Hi All:

As we've seen in the past few months, companies whose software is frequently labeled "adware" or "spyware" are scrambling for cover. Some have tried to partner with anti-spyware firms. Others have tried to join industry consortiums in order to give themselves the air of legitimacy. Still others, though, have been quietly threatening anti-spyware vendors, web sites, and even individuals to get themselves removed from detections databases and to silence their critics on the internet.

We now have yet another unfortunate example of this: CastleCops has just reported that it received a "cease & desist" letter from ISearch.com/IDownload.com. You can find Paul & Robin's report as well as the text of the letter here:

>> http://castlecops.com/article-5762-nested-0-0.html

ISearch and IDownload make a number of browser add-ons for Internet Explorer and Mozilla Firefox. You can read about two ISearch/IDownload variants at Andrew Clover's well-known and thoroughly researched doxdesk.com:

ILookup (aka HotSearchBar)
http://www.doxdesk.com/parasite/ILookup.html

Pugi (aka ISearch Toolbar)
http://www.doxdesk.com/parasite/Pugi.html

Some of you might remember IDownload.com from the Windows Media adware fiasco back in January. As reported in this DSLR/BBR thread:

WMP Adware: A Case Study in Deception

...IDownload's HotSearchbar was caught using an incredibly deceptive ActiveX Security Warning box, claiming to be a "Required Media Player Version 9 Browser Update" (see 1st screenshot) in order to exploit user confusion over the Windows Media license acquisition process, which very well might prompt bewildered users to consent to a legitimate Windows Media Player update from Microsoft itself.

Complaints about ISearch/IDownload are rife on the Net, and a simple search of any of the major "anti-spyware" forums will turn up endless user complaints. One of the better and more revealing write-ups comes from Michael Malone, who published a long-ish article on his experiences with ISearch/IDownload's software back in May 2004:

ABC News - The Search Tool That Ate My Computer
http://abcnews.go.com/Technology/Silico ... 522&page=1

The license agreement used with some ISearch/IDownload software is also of interest ( http://toolbar.isearch.com/terms.html):


said by ISearch EULA:
--------------------------------------------------------------------------------
2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.

3. Privacy Policy - iSearch, during the delivery and your use of the Software, does not collect any personally identifiable information about you, such as your surname, address, telephone number or e-mail address, nor does iSearch require such information from you before downloading or installing the Software. However, to enable iSearch and/or it's partners to provide and operate its Software, iSearch and/or it's partners may collect certain types of non-personally identifiable information about individuals who install the Software. This information may include your Internet protocol (IP) address, your domain, your operating system, your browser version, type and language and your Internet Service Provider.

Advertisements may be displayed of advertisers who pay a fee to iSearch and/or it's partners and you may be provided with and/or redirected to content of other parties and/or links to third party websites or content or offered the opportunity to download software from third party software vendors. iSearch and it's partners are not responsible for the privacy practices of such advertisers, content providers, third party software vendors or websites. iSearch encourages you to read the privacy policies of such advertisers, content providers, third party software vendors and websites.

iSearch and/or it's partners may use invisible tracking or counting devices known as "web bugs" to register that a particular web page has been viewed and/or "cookies" or alphanumeric identifiers that iSearch and/or it's partners transfer to your computer's hard drive through your web browser to enable iSearch and/or it's partners systems to recognize your web browser.

iSearch and/or it's partners may also collect and may use certain other types of non-personally identifiable information, including: certain of the web pages that you view, the amount of time that you spend on certain websites, your responses to ads served by iSearch and/or it's partners, certain software installed to your computer and software characteristics and preferences, non-personally identifiable information on web pages and forms, software usage characteristics and preferences, and your ZIP code. iSearch and/or it's partners may associate this information with a randomly-generated anonymous identifier for your computer and may use this information to enable the functionality of the Software, to periodically update the Software, to deliver and display ads served by iSearch and/or it's partners of advertisers who pay a fee to iSearch and/or it's partners, provide you with or redirect you to content or websites of such advertisers or other parties and offer you the opportunity to download software from third party vendors.

iSearch and/or it's partners may share non-personally identifiable aggregate information about you with third parties, including advertisers.
--------------------------------------------------------------------------------

But, of course, IDownload is happy to certify their own software as "spyware free" (see second screenshot) when you download programs that bundle their software.

