{QUOTE-> MS AntiSpyware now ignores Claria

By Brian Livingston

Microsoft's AntiSpyware utility, which is currently nearing the end of beta testing, has stopped recommending that Windows users remove such adware programs as Claria, 180Solutions, WhenU, New.net, eZula TopText, and Webhancer, according to Spyware Warrior and numerous other sources.

MS AntiSpyware started defaulting to a recommendation of "ignore" for Claria, as opposed to "remove" or "quarantine," as far back as Mar. 31. But antispyware experts only recently recognized and publicized the change, according to a July 1 blog posting by Alex Eckelberry, the president of Sunbelt Software. Sunbelt makes the competing (and top-rated) CounterSpy utility. <-QUOTE}http://www.windowssecrets.com/comp/050714/#baseli


The good part is that the a/m link was sent to me by Sunbelt ;D

Warm regards,

Sunbelt Software

PS: Are you running Microsoft's AntiSpyware product? Read this:
http://www.sunbelt-software.com/rd/rd.cfm?id=050715BL-Livingston

Thank you
Sunbelt Software

~Mod note....removed portions of the article....that can still be seen via the posted link....and placed quotes around the remainder of the article....Bubba~

Apart from this being rather old news now, are you aware that Sunbelt have also updated CounterSpy's recommended action for most Claria products to 'ignore' also?

They try to justify themselves by harping on about how they disclosed this publicly, but the end result is the same, and makes their behaviour somewhat of a mockery.

This is one of the reasons I do not trust "anti-spyware" products anymore. Giant AS no longer runs on my machine and I do not plan on replacing it. In their stead, I have installed ProcessGuard and RegDefend, (and Online Armor for testing purposes), which I find provide more reliable and comprehensive coverage. It is almost impossible to trust vendors to make the "decisions" (i.e. what is spyware and what isn't) for me anymore. Too many conflicts of interest. Too many 'legal" issues.

Rich

agree, i will not renew my anti-spyware products anymore. Maybe i will stay only with spy-sweeper and also nod32 (that offers an antispyware protection)

{QUOTE-> Apart from this being rather old news now, are you aware that Sunbelt have also updated CounterSpy's recommended action for most Claria products to 'ignore' also?

They try to justify themselves by harping on about how they disclosed this publicly, but the end result is the same, and makes their behaviour somewhat of a mockery. <-QUOTE}
Sunbelt made a big mistake to do this. I'm very disappointed in Sunbelt.
Now already two major AS scanners ignore Claria, which is in fact a silent approval of adware.
Ignorant users, the majority, will now think that Claria is harmless and safe.

Of course the AS companies have to do this very slowly and inconspicuous and Claria is just the beginning.
I'm convinced that the business world wants adware and adware makers want anti-spyware makers to stop removing their adware and the Anti-Spyware Commission will take care about that.

Though I agree with the sentiment about Sunbelt, I don't think abandoning all AS is the answer.

After all, Sunbelt still detects claria, you can still change the action you want to take.

HIP products are even worse in this respect, they can't detect Claria at all.

I didn't say to quit on MSAS or Counterspy. I'm still using MSAS, because it removes SPYWARE and the Anti-Spyware Commission will disapprove spyware also, no doubts about that.
I'm not talking about AS scanners, I try to think further.

It's the evolution of adware that's bothering me the most.
Adware is the most brilliant advertising tool ever made, better than any advertising on websites, on TV, on the street, on paper, ...
Adware will be improved and will try to find out what each user wants at a certain moment.
Keep in mind that there are more than 500,000,000 computers in the world. So the market is already there.

For example : if I need a new mouse and I'm searching for a mouse, I will get adverts about mouses.
The smart adware will only bother me when I need something and that kind of advertising is very valuable in the business world.
As I said before, if the users don't want to go to the mountain, bring the mountain to them and that's what the more sophisticated adware will do in the future.

