# Anti-Spyware Coalition..Do you trust them?



## MicroBell (Sep 21, 2004)

In my endless search for malware related issues and keeping up on the latest developments of the security industry I came across several blogs blogging about the latest news from the Anti-Spyware Coalition. At present they are trying to come up with a definition of what spyware really is.

http://www.antispywarecoalition.org/documents/definitions.htm

Now....those of us that remember the organization *"COAST"* know that when you have members that are somewhat sympathetic to adware/spyware vendors it calls into question that organizations resulting conclusions. I was surprised to find which companies belong to this Anti-Spyware Coalition that we are supposed to trust to defend us against these bad guys. Here they are....

*Aluria  
AOL  
Blue Coat Systems 
Canadian Coalition Against Unsolicited Commercial Email 
Canadian Internet Policy and Public Interest Clinic 
Center for Democracy & Technology 
Computer Associates 
CyberSecurity Industry Alliance 
Dell, Inc. 
EarthLink 
F-Secure Corporation 
HP  
ICSA Labs 
LANDesk 
Lavasoft 
McAfee Inc. 
Microsoft  
National Center for Victims of Crime 
Panda Software 
PC Tools 
Safer-Networking Ltd. 
Samuelson Law, Technology & Public Policy Clinic at Boalt Hall, UC Berkeley School of Law 
Sophos 
Symantec 
Tenebril 
Trend Micro 
Webroot Software 
Websense 
Yahoo! Inc.*

Now....I highlighted several in *RED* for a reason as I want to see if your understanding match’s mine. According to the Anti-Spyware Coalitions own definitions...several of these company’s already fall into the a *"Browser Hijacking"* category.

*
Hijackers 

System Modifying Software
*
Used to modify system and change user experience: e.g. home page, search page, default media player, or lower level system functions. Without appropriate consent, system modification is hijacking.

On to the "Goodies".....

*Aluria*

Was one of the first to DELIST WhenU from their detection database. Why? Because Aluria (a Spyware detection program) went into partnership with WhenU (a known adware company)

*AOL*

Makers of that great AOL/AIM toolbar that doesn't even comply with their own privacy statements. Makers of AIM IM that installs Viewpoint without any consent from the user.

*O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe*

*Dell*

Installs a "Browser Hijacker" *Myway/Mysearch* on all new Dell PC's
http://www.doxdesk.com/parasite/MySearch.html

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll*


*EarthLink*

Installs a "Browser Hijacker" along with so much junk it's unreal...

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mo...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe*

*HP*

Installs "Browser Hijacker" on their PC's

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop*

*Microsoft *

Delists several adware/spyware products from their MS Antispyware utility and sets them to "Ignore". Basically telling you they are *OK* to keep.

*Claria*, *180Solutions*, *WhenU*, *New.net*, most *WhenU* apps, *eZula*,*TopText*, *Gain/Gator*, and *Webhancer*

*Yahoo! Inc*

Installs a "Browser Hijacker" when user installs SBC for internet access. Several ISP providers (BT, LongPond and others) also install this same hijacker.

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btyahoo.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ 
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll 
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll 
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll 
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll*



Now I ask you....are these the kind of companys you want to rely on to set the standards for what adware/spyware definitions should be?


----------



## POADB (Jul 28, 2004)

Not to mention the connection between Vundo and Dell/Myway.

MB. You should really voice these concerns (in writing if you wish) at one of these summits. They should all be notified, especially those listed above... to leave our pcs alone!!!! 

In my opinion Dave, since a few in the list fall under our definition of adware,spyware/undesirable programs, maybe this is why they are trying to define the term 'spyware'? You know - butter up the concept so that they are not considered to be such venders????


----------



## tetonbob (Jan 10, 2005)

Ugh.....here we go again.

I've been leaving some of those alone. Armed with this info, shall I kill them all? 

:4-gun: :4-guns:


----------



## POADB (Jul 28, 2004)

No Bob.

Just stick to our normal removals. As discussed with MB, removing some of the others can result in that particular service not working correctly - which in some cases includes their connection or functionality of the internet. (i.e AOL, Earthlink, Net Zero etc etc..)


----------



## RavenMind (Mar 8, 2005)

I think we will find the purpose of "defining" spyware is ultimately going to be geared toward future legislation. We are seeing more & more cases of malware abuse brought to the courts who all seem to be dealing with them in different ways. I think heavier & specific legislation of malware is in the near future. Companies like these know that when it comes to legality, it's all in the definitions. An organization with members like these is likely to infuence the way lawmakers & courts define spyware, and therefore may be able to make themselves loopholes before the ink even dries.

I think any 'definitions' this organization puts forth should be reviewed closely, and if found to leave holes, denounced very loudly!


----------



## POADB (Jul 28, 2004)

I say they actually ask the experts who deal with spyware daily to define malware. Those considered or are known to be malware/adware/spyware should have no say in the matter.


----------



## MicroBell (Sep 21, 2004)

For the most part..they are Rich. Whats an unknown factor..is those companys I listed true stance on adware/spware. I mean if Microsoft (one of the biggest companys with an army of lawyers) caves to those adware/spyware makers how can you lend anything to their opinion on the subject?


----------

