[Dshield] OT: Discussion forums for spyware, adware and malware in general?

Kenneth Coney superc at visuallink.com
Thu Dec 4 04:56:06 GMT 2003

Subject: [Dshield] OT: Discussion forums for spyware, adware and malware in 
From: "Shawn Cox" <shawn.cox at pcca.com>
Date: Wed, 3 Dec 2003 08:40:40 -0600
To: "General DShield Discussion List" <list at dshield.org>

Does anyone have any resources for discussing adware, spyware and malware in
general?  We have discovered an adware infected pc which cannot be cleaned
by any of the major tools.  It's a modified version of ClientMan and it's a
rat B4st4rd.  I have the feeling that these nasty ad/spy-ware type apps are
going to become as bad as viruses in their mutation and difficulty in

Harder than you know.  Read what LavaSoft (the makers of Adaware said in 
their newsletter.  Someone gonna talk to Dell?

"Wake Up Call
Editorial by Aaron Hulett - Chief Research Officer, Research & Development

Currently there are some discussions within the security and privacy 
communities surrounding Dell Inc.'s stance that they do not endorse the use 
of spyware removal software and cannot provide support for them, and the 
alleged instruction to its support staff to not provide support for 
removing such items from users' computer systems, even if such items are 
causing the undesired issues described by the caller.  Some in the 
community see it as the user's total responsibility, citing that they 
should have known enough to not install unwanted items like this in the 
first place.  Some see it as crumbling to 'pressure' from manufacturers of 
programs that track usage information or display pop-ups during use. 
Others see it as a precautionary move against violating End User License 
Agreements (EULAs) that users have agreed to when installing such software.

But the big picture is that many are moving away from aiding in removing 
trackware or advertising-based applications for fear of being sued for 
mislabeling or for helping the user violate EULAs.  The industry is taking 
a precautionary stance, and it's paving the way for data-mining companies, 
browser hijackers, and other various commonly unwanted applications to 
spread like wildfire, with nothing standing in their way.  The swarms of 
user frustrations over why their homepages keep changing, or why pop-ups 
appear out of the blue, are heard only by the few that are willing to help. 
  But even then, some invoke questionable remedies, including illegal 
'fixes' that the user has no idea they're doing, including replacing files 
with 'dummy' replacements which trick applications into thinking the 
agreed-to component is still present, when in fact it's not.  Or even 
worse, they illegally reverse-engineer programs, removing the commonly 
unwanted components, and upload their versions for distribution.  So, when 
companies, such as Dell, take the position they have, can you really blame 

The issue, when it comes right down to it, is that, based on user reactions 
posted in our support forums, in the majority of cases, most users were 
unaware of installing data-mining or pop-up-causing or homepage-hijacking 
programs and etc. in the first place.  Reasons?  First off, many EULAs are 
either confusing, or simply bury the fact they're installing data-mining or 
advertising modules along with their software.  Some are even worse and 
install such software even if the EULA has been disagreed with, and the 
installation terminated at that time.  Even worse than that is when items 
are unknowingly installed by simply visiting a homepage, or by masking 
their download as something different.  The user doesn't know it's been 
installed until after the pop-ups begin, or their homepage unexpectedly is 

The solution?  From the discussions I've seen, some among the security and 
privacy communities believe that the users should be responsible for what's 
present on their computers, and that ultimately, if something's installed 
on their systems that's causing undesired operation, they should have taken 
responsibility to read the EULAs prior to installing, and should therefore 
be responsible for removing it on their own.  And in a way, that's true. 
Instead of zipping along the installation, possibly clicking the Agree 
button to an EULA they haven't fully read, they should take the time to 
read and understand what's stated within.  But users have a lot stacked 
against them.  Some may find the EULAs confusing, or simply miss the one or 
two sentences explaining that data-mining, pop-ups, homepage switching, or 
other activities not normally associated with an installation will occur 
when the install is performed, as they're located intertwined with the 
other information.  Some EULAs don't disclose that it's going to happen, or 
they don't fully explain what information, if any, is collected while using 
a product.  Some perform what we call a fly-by install, where the user 
doesn't even know the install has occurred until after its undesired 
effects have started.  Some don't even have an uninstaller!

Seeking help, users then turn to their support channels.  It is unfortunate 
that for many, one support channel has now joined the seemingly growing 
list of support channels unable to assist with removing items such as those 
presented for removal by a consumer-reporting tool such as Ad-aware.  Of 
course, we will continue to inform and educate users about what's running 
on their systems, and what they may want to be aware of present. And also, 
just as we have from the beginning, we will not support violating the EULAs 
of applications by placing 'dummy' files to trick programs into thinking 
the EULA is being complied with.  The user must either accept the 
components as per the EULA, or seek a different application.  But, the only 
way to reach the goal of ridding security and privacy concerns such as this 
from occurring in the first place is if the community sticks together in 
enforcing that many users simply prefer not to have these types of things 
as requirements to use software, and that to them, placing such items on 
their systems is unacceptable."

More information about the list mailing list