It looks like associating with WhenU can have some strange effects on
people in anti-spyware companies… Today I received a report from Eric L.
Howes that during some routine testing, he installed Bear Share, the
file sharing app, which bundles
WhenU’s Save!.
Just for fun, he decided to run Lavasoft’s
Ad-Aware
following the install. Eric stated he was dumbfounded by the scan
results.
That’s right – Ad-Aware did NOT detect
WhenU! Eric realized he had an older reffile of 12-29-04 for
Ad-Aware, so he scanned again using those definitions. And – yes,
Ad-aware did indeed detect WhenU. Conclusion – evidently Lavasoft
removed WhenU’s Save! from their definitions sometime between 12-29-04
and the current reffile of 02-05-05. Interestingly enough, however,
Lavasoft did not “happen” to include that tidbit in their
reffile
update notifications. One has to wonder now about Lavasoft’s
commitment and concern for their users. Outrageous? Absolutely! Eric’s
comments in an email to me, quoted with his permission:
That’s poor treatment of Lavasoft’s customers—a breach of trust,
really. If Lavasoft wants to de-list WhenU, then let them announce it
and defend their decision in a straightforward manner. Slipping it in
without notifying users is just plain wrong. Is this the kind of
behavior we should expect from Lavasoft from here on out? I certainly
hope not.
This was so curious to me that I decided to see if I could duplicate
his tests. I downloaded and installed Bear Share and WhenU Save! myself.
When I scanned using Ad-Aware with the definitions of Jan. 11, 2005, it
flagged a number of WhenU registry entries and files. I updated it to
the latest definitions and, sure enough, – no WhenU entries.
Following the Ad-Aware fiasco, Eric moved on to Pest Patrol. You can
see the results in the two screenshots.
You got it. Pest Patrol flagged the WhenU registry keys but labeled
them as other applications. It did not flag any of the WhenU files such
as save.exe. Confusing – or confused?? CA still lists
Save and several other WhenU apps in their Spyware Information
Center, but oddly enough, it appears that some of the WhenU entries or
pages have been
removed. A search for WhenU from
this page using the
gray search box about 1/3 down the page, yields
no results. But a search from the search box at the upper right
corner of the page, yields
this page with 14 results. Is Computer Associates in the process of
removing the WhenU information in their Spyware Encyclopedia, or are
they disorganized? Hard to say…
Now… the plot thickens! Remember
Aluria’s now infamous partnership with WhenU? Eric ran Aluria’s
Spyware Eliminator. You can see for yourself the results of the scan:
Your eyes are not playing tricks on you. Aluria’s Spyware Eliminator
did, indeed, flag “WhenUSave”!
But wait – I thought
WhenU was designated as “Spyware Safe” . Now who is confused???
What conclusions can we draw from this madness?
 | Lavasoft removed WhenU from it’s definitions but failed to notify
users. |
| Pest Patrol flagged registry keys placed by WhenU but labeled them
as other apps. It failed to detect the WhenU executable files. Their
Spyware Encyclopedia is confusing with odd search results. |
| Aluria’s Spyware Eliminator detects WhenU even though both Aluria
and WhenU claim that WhenU has been certified as “Spyware Safe”. |
It does make one wonder just WTF is in that
WhenU Kool-Aid!
Update: Mike Healan of SpywareInfo.com has an article.
http://www.spywareinfo.com/articles/spyware/whenu_detection_dropped.php
Posted at Lavasoft’s forums – users asking about WhenU detection, or
lack thereof.
http://www.lavasoftsupport.com/index.php?showtopic=58938
http://www.lavasoftsupport.com/index.php?showtopic=58669
Update again:
http://www.dslreports.com/forum/remark,12665642~mode=flat
2-14-05 See CastleCops’ article
WhenU lives on
the edge of danger.
ages to insure it's not bouncing legitimate
messages then check the RBL logs regularly after you enable it.
