MSAS and Claria Detection - an Objective View

[Steve Moss]

There has been a lot of traffic, both here and on other forums of late
concerning both MSAS's detection of Claria adware, and MS's rumored
talks with Claria.

Many of the adverse comments and knee-jerk reactions, though, appear to
be borne out of prejudice (against MS) or clouded thinking. Let me make
it clear that my view is that the Claria adware threat level should be
returned to its previous state, and that MSAS's default recommendation
for it is reset to 'Remove'. I believe this is the view of many others,
too. But ... this is based on my view of the nuisance that Claria
adware poses to users of computers infected by it, rather than on any
emotional or other factors.

The *facts* are this:

1. MSAS, with its latest definitions in place, correctly alerts the
user on multiple occasions when Claria adware components are being
installed. This has been amply articulated by Andre da Costa in these
newsgroups, and I can confirm his reports.

2. While CounterSpy alerts the user equally well against the
installation of Claria adware, many other anti-spyware products (incl.
SpySweeper) simply fail to offer the user any protection at all against
the installation of Claria adware.

3. If the user allows Claria adware to be installed by selecting
'Allow' in the MSAS alerts (or Claria adware is already installed prior
to installng MSAS), then MSAS will detect and report the existence of
most of its components during subsequent scans.

4. MS have published a set of criteria they use for classifying spyware
and other 'unwanted software', here:
http://www.microsoft.com/athome/security/spyware/software/isv/analysis.m
spx

5. Their analysis of Claria adware against this set of criteria has led
MS to change the recommended action to 'Ignore'. Further comments from
Microsoft concerning this have been reported by one user here:
http://www.wilderssecurity.com/showthread.php?t=88142

Now, it may be that some people will take issue with the criteria MS
have made publicly available. That is fine, as there is yet to be a
conensus in the software industry about precise definitions of 'adware'
and 'spyware' (and other related terms in general use). That said, it
is crucial that at any point in time MS (and any other vendor of
anti-spyware software) work to a known set of criteria, and apply that
rigorously. The fight against unwanted software will not succeed unless
rigorous procedures are followed.

It may also be that some people feel that MS have not applied their
published criteria in their analysis of and decisions about Claria
adware (for whatever supposed reason). If that is the case, I have yet
to see anyone offer a properly reasoned analysis to this effect, but I
would certainly welcome it if offered.

Apart from the above, it seems that many people have accused MS of
'selling out' or being 'untrustworthy' about this matter, based solely
on rumours in the press about talks between MS and Claria. But let's
get this straight, people - these are just that: rummours. There have
as yet been no facts whatsoever, that I have seen at least, concerning
these talks taking place, nor of the purpose of the talks, nor of MS's
intentions in this respect. So, any reactions based on unsubstantiated
rumours will be at best baseless, at worst deliberate scaremongering.

Only if and when the time comes that MS announce a deal has been
reached (if at all), and the details of the deal, and how such a deal
will affect MS's product offerings, can any of us reach a considered
and informed decision.

 

[Guest]

I've been trying to find anything from Microsoft that
would explain their downgrading of Claria and I thought
fact #5 might be it.

"5. Their analysis of Claria adware against this set of
criteria has led MS to change the recommended action
to 'Ignore'. Further comments from Microsoft concerning
this have been reported by one user here:
http://www.wilderssecurity.com/showthread.php?t=88142"

The link is Meneer stating what Microsoft said and a link
to Microsoft's Analysis approach. Meener probably is a
reputable guy, but this link is nothing more then Meneer
said Microsoft said and can't be stated as a fact of why
Microsoft made a decision to change their listing of
Claria. We can assume that Microsoft reviewed their
procedures and that's why they made the change, but
unless we here directly from them this is an assumption,
not a fact.

If there is more information to substantiate the claim I
would love to see it.

 

[Steve Moss]

The link is Meneer stating what Microsoft said and a link
to Microsoft's Analysis approach. Meener probably is a
reputable guy, but this link is nothing more then Meneer
said Microsoft said and can't be stated as a fact of why
Microsoft made a decision to change their listing of
Claria.

Fine, I don't have a problem with you attempting to discredit my
statements, but it doesn't in any way help as far as I can see.

