Avast didn't find AdWare.Win32.SaveNow

[rasta]

I was just about to install the free version of bsplayer from http://www.bsplayer.com/ and a friend who uses NOD32 antivirus warned me about it.

NOD32 detected the malware while he was downloading the installer with Firefox.



I had already downloaded the installer so I scanned it with Avast! and it didn't find anything. I decided to check it out with JOTTI to see if it was a false positive and sure enough, ArcaVir, Dr.Web, Kaspersky, NOD32, VBA32 all detected the malware but not Avast!



Just thought y'all might like to know.

[YLAP]

Send sample to virus @ avast . com in password protected archive with password in the message body.

[Thorny]

Hmmm....... I wonder where the boundaries for antivirus detection actually lie these days?   It would seem that we as Users are expecting our antivirus program to detect far more in the way of Malware, Ad ware, Trojans & Dialers these days. Yet conversely we expect our antivirus program to use the minimal amount of computer resources in order to achieve this mythical 100% detection!

To stay safe, use a variety of defences, there is plenty of advice within this forum of suitable strategies and software.  Although I suspect how much software a User actually downloads to their PC, and then is disciplined enough to use regularly really depends on their own personal level of paranoia

[FreewheelinFrank]

Hmmm....... I wonder where the boundaries for antivirus detection actually lie these days?

As far as I know, avast! doesn't target commercial adware. I know some adware programs and Trojans are in the definitions, but these are at the more malicious end of the spectrum- adware which installs without user consent, etc. The problem with adware like whenU is that it may be legal:

http://www.spywareinfo.com/newsletter/archives/0903/9.php#savenow

Judge Lee ruled that WhenU was not violating the law because users agreed to install the software and users have the right to run whatever software they please.

http://www.spywareguide.com/product_show.php?id=2376

WhenU claims they do not track user data they do not use cookies, track clickstream data ,compile a centralized database of users that they do not engage in any type of user profiling.

Any AV adding such a program to their definitions better have a good legal team if the adware company decides to take legal action.

In the case of WhenU, SpywareGuide has this quote from Ben Edelman:

16. I have reviewed the WhenU privacy policy, and I have concluded that WhenU violates this policy when it transmits to its servers some of the specific URLs viewed by WhenU users. The policy reads, in relevant part, as follows: 'As the user surfs the Internet, URLS visited by the user (i.e. the user's 'clickstream data') are NOT transmitted to WhenU.com or any third party server.'

17. In my examinations, it is true that WhenU software does not transmit to its server all URLs visited by WhenU users. But WhenU software does transmit to its server some URLs visited by WhenU users. Since WhenU's privacy policy seems to promise not to transmit any URLs visited by WhenU users ('URLs are not transmitted'), I consider WhenU's transmissions to be in violation of its privacy policy.

Presumably to justify the inclusion of WhenU in the X-Cleaner definitions. (X-Cleaner is plugged by SpywareGuide.)

The detection of WhenU is therefore added not because it is adware, but because the company does not comply with its own privacy guidelines.

If I was a (relatively small) AV company, I would think twice about adding commercial adware to my definitions on this basis, risking a lawsuit. I don't know if this is how avast! looks at the problem. Maybe someone from the team could comment.

Meanwhile, for avast! users, read the EULA carefully on any software, do a web search before installing, and preferably download only from sites with an anti-spyware policy...

[essexboy]

FwF quote

Meanwhile, for avast! users, read the EULA carefully on any software, do a web search before installing, and preferably download only from sites with an anti-spyware policy...

If you hate wading through large EULA's then you might like to try Eualyzer from javacool http://www.javacoolsoftware.com/eulalyzer.html

[Lisandro]

Hmmm....... I wonder where the boundaries for antivirus detection actually lie these days?   It would seem that we as Users are expecting our antivirus program to detect far more in the way of Malware, Ad ware, Trojans & Dialers these days. Yet conversely we expect our antivirus program to use the minimal amount of computer resources in order to achieve this mythical 100% detection!

Layered defense, the only solution as far we achieve today...

