HOSTS Spybot F-Secure BackWeb

  • Thread starter Thread starter Ron Reaugh
  • Start date Start date
R

Ron Reaugh

What in general constitutes malicious or criminal distribution of harmful
and uninvited code/programs? Such is generally clear in situations like the
Swen virus which is a crime and arrests are made.

Here's one I dealt with recently which I'll indict the BackWeb folks. And
F-Secure because of their un-natural association therewith.

Suddenly one afternoon at a small company an XP Pro(fully patched and Nav
latest defs protected) workstation was unable to find/bring-up
www.google.com on the web. Each time a specific IP address would appear
instead. So I started investigating. The first thing of course was to
suspect a virus, trojan or worm. The fact that Google and only Google had
stopped working seemed to me to constitute a malicious interruption of
service/operation so something that NAV would find was what I started
looking for. So I double checked NAV defs to be the latest and NAV found
nothing. A search at Symantec found nothing so I decided to try another AV
program and downloaded F-Secure trialware and it found nothing. I could
find nothing wrong but just Google wouldn't work. I ran the latest Adware
6.181 + latest defs and it found a usual few things which got removed but
still NO Google operation.

So I asked myself what that strange IP was and striking out finding
anything, I simply submitted that IP to Goolge-Web and then Google-Group
on another unaffected workstation.

Soon I found that what this was is a form of "BROWSER HIJACKING".
Something that started by those sites that overwrote your homepage setting
in IE. A behavior that I consider nearly illegal when done without user
approval which is often that case. However MS seems to do it so that
implies legal acceptability.

So I downloaded SpyBot which is more agressive and more tedious than AdWare
and ran Spybot which found a ton of stuff and started removing the crap it
found. Soon I had a machine that was frozen and wouldn't complete a boot.
This was rather unexpected as I've used SpyBot before with no problems.

This new hijacking behavior involves overwriting the Windows HOSTS file and
apparently it's BackWeb code. It hijacks all searches to some brand-X
search site and apparently BackWeb contains some anti SpyBot code also.

Overwriting the HOSTS file destroyed user data as the HOSTS file was in use
at this company and of course Google operability was maliciously
interrupted. The fact that this is a file and was maliciously over written
constitutes a felony in my opinion. My Google research found that
apparently some code by the BackWeb folks, which is immediately attacked by
SpyBot and less so be AdWare, is the culprit.

Anti-Virus folks need to be lilly white and avoid all appearances of nasty
involvements. The freeze up of that XP Pro machine was due to the
interaction of SpyBot and ANOTHER VERSION of BACKWEB THAT F_SECURE FOLKS
EMBED IN THEIR TRIALWARE. That interaction caused me hours of hand
debugging and uninstalling in safe-mode to regain operability on that XP Pro
workstation.

The fact that F-Secure installed BackWeb, which attacks Spybot, on that XP
Pro machine without user permission constitutes a complete impeachment of
F-Secure as a reputable security company.

BLACKLIST if not prosecute F-SECURE.

Prosecute anyone over-writing the file HOSTS without premission.
 
Ron Reaugh said:
This new hijacking behavior involves overwriting the Windows HOSTS file and
apparently it's BackWeb code. It hijacks all searches to some brand-X
search site and apparently BackWeb contains some anti SpyBot code also.
Click to expand...
My Google research found that
apparently some code by the BackWeb folks, which is immediately attacked by
SpyBot and less so be AdWare, is the culprit.
Click to expand...

Some bad stuff *uses* the BackWeb application
Some good stuff also does.
Each thing using the application has registry settings which
may have been messed with by you and Spybot
Anti-Virus folks need to be lilly white and avoid all appearances of nasty
involvements. The freeze up of that XP Pro machine was due to the
interaction of SpyBot and ANOTHER VERSION of BACKWEB THAT F_SECURE FOLKS
EMBED IN THEIR TRIALWARE. That interaction caused me hours of hand
debugging and uninstalling in safe-mode to regain operability on that XP Pro
workstation.
Click to expand...

Not all BackWeb applications are bad things, Spybot IIRC warns
of problems the user may incur.

The hijacker is the culprit I think, not Spybot or F-Secure.
The fact that F-Secure installed BackWeb, which attacks Spybot, on that XP
Pro machine without user permission constitutes a complete impeachment of
F-Secure as a reputable security company.

BLACKLIST if not prosecute F-SECURE.

Prosecute anyone over-writing the file HOSTS without premission.
Click to expand...

I laughed, I cried, I grabbed another beer.

Are you saying that the BackWeb application attacks Spybot, and
the HOSTS file has BackWeb code? ~ nevermind...

Spybot must be used with caution.
 
|
| Prosecute anyone over-writing the file HOSTS without premission.
|

I agree with your assessment of SpyBot: great stuff; one of its (optional)
features is to make the hosts file read-only...

