HOSTS Spybot F-Secure BackWeb

[Ron Reaugh]

What in general constitutes malicious or criminal distribution of harmful
and uninvited code/programs? Such is generally clear in situations like the
Swen virus which is a crime and arrests are made.

Here's one I dealt with recently which I'll indict the BackWeb folks. And
F-Secure because of their un-natural association therewith.

Suddenly one afternoon at a small company an XP Pro(fully patched and Nav
latest defs protected) workstation was unable to find/bring-up
www.google.com on the web. Each time a specific IP address would appear
instead. So I started investigating. The first thing of course was to
suspect a virus, trojan or worm. The fact that Google and only Google had
stopped working seemed to me to constitute a malicious interruption of
service/operation so something that NAV would find was what I started
looking for. So I double checked NAV defs to be the latest and NAV found
nothing. A search at Symantec found nothing so I decided to try another AV
program and downloaded F-Secure trialware and it found nothing. I could
find nothing wrong but just Google wouldn't work. I ran the latest Adware
6.181 + latest defs and it found a usual few things which got removed but
still NO Google operation.

So I asked myself what that strange IP was and striking out finding
anything, I simply submitted that IP to Goolge-Web and then Google-Group
on another unaffected workstation.

Soon I found that what this was is a form of "BROWSER HIJACKING".
Something that started by those sites that overwrote your homepage setting
in IE. A behavior that I consider nearly illegal when done without user
approval which is often that case. However MS seems to do it so that
implies legal acceptability.

So I downloaded SpyBot which is more agressive and more tedious than AdWare
and ran Spybot which found a ton of stuff and started removing the crap it
found. Soon I had a machine that was frozen and wouldn't complete a boot.
This was rather unexpected as I've used SpyBot before with no problems.

This new hijacking behavior involves overwriting the Windows HOSTS file and
apparently it's BackWeb code. It hijacks all searches to some brand-X
search site and apparently BackWeb contains some anti SpyBot code also.

Overwriting the HOSTS file destroyed user data as the HOSTS file was in use
at this company and of course Google operability was maliciously
interrupted. The fact that this is a file and was maliciously over written
constitutes a felony in my opinion. My Google research found that
apparently some code by the BackWeb folks, which is immediately attacked by
SpyBot and less so be AdWare, is the culprit.

Anti-Virus folks need to be lilly white and avoid all appearances of nasty
involvements. The freeze up of that XP Pro machine was due to the
interaction of SpyBot and ANOTHER VERSION of BACKWEB THAT F_SECURE FOLKS
EMBED IN THEIR TRIALWARE. That interaction caused me hours of hand
debugging and uninstalling in safe-mode to regain operability on that XP Pro
workstation.

The fact that F-Secure installed BackWeb, which attacks Spybot, on that XP
Pro machine without user permission constitutes a complete impeachment of
F-Secure as a reputable security company.

BLACKLIST if not prosecute F-SECURE.

Prosecute anyone over-writing the file HOSTS without premission.

 

[FromTheRafters]

This new hijacking behavior involves overwriting the Windows HOSTS file and
apparently it's BackWeb code. It hijacks all searches to some brand-X
search site and apparently BackWeb contains some anti SpyBot code also.

My Google research found that
apparently some code by the BackWeb folks, which is immediately attacked by
SpyBot and less so be AdWare, is the culprit.

Some bad stuff *uses* the BackWeb application
Some good stuff also does.
Each thing using the application has registry settings which
may have been messed with by you and Spybot

Anti-Virus folks need to be lilly white and avoid all appearances of nasty
involvements. The freeze up of that XP Pro machine was due to the
interaction of SpyBot and ANOTHER VERSION of BACKWEB THAT F_SECURE FOLKS
EMBED IN THEIR TRIALWARE. That interaction caused me hours of hand
debugging and uninstalling in safe-mode to regain operability on that XP Pro
workstation.

Not all BackWeb applications are bad things, Spybot IIRC warns
of problems the user may incur.

The hijacker is the culprit I think, not Spybot or F-Secure.

The fact that F-Secure installed BackWeb, which attacks Spybot, on that XP
Pro machine without user permission constitutes a complete impeachment of
F-Secure as a reputable security company.

BLACKLIST if not prosecute F-SECURE.

Prosecute anyone over-writing the file HOSTS without premission.

I laughed, I cried, I grabbed another beer.

Are you saying that the BackWeb application attacks Spybot, and
the HOSTS file has BackWeb code? ~ nevermind...

Spybot must be used with caution.

 

[Guest]

|
| Prosecute anyone over-writing the file HOSTS without premission.
|

I agree with your assessment of SpyBot: great stuff; one of its (optional)
features is to make the hosts file read-only...

SB

 

[Ron Reaugh]

I find that most your post was jibber.