{QUOTE-> HIP products are even worse in this respect, they can't detect Claria at all. <-QUOTE}

There is a distinction between prevention and "after the fact" detection.

{QUOTE-> There is a distinction between prevention and "after the fact" detection. <-QUOTE}

I agree. Hence the superiority of AS.

Claria products are generally installed manually by the user. :)

Of course, you could choose not to install claria products, but you don't need HIPS for that.

{QUOTE-> I didn't say to quit on MSAS or Counterspy. I'm still using MSAS, because it removes SPYWARE and the Anti-Spyware Commission will disapprove spyware also, no doubts about that.
I'm not talking about AS scanners, I try to think further.
<-QUOTE}

HIPS is the answer. It catches almost everything, prevents almost everything.

{QUOTE->
Claria products are generally installed manually by the user. :)

<-QUOTE}

If a user intentionally chooses to install Claria, then anti-spyware products are totally irrelevent.

You are all talking about security softwares, that wasn't my point.
Wait and see how adware will evolve in the future and how many people are really aware of adware.
Security experts and interested users will know about adware, but that's a very small group compared with the rest of internet users.
When AS scanners start ignoring and approving adware, the ignorant user will accept it.
Never compare your knowledge with the knowledge of other people.

HIPS ? Is that the solution for the ignorant users, who doesn't know anything about the internet, except using it ?
They don't even see the difference between right or wrong on the net, including websites, processes, registers, ...
Adware makers aren't interested in what forum people are doing, they are interested in what the rest of the users are doing.

{QUOTE-> Wait and see how adware will evolve in the future and how many people are really aware of adware. <-QUOTE}

I can only speak for my own circle of relatives, friends, and acquaintences. There is no one I have ever met and discussed the general topic of viruses/spyware, who is not aware of the issue. There may concern is how to stop it. Given that the Internet software industry at-large makes tons of money by spying on people, the only possibly resolution is that people take charge of their own decision-making and choices - as opposed to allowing Microsoft and others make the choices for them.

To what extent, people decide to do this, I have no idea. But HIPS-like software, by way of firewalls, such as ZoneAlarm, where people have been deciding what types of programs can communicate over their Internet connection, have been around for a long time and have proven to be quite sucessful.

As far as I concerned, products like Microsoft AS are free, and for good reason. They are just another way of assuring people that they are safe from spyware, when they aren't. They promote a false sense of security, by convincing users that the fox is looking out for their interests.

OK. This could become a long discussion.
Each of us have their own opinion and philosophy. I respect that.
Sometimes I change my mind, when people have very good arguments, but not in this case until now.
Like always, time will prove how wrong I was about the future, concerning adware (not spyware or viruses).
Nevertheless, I'm very interested in this subject, not for the software, but all the rest.
I prefer to watch the wood, rather than the trees.

Eric Howes made an announcment about SunBelt's decision to adjust (not entirely remove) CounterSpy's detection here: http://www.dslreports.com/forum/remark,13953597~mode=flat~days=9999
Note that they didn't just blanket remove everything, they selectively set the default to 'ignore' for certain products by Claira that aren't a problem anymore. Others are still set to remove by default.

I understand what you guys are saying, but there does need to be some recourse for these sleazeware developers to do the right thing, otherwise it will just make things worse. I also don't think it's really very realistic to consider an uninformed knee-jerk reaction to be more valid than the careful consideration of someone like Mr Howes.. that's not to say that we should blindly accept everything he says, but I think it's important to understand the entirity of the situation before making judgment. I don't see anyone here complaining that entries have been de-listed from the rogue anti-spyware list, and these seem to me to be the more insidious threats..

And yes, I agree that behavior blockers are probably the best way to go if you can use them effectively, however there are still millions of people that get confused by the concept of left click vs right click, and IPS software is simply not a feasible solution for those folks.

