The "black sheep" in the anti-spyware business...

[javacool]

IMPORTANT INFORMATION

Original post can be found at the Official Spybot S & D forums here: http://forums.net-integration.net/in...showtopic=1696

Quote:

"While many people in the anti-spyware sector are doing this mostly because they are dedicated to security and privacy, there are always a few black sheep trying to make quick money using the fear of many users.

Two such black sheeps are BulletProof software with their Spyware and Adware Remover and TrekBlue with their SpywareNuker.
Both products are based on a hacked version of the Spybot-S&D database. Evidence for this is very clear as the Spyot-S&D contains quite some entries to determine such theft.
These entries are wrong entries, some detecting things that do not really exist, some detecting minor threats under the wrong name, etc.. These tricks are absolutely harmless to the normal user of Spybot-S&D, but do clearly identify a stolen version of the Spybot-S&D database. Both products mentioned above detect exactly the same 'mistakes' the Spybot-S&D database contains.

I am in contact with two attourneys to sue these two companies.
I recommend that you use neither of the two programs mentioned above. Using them is a copyright infringement!!!
(and in addition you won't get more than with Spybot-S&D, as they are based on older Spybot-S&D databases)

Another interesting thing: there is someone 'spamming' at download.com: Spybot-S&D and AdAware have received thousands of negative feedbacks with the same text (CNet is removing them constantly), but the BPS Remover has gotten more than 10.000 positive feedbacks from the same name and the same text."

[hr]

Short version: BPS Spyware Remover is using a hacked version of Spybot S & D's database. Do not download their software.

UPDATE: Recent information has also pointed to an interesting similarity between BPS Traces Remover and WindowWasher...

Best regards,

-Javacool

[Mike_Healan]

The sincerest form of flattery
http://www.spywareinfo.com/newsletter/archives/feb-2003/13.php
By: Mike Healan
Imitation may be the sincerest form of flattery, but Nicolas Stark of Lavasoft and Patrick Kolla of PepiMK Software don't feel the least bit honored by companies they both claim are illegally copying their work. Stark and Kolla are the developers behind the two most popular spyware removal programs in the world, Ad-aware and Spybot S&D. Both developers have issued statements in the last few days indicating that their software has been reverse engineered and copied by various companies.
Earlier this week, Kolla posted a statement at the Spybot support forums accusing Trek Blue's SpywareNuker and BulletProofSoft's Spyware Remover of using a hacked copy of Spybot's encrypted target database. The target databases of BPS Spyware Remover and Trek Blue SpywareNuker both contain flaws that are also present in Spybot's database. The flaws are small things, such as one target which is detected under the wrong name as well as some targets present in Spybot's database which do not actually exist. Developers often introduce harmless flaws such as these into their software to identify unauthorized copies. Allegedly both SpywareNuker and BPS have the exact same errors and non-existent targets in their databases. Kolla has stated his intention to file lawsuits against both TrekBlue and BulletProofSoft for copyright infringement.
I've discussed Spyware Nuker before. I won't link to the web site since the home page loads an activex script which installs the program, possibly without prompting if security settings are set too low. At one point SpywareNuker was being labeled spyware and was even added to Spybot's database as a spyware target.
Lavasoft's owner Nicolas Stark has posted a similar statement at Lavasoft's support forums saying that BulletProofSoft's Spyware Remover and another program called Spycleaner are reversed engineered copies of the older 5.8x version of Ad-aware. Stark points out that both BPS Spyware Remover and Topdownload's Spycleaner have an interface that is nearly identical to the previous version of Ad-aware. Mr Stark indicated that he is considering taking legal action against these companies.
More...

</shameless plug>

[Primrose]

And Mike's site is open 24/7 for discussion on many topics with great people.


another </shameless plug>

[Pieter_Arntz]

Quote:

quoting: Primrose link=board=20;threadid=7221;start=0#48103 date=1045145045]
another </shameless plug>

Unnecessary (already knew that) and off-topic.