SB
 
I find that most your post was jibber.

No reputable computer security company should be including ANYKIND of
adware/spyware code in there downloads. I say blacklist F-Secure for so
doing.

Both Adware and Spybot remove BackWeb...therefore BackWeb is bad stuff! You
wanna supply any reputable source saying BackWeb is good stuff?
 
I find that most your post was jibber.

No reputable computer security company should be including ANYKIND of
adware/spyware code in there downloads. I say blacklist F-Secure for so
doing.
Click to expand...

"you say"? You, the well known "IBM GXP drives have no problem"/
Ultra Cable shill, want people to take you seriously? Bwahahahaaa.
Why don't you commit suicide you pathetic ****? That is the one way
anyone in their right mind would find you serious - and even then it
would only be a moment before they started cheering and laughing at
your bloated corpse.

You opinion is utterly worthless.
 
Ron Reaugh said:
I find that most your post was jibber.

No reputable computer security company should be including ANYKIND of
adware/spyware code in there downloads.
Click to expand...

It is *not* adware or spyware, it is a legitimate application
that some adware and spyware abuses. E-mail worms use
SMTP, but that shouldn'r mean that anyone using SMTP
is malicious by association.
I say blacklist F-Secure for so doing.
Click to expand...

Say it all you want, but those with a clue won't listen.
Both Adware and Spybot remove BackWeb...therefore BackWeb is bad stuff!
Click to expand...

Erroneous conclusion.
You wanna supply any reputable source saying BackWeb is good stuff?
Click to expand...

I will leave that to others, or will try to supply info tomorrow if nobody
else does beforehand.

Later.
 
The same old trolls still seem to be around and working for F-Secure or
BackWeb possibly.
 
The presence of BackWeb in the F-Secure download and the fact that it causes
SpyBot to hang an XP system is simply unconscionable and moves F-Secure to
the dark side.
 
Both Adware and Spybot remove BackWeb...therefore BackWeb is bad
stuff!
Click to expand...

Oho!

In addition to F-Secure, add IBM, SAP, NAI, and Check Point to the
list of evil companies partnered with BackWeb in an effort to cause
you untold amounts of trouble. Good luck with your legal action(s).
You wanna supply any reputable source saying BackWeb is good
stuff?
Click to expand...

To refute one Usenet post which alleges that Backweb "apparently" did
something bad to your machine? I think I will pass.
 
"you say"? You, the well known "IBM GXP drives have no problem"/
Ultra Cable shill, want people to take you seriously? Bwahahahaaa.
Why don't you commit suicide you pathetic ****? That is the one way
anyone in their right mind would find you serious - and even then it
would only be a moment before they started cheering and laughing at
your bloated corpse.

You opinion is utterly worthless.
Click to expand...


never met you before in my life, but I already like you....

keep up the nice flamage :-)


--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
The presence of BackWeb in the F-Secure download and the fact that it causes
SpyBot to hang an XP system is simply unconscionable and moves F-Secure to
the dark side.
Click to expand...


You're a goddamn idiot.

Backweb isn't bad, the people that MISUSE it *under certain
circumstances* would be considered bad.

a gun, when sitting in a cabinet harms no one... put it in a crack-heads
hands and someone will eventually get shot....

a piece of software, hell, let's say Internet Explorer is *meant* to
view websites, browse the web, whatever.... when placed in the wrong
hands.... you can completely and totally destroy websites with it
through Unicode Exploits...

Backweb is used by legitimate and accepted programs.

Backweb is used by illegitimate and unacceptable malicious programs.

Get the idea you ****ing moron?
 
Colonel Flagg said:
You're a goddamn idiot.

Backweb isn't bad, the people that MISUSE it *under certain
circumstances* would be considered bad.
Click to expand...

Clueless.

Try your nonsensical rantings on the folks at SpyBot who immediately strip
out(or at least try to) that which F-Secure Trialware installs aka BackWeb.
What is F-Secure doing installing something(BackWeb) that SpyBot has
identified as something to rip out? What is F-Secure doing installing
something(BackWeb) that is SpyBot resistant and results in system hangs?
That's the smokin gun here.

Blacklist F-Secure is the obvoius course for those with a clue.
 
You're a goddamn idiot.

Backweb isn't bad, the people that MISUSE it *under certain
circumstances* would be considered bad.

a gun, when sitting in a cabinet harms no one... put it in a crack-heads
hands and someone will eventually get shot....

a piece of software, hell, let's say Internet Explorer is *meant* to
view websites, browse the web, whatever.... when placed in the wrong
hands.... you can completely and totally destroy websites with it
through Unicode Exploits...

Backweb is used by legitimate and accepted programs.

