The "black sheep" in the anti-spyware business...

Discussion in 'other anti-malware software' started by javacool, Feb 12, 2003.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    The

    IMPORTANT INFORMATION

    Original post can be found at the Official Spybot S & D forums here: http://forums.net-integration.net/index.php?showtopic=1696

    Quote:

    "While many people in the anti-spyware sector are doing this mostly because they are dedicated to security and privacy, there are always a few black sheep trying to make quick money using the fear of many users.

    Two such black sheeps are BulletProof software with their Spyware and Adware Remover and TrekBlue with their SpywareNuker.
    Both products are based on a hacked version of the Spybot-S&D database. Evidence for this is very clear as the Spyot-S&D contains quite some entries to determine such theft.
    These entries are wrong entries, some detecting things that do not really exist, some detecting minor threats under the wrong name, etc.. These tricks are absolutely harmless to the normal user of Spybot-S&D, but do clearly identify a stolen version of the Spybot-S&D database. Both products mentioned above detect exactly the same 'mistakes' the Spybot-S&D database contains.

    I am in contact with two attourneys to sue these two companies.
    I recommend that you use neither of the two programs mentioned above. Using them is a copyright infringement!!!
    (and in addition you won't get more than with Spybot-S&D, as they are based on older Spybot-S&D databases)

    Another interesting thing: there is someone 'spamming' at download.com: Spybot-S&D and AdAware have received thousands of negative feedbacks with the same text (CNet is removing them constantly), but the BPS Remover has gotten more than 10.000 positive feedbacks from the same name and the same text."

    [hr]

    Short version: BPS Spyware Remover is using a hacked version of Spybot S & D's database. Do not download their software.

    UPDATE: Recent information has also pointed to an interesting similarity between BPS Traces Remover and WindowWasher...

    Best regards,

    -Javacool
     
    Last edited: Jun 30, 2004
  2. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    The sincerest form of flattery
    http://www.spywareinfoforum.com/newsletter/archives/feb-2003/13.php
    By: Mike Healan
    Imitation may be the sincerest form of flattery, but Nicolas Stark of Lavasoft and Patrick Kolla of PepiMK Software don't feel the least bit honored by companies they both claim are illegally copying their work. Stark and Kolla are the developers behind the two most popular spyware removal programs in the world, Ad-aware and Spybot S&D. Both developers have issued statements in the last few days indicating that their software has been reverse engineered and copied by various companies.
    Earlier this week, Kolla posted a statement at the Spybot support forums accusing Trek Blue's SpywareNuker and BulletProofSoft's Spyware Remover of using a hacked copy of Spybot's encrypted target database. The target databases of BPS Spyware Remover and Trek Blue SpywareNuker both contain flaws that are also present in Spybot's database. The flaws are small things, such as one target which is detected under the wrong name as well as some targets present in Spybot's database which do not actually exist. Developers often introduce harmless flaws such as these into their software to identify unauthorized copies. Allegedly both SpywareNuker and BPS have the exact same errors and non-existent targets in their databases. Kolla has stated his intention to file lawsuits against both TrekBlue and BulletProofSoft for copyright infringement.
    I've discussed Spyware Nuker before. I won't link to the web site since the home page loads an activex script which installs the program, possibly without prompting if security settings are set too low. At one point SpywareNuker was being labeled spyware and was even added to Spybot's database as a spyware target.
    Lavasoft's owner Nicolas Stark has posted a similar statement at Lavasoft's support forums saying that BulletProofSoft's Spyware Remover and another program called Spycleaner are reversed engineered copies of the older 5.8x version of Ad-aware. Stark points out that both BPS Spyware Remover and Topdownload's Spycleaner have an interface that is nearly identical to the previous version of Ad-aware. Mr Stark indicated that he is considering taking legal action against these companies.
    More...