What ISearch/IDownload won't let you do apparently, is come to your own opinion and judgment and share them with others. If you dare to do so, you could find a "cease & desist" letter from their attorneys swiftly winging itself your way.

Why should a company bother changing its business practices when it can simply silence critics of those practices with legal threats?

Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownload
Dear Sir or Madam:

This firm represents iDownload.com with respect to your inaccurate classification of iDownload’s software product, iSearch toolbar, as Malware on the following four websites:

(1) domain blacked out
(2) domain blacked out
(3) http://www.netrn.net
(4) domain blacked out

Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,


iSearch “Desktop Search” hijacker….

iSearch is unidentified malware….


Domains by Proxy, Inc.’s characterization of iSearch as Malware is damaging to the iDownload brand. As we all know, Malware is a phrase within the public conscience that has a specific meaning. A classification of Malware is usually reserved for those programs designed specifically to damage or disrupt a system, such as a virus or a Trojan horse, iSearch does not fit this profile.

iSearch does not qualify as Malware. iSearch is a toolbar that in no way attempts to remain hidden or evade detection, Continuing, unlike Malware, iSearch does not gather any personally identifiable information about end users, does not collect data about the user’s web usage, does not collect any information entered into web forms, does not share information with third parties, does not send or cause to be sent unsolicited e-mail, and does not install items such as dialers on the end user’s computer.

We would request that you correct your disseminated materials immediately to remove any reference to iSearch as Malware or Spyware. To the extent you fail to remedy your improper disparagement of the iDownload brand on or before February 15, 2005, we will take all necessary action against your company to protect iDownload from your continuing tortuous conduct. Should you have any questions regarding the foregoing, please feel free to contact me. Regards
Mark D. Hopkins

On the 16th of February, 2005, we received Certified Mail from the office of Savrick Schumann Johnson McGarr Kaminski & Shirley, attorneys and counselors at law, Mark D. Hopkins, Partner - Austin Office representing iDownload.com. The letter, dated February 10, 2005 begins:
"Re: Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload"

Rest of the letter in full quotation:

Dear Sir or Madam:

This firm represents iDownload.com with respect to your inaccurate classification of
iDownload's software product, iSearch toolbar, by referring to it as Spyware in its description.
Specifically, a recent review of materials disseminated by your company, via the Internet,
revealed that your company is falsely disparaging iDownload's product, iSearch, in that Castle
Cops f/k/a Computer Cops, L.L.C. classifies the product as Spyware and articulates that,

iSearch is certified spyware/foistware, or other malware.

Castle Cops f/k/a Computer Cops, L.L.C.'s characterization of iSearch as Spyware is
damaging to the iDownload brand. As we all know, Spyware is a phrase within the public
conscience that has a specific meaning. A classification of Spyware is usually reserved for those
programs that not only have the ability to scan an end- user's computer, but also seek to remain
unnoticed or hidden, and also seek to gather personal information such as passwords, account
numbers, etc. of the end-user. iSearch does not fit this profile.

iSearch does not qualify as Spyware. iSearch is a toolbar that in no way attempts to
remain hidden or evade detection. Continuing, unlike Spyware, iSearch does not gather any
personally identifiable information about end users, does not collect data about the user's web
usage, does not collect any information entered into web forms, does not share information with
third parties, does not send or cause to be sent unsolicted e-mail, and does not install items such
as dialers on the end user's computer.

We would request that you correct your disseminated materials immediately to remove
any reference to iSearch as Spyware, Foistware, or Malware. To the extent you fail to remedy
your improper disparagement of the iDownload brand on or before February 15, 2005, we will
take all necessary action against your company to protect iDownload from your continuing
tortuous conduct. Should you have any questions regarding the foregoing, please feel free to
contact me.

Best Regards,

Mark D. Hopkins

We (CastleCops) have retained counsel and are currently evaluating our options. Please stay tuned for details as they develop. This article will also be updated at those times.