We can assume that Microsoft reviewed their
procedures and that's why they made the change

How can you assume that? You can't. There is absolutely no evidence to
substantiate your assumption. There is evidence that Microsoft have,
rather than reviewed their procedures, reviewed Claria's offerings in
respect of those procedures. That you don't accept such evidence is,
again, OK - but then again, you then have no basis whatsoever to assume
otherwise.

If there is more information to substantiate the claim I
would love to see it.

I'm sure you will in time. Until then, baseless assumptions serve only
to fuel speculative nonsense and reinforce rumour-mongering.

 

[Guest]

The question was can you back up your fact number 5., and
I quess the answer is no!

 

[JohnF.]

Since you are unable to back up anything you have accused MS of, I guess
your logic rules you out as well. Bye!

 

[David Dean]

If the rumors are true, it is an obvious conflict of interest. Not only
between Claria and Microsoft, but between Microsoft and MS users/advocates.
As an IT professional, I know the best way to treat customers is to disclose
all conflicts of interests, yet Microsoft has neither confirmed nor denied
the rumors. Since Microsoft has taken the position of non-disclosure, they
have made it impossible for many of us to trust them. Here are the facts:

1. We don't have all the facts.
2. Microsoft has all the facts and they won't share.
3. Trust is reciprocal.

All we want is disclosure.

David Dean

 

[Steve Moss]

Disclosure? Disclosure of what?? Do you really, honestly, believe MS
(or any other company in a similar position) is going to disclose to
you any details about their ongoing talks with any other company? Come
off it. *If* they are talking with Claria, then it is still at the
stage of talks. If and when a deal is reached, MS will disclose that
deal through the mormal channels. Until then, there is no issue of
trust, no issue of disclosure, no reason whatsoever for them to 'share'.

Once they announce any deal - if there is one - then you will be in a
position to talk about such matters.

 

[Steve Moss]

The question was can you back up your fact number 5., and
I quess the answer is no!

Then you guess wrong (but wasn't that just the whole point of my
starting this thread?). Try here:
http://www.microsoft.com/athome/security/spyware/software/claria_letter.
mspx

 

[Greg R]

Disclosure? Disclosure of what?? Do you really, honestly, believe MS
(or any other company in a similar position) is going to disclose to
you any details about their ongoing talks with any other company? Come
off it. *If* they are talking with Claria, then it is still at the
stage of talks. If and when a deal is reached, MS will disclose that
deal through the mormal channels. Until then, there is no issue of
trust, no issue of disclosure, no reason whatsoever for them to 'share'.

I am going to have to disagree with you on the issue of trust,

They have lost my trust because the reduce the detection level of
Gator and they have even reduce the detection level of others as well.
I have remove this product from my system forever. I will keep using
spybot s&d and Lavasoft adaware. Hopefully gator won't be installed
in the next windows xp service pack or windows loghorn-like some
people are saying

http://netrn.net/spywareblog/archives/2005/07/08/ms-antispyware-ignores-more-adware/


Greg Ro

 

[whatever]

I agree with all of your points, but I do want to raise
one issue. That is; if perchance MS is actually thinking
about buying Claria, then only the clamor of many voices
raised in protest *might* make them reconsider. Once the
rumours are found to be true (if that ever came to pass),
then it is too late to make any sort of *effective*
protest.

*IF* it ever came to pass, do I think that MS would do
something evil with it? No, but I don't see how rewarding
such companies by paying them large sums of $$ will do
anything but spur on other such companies.

Now, to go outside my "one point" (and I believe I agree
with you on this):
As far as the downgrade of Claria, I don't see any
possible reason that any anti-spyware company would change
an *existing* policy/rule/whathaveyou to something less. I
know your response would be "but evidently the vendor did
change something, that's why MS downgraded them"...but
that doesn't pass the "sounds fishy to me" test. I could
possibly see some anti-spyware company caving, but not MS,
with its legions of attorneys. If any anti-spyware vendor
flags *any* software as "do you really want to install
this"...why would the default "recommendation" be anything
other than "we recommend you don't do this, and remove if
already installed" or "RED" or whatever the highest level
of alert is.

 

[Steve Moss]

I am going to have to disagree with you on the issue of trust,

They have lost my trust because the reduce the detection level of
Gator and they have even reduce the detection level of others as well.
I have remove this product from my system forever. I will keep using
spybot s&d and Lavasoft adaware.