    </shameless plug> ;)
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    And Mike's site is open 24/7 for discussion on many topics with great people.


    another </shameless plug> :D
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Unnecessary (already knew that) and off-topic. ;)

    Regards,

    Pieter
     
  5. TheApostate

    TheApostate Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    22
    Lo there all

    I'd like to ask a question here, as it sems appropriate in this thread. I've been using BPS Spyware Remover alongside both adaware and spybot and it has persisitently found a "freescratchandwin" entry in the registry which both adaware and spybot "missed." In light of this developement, is this one of those "flaws" that is in both databases that exposes this nonsense from BPS. I'd appreciate some thought and insight, cos if it is, BPS gets removed till they get their act together and make a lot of disgruntled folk really really happy. I for one am not going to use their products till I'm happy that anything and everything they're doing is on the up and up and totally legitimate. And the worst of it is I actually liked their product. :mad: :'(

    Regards to all
    TheApostate
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    If you had really been hit by FreeScratchandWin you would find this startup entry: HKLM\..\Run: [FSW] C:\Program Files\FSW\fsw.exe
    and this one {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - h**p://www.freescratchandwin.com/files/fswinst07.cab in your Downloaded Program Files.
    Could you tell us exactly what BPS found? Just curious. ;)

    Regards,

    Pieter


    Made the link to FSW unclickable
     
  7. TheApostate

    TheApostate Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    22
    Hi Pieter

    Sorry about the length of time in replying, don't know how I missed your reply, esp seeing as I was looking out for one. Methinks I need a new pair of glasses perhaps :rolleyes: :cool:

    As far as I can remember it only ever mentioned that it had found the fsw, but none of the entries you mentioned. I could run scan after scan right after each other and it would always find it. What had me puzzled was the fact that neither adaware nor spybot found anything. I also run spywareblaster, so it had me puzzled. I've never had any problems with the FSW before then, nor since. If you need that info, I would have to see if I still have my copy of BPS to hand and reinstall it and let you know.

    I've run regedit and did ind this entry :-HKLM\software\microsoft\IE\activex compatibility\ ---- in the right pane it says compatibility flags 0x00000400(1024).

    In the absence of anything else I'm presuming that this is a Spywareblaster killbit entry. Will search my system for the other files and see if they there and let you know.

    Thanks
    TheApostate
     
  8. TheApostate

    TheApostate Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    22
    HI again Pieter

    Just finished checking my system and so far no traces of the cab file you mentioned in the dowloaded prgram files folder or anywhere else for that matter. So it would seem to me to have been false postive findings by BPS.

    Thanks again
    TheApostate
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi TheApostate,

    That leaves two options:
    1. They actually added some own input to their detection, resulting in a f/p.
    2. They copied a f/p which has since then been corrected in the scanner they copied it from.

    I don´t think BPS would pick up on kill-bits by SpywareBlaster (you´d have a lot more findings in that case)

    Regards,

    Pieter
     
  10. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    Of course, assuming they copied Spybot's database, wouldn't that be a unique false-positive for PepiMK to include? (Spybot wouldn't detect it, of course, but anyone else that copied the database would...) :rolleyes:

    Just an idea.

    Best regards,

    -Javacool
     
  11. TheApostate

    TheApostate Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    22
    Hi guys

    Pieter, thanks, I'm still learning, so hopefully none of my thoughts/ideas/questions will be considered to "dumb" for you guys :eek: ;)

    TheApostate
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi TheApostate,

    No need to worry about that. Dumb in my book is "not willing to learn" , so you don´t fit the bill. :)
    It takes a wise man to know his limitations and ask the right questions at the right places.

    Regards,

    Pieter
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Warning: Another copycat has emerged.

    http://www.spywareinfoforum.com/forums/index.php?act=ST&f=8&t=6298&hl=&s=2fe043c37b06a8d0fb23601505c3331e

    Regards,

    Pieter
     
  14. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :mad:damn that f up i hope you run those thifs into the ground that so f'ed it aint funny i hope you get millions in your lawsuit.
     
  15. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It must be April Fools Day, not Christmas

    this site http://sharempeg.com/find/
    a Known CWS site is advertising a spyware killer ( http://www.spykiller.com/index.asp?Ref=2580 )what is the world coming to

    I assume that spyware killer is a baddie in itself.

    Their blurb definitely seems to suggest that it cures all evils and removes spyware etc, while still allowing KAzaa etc to function properly

    This reeks of the biggest scam on the net, especially with 50% commission paid to introducing webmasters.
     
  16. e-liam

    e-liam Spyware Fighter

    Joined:
    Dec 10, 2003
    Posts:
    2
    Hi,

    h**p://mycusthelp.com/SPYKILLER/supportkbitem.asp?sSessionID=&Inc=247&sFilA=Categories&sFilB=&sFilC=&FA=-1&FB=-1&FC=-1

    ...is one question from the Spykiller FAQ. They have a link to download HJT at the bottom of the page, but from themselves, and not, as you might expect, from Merijn or any of those you'd trust. I'd leave it alone.. :)

    Perhaps someone with the knowhow would like to see if it's a specially re-engineered version or not.. maybe designed to hide any of their own nasties.