No reputable computer security company should be including ANYKIND of
adware/spyware code in there downloads. I say blacklist F-Secure for so
doing.

Both Adware and Spybot remove BackWeb...therefore BackWeb is bad stuff! You
wanna supply any reputable source saying BackWeb is good stuff?

 

[Michael Cecil]

I find that most your post was jibber.

No reputable computer security company should be including ANYKIND of
adware/spyware code in there downloads. I say blacklist F-Secure for so
doing.

"you say"? You, the well known "IBM GXP drives have no problem"/
Ultra Cable shill, want people to take you seriously? Bwahahahaaa.
Why don't you commit suicide you pathetic ****? That is the one way
anyone in their right mind would find you serious - and even then it
would only be a moment before they started cheering and laughing at
your bloated corpse.

You opinion is utterly worthless.

 

[FromTheRafters]

I find that most your post was jibber.

No reputable computer security company should be including ANYKIND of
adware/spyware code in there downloads.

It is *not* adware or spyware, it is a legitimate application
that some adware and spyware abuses. E-mail worms use
SMTP, but that shouldn'r mean that anyone using SMTP
is malicious by association.

I say blacklist F-Secure for so doing.

Say it all you want, but those with a clue won't listen.

Both Adware and Spybot remove BackWeb...therefore BackWeb is bad stuff!

Erroneous conclusion.

You wanna supply any reputable source saying BackWeb is good stuff?

I will leave that to others, or will try to supply info tomorrow if nobody
else does beforehand.

Later.

 

[Ron Reaugh]

The same old trolls still seem to be around and working for F-Secure or
BackWeb possibly.

 

[Ron Reaugh]

The same old trolls still seem to be around and working for F-Secure or
BackWeb possibly.

Ah, here's the F-Secure connection(F-Prot)...thankyou mikie:
http://home.comcast.net/~antiviruscd

 

[Ron Reaugh]

The presence of BackWeb in the F-Secure download and the fact that it causes
SpyBot to hang an XP system is simply unconscionable and moves F-Secure to
the dark side.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

Both Adware and Spybot remove BackWeb...therefore BackWeb is bad
stuff!

Oho!

In addition to F-Secure, add IBM, SAP, NAI, and Check Point to the
list of evil companies partnered with BackWeb in an effort to cause
you untold amounts of trouble. Good luck with your legal action(s).

You wanna supply any reputable source saying BackWeb is good
stuff?

To refute one Usenet post which alleges that Backweb "apparently" did
something bad to your machine? I think I will pass.

 

[Colonel Flagg]

"you say"? You, the well known "IBM GXP drives have no problem"/
Ultra Cable shill, want people to take you seriously? Bwahahahaaa.
Why don't you commit suicide you pathetic ****? That is the one way
anyone in their right mind would find you serious - and even then it
would only be a moment before they started cheering and laughing at
your bloated corpse.

You opinion is utterly worthless.

never met you before in my life, but I already like you....

keep up the nice flamage


--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

 

[Colonel Flagg]

The presence of BackWeb in the F-Secure download and the fact that it causes
SpyBot to hang an XP system is simply unconscionable and moves F-Secure to
the dark side.

You're a goddamn idiot.

Backweb isn't bad, the people that MISUSE it *under certain
circumstances* would be considered bad.

a gun, when sitting in a cabinet harms no one... put it in a crack-heads
hands and someone will eventually get shot....

a piece of software, hell, let's say Internet Explorer is *meant* to
view websites, browse the web, whatever.... when placed in the wrong
hands.... you can completely and totally destroy websites with it
through Unicode Exploits...

Backweb is used by legitimate and accepted programs.

Backweb is used by illegitimate and unacceptable malicious programs.

Get the idea you ****ing moron?

 

[Ron Reaugh]

You're a goddamn idiot.

Backweb isn't bad, the people that MISUSE it *under certain
circumstances* would be considered bad.

Clueless.

Try your nonsensical rantings on the folks at SpyBot who immediately strip
out(or at least try to) that which F-Secure Trialware installs aka BackWeb.
What is F-Secure doing installing something(BackWeb) that SpyBot has
identified as something to rip out? What is F-Secure doing installing
something(BackWeb) that is SpyBot resistant and results in system hangs?
That's the smokin gun here.

Blacklist F-Secure is the obvoius course for those with a clue.

 

[Colonel Flagg]

You're a goddamn idiot.

Backweb isn't bad, the people that MISUSE it *under certain
circumstances* would be considered bad.

a gun, when sitting in a cabinet harms no one... put it in a crack-heads
hands and someone will eventually get shot....

a piece of software, hell, let's say Internet Explorer is *meant* to
view websites, browse the web, whatever.... when placed in the wrong
hands.... you can completely and totally destroy websites with it
through Unicode Exploits...

Backweb is used by legitimate and accepted programs.