Backweb is used by illegitimate and unacceptable malicious programs.

Get the idea you ****ing moron?
Click to expand...



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
»Q« said:
Oho!

In addition to F-Secure, add IBM, SAP, NAI, and Check Point to the
list of evil companies partnered with BackWeb in an effort to cause
you untold amounts of trouble. Good luck with your legal action(s).


To refute one Usenet post which alleges that Backweb "apparently" did
something bad to your machine? I think I will pass.
Click to expand...

Try your arguments on the folks who wrote SpyBot who attempt to rip out the
implementation of BackWeb which F-Secure trialware installs. Are there any
good instances of BackWeb that adware/spyware removal tools approve of???
Centainly F-Secure's BackWeb implementation is NOT one of those.

Computer software security companies must be held to a higher standard.
They can NOT even appear to be allowing/installing anything hidden or
anything that anyone might consider intrusive, malicious or harmful. Even
if one experienced NO ill effects(in this case there were ill effects),
F-Secure has NO business installing some code that is hidden and not known
to the user in a virus removal situation; that's unethical at a minimum.
F-Secure should be blacklisted from the list of reputable computer security
companies for this gross impropriety.
 
Clueless.

Try your nonsensical rantings on the folks at SpyBot who immediately strip
out(or at least try to) that which F-Secure Trialware installs aka BackWeb.
What is F-Secure doing installing something(BackWeb) that SpyBot has
identified as something to rip out? What is F-Secure doing installing
something(BackWeb) that is SpyBot resistant and results in system hangs?
That's the smokin gun here.

Blacklist F-Secure is the obvoius course for those with a clue.
Click to expand...


no only are you a ****ing moron, you don't have the ability to be
anything else.

you're now in the *plonk* file.

and you're dismissed.

see folks, "ron reaugh" is what happens when cousins breed.



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
message > you're now in the *plonk* file.

The usual response of the outwitted and classless trolls.
 
Clueless.
Click to expand...

Pot. Kettle. Black.
Try your nonsensical rantings on the folks at SpyBot who immediately strip
out(or at least try to) that which F-Secure Trialware installs aka BackWeb.
What is F-Secure doing installing something(BackWeb) that SpyBot has
identified as something to rip out?
Click to expand...

F-Secure uses Backweb to deliver definition updates automatically. (The
retail versions of F-Secure AV also use Backweb to download and install
product updates. )

SyBot is wrong. It's that simple!
What is F-Secure doing installing
something(BackWeb) that is SpyBot resistant and results in system hangs?
That's the smokin gun here.
Click to expand...

ROLFMAO! The only "smoking gun" here is the one pointed at you... You
clearly didn't bother to read any of the F-Secure product documentation.
F-Secure doesn't hide the fact they use Backweb to deliver updates.

(I'm not sure about the retail versions but you can opt not to install
Backweb in the enterprise versions.)
Blacklist F-Secure is the obvoius course for those with a clue.
Click to expand...

Nah... Lets blacklist you (seeing as you are completely clueless).
 
(Sorry for the 'followup-to: poster' in my previous reply - it was
inadvertent.)

Try your arguments on the folks who wrote SpyBot who attempt to
rip out the implementation of BackWeb which F-Secure trialware
installs.
Click to expand...

I'm not responsible for advising the Spybot team on how they should
handle or not handle BackWeb. Nor do I particularly care. Since
you are the one who ran into trouble using Spybot, perhaps you
should contact them about it.
Are there any good instances of BackWeb that
adware/spyware removal tools approve of??? Centainly F-Secure's
BackWeb implementation is NOT one of those.
Click to expand...

You gotta get over your worship of the authority of Spybot and
Ad-aware if you want to be able to think through this.

But if you really want to try to have Spybot crash your system
again, you could install the enterprise version of McAfee along with
its BackWeb stuff and see what happens.
Computer software security companies must be held to a higher
standard. They can NOT even appear to be allowing/installing
anything hidden or anything that anyone might consider intrusive,
malicious or harmful.
Click to expand...

There will always be someone who considers any given app intrusive,
malicious, or harmful. Expecially any app that tries to connect to a
server to pull updates for itself.
Even if one experienced NO ill effects(in
this case there were ill effects), F-Secure has NO business
installing some code that is hidden and not known to the user in a
virus removal situation; that's unethical at a minimum.
Click to expand...

All commercial AV products install "code that is hidden and not
known to the user." There's an open source AV project out there
somewhere, but nobody seems to think it's very promising.
F-Secure should be blacklisted from the list of reputable computer
security companies for this gross impropriety.
Click to expand...

Yeah! You should put up a web page with a petition! That'll show
them!

That's enough crossposting - I'm past my limit for the year now.
Bye.
 
Back
Top