Recently we received a letter from a law firm titled "Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload". We retained counsel to evaluate our options and last night sent our reply which will be quoted in full below.

There has been a public outcry over such a "cease and desist" letter as it has come to be known in the online communities. However, it appears that CastleCops is not the only recipient of such a letter.

Suzi at SpywareWarrior Blog also received one.

DSLR links removed due to [color=blue]censorship by DSLR of my posts, I'll not have any referrers back to them[/color] A news article was published there yesterday as well, Marketers Try to Silence Spyware Critic.

Wayne Porter of ReveNews wrote about
Deceptive Is as Deceptive Does, where he posted no less than 18 links to articles describing what he calls “savage behavior”.

Wilders Security Forum has a thread going as well, and one user (Key-U) posts the details of his installation of iSearch.com’s toolbar.

And now onto the full text of our response...

Re: Settlement- Not Admissible for Any Purpose Pursuant to CA Evidence Code § 1152
Our File No. CY757-515

Dear Mr. Hopkins:

I write you on behalf of my client ComputerCops, LLC regarding the letter you sent on
February 10, 2005 in which you alleged that the castlecops.com website has disseminated
information improperly disparaging the iDownload/iSearch brand. I have spoken with officers of the
company about the allegations made in your letter and they have stated clearly that they have not
made or published any statement which can be said to disparage the iDownload/iSearch brand. My
client has asked me to contact you in the hope that this matter can be resolved outside the courtroom
through a dialogue between ComputerCops and iDownload/iSearch.

Contrary to the assertion made in your February 10 letter that, “spyware has a well known
meaning within the public conscience that has a specific meaning,” spyware is actually capable of
many definitions. In fact, there is no universal definition of spyware, nor is there a well known
meaning within the public conscience. Nevertheless, it appears that software disseminated by
iDownload/iSearch would likely be regulated as illegal in California under California Business And
Professions Code Sections 22947-22947.6 otherwise known as the Consumer Protection Against
Computer Spyware Act.

A cursory search of the Internet reveals that the iDownload/iSearch brand has quite a
controversial image to be sure:

http://abcnews.go.com/Technology/Silico ... 522&page=1

In addition, Symantec, Lavasoft, Computer Associates, Spyware Warrior, Spyware Blaster,
and Doxdesk, to name a few, report that the iSearch toolbar, published by iDownload is spyware
(see links below). This information is publicly available and was obtained in a manner of minutes
using the iDownload “brand” as a search term.

It is clear that the issue of whether or not iDownload distributes spyware is a controversial
one which is a matter of public interest and any discussion or publication of web page links referring
to this controversy cannot be damaging to the iDownload brand.

In short, ComputerCops categorically disagrees with your letter, but remains willing to listen to
iDownload’s side of the story and offers further to allow iDownload a public forum on the
castlecops.com web site in which to respond to the questions raised in many circles about iDownload
distributing spyware.

This is ComputerCops final good faith attempt to resolve an uncomfortable matter in an
amicable manner. Should iDownload fail to respond to this letter before March 15, 2005,
ComputerCops, LLC will take any and all legal measures necessary to protect its rights.

Very truly yours
BENJAMIN Z. RICE

In response to the Cease & Desist letter I received from iDownload/iSearch, I sent the following response.


Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownload

Dear Mr. Hopkins:

This letter is in response to your letter to Domains by Proxy dated February 10, 2005 wherein you named several domains, including http://www.netrn.net, and requested that any reference to iSearch as malware or spyware be removed.

I have done a thorough search of my site and found only the following references to iSearch:

1.
This link contains a list of updated definitions as published by Lavasoft, the makers of Ad-Aware. The original list is posted here:
http://www.lavasoftsupport.com/index.ph ... ntry238929

2.
Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:

http://www.lavasoftsupport.com/index.ph ... ntry231561

3. http://netrn.net/spywareblog/archives/2 ... e-updates/
Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:

http://www.lavasoftsupport.com/index.ph ... opic=24278

4. http://netrn.net/spywareblog/archives/2 ... er-update/
This page contains a listing of newly added definitions to SpywareBlaster, which can be found here:

http://www.javacoolsoftware.com/spywareblaster.html

You will note that I made no personal comments about iSearch or any of the other items in the lists. I merely copied information that was posted elsewhere If you have a complaint with your product being listed and targeted by Lavasoft and Javacool Software, you should contact them directly.