Regards,

Pieter

[TheApostate]

Lo there all

I'd like to ask a question here, as it sems appropriate in this thread. I've been using BPS Spyware Remover alongside both adaware and spybot and it has persisitently found a "freescratchandwin" entry in the registry which both adaware and spybot "missed." In light of this developement, is this one of those "flaws" that is in both databases that exposes this nonsense from BPS. I'd appreciate some thought and insight, cos if it is, BPS gets removed till they get their act together and make a lot of disgruntled folk really really happy. I for one am not going to use their products till I'm happy that anything and everything they're doing is on the up and up and totally legitimate. And the worst of it is I actually liked their product.

Regards to all
TheApostate

[Pieter_Arntz]

If you had really been hit by FreeScratchandWin you would find this startup entry: HKLM\..\Run: [FSW] C:\Program Files\FSW\fsw.exe
and this one {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - h**p://www.freescratchandwin.com/files/fswinst07.cab in your Downloaded Program Files.
Could you tell us exactly what BPS found? Just curious.

Regards,

Pieter


Made the link to FSW unclickable

[TheApostate]

Hi Pieter

Sorry about the length of time in replying, don't know how I missed your reply, esp seeing as I was looking out for one. Methinks I need a new pair of glasses perhaps

As far as I can remember it only ever mentioned that it had found the fsw, but none of the entries you mentioned. I could run scan after scan right after each other and it would always find it. What had me puzzled was the fact that neither adaware nor spybot found anything. I also run spywareblaster, so it had me puzzled. I've never had any problems with the FSW before then, nor since. If you need that info, I would have to see if I still have my copy of BPS to hand and reinstall it and let you know.

I've run regedit and did ind this entry :-HKLM\software\microsoft\IE\activex compatibility\ ---- in the right pane it says compatibility flags 0x00000400(1024).

In the absence of anything else I'm presuming that this is a Spywareblaster killbit entry. Will search my system for the other files and see if they there and let you know.

Thanks
TheApostate

[TheApostate]

HI again Pieter

Just finished checking my system and so far no traces of the cab file you mentioned in the dowloaded prgram files folder or anywhere else for that matter. So it would seem to me to have been false postive findings by BPS.

Thanks again
TheApostate

[Pieter_Arntz]

Hi TheApostate,

That leaves two options:
1. They actually added some own input to their detection, resulting in a f/p.
2. They copied a f/p which has since then been corrected in the scanner they copied it from.

I don´t think BPS would pick up on kill-bits by SpywareBlaster (you´d have a lot more findings in that case)

Regards,

Pieter

[javacool]

Quote:

quoting: Pieter_Arntz link=board=20;threadid=7221;start=0#54561 date=1050140736]
I don´t think BPS would pick up on kill-bits by SpywareBlaster (you´d have a lot more findings in that case)

Of course, assuming they copied Spybot's database, wouldn't that be a unique false-positive for PepiMK to include? (Spybot wouldn't detect it, of course, but anyone else that copied the database would...)

Just an idea.

Best regards,

-Javacool

[TheApostate]

Hi guys

Pieter, thanks, I'm still learning, so hopefully none of my thoughts/ideas/questions will be considered to "dumb" for you guys

TheApostate

[Pieter_Arntz]

Hi TheApostate,

No need to worry about that. Dumb in my book is "not willing to learn" , so you don´t fit the bill.
It takes a wise man to know his limitations and ask the right questions at the right places.

Regards,

Pieter

[Pieter_Arntz]

Warning: Another copycat has emerged.

http://www.spywareinfo.com/forums/index.php?act=ST&f=8&t=6298&hl=&s=2fe043c37b06a8d0fb23601505c3331e

Regards,

Pieter

[Mr.Blaze]

damn that f up i hope you run those thifs into the ground that so f'ed it aint funny i hope you get millions in your lawsuit.

[dvk01]

It must be April Fools Day, not Christmas

this site http://sharempeg.com/find/
a Known CWS site is advertising a spyware killer ( http://www.spykiller.com/index.asp?Ref=2580 )what is the world coming to

I assume that spyware killer is a baddie in itself.

Their blurb definitely seems to suggest that it cures all evils and removes spyware etc, while still allowing KAzaa etc to function properly

This reeks of the biggest scam on the net, especially with 50% commission paid to introducing webmasters.

