Suzi Turner, of SpywareWarrior.com fame, had said she would do a review of Windows Defender Beta 2, and she’s finally gotten around to it. I myself plan on reviewing it, but it’s little league baseball time and I have been very busy in the evenings. I may end up waiting until my son get’s his machine all infected again.
As promised a few days ago, I finally got a virtual machine upgraded to Service Pack 2 for testing Windows Defender Beta 2. For the sake of convenience, I’ll refer to it as WD for most of this post. When I wrote about WD previously, I mentioned the review at PCMag.com where WD was tested against 6 keyloggers, which is not a particularly valuable test in my opinion.
The tests were done on a virtual machine with Windows XP with SP2, fully patched, running in VMware Workstation 5.5.1. Testing consisted of two parts. For the first test, I had WD running with all components of real-time protection turned on. I surfed to Claria’s website and downloaded two Claria apps, GotSmiley and a screensaver. When I downloaded the apps, Windows Defender presented an alert and asked whether or not to remove, get more information or ignore. I chose ignore and allowed the installation. After installation, I did the full scan and WD detected both apps correctly and asked me to select an action.
In the second test, I went to a website known to spyware researchers as a consistently reliable source of spyware. Immediately prior to going to the site, I ran InCtrl5 in order to track changes to the system. I turned off WD’s real-time protection for this test so I could test scan and removal capabilities. I had to restart the test twice because the vm quickly became so infested it froze. On the third try, after about 5 minutes on the site, I disconnected NAT, killing the internet connection for the vm, so I didn’t lose control of the machine. Before running any scans I ran InCtrl5 again. In less than 6 minutes, the spyware had added 230 registry keys, deleted 32 keys, added 386 values, deleted 82 values, changed 46 values, added 16 folders, and added 389 files. I ended up with the following:
CmdServices, also known as Command
NetMon aka Network Monitor
Paytime.exe, related to CoolWebSearch
AvenueMedia/Internet Optimizer also known as DyFuCa
TagASaurus, aka enbrowser
drsmartload1.exe aka Troj/Drsmartl-N
Service: Windows Overlay Components – file name C:\WINDOWS\tihotdj.exe, aka Trojan.Adclicker
My homepage was changed to c:\secure32.html
Click here to read the results, they are very interesting as it includes some info about the major free anti spyware programs. I just wish she would’ve included X-Cleaner in it as well, as it is one of the best programs, in my personal opinion. Suzi posted an article about the review here, but that just links to the zdnet post, the main reason to click there is to read everything else, loads and loads of spyware info, including research and info on our favorite spyware app, 180solutions.
In an article posted at News.com, 180 Solutions announced that they have upgraded their security to keep some of their distributors from forcing their crappy software on users.
This is so funny, it’s taken me a couple hours to actually write this. First, if they have distributors who are forcing this stuff on users computers, then you get rid of the distributors, you fix your distribution model, it would be so easy for them to figure out who is doing this stuff. If they would police thier affiliates, it would fix a lot of OUR problems.
“Today’s announcement is the culmination of many months of hard work focused on building technology that is more resistant to unauthorized, nonconsensual installations of our software,” Keith Smith, CEO and co-founder of 180solutions, said in a statement.
Must stop laughing….
In addition to launching the new Seekmo Search Assistant, which will notify 180solutions of fraudulent downloads, the company announced that it will do away with 180search Assistant, one of its more controversial products.
Everybody remember that name “Seekmo Seach Assistant”, as it will probably be the software you will see after you have been blind sided by a driveby install, hehe. And I wonder what they mean by do away with, that probably just means that they won’t be advertising it anymore, it will still be forced on your pc’s by their “affiliates” since they can’t “track” this version. Will still be seeing it five years from now I bet.
The new software from 180solutions tracks and identifies compromised distribution channels through several different sources, including customer feedback. If the data reveals a potential fraud, then the company will notify customers who may be affected and will allow them to uninstall the software with “one-click removal,” the company said in statement.
Now there is an innovation, allow the user to uninstall it with one click, if every piece of software was this easy to uninstall…. wait, most software is that easy to uninstall. Most software allows removal thru the control panel, ah well, maybe they will catch up one day, we can’t blame them, they just write the stuff….wait, we can blame them.
“This takes away the financial incentive of fraudulent downloads,” said Sean Sundwall, a spokesman for 180solutions.