You also stated:
“Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,

“iSearch “Desktop Search” hijacker….”
“iSearch is unidentified malware….”

That is simply untrue; I made no such statements anywhere on the netrn.net domain. Moreover, even the program update notices described above that were reproduced on my web site include no such statements—they merely list the name of your company’s programs. If you will insist that such statements are included on my web site, please supply URLs for the pages you believe include those statements.

Should you decide to pursue a complaint against my site, perhaps you should be aware of the California anti-SLAPP legislation:

http://caselaw.lp.findlaw.com/cacodes/c ... 25.16.html
http://www.thefirstamendment.org/antisl ... enter.html

The Cease & Desist letter you sent to me as well as any further complaints to me will be submitted to ChillingEffects.org for review and publication:

http://www.chillingeffects.org/

In summary, after reviewing my site, I have concluded that your allegations and requests are based on inaccurate, false information and are thus completely unwarranted and utterly without merit.

Yours truly,

Suzi

This story continues to spread on the web. I’ve been meaning to update the links here, but life got in the way. Thanks to eveyone for the support, comments and trackbacks to the blog.

Here’s some additional links:

http://www.techweb.com/wire/security/60403277
Spyware Warrior and Castle Cops are mentioned in the lower portion of the article.

http://www.dslreports.com/shownews/60722

The Inquirer carried the story: http://www.theinquirer.net/?article=21415

P2pnet.net has some good comments. http://p2pnet.net/story/4001

Here’s a great write-up by Wayne Cunningham of Download.com.
IDownload hires a lawyer


While adware makers such as WhenU and 180Search try to play nice and reenter decent society, spyware vendor IDownload.com, which also operates under the name ISearch.com, tried to silence its critics. The company hired an, in my opinion, unscrupulous lawyer to send out cease and desist letters to Web sites such as Castle Cops and Spyware Warrior, telling them not to call the ISearch toolbar spyware. This lawyer, Mark D. Hopkins, doesn’t appear very competent, as Spyware Warrior points out that she did not actually refer to ISearch as spyware on her site. This attempt to silence critics of spyware is so ill-founded as to be laughable. It’s pretty easy to send out a cease and desist letter; all you have to do is type. Actually learning something about the law is a lot harder.

iDownload’s itinerary by Zhen-Xjell.


The Internet has been buzzing with the keywords iDownload and iSearch the past week. There exists a great deal of talk all over the web, and it is mind boggling trying to read it all. I’ll try to put everything into this article, sort of a encyclopedia of all the comments, or an itinerary of iDownload. The public has provided a lot of information and much of the links supplied were returned by querying search engines for ‘idownload’ or ‘isearch’. Lets begin.

BlogCritics weighs in. Spyware: First, infect all the lawyers….

Tales Of Horror: The iSearch Toolbar from The Abusive Hosts Block List.

Kye-U started a website to track the tale of iDownload and iSearch, including an illustrated example and analysis of iSearch’s download and installation.

JD asks Are you keeping up with the iDownload/iSearch spyware controversy? He also created a poll at VirusIntel.com; see the left side column.

From Donna’s Security Flash: re: CastleCops.com and Spyware Warrior was asked to correct the what?

Alex Eckelberry, president of Sunbelt Software, makers of CounterSpy, posts about receiving a Cease & Desist letter from iDownload as well, and says they responded with a 16 page letter detailing iDownload’s practices. The letter is not posted at this time, but Alex says it might be in the future.

Tales Of Horror: The iSearch Toolbar

With iDownload threatening various anti-spyware authors and security sites, we at the AHBL are in the mood to talk about our experiences with the iSearch toolbar and what it did to a machine owned by one of our users.