    Paranoia... oh yeah.. :)

    Cheers

    Liam
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    An old version: 1.97.3

    Regards,

    Pieter
     
  18. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    These people are trying to make money...

    From a hacked version of Spybot?

    My God. If I wrote what I thought about these guys, I'm sure I'd get banned.

    [Edited to remove insult]
     
  19. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
    Re: The "black sheep" in the anti-spyware business...

    Well that one from BulletProof software in my opinion was the only other good one that you could buy. But looks like that is out the window now. The only true solution in my opinion if you are going to buy something is pestpatrol. Have you seen thier database PestPatrol detects 124,081 pests as of May 14, 2004 . These pests are grouped into families, each of which has a unique name. PestPatrol detects 20,796 families. I looked at that webroot one it only did like 5000 or 7000 and that one from BulletProof software did more than the one from webroot(Spy Sweeper) from what I seen. http://www.pestpatrol.com/Stats/ is pestpatrol's site. To bad I liked that one from BulletProof the only real competition pestpatrol had. I got some freinds that has the one from BulletProof thanks for the info sure will tell em and watch this forum for updates.
     
  20. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    Re: The "black sheep" in the anti-spyware business...

    Ive noticed this for other programs too, ppl have gone as far as 2 steal moderators identities to post bad comments about a program,
    ive noticed this on "Avant Browser"'s forum people posting that users of cnet are posting untrue statements, i have stopped reading user reviews from there, cuz i dont know who 2 believe

    just my 2 cents, thanks :D
     
  21. Emoticon Man

    Emoticon Man Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Location:
    Salinas, CA, USA, Earth, Sol System
    More throrough list of "anti-spyware" programs you shouldn't use

    TeMerc Internet Security Site "Questionable Anti-Spyware" List

    Some beauts:

    "WarNet is owned and run by the same people who own andrun C2 Media, producers of the infamous lop parasite."

    Trusting the same people who put your privacy in danger with protecting it? No thanks, I'll pass. :rolleyes:

    "SpywareLabs produce a parasite detection program called Virtual Bouncer, with a removal option requiring payment."

    Sounds like a computerized version of the protection racket. :eek:

    "StopSign detects the free spyware removers Ad-Aware and Spybot as 'attackware'."

    "Attackware" must be a compliment, I take it. :D

    "xp -AntiSpy... disables some [functions] that are said to phone home to Microsoft[, but] contain a dialer named SecurityTipps."

    What's that... don't let Microsoft spy [edit]on[\edit] you, let us do that instead? :p
     
  22. none_but_the_brave

    none_but_the_brave Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    1
    Re: The "black sheep" in the anti-spyware business...

    The genuine XP-Anti-Spy is a jolly useful app and I'm more than happy to run it on my computer.
    Unfortunately,some miscreant saw fit to set up a bogus XP Anti-Spy download site with a .de suffix.This imposter comes with a hidden payload-namely a dialer.

    There are clear warnings about this scam on the genuine xp-antispy.org site.Felt I had to put the record straight as Chris,the writer of XP Anti-Spy is blameless and deserves respect,not derision.
     
  23. Anonymous

    Anonymous Guest

    Re: The "black sheep" in the anti-spyware business...

    It would be interesting if the modified database entries in the real thing were to point at these fake tools, though I don't think that they'd be unjustified in having an explicit entry to remove them.
     
  24. Nick

    Nick Registered Member

    Joined:
    May 14, 2002
    Posts:
    187
    Location:
    California
    Re: The "black sheep" in the anti-spyware business...

    Here's a nice page that lists many suspect and bad spyware removal programs which is maintained by Eric Howes of IE Spyad fame. It also contains other info such as how to avoid undesirable links caused by Google ads that have been flooded by the bad antispyware sites and links to trustworthy spyware removal programs such as Ad-Aware, Spybot search & Destroy, and more.

    This list supercedes any other lists that have been posted on the Spyware Warrior blog and forum.

    http://www.spywarewarrior.com/rogue_anti-spyware.htm
     
  25. Re: The "black sheep" in the anti-spyware business...

    Don't trust what's on that site. The company I work for has just noticed one of our products listed there as a rogue spyware cleaning program.

    We'll be taking legal action against this loser.
     
Loading...
Thread Status:
Not open for further replies.