MSAS ignores Claria, WhenU, 180, Ezula etc

[plun]

Important information to all antispyware fighters.

http://netrn.net/spywareblog/archives/2005/07/08/ms-
antispyware-ignores-more-adware/

This is really important for all users to know about
therefore a new message about this.

Now "the ice is really thin" for MS and of course Claria
started this avalanche with "ignores".

Well, Goodbye Trustworthy Computing!

 

[Bill Sanderson]

plun--it is important to use accurate language when you talk about things
that are upsetting to folks.

The phrasing you've used in the subject header is not completely wrong, but
it is misleading.

Yes, they have changed the default action upon detection to "ignore."

No, they have not stopped detecting.

One could read your subject header as though Microsoft was no longer
detecting those companies products as threats. This is not true.

 

[plun]

Well, MSAS put a big stamp on these, "Ignore"

And normal users trust this "Ignore" as default action !

So this is really sad............

 

[plun]

Also Sunbels blog showing this
MSAS "Ignore" scenario !

http://sunbeltblog.blogspot.com/2005/07/update-on-
clariamicrosoft.html

 

[Bill Sanderson]

Also Microsoft's statement, please:

http://www.microsoft.com/athome/security/spyware/software/claria_letter.mspx

--

 

[Chuck]

I am with you on that plun, my mom would never know delete
it. but you will get nowhere on this microsoft owned and
run forum. It just one great big microsoft can do no wrong
forum.

 

[Bill Sanderson]

I'm one to give everyone, even Microsoft, the benefit of the doubt--but I
don't think I go too far overboard on that. I've certainly recommended
plenty of third-party products and links here.

 

[David Dean]

I agree, the default action for Claria should be "Remove." All software
with characteristics similar to Claria should also be removed. They really
need tob e more strict involving the default scan, or do like Internet
Explorer and allow the user to customize how strict they want their security
settings to be.

David Dean

 

[David Dean]

I think part of the problem is that the MVP program discourages criticism
from the top newsgroup contributors. It is one thing to acknowledge
alternate products, it is something entirely different to "bite the hand
that feeds you" so to speak.

David Dean

 

[plun]

Well, one MVP, Donna was one of the first to
publish Claria results.

http://www.dozleng.com/updates/index.php?
showtopic=5570&st=0&p=24054&#entry24054

But she probably looses this title beacuse of this.

 

[Bill Sanderson]

Do you have any evidence to back up that statement about the MVP program
discouraging criticism?

MVP's are quite jealous in guarding their independence from Microsoft.
--

 

[david]

Is there any way to change the ignore setting for Claria?

 

[Guest]

I agree, my users think "Ignore" means it is ok. Most
networks have had problems at sometime with GATOR. When
I first came to my current position I had to remove it
from a number of machines, and it was not all that easy.
I don't want my users thinking it is not Spyware because
it definately is.

I am considering removing MS-Spyware from all machines in
my environment. I don't need the hazzle of explaining
why I don't think it is ok even though MS does.

 

[Bill Sanderson]

I hear you--although, of course, if it was really "OK"--the program wouldn't
bother detecting it in the first place.

Maybe the phrasing of the choice needs to be clearer. The trouble is, the
range of critters for which Ignore is the appropriate choice is wide. VNC,
for example.

I guess the real meaning is:
"If you knowingly installed this software or are aware that it is on your
system, and feel that it is doing legitimate work, then choose ignore"--or
something like that.....

I don't know how to keep this simple enough for the average user.

--

 

[Anonymous Bob]

I hear you--although, of course, if it was really "OK"--the program wouldn't
bother detecting it in the first place.

Maybe the phrasing of the choice needs to be clearer. The trouble is, the
range of critters for which Ignore is the appropriate choice is wide. VNC,
for example.

I guess the real meaning is:
"If you knowingly installed this software or are aware that it is on your
system, and feel that it is doing legitimate work, then choose ignore"--or
something like that.....

I don't know how to keep this simple enough for the average user.

Perhaps an installation option as follows:

Level of protection

1. High - I expect the same level of protection at home as I would
find in a strict corporate environment.

2. Medium - I like to download funny programs from unknown sources,
so do the best for me that you can, but don't stop me because I'm
having too much fun.

3. Low - What's adware?

The default setting should be "High".

If the user selects option 3, the install fails.

Bob Vanderveen

 

[Bill Sanderson]

ROTF,L

(and I've definitely got users in that category 2!)

--

 

[Anonymous Bob]

ROTF,L

(and I've definitely got users in that category 2!)

And that's what Microsoft's current recommendations are attuned to.

Bob Vanderveen

 

[Bill Sanderson]

It is a default setting--simply run a scan, and in the results, change from
ignore to remove, and tell the program to proceed.

I don't know any way to change the default so that, for example, Claria
would be removed on an unattended scan, however.

--

 

[Steve Moss]

Just to put this into perspective...

(1) Sunbelt, manufacturers of CounterSpy, made much of MSAS's
re-classification of WhenU, etc.

(2) Sunbelt have now re-classified CounterSpy's treatment of most WhenU
applications in exactly the same way as MS did.

(3) If you want the clearest possible demonstration of industry bias
and double standards in reporting, try comparing the Spyware Warrior
blog's reporting of both these issues:

Re MS and MSAS:
http://netrn.net/spywareblog/archives/2005/07/08/ms-antispyware-ignores-
more-adware/
Re Sunbelt and CounterSpy:
http://netrn.net/spywareblog/archives/2005/07/22/sunbelt-changes-whenu-s
tatus/

You will also find this statement by the author of these blog articles
on the blog itself...

"In April 2005, I began doing some part time consulting work for
Sunbelt Software as an independent contractor. Therefore, I will not be
making public comments on Sunbelt's products including CounterSpy.
Other than that, it will not affect Spyware Warrior, the site, forum or
blog."

Yeah. Honest. We believe you. Really we do.