Before we begin, let us point you to some great articles on just how malicious the iSearch toolbar is, from other people's experience (Links: ABCNews, Spyware Guide, DSLReports, Benjamin Edelman, Wilders Security Forums, ReveNews). These sites give a great reading on the toolbar and what other people have gone through just to make this bastard of a program go away.

Now, we fully expect iDownload to threaten us and send us a C&D for posting this article. The AHBL takes abuse on the Internet very seriously, and will not let companies bully us into taking down the truth. If iDownload wishes to dispute the fact that their product is spyware, they are welcome to dispute any of our findings here with solid evidence and not just threats of lawsuits.

We are not afraid, nor do we run and hide in the face of a challenge.

It all started about a week ago with a call from one of our users, who was reporting that she was seeing an unusual toolbar on her screen. Every attempt to remove it had failed, and none of her anti-spyware programs were functioning (except for Microsoft Antispyware) anymore. Every time she attempted removal, the program would forcefully reinstall itself on reboot.

Using our remote control toolkit (consisting of either VNC or TB2k from Netopia), we started doing remote cleaning (easier said then done). Scans with Ad-Aware showed no spyware installed, while Spybot S&D would crash one of the critical system processes and force a shutdown. Microsoft Antispyware would attempt to remove iSearch, only to have it wedge itself in on reboot, undoing everything done previously.

Using HijackThis, we managed to get a good idea of the way iSearch was doing its dirty deeds. With help from this site, we tracked down the toolbar dll files and the misc droppings it leaves behind on the system. We then used CWShredder, an excellent program that can wrestle allot of the most notorious toolbars out of the system. All was looking good until reboot, and once again the toolbar was back, but this time, Microsoft Antispyware was able to block it from putting the toolbar back in.

Step one complete! But, now we had another problem - how to fully remove it from the system so that it would quit trying to run itself on startup. Checking the installed ActiveX controls showed nothing, as did checking the Startup registry keys (both user and system).

On a whim, we tried the iSearch Toolbar's uninstaller (we refuse to put the link to it here, for which you'll understand in a moment). Perhaps the worst mistake we made - the uninstaller seemed to 'remove' it, but instead, it tried to force the toolbar on the system yet again (Thankfully, Microsoft Antispyware stopped it). Poof went the system, and it forcefully rebooted itself while we were busy documenting what had happened so far. On reboot, the toolbar was back.

Frustrated, we decided to reinstall all of our antispyware programs. Once we had Ad-Aware installed, we discovered that doing a smart scan was pointless - it wasn't removing the startup program that was reinstalling the toolbar. After the 45 minute full scan of the machine, Ad-Aware had located a group of files installed in various locations, including temp directories. Once Ad-Aware had safely removed iSearch, we rebooted.

For the first time that day, the machine started without the iSearch toolbar trying to install. Success! A full scan in all of our other free antispyware tools we had on hand showed no traces remaining.

Unfortunately, the damage that was done to the machine because of the iSearch toolbar was severe - Norton Antivirus refused to work anymore, and we were having problems with various programs that relied on digital signatures to verify their program binaries. This was mostly due to damage to the Windows certificate store (the machine is unable to verify legit signatures anymore, and occasionally has problems visiting SSL enabled websites).

A review of the day produced the following overview:

Time spent on cleaning the machine: 6 - 7 hours.

Results of using the uninstaller: Nil - program forcefully reinstalled itself AFTER running the uninstaller

Programs needed to extract the toolbar: Ad-Aware, Microsoft Antispyware, HijackThis, CWShredder

How this toolbar got installed: Unknown, though most likely cause is either using a driveby-download ActiveX control/exploit, or using the newly discovered Windows Media Player DRM exploit.

Total damage done to machine: Severe, even after fully removed, certain parts of the system refuse to function correctly:

1. Norton Antivirus refuses to function anymore due to inability to verify digital signatures on the main Norton Antivirus exe files. Reinstall does _not_ help, as the problem appears to be with the Windows certificate store.

2. Ad-Aware was crippled completely, changed to hide the results of the scans to prevent proper removal. Reinstall fixes this.

3. Spybot S&D was crippled completely, and would cause critical system processes to crash, forcing the machine to reboot. Reinstall fixes this.