Backweb is used by illegitimate and unacceptable malicious programs.

Get the idea you ****ing moron?

--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

 

[Ron Reaugh]

Oho!

In addition to F-Secure, add IBM, SAP, NAI, and Check Point to the
list of evil companies partnered with BackWeb in an effort to cause
you untold amounts of trouble. Good luck with your legal action(s).


To refute one Usenet post which alleges that Backweb "apparently" did
something bad to your machine? I think I will pass.

Try your arguments on the folks who wrote SpyBot who attempt to rip out the
implementation of BackWeb which F-Secure trialware installs. Are there any
good instances of BackWeb that adware/spyware removal tools approve of???
Centainly F-Secure's BackWeb implementation is NOT one of those.

Computer software security companies must be held to a higher standard.
They can NOT even appear to be allowing/installing anything hidden or
anything that anyone might consider intrusive, malicious or harmful. Even
if one experienced NO ill effects(in this case there were ill effects),
F-Secure has NO business installing some code that is hidden and not known
to the user in a virus removal situation; that's unethical at a minimum.
F-Secure should be blacklisted from the list of reputable computer security
companies for this gross impropriety.

 

[Colonel Flagg]

Clueless.

Try your nonsensical rantings on the folks at SpyBot who immediately strip
out(or at least try to) that which F-Secure Trialware installs aka BackWeb.
What is F-Secure doing installing something(BackWeb) that SpyBot has
identified as something to rip out? What is F-Secure doing installing
something(BackWeb) that is SpyBot resistant and results in system hangs?
That's the smokin gun here.

Blacklist F-Secure is the obvoius course for those with a clue.

no only are you a ****ing moron, you don't have the ability to be
anything else.

you're now in the *plonk* file.

and you're dismissed.

see folks, "ron reaugh" is what happens when cousins breed.



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

 

[Ron Reaugh]

message > you're now in the *plonk* file.

The usual response of the outwitted and classless trolls.

 

[Jeffrey A. Setaro]

Clueless.

Pot. Kettle. Black.

Try your nonsensical rantings on the folks at SpyBot who immediately strip
out(or at least try to) that which F-Secure Trialware installs aka BackWeb.
What is F-Secure doing installing something(BackWeb) that SpyBot has
identified as something to rip out?

F-Secure uses Backweb to deliver definition updates automatically. (The
retail versions of F-Secure AV also use Backweb to download and install
product updates. )

SyBot is wrong. It's that simple!

What is F-Secure doing installing
something(BackWeb) that is SpyBot resistant and results in system hangs?
That's the smokin gun here.

ROLFMAO! The only "smoking gun" here is the one pointed at you... You
clearly didn't bother to read any of the F-Secure product documentation.
F-Secure doesn't hide the fact they use Backweb to deliver updates.

(I'm not sure about the retail versions but you can opt not to install
Backweb in the enterprise versions.)

Blacklist F-Secure is the obvoius course for those with a clue.

Nah... Lets blacklist you (seeing as you are completely clueless).

 

[Bill ®]

F-Secure uses Backweb to deliver definition updates automatically.

And has for a long time. It's common knowledge and they make no secret
of it. It works.

 

[»Q«]

(Sorry for the 'followup-to: poster' in my previous reply - it was
inadvertent.)

Try your arguments on the folks who wrote SpyBot who attempt to
rip out the implementation of BackWeb which F-Secure trialware
installs.

I'm not responsible for advising the Spybot team on how they should
handle or not handle BackWeb. Nor do I particularly care. Since
you are the one who ran into trouble using Spybot, perhaps you
should contact them about it.

Are there any good instances of BackWeb that
adware/spyware removal tools approve of??? Centainly F-Secure's
BackWeb implementation is NOT one of those.

You gotta get over your worship of the authority of Spybot and
Ad-aware if you want to be able to think through this.

But if you really want to try to have Spybot crash your system
again, you could install the enterprise version of McAfee along with
its BackWeb stuff and see what happens.

Computer software security companies must be held to a higher
standard. They can NOT even appear to be allowing/installing
anything hidden or anything that anyone might consider intrusive,
malicious or harmful.

There will always be someone who considers any given app intrusive,
malicious, or harmful. Expecially any app that tries to connect to a
server to pull updates for itself.

Even if one experienced NO ill effects(in
this case there were ill effects), F-Secure has NO business
installing some code that is hidden and not known to the user in a
virus removal situation; that's unethical at a minimum.

All commercial AV products install "code that is hidden and not
known to the user." There's an open source AV project out there
somewhere, but nobody seems to think it's very promising.

F-Secure should be blacklisted from the list of reputable computer
security companies for this gross impropriety.

Yeah! You should put up a web page with a petition! That'll show
them!

That's enough crossposting - I'm past my limit for the year now.
Bye.