Hehe, it doesn’t take away the financial incentive for 180 solutions, we’ll still be seeing this stuff for years, who are they trying to kid.
Speaking of big ugly green worms, 180 solutions has filed suit against Zone Labs, for, and I quote,
At the heart of 180solution’s suit is the assertion made by San Francisco-based Zone Labs that 180′s products try to monitor a user’s “mouse movements and keyboard strokes.”
I posted about this on the RealTechNews website and they accused me of sloppy reporting because I was talking about other things they were doing, not wether they are keylogging or not. Well, who cares? Only 180 and everyone they give a paycheck too. I have not looked at the Zone Labs product, but I am assuming when they are listed as high risk, they are automatically removed, and maybe when they aren’t flagged as high risk, they are not automatically removed. Anyone who uses the product want to tell me for sure?
Such a characterization has damaged the reputation of the products, 180solutions contends, prompting one potential business partner to postpone a deal and many of 180solutions’ users to uninstall the software, according to a copy of the suit obtained by CNET News.com.
Damages their reputation, excuse me while I finish laughing…..
Okay, how can anyone damage their reputation? Search for 180solutions and see what comes up on google and any other search engine.
The suit comes as 180solutions attempts to improve its public image and continues to take fire from anti-spyware groups, which characterize many adware products as computer-privacy time bombs.
Now, 180solutions is firing back. In the lawsuit, filed in the Superior Court of King County, Wash., last month, the company claimed that Zone Labs identified both the Zango and 180search Assistant applications, which deliver pop-up ads to users as they perform Web searches, as a “potential threat to the user’s security and/or privacy.”
They are a threat to users, they have to know where the users are going to pop up those ad’s, if they didn’t know what or where, then how would they pop up targetted ad’s?
Just look at some of the recent evidence from some of the esteemed spyware researchers, Spyware Warrior, Sunbelt and Wayne Porter. Read some of the older stuff you can find on google and you’ll see what they were like, so they’re not that much different now, they are just trying to fly under the radar. I don’t know why I am getting myself all worked up about it, I’ll just keep removing them from every pc I come in contact with, and maybe someday, somebody somewhere will finally decide this stuff is illegal and they will go away, until they come up with some other scheme to make money.
Anyway, if you ever see any pop ups on your computer that mention zango, 180solutions, search assistant, etc, then you have their programs installed and they can be removed by all of the free programs, like adaware and spybot, search and destroy.
180solutions, facing a class action lawsuit, just recently laid off 20% of it’s workforce, or about 50 employess, according to an article at MediaPost. Note: Registration is required to read the article, I’ve quoted it below.
The layoffs took place across all departments, said Sean Sundwall, director of corporate communications at 180solutions.
He added that the layoffs were part of a reorganization that will better position the company to focus on three core initiatives: its search assistant, search suite, and an automated platform for publishers. “We’re confident this realignment will better position us to accomplish our long-term goal,” he said in an e-mail to OnlineMediaDaily.
180solutions isn’t the only adware company to struggle in the face of consumer backlash against pop-up ads. Rival company Direct Revenue–also facing a class-action lawsuit–recently laid off 40 staffers, or one-third of its workforce.
It’s funny how these adware companies are just now trying to clean up their acts, wonder if it has anything to do with lawsuits, consumer backlash or investigations by people like the Attorney General in New York, Spitzer.
180solutions has made efforts to buff its public image lately. Just last week, the company announced that it no longer allows third parties to distribute 180solutions software through Active X, unless 180solutions itself controls the installer. In another measure to curtail drive-by installations, the company has brought litigation against former distributors.
Can’t believe someone would try to take advantage of poor ol 180solutions that way.
180solutions also has cut off at least 500 distributors since the beginning of the year, and has implemented new procedures that make it harder to install software on consumers’ computers without first displaying the license agreement that informs them that 180solutions will serve pop-up ads.
Ya, well it’s too little too late I say. If these people had some sense and some morals whenever they started this PIECE of software, then they wouldn’t have to back peddle and explain their actions, if they hadn’t started out stealing from website operators, they might get a little co-operation from webmasters. If they had morals and sense of fair play, they wouldn’t be hounded by attorney generals, they wouldn’t be targeted by spyware removal software. No one will miss their company when it’s gone, and it will be a sorry little footnote on the big ol’ internet.