[e-liam]

Hi,

h**p://mycusthelp.com/SPYKILLER/supportkbitem.asp?sSessionID=&Inc=247&sFilA=Categories&sFilB=&sFilC=&FA=-1&FB=-1&FC=-1

...is one question from the Spykiller FAQ. They have a link to download HJT at the bottom of the page, but from themselves, and not, as you might expect, from Merijn or any of those you'd trust. I'd leave it alone..

Perhaps someone with the knowhow would like to see if it's a specially re-engineered version or not.. maybe designed to hide any of their own nasties.

Paranoia... oh yeah..

Cheers

Liam

[Pieter_Arntz]

Quote:

quoting: e-liam link=board=20;threadid=7221;start=15#msg123425 date=1074946258]
Perhaps someone with the knowhow would like to see if it's a specially re-engineered version or not.. maybe designed to hide any of their own nasties.

An old version: 1.97.3

Regards,

Pieter

[Pigman]

From a hacked version of Spybot?

My God. If I wrote what I thought about these guys, I'm sure I'd get banned.

[Edited to remove insult]

[dread]

Well that one from BulletProof software in my opinion was the only other good one that you could buy. But looks like that is out the window now. The only true solution in my opinion if you are going to buy something is pestpatrol. Have you seen thier database PestPatrol detects 124,081 pests as of May 14, 2004 . These pests are grouped into families, each of which has a unique name. PestPatrol detects 20,796 families. I looked at that webroot one it only did like 5000 or 7000 and that one from BulletProof software did more than the one from webroot(Spy Sweeper) from what I seen. http://www.pestpatrol.com/Stats/ is pestpatrol's site. To bad I liked that one from BulletProof the only real competition pestpatrol had. I got some freinds that has the one from BulletProof thanks for the info sure will tell em and watch this forum for updates.

[MCT]

Quote:

Another interesting thing: there is someone 'spamming' at download.com: Spybot-S&D and AdAware have received thousands of negative feedbacks with the same text (CNet is removing them constantly), but the BPS Remover has gotten more than 10.000 positive feedbacks from the same name and the same text."

Ive noticed this for other programs too, ppl have gone as far as 2 steal moderators identities to post bad comments about a program,
ive noticed this on "Avant Browser"'s forum people posting that users of cnet are posting untrue statements, i have stopped reading user reviews from there, cuz i dont know who 2 believe

just my 2 cents, thanks

[Emoticon Man]

TeMerc Internet Security Site "Questionable Anti-Spyware" List

Some beauts:

"WarNet is owned and run by the same people who own andrun C2 Media, producers of the infamous lop parasite."

Trusting the same people who put your privacy in danger with protecting it? No thanks, I'll pass.

"SpywareLabs produce a parasite detection program called Virtual Bouncer, with a removal option requiring payment."

Sounds like a computerized version of the protection racket.

"StopSign detects the free spyware removers Ad-Aware and Spybot as 'attackware'."

"Attackware" must be a compliment, I take it.

"xp -AntiSpy... disables some [functions] that are said to phone home to Microsoft[, but] contain[s] a dialer named SecurityTipps."

What's that... don't let Microsoft spy [edit]on[\edit] you, let us do that instead?

[none_but_the_brave]

The genuine XP-Anti-Spy is a jolly useful app and I'm more than happy to run it on my computer.
Unfortunately,some miscreant saw fit to set up a bogus XP Anti-Spy download site with a .de suffix.This imposter comes with a hidden payload-namely a dialer.

There are clear warnings about this scam on the genuine xp-antispy.org site.Felt I had to put the record straight as Chris,the writer of XP Anti-Spy is blameless and deserves respect,not derision.

It would be interesting if the modified database entries in the real thing were to point at these fake tools, though I don't think that they'd be unjustified in having an explicit entry to remove them.

[Nick]

Here's a nice page that lists many suspect and bad spyware removal programs which is maintained by Eric Howes of IE Spyad fame. It also contains other info such as how to avoid undesirable links caused by Google ads that have been flooded by the bad antispyware sites and links to trustworthy spyware removal programs such as Ad-Aware, Spybot search & Destroy, and more.

This list supercedes any other lists that have been posted on the Spyware Warrior blog and forum.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Don't trust what's on that site. The company I work for has just noticed one of our products listed there as a rogue spyware cleaning program.

We'll be taking legal action against this loser.