Technology, Support, and News Forum

[NT50 Profile]

what way? it looks to be normal.

VNC can be considered spyware if its installed in stealth mode. 100% invisible, but admin access is required, WHICH is not hard to get and then install via remote desktop.

MS antispy on the other hand recognizes it and warns youm but the default action is 'ignore'
i select 'always ignore'

What way...

I could have ... Sunbelt Software
All you see is the name and the link is hidden.....I coudl have coded the link so that if you click ed on it and purchased Counter Spy or any other software from Sunblet I would receive my percentage.

I'm not at ProNet to make a profit from this website. I have my own website for my business.

VNC......hmmm
Yes it can be spyware if used the wrong way.

MS AntiSpyware. I don't have much faith in it.

I'm starting to like the Counter Spy due it warns you of regitery entries etc the same as M$ antispyware

[kd1966 Profile YIM]

I know from experience that PestPatrol detects VNC as a verified threat............... lol

[OrphicFireball Profile]

I think it's rediculous that spyware programs pick that one up too. Maybe it could be used in a mallicious way but it doesn't deliver popup adds, send your information to advertisers, or cripple your perforamce, so I don't think it really should be considered spyware.

[ZRC Profile]

EDIT (10/11):Sorry to hijack this thread with the following essay... But it addresses a few side issues that were brought up


The issue of companies being paid or otherwise made to change their default actions to spyware is nothing new.

I'm taking the devil's advocate's approach ~> So I don't necessarily agree with these reasons:

If a program says in its EULA "This program will install other programs used to gather personal information and send it back to a clearinghouse whose name we will not release and you have no control over what is done with said data. If you do not want to be spied on, please do not install this software."
If you then click by the EULA without reading it, you have installed spyware, and it warned you... Now, the definition of spyware and malware is up for debate -- but if something says exactly what it's doing and is not being clandestine in installing itself (i.e. has an installer with a clear EULA), then the user is at fault (to a certain extent anyway).

For those who are in the business of cleaning spyware, they may remember the Gator and WeatherBug fiasco(s). Gator and WeatherBug were both claiming that they were very clear in their EULAs as to what was being installed on a user's computer and that those who installed their software could uninstall it at anytime and it actually uninstalled. The truth is as they say - their EULAs were clear, as were their privacy practices (eTrust and similar policy verification programs only verify that a policy is published, clear, and provides an accurate representation of what is done with collected data - not if the collected uses are necessarily beneficial to the user -> some people may want more (relevant) ads in their e-mail inboxes ... this also forms some of the basis of the detection criteria for malware).

So this begs the question - are Gator and Weatherbug Spyware/Adware? Well, in a word, I'd say, "Yes." Why then should an anti-spyware or anti-adware program leave them alone? Because there are times when people have installed these programs knowingly, perhaps to allow another program to function, or because they find the ads Gator provides gives them a better deal on a product they're shopping online for. If MSASW were to 'automatically' remove these programs, then the user will be upset. (e.g. I've had people ask me where the purple monkey went - BonziBuddy - after cleaning their computer, Sunbelt's response to Hotbar's cease-and-desist letter has a rather nice handling of malware-with-useful-features and how to tackle it).

I have 'automatically' in quotes above because MSASW and AdAware and Spybot S&D all have a review screen where you can look over the malware that the program has detected and choose to do what you like with it. There are also generally descriptions here and if a person doesn't recognize a reported piece of malware as something they've installed, then they can choose to have it removed. I've had legitimate pieces of software (Palm software even) come up as malware in some scans.

The above paragraph is the lynch pin of the whole argument. If a user has the option to quarantine/remove or not remove, then it's their responsibilty to make that decision. Should the average computer user be asked to make these determinations? No. Should the average computer user be subjected to the amount of malware that's out there? No. But, unless the scan engine actually stops picking up all forms of potentially malicious activity (or as many as we expect it to, considering everyone suggests using multiple programs to clean a computer), then the changing of the default action is not really all that bad, and is likely a good business decision in terms of the happiness of a user when they use MS's ASW program.

Other interesting points w.r.t. the above argument, in reading through Sunbelt's detection criteria (organizationally similar to MS's), one of their reasons for listing certain items (Hotbar's not too bad an example - as noted on their blog) is that a program does not get a user's "full, meaningful, and informed consent". Well, if the practices are stated in the EULA, yet the program is still classified as malware, is Sunbelt saying that clicking "Accept" to a EULA is not "full, meaningful, and informed consent" (in a legal manner, using legal terms) to abide by the terms set forth in the EULA? That's a questionable situation for Sunbelt to put themselves in. =)

--------------

On other notes brought up in this thread: The program that is MSASW - ever wondered why it shows up as gcasServ and gcasTray? It's because it /is/ GIANT AntiSpyware (MS bought Giant see here scroll down for a press release link). For a while when the beta first came out (and perhaps even now, I haven't checked recently) the main program ran as "GIANTAntiSpywareMain.exe" or something similar. Another semi-funny tidbit is that the program is built using a version of one of MS's programming languages (I want to say VB6?), that MS does not officially support, and has told people to stop using to develop programs (my apologies for not being able to find a link to this).

With all this said, I would like to say that the above was a devil's advocate position. I don't agree with it - I am in the fight against malware, everyday I have to wrestle with these pieces of software, often having to 'hand-clean' machines to get them even to a workable state. Would I ever let Gator or Weatherbug be installed on my computer as their current versions - HECK no. Are these programs getting worse everyday, with the anti-malware vendors struggling to keep up? Yep.

The problem is that there are very talented people out there with a need for money and they program these increasingly difficult to clean programs to make money for the company that employs them. I can't fault someone for needing to make money to live, but I don't believe that using talented people with weak ethics is a moral means to an end (making money).

Anyone remember the first time they came across an Aurora install? Or a half-decent rootkit? These people are d*mn good.

With all this ranting and raving, I wish everyone in the fight against malware good luck. And if you ever need some help - PM me.

[OrphicFireball Profile]

I thought I should mention that I finally got this fixed after scanning many times in safe mode. The first several times it said the threat was in memory and I'd have to restart, but finally it got it after many tries.