the same day, with a few more details, including a quote from its unnamed source saying, “Those in favor of the deal … believe Microsoft could help clean up the adware field,” but that the talks are falling apart.)

Then the story goes to Slashdot, where the reference to “sources” is dropped.

A week later, another Slashdot story begins “A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria…” Leaked out? All of a sudden the anonymous sources are confirmed?

Boing Boing, consistently rated in the Top 10 among sites in Technorati, picks up the ball and spikes it in the end zone in the Ultimate Fantasy Bowl:

MSFT acquires spyware firm, changes antispyware app to ignore its products
Microsoft recently acquired a spyware company called Claria (known for its spyware product, Gator). They have since updated Windows’ antispyware app so that it advises users to ignore Gator spyware.

So the rumor became a confirmed story and now it’s a done deal. Not to mention that the change in the status of Claria’s products happened as much as four months ago. Back in the reality-based community, the whole story’s still just a rumor based on a pair of stories from unnamed sources, but science fiction writer Cory Doctorow, who authored the Boing Boing piece, apparently has a news feed from a parallel universe.

And to compound the error, Prof. Brad DeLong picks it up and calls Microsoft a “company behaving very badly,” because if you read it on the Internets, it must be true.

As the good Professor might say, “Why oh why can’t we have a better blogger corps?”

Update, 7/9: Boing Boing has printed a “correction” that strikes out the words recently acquired and replaces them with is rumored to be acquiring. The headline now reads MSFT acquiring spyware firm. That’s wrong. The CNET and NY Times stories say that Microsoft is “in talks” to acquire Claria and that the deal is far from a sure thing.

Even worse, Boing Boing has left the original story up, uncorrected. See the original here, and the changed version here. If I use a search engine, I have a 50-50 chance of getting the original, bollixed-up version. Sloppy, sloppy.

And the sentence that follows the “corrected” one now makes no sense at all: Boing Boing says “[Microsoft has] since updated Windows’ antispyware app so that it advises users to ignore Gator spyware.” Since when? The implication is that this was a quid pro quo, but the change in detection status for Claria’s applications was made earlier this year (as Donna Buenaventura reported), and it affected other adware companies as well. The New York Times story says the talks between Claria and Microsoft started a few weeks ago. If there’s a quid pro quo, the timeline doesn’t support it.

The real story is that Microsoft has decided that high-profile adware makers who achieve a minimum threshold of disclosure (including Claria and WhenU) will be able to get an “Ignore” rating. Reasonable people can argue that that’s a bad decision, but the Boing Boing story doesn’t do that. It tries to create a story of corruption where none exists.

Update 7/10: The uncorrected Boing Boing story is still there. Meanwhile, if you want to know more about Microsoft’s decision to change the classification of Claria’s adware, see my follow-up: Dear Microsoft: Why should we trust you to detect spyware?

Update 7/12 6:00 a.m.: As of this morning, the original, uncorrected post appears to have been deleted from Boing Boing’s servers. The “corrected” version is still online and still wrong.

Update 7/12, 6:00 p.m. PDT: No deal. Boing Boing still says “MSFT acquiring spyware firm…”

Update 11/13/2006: The original story has never been corrected.

People are getting smarter about spyware

The latest research from the Pew Internet Project is good news:

Spyware and the threat of unwanted programs being secretly loaded onto computers are becoming serious threats online. Tens of millions of Americans have been affected in the past year by software intrusions and many more have begun to take precautions by changing the way they use the internet. Overall, 91% of internet users say they have made at least one change in their online behavior to avoid unwanted software programs. Among the changes:

  • 81% of internet users say they have stopped opening email attachments unless they are sure these documents are safe.
  • 48% of internet users say they have stopped visiting particular Web sites that they fear might deposit unwanted programs on their computers.
  • 25% of internet users say they have stopped downloading music or video files from peer-to-peer networks to avoid getting unwanted software programs on their computers.
  • 18% of internet users say they have started using a different Web browser to avoid software intrusions.

All good news. The fact that people are changing their behavior, coupled with security improvements like those in Windows XP Service Pack 2, means that the Internet is becoming a safer place.

Microsoft to buy Claria?

From the New York Times comes a report that Microsoft is negotiating to buy Claria:

For the last two weeks, Microsoft has been in talks to buy a private Silicon Valley company, a move that underscores just how eager Microsoft is to catch up with Google, the search and advertising giant.

The company that Microsoft has pursued is controversial: Claria, an adware marketer formerly called Gator, and best known for its pop-up ads and software that tracks people visiting Web sites. The Gator adware has frequently been denounced by privacy advocates for its intrusiveness.

The offer price on the table as recently as yesterday was $500 million, according to people who have been briefed on the talks. But a person close to Microsoft said last night that the negotiations were on the verge of breaking off.