{QUOTE-> And yes, I agree that behavior blockers are probably the best way to go if you can use them effectively, however there are still millions of people that get confused by the concept of left click vs right click, and IPS software is simply not a feasible solution for those folks. <-QUOTE}

Hi Notok,

One could make the same argument against ZoneAlarm (for example) that users cannot and will not ever be able to make decisions concerning which progams to access the Internet and which privileges to give to these programs.

Of all of the firewalls that are available (outside of the free one that comes with XP), I believe that ZoneAlarm is the most successful, and apparently the users have learned to use to quite effectively - each probably to a different level of granularity. Sometimes, things just take time, but users cannot begin the process of learning until the tools are made available to them.

Cya,
Rich

{QUOTE-> Of all of the firewalls that are available (outside of the free one that comes with XP), I believe that ZoneAlarm is the most successful, and apparently the users have learned to use to quite effectively - each probably to a different level of granularity. Sometimes, things just take time, but users cannot begin the process of learning until the tools are made available to them.
<-QUOTE}Yes, and the majority of users don't even run a firewall. Many that do get tried of guessing and just allow everything.

{QUOTE-> Yes, and the majority of users don't even run a firewall. Many that do get tried of guessing and just allow everything. <-QUOTE}

As always, it is about personal choice. Everyone that I know does care about their firewall and takes alerts from firewalls pretty seriously.

Rich

I thought this was about Claria only.
Claria partly downgraded to ignore, WhenU partly downgraded to ignore.
Who's next or is there already a next one ?
I hope we don't have to change many of these from "ignore" to "remove" in the future.
As long they don't de-list them , I can live with it, but I'm smelling "good adware", "bad adware" and "spyware" already.

some very interesting comments have been posted. Frankly I give Eric H no attention at all.....thats just me, of course. The fact that Eric H is even known at all only shows how pitifully thin the ranks are of anyone actually putting up any objection to spyware......oh, sure, there are the motor mouths shouting about this or that but its mostly hot air.
There is more objection in forums like this one than anywhere else.
Money...its all about money.....take away the profits an the spyware goes away. The lies by the vendors goes away. Lawsuits work better than any anti-syware product. Just ask The New York Attorney General.
So why don't you people once and forever ban together an establish a financial fund for the sole purpose of taking the spyware vendors to court. You can't expect some small backwater vendor to have the financial backing to fight the big spyware vendors. So the backwater vendor removes detection of the spyware that threatens him with lawsuits
Locate an international lawfirm. An start advising people to give what they can.......a trust fund sort of thing.

{QUOTE-> are you aware that Sunbelt have also updated CounterSpy's recommended action for most Claria products to 'ignore' also? <-QUOTE}Sorry for the OT about Sunbelt....but don't you mean Quarantine ?

As of 31 July 2005 a test conducted using 12 well known anti-spyware applications....Sunbelt's scan results of the 8 Claria products tested has a recommendation to Quarantine....which is their default action.

Found here---> The State of Claria Detections (http://www.spywarewarrior.com/elh/claria-detections.htm)

Other semi related info---> The State of Adware Detections (http://www.spywarewarrior.com/elh/adw-state.htm)

whereisthebeef,
It's up to the government of each country to create unambiguous laws to forbid adware and spywares on computers forever.
I pay already taxes enough.

{QUOTE-> Sorry for the OT about Sunbelt....but don't you mean Quarantine ?

As of 31 July 2005 a test conducted using 12 well known anti-spyware applications....Sunbelt's scan results of the 8 Claria products tested has a recommendation to Quarantine....which is their default action.

Found here---> The State of Claria Detections (http://www.spywarewarrior.com/elh/claria-detections.htm)

Other semi related info---> The State of Adware Detections (http://www.spywarewarrior.com/elh/adw-state.htm) <-QUOTE}
Sorry, you're correct. I meant to write that they had changed the recommendations for most WhenU products to ignore (having ridiculed Microsoft for previously doing the same). Yes, the Claria products are currently marked for quarantine in CounterSpy. I won't be in the least bit surprised, however, if and when this changes too.