To stay safe, use a variety of defences, there is plenty of advice within this forum of suitable strategies and software.  Although I suspect how much software a User actually downloads to their PC, and then is disciplined enough to use regularly really depends on their own personal level of paranoia

Yeah, we must mark the level of security that allow us to work with some resources in the same computer 

[rasta]

If I was a (relatively small) AV company, I would think twice about adding commercial adware to my definitions on this basis, risking a lawsuit. I don't know if this is how avast! looks at the problem. Maybe someone from the team could comment.

Meanwhile, for avast! users, read the EULA carefully on any software, do a web search before installing, and preferably download only from sites with an anti-spyware policy...

I am beginning to see more and more of these kinds of posts that seem to defend adware in one way or another. If I didn't know any better, I would suspect that the adware companies themselves were disseminating the propaganda to make their scumware more and more palatable. But I don't think even they would stoop to such underhanded tactics, would they?

As far as I am concerned, anything that installs itself on my comupter surreptitiosly by hiding behind EULA legalese and then tries to send or receive any information to/from some server on the net without my knowledge and express approval is an I-don't-want-it-ware or whatever you want to call it.

As for lawsuits, no AV company - large or small - is putting itself at risk by calling a spade a spade. An adware is exactly that - an advertisement-ware. And if there is a negative connotation to the term, then the commercial companies themselves are to blame, not an AV company.

[Thorny]

On the subject on Ad ware and WhenU, I found this article rather amusing! http://www.vitalsecurity.org/2006/01/what-do-webroot-and-whenu-have-in.html

[rasta]

On the subject on Ad ware and WhenU, I found this article rather amusing! http://www.vitalsecurity.org/2006/01/what-do-webroot-and-whenu-have-in.html

Incredible! Just goes to prove that legal doesn't always mean right.

[CharleyO]

***

As was mentioned above and so many other times on this forum, a layered defence is the best. One can not expect an anti-virus program to catch all the non-virus malware also. One can not expect just one anti-malware program to catch all the variations of such programs.

You need separate programs for virus, adware, spyware, and trojan protection. I will not mention programs for these as they are also mentioned many times on this forum. And other than one resident anti-virus program, it is best to have at least 2 programs for the other 3 areas of protection.

Of course, let us not forget a good two-way firewall.   


***

[FreewheelinFrank]

On the subject on Ad ware and WhenU, I found this article rather amusing! http://www.vitalsecurity.org/2006/01/what-do-webroot-and-whenu-have-in.html

You couldn't make it up, could you?

By the way, I'm not defending adware. But there are those who do:

Is spyware good? Eric Goldman (assistant professor at Marquette University Law School in Milwaukee, Wisconsin) has said in an interview that "adware could substantially improve our social welfare." He means that adware could show you an advert for a product which could change you life for the better. Apparently Microsoft have been toying with the same idea. They are rumoured to have been considering buying an adware company. Other rumours suggest factions at Microsoft may think this a bad idea.

Even if you were happy to accept adware on your computer if it brought you adverts you wanted to see (personally the idea makes me laugh) the truth is the adware/spyware is so venal bordering on criminal that the ads don't stop until your computer is so full of spyware it won't function and your kids are seeing pop-up ads for porn.

Are adverts on the internet good? Eric Goldman says: "I don't have a property right in my attention," meaning, seemingly, that marketers have the right to get his and other computer users' attention by means of adware pop-ups. Your jaw has dropped at this, hasn't it? Yes, mine did too. Sorry, I kill adware and and block pop-ups: I decide what gets my attention.

http://www.geocities.com/dontsurfinthenude/blogarchive.htm

The fact remains that it's not always easy to define a spade, and anti-spyware companies like Ad-Aware go to a lot of trouble to lay down very clear criteria for when to add a commercial program to their definitions.

A commercial adware program that tells the user that it is going to display adverts and collect personal data may be legal. There are people like Eric Goldman who defend such programs. I don't.

WhenU seems to have crossed the line and become spyware, but any anti-spyware company taking the decision to remove this program better have a damn good team of lawyers ready to back up this decision in court.

But I don't expect avast! to protect me from them and risk million dollar lawsuits.