One person briefed on the deal said there was opposition within Microsoft to the acquisition.

Yikes. If you want to read more about this company, go to the Gator Information Center, run by my friends at PC Pitstop:

PC Pitstop believes that Gator products can degrade the quality of a user’s PC experience, and the applications themselves are not a good value. This belief is based on our hands-on use of Gator products, surveys of users that have Gator on their systems, and visitor feedback from our forums. Most Gator “users” are not aware of what Gator is doing on their PC behind the scenes, and even many advertisers are not aware their ads are being shown by Gator’s ad network through third-party contracts or Gator’s connection with Overture.

What is Microsoft thinking? This deal would be a P.R. disaster. The only way it makes sense is if Microsoft buys the company, fires everyone involved with it, has their buildings exorcised, and rewrites every line of code in their product.

Update: The deal’s dead. But it was still a stupid idea. Really, really stupid.

This is not the Windows AntiSpyware Beta you’re looking for

A new version of the Windows AntiSpyware Beta is now available for download. This isn’t the long-awaited Beta 2, but instead is a refresh of Beta 1:

In this second beta refresh (Build 1.0.613), we’ve made other enhancements to the detection and removal capabilities, including improved Winsock LSP removal capabilities and support for long descriptions of categorized software. In addition, we have also extended the Windows AntiSpyware beta expiration date to December 31, 2005. 

Mary Jo Foley at Microsoft Watch quotes a Microsoft executive as saying Beta 2 will be released “some time later this year.” If you already have Microsoft AntiSpyware installed, it should update itself. If you are thinking about trying it out, this is the one to download.

Update: More details about changes in this version are available at Steve Dodson’s Weblog.

Sometimes it’s best to just start over

Brian Krebs writes about his experience trying to clean up a PC that was infested with malware:

I just spent nearly seven hours doing emergency surgery on a Windows PC that belongs to a dear, longtime friend. The experience was so harrowing that I decided to blog it.

Been there, done that. And never again. Here’s a partial list of what Brian found:

  • The user had not installed any Windows updates since mid-2003 (so, obviously, no Service Pack 2).
  • Antivirus software was installed but hadn’t been updated for months.
  • An Ad-Aware scan found three pages of “scary-looking toolbars, start-page hijackers and pop-up generators.”
  • Spybot S&D refused to download updates.
  • The machine was infected with CoolWebSearch.
  • EZ Anti-Virus found 38 threats, “including several very serious computer worms and viruses.”
  • And so on and on and on…

Brian could have spent seven days trying to clean up this computer and not been successful. I can practically guarantee that despite his well-intentioned efforts, this computer is still compromised. If you ever encounter a PC with even a fraction of the symptoms displayed in this case, the solution is simple:

  1. Back up as much data as you can.
  2. Reformat the hard drive.
  3. Reinstall Windows with all current security patches.
  4. Reinstall all software.

It would have taken much less than seven hours, and he would have been certain that the effort was worth it. Trying to clean up a machine that is “owned” by someone else – in this case, by many others – is an exercise in futility. Don’t bother.

Spyware cut in half?

This might be good news:

The spread of spyware is slowing down, a Dell executive has told the Louisiana Senate’s Select Committee on Consumer Affairs and Technology.

The number of spyware-related support calls to the Dell helpdesk has halved over the past year, according to Mike George, Dell’s vice president for US Consumer Business.

Hmmm. What (SP2) happened in the past year (SP2) that could have made it more difficult (SP2) for purveyors of crapware to push unwanted software onto computers? I’m sure it’ll come to me if I just think about it long enough.

(Via Donna Buenaventura)

Huzzah for Eliot Spitzer!

The Attorney General of the State of New York filed a lawsuit against a notorious distributor of crapware (press release, full complaint).

The best part of the complaint is the demand to fully disclose all records of its activities, including an accounting of all revenues. That would lead to a revealing “follow the money” list that would no doubt snag other offenders.

This Electronic Frontier Foundation editorial explains why the strategy is the right one.

Where’s the patch?

It’s Patch Tuesday, and Ryan Naraine at eWeek has the same question I do. Where’s the patch?

It’s been almost three months since Microsoft promised a Windows Media Player update to help thwart the threat of spyware infection but, to date, users of the WMP 9 Series remain at risk.

When the issue first surfaced in January, Microsoft officials made it clear that the spyware infection attack scenario did not exploit a vulnerability in the software.

The company later issued an update, but only for the newer WMP 10 software, which is only available on the Windows XP operating system.

When researchers pointed out that WMP 9 users remained vulnerable, Microsoft program manager Marcus Matthias said a fix would be made available at a later date. The issue remains unresolved.

Despite that missing piece, there are a host of Critical Updates out today. Make sure you have Automatic Updates turned on, or visit Windows Update.