It is of course your prerogative to trust or not trust anyone you like.
So, why is that you lost trust in MS as a direct result of them
downgrading Claria software, whereas you retained your trust in
Lavasoft despite their well-publicised PR disaster over WhenU? Just
interested, that's all.

Hopefully gator won't be installed
in the next windows xp service pack or windows loghorn-like some
people are saying

What people, exactly? Certainly not Eric Howes, whose blog your link
refers to. Oh ... and how do they know? Or might this just be the
fantasies of a few who have other agendas?

 

[Steve Moss]

Points taken, but I'm *not* suggesting "evidently the vendor did change
something, that's why MS downgraded them". Rather, it is entirely
possible, once MS were encouraged to take a detailed look at Claria's
classification, that proper application of their criteria did indeed
cause them to downgrade. One fact that would support this stance is
that Claria approached MS about their classification in January of this
year. Given that MS only acquired Giant the month before that, all
previous classifications would have been carried out by Giant, not MS,
and this may have been MS's first real look at the matter.

Now, just to reinforce my point further ... loads of people (incl.
respected Spyware industry pundits) have gone off on a tangent by
relating MS's downgrading of Claria software to the rumoured talks with
Claria. If that is to be seen as a sensible argument, then what of the
downgraded recommended actions for 180 Solutions, WhenU, New.net, eZula
and other software in MSAS too? Are they also because of acquisition
talks MS are supposedly having with other 'unwanted software'
producers? Or is it prechance just a case of clouded thinking and/or
prejudice after all?

 

[Greg R]

It is of course your prerogative to trust or not trust anyone you like.
So, why is that you lost trust in MS as a direct result of them
downgrading Claria software, whereas you retained your trust in
Lavasoft despite their well-publicised PR disaster over WhenU? Just
interested, that's all.

Partially. The other reason is them consider buying a
spyware/adaware company without giving a reason why and for what
purpose. They should public come out with a statement saying
gator/Claria will not be installed in any of the Microsoft future
operating systems, service packs, Microsoft software or updates.
This software will be used for internal testing only.

What people, exactly? Certainly not Eric Howes, whose blog your link
refers to. Oh ... and how do they know? Or might this just be the
fantasies of a few who have other agendas?

Just do a search on google. Microsoft Antispyware Claria or
Microsoft Antispyware Gator. You will find a lot of post even from an
IT person who is concerned about security of future windows service
packs and windows loghorn.

Greg Ro

 

[Guest]

Sorry, I meant to say a generic 'you' rather than 'you'
specifically.

"...downgraded recommended actions for 180 Solutions,
WhenU, New.net, eZula..."

OH MY GOD, its snowballing......now if I could only hum a
few notes of 'Darth Vader' music.....<g>

(for those visually impaired, the <g> means that I'm
joking)

"...all previous classifications would have been carried
out by Giant, not MS, and this may have been MS's first
real look at the matter..."

Good point. Well, I'm slowwllyyy cooling off.

Thanks

 

[David Dean]

Yes I do.

Claria used deceptive and unethical business practices to spy on Internet
users and build an enormous database of Internet user's habits. Now it
appears that Microsoft is considering buying Claria along with all of that
unethically obtained information. Microsoft, because of the trust
relationship it has with it's customers, has a responsibility to assure them
that this is not the case.

The issue surfaced in the Wall Street Journal, not some schmuck's blog. If
the WSJ tells me that one of my business partners is going to buy
unethically obtained information about my clients, I would insist on an
answer from the suspect party. And that is exactly what is happening here
Waiting for the deal to be finalized so I can hear about it through "normal
channels" is not an acceptable answer. I am the one stuck answering to my
clients and Microsoft has a responsibility to me as a business partner to
provide me with information.

If Microsoft buys out Claria, it will not only assume Claria's assets, but
also it's liabilities. Because of Microsoft's success, Microsoft has always
had a target painted on their chest. Imagine what kind of lawsuits you
would expect to see should Microsoft own a spyware company. The acquisition
of a spyware company would be a huge fiasco.

Attaining Claria will also not help them compete with Google. One of the
most stark differences between Google and Microsoft is the issue of customer
trust. Customers trust Google and they do not trust Microsoft. This
rumored acquisition would compound the problem.

I am not anti-Microsoft, I am a Microsoft advocate. But I want them to make
the right decisions for the sake of their customers and we have a
responsibility to provide them with feedback to help them understand our
position.

David Dean