The point that I was making is that it's not rational to jump to the conclusion that an AS company is bad just because they alter a small group of detections. Nor is it always realistic to just say that everyone should just replace scanners with another class of security software. What IS reasonable, and what we should all be doing in the first place (IMO), is exploring the reasons for these changes and issues at hand, helping to form more well-informed opinions regarding these matters.. that's why we're here, isn't it?

My apologies to everyone if my initial post on this matter seemed overly bitter. DSLR already has over 17 pages of irrational bickering. It's an interesting topic that will affect everyone here in one way or another, and I'd be interested in hearing more about the reality of the fight on adware, where it's going, and the achievments & struggles of those that are taking real action.

My thoughs; I agree that it's going to take hitting the sleazeware authors in the pocketbook to get anything done, but I don't think any one action is going to do it. I think many consumers have already spent way too much money trying to get rid of the crap (some are buying whole new computers!) to want to pay more for lawsuits that may or may not work (despite what I may think, it would still be a gamble). This is an ongoing fight that will need efforts on many fronts to win in any real way, and I think that the AS companies holding up to the ethical standards they portray is a step in the right direction. They make decisions to list crapware on logical rules, they pretty much have to.. if a company decides to clean up their act, it's the AS company's duty to re-evaluate and judge fairly, otherwise the ethical front is all talk, IMO, and their database is likely to be filled with crap and the sleazeware authors will have no recourse but to retaliate in some way. Offer them a viable alternative in which everyone wins and it only makes those that don't take that opportunity that much more sleazy.

Personally, from what I've seen it seems like SunBelt has taken the best approach at this, one that MS should pay attention to. They have considered it carefully, considered each product made by Claria separately, given full details as to why, and continue to detect them- just with an altered default action given. Comments saying that certain programs may still be distributed by drive-by-downloads seem relevant, but I don't have any experience here.. my setup is good enough that drive-by-downloads generally don't work on my system, so I'd be interested in hearing from the active malware fighters on this.

The fact that MS is just delisting everything is not cool IMO. Of all the companies that have the resources to put up a real barrier for the adware companies, you'd think MS would be it. It's nice that they're offering an AS tool, but it just doesn't seem like their heart is in it. It will be interesting to see where MS ends up being in this anti-adware struggle when the program leaves beta, hopefully they won't just take a back seat.

~snipped off topic comments....Bubba~

I'm not sure where to start....and I do realize some posts stray from the topic slightly from time to time. Let's at least attempt to keep it close to the discussion of Claria removal by Microsoft(MSAS) in regards to Anit-spyware programs.

For now I have removed a few posts in order to figure out a better placement for them. There are a few ongoing threads concerning HIPS....Please confine major comments\posts to those threads concerning that topic.

{QUOTE-> If a user intentionally chooses to install Claria, then anti-spyware products are totally irrelevent. <-QUOTE}

Let us say, intentionally = installs the program himself, but doesn't know there is Claria in it.

I don't know about everyone else but it is just common sense to see what all you are installing or downloading. But once you click install your security apps are out of the picture unless there is a virus in it. But your adware and spy detectors are out of the picture. which is human error not a program error

Don't know about everyone else but I certainly can't see into the file I'm installing to see if it's malware or not.

A scanner that has the correct file signature could???

Thats possibly right but I have never installed any software that had malware in it simply by useing a little common sense and reading the EULA before install.

Hi,
All I can say:
Long live Patrick Kolla!
Long live Spybot!
Mrk

{QUOTE-> HIP products are even worse in this respect, they can't detect Claria at all. <-QUOTE}

Gator is in our sigs database - will need to check if the current versions are, or not - but the default action with OA when this is detected (even if launched by an installer) is to throw up a big red warning which says "Dangerous Program".


Mike