Microsoft’s response to the current flap over “poisoned” Windows Media files is a case study in how not to respond to a security issue. On February 15, Microsoft issued two updates to Windows Media Player 10 – a comprehensive roll-up that changes the version number from 3646 to 3802, and a smaller patch that reportedly adds “additional integrity checks to the DRM [digital rights management] system.” Members of the company’s public relations team then made the rounds of the mainstream PC press announcing that the problem was solved.

No, it wasn’t. Based on my analysis, the current “fix” is inadequate, and many if not most Windows users remain unprotected from an important security flaw.

Continue reading “How to fumble a security update” →

Yesterday I published two articles about iDownload.com, a company that makes a product called iSearch, which is installed using deceptive techniques. The company has recently sent cease-and-desist letters to the owners of several Web sites that referred to iSearch as “spyware” or “malware.” It also makes commercial security products, including Virus Hunter, which it sells using questionable techniques.

This morning I read the latest issue of the Windows Secret newsletter, which leads with an article by Brian Livingston that neatly sums up the issues with iDownload. I’ve done some of my own investigations, and the details collectively add up to a picture of exactly how the makers of this type of software get rich by preying on the innocent.

Continue reading “iDownload: Follow the money” →

I was depressed to read this post from a Microsoft blogger who claims to be involved with security: Argh! Kids’ laptop riddled with spyware!

I downloaded the current beta version of MS’ new Anti-SpyWare tool yesterday and installed it on my kids’ laptop. When I ran the scan, I found something like 16 different types of SpyWare installed. The trigger was starting up IE on the machine and being greeted with something called the “Megasearch” tool bar!

I can say that the new Anti-SpyWare tool seems to do a really good job. Of course with SpyWare, you don’t know what you don’t know. There could be another dozen SpyWare packages installed on my system that the tool didn’t detect, but at least I know I got some. Oh well, what are you going to do?…

Jeebus, the last thing I want to hear from someone who works at Microsoft is this sort of defeatist attitude. Especially when they’re involved in security. What are you going to do? Back up the kid’s data. Wipe the hard disk and reinstall Windows and all programs. Set up safeguards to make sure no unwanted programs get installed again. Ban Kazaa and anything lke it. Give the kid a Limited user account.

It works.

This makes my blood boil. At Spyware Warrior, Suzi just posted the full text of a letter she received from the legal counsel for iDownload. They’re demanding that she remove pages that refer to their product as spyware and/or malware. Suzi says:

As owner of this domain, netrn.net, the home of this blog, I am currently obtaining legal counsel and evaluating my options. I will post additional details as they develop.

I have firsthand experience with this company’s products. When I was doing testing for a post on “poisoned media files” I ran across a Windows Media video file that attempted to install the iDownload product on my computer. The ActiveX dialog box called it a “Required: Media Player Version 9 Update.” It is, of course, no such thing. That description is an out-and-out lie. Eric L. Howes documented the installation process at Broadband Reports and captured the following screen:

Legal bills are expensive. Even when you’re right, you can go bankrupt just protecting yourself and your good name. Which is why I just clicked the PayPal Donate button on Suzi’s blog and sent her some financial support.

This appears to be an orchestrated campaign to stifle all criticism of this company, because the same legal team sent a nearly identical letter to CastleCops.com as well. In addition, someone recently targeted anti-spyware activist Ben Edelman’s site for a massive denial-of-service attack.

Is iDownload’s software bad for you? I don’t have enough personal knowledge to say. But many authoritative sources seem to believe it is so.

• Symantec, an acknowledged leader in the security software industry and maker of Norton AntiVirus, unequivocally labels iDownload’s iSearch Toolbar as “spyware.” The Symantec listing describes its behavior as follows: “Spyware.ISearch is an Internet Explorer Browser Helper Object and functions as a toolbar. It is a search hijacker and also tracks user activity on a remote server at isearch.com.”
• Trend Micro, a respected maker of AntiVirus software, calls the iDownload.com product Adware. Its description begins: “This adware may be downloaded while browsing the Internet without a user’s consent. It attempts to block popup windows and redirect a browser to its server, which is http://www.isearch.com.”
• Tenebril, a respected maker of security software, lists iSearch in its Spyware Research Center. Its description says, “ This is a hijacker application. Hijackers take control of your web browser’s settings, and usually change your homepage, search page or other default pages to point to web sites owned by the hijacker. Since the hijackers can make money just based on the number of visits to their web sites, they benefit from forcing you to view their web sites each time your web browser opens.”
• The database at Spywaredata.com includes seven instances of iDownload’s toolbar.dll, all of them classified under the parasite label.

The license agreement for the iSearch software includes the following text:

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it’s partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.

This company lies when it offers the software to an unsuspecting user. The license agreement this company wrote, which they know the average user will not read, admits that the software may install additional software or remove programs already on your computer without your knowledge or input (or obviously, your consent). And the company freely admits that its software may have “other adverse impacts on your computer.”

Does this sound like a program you want to install?

Please, support Suzi. Click the PayPal Donate button on Suzi’s blog and help her out.

Updated: Suzi responds to iDownload.