4. Machine performance was severely degraded, Internet Explorer randomly crashing. Problem went away once iSearch Toolbar was removed.

5. Windows certificate store damaged, system is no longer capable of verifying digital certificates on binaries. This directly affects Norton Antivirus. Reinstall of Windows XP SP2 did not help, and system now has problems viewing some SSL sites.


So yes, iSearch toolbar is one of the worst pieces of malware/spyware/adware we have ever seen. After reviewing the iSearch toolbar agreement, we see these lovely lines which explain why all of our removal tools were crippled:

2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.

By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.

In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer.


Apparently, iDownload likes to give itself the right to make whatever changes it wants to your system to ensure that its program isn't disabled/removed.

We at the AHBL have therefore, with the above information, make the following opinions about iSearch Toolbar:

iSearch Toolbar is Spyware
iSearch Toolbar is Adware
iSearch Toolbar is Malware

iSearch Toolbar does everything in its power to prevent removal, including crippling and damaging the system and other programs to accomplish this goal.


Like we've said in the article previously, if iDownload wishes to dispute our findings, they are welcome to, and we actually would like them to clarify and point out to us exactly why we got the results we did while trying to remove the iSearch toolbar, that was installed without the knowledge of the person who owns the computer in question.

The AHBL prides itself on being accurate, and will make any necessary corrections to this article to ensure that.

CastleCops recently received a letter from iDownload claiming that we incorrectly classified ISearch\IDownload as Spyware and demanding that we remove them. Interestingly enough we were given a 5 day window to comply with their demand, but we didn't actually receive it until the 6th day. Brian Livingston's published an article regarding the cease and desist letters being sent out by iDownload, indicating not only did CastleCops, Spywarewarrior, Spyware Guide and SunBelt Software all receive similar letters, but the CEO of iDownload is calling the campaign a "success"?

CastleCops subsequently responded to iDownload but we were not the only ones. Suzi from Spywarewarrior also posted her reply publically in her blog and now Alex Eckelberry President of Sunbelt Software has also made their reply publicly available.

I find myself asking the question what exactly does Mr. Gilbert consider success? Does it fall into a similar category of "acceptable loss" or "collateral damage"?

Since the threat tactics of iDownload were made public, their practice and products and choice of attorney have been under scrutiny, by the security community and public at large. There have been a number of questionable things uncovered by individual sources, like the unauthorised use of ICSA Certification published at Edbott.com

I don't understand how what they are doing or have been doing can be called a success. Perhaps that is because we at CastleCops measure our success in relation to Our Vision. Maybe it is because we value above all things integrity, or because we believe in doing the things we do and helping the people we do because it is the right thing to do. Our success and that of the Anti-Spyware/Security community is measured in the number of people who are freed from the applications they don't wish to be on their systems. It is measured by the people we help to educate on how to protect themselves, their systems and their families.

Since CastleCops publically shared with the community that we received a letter from iDownload demanding we reclassify their software, several other sites have also stepped forward indicating that they have been sent the same kind of letter including: Spywarewarrior, Spyware Guide, and Sunbelt Software. We believe in information sharing and ensuring the community is aware of the latest trends and threats in the world of Security/Anti-Spyware, which is why we decided to publish not only the iDownload letter to us, but our response to iDownload because we feel it is necessary to educate the public on the kind of tactics and pressures being used against the Anti-Spyware community.

Yesterday we received a response via Fax from iDownload's attorney Mark D Hopkins, of Savrick Schumann Johnson McGarr Kaminski & Shirley.

March 7, 2005

Benjamin Z. Rice Via CMRRR
Law Offices of Benjamin Z. Rice
P.O. Box 1206
Pleasanton, CA 94566

Re: ComputerCops, L.L.C's Improper Classification of iSearch Product
File Number: CY757-515

Dear Mr. Rice:

Thank you for your recent correspondence regarding iDownload and its software product,
iSearch. As we are both aware, a lively internet debate currently exists over the functionality of
the iSearch program, as well as the questionable classification of iSearch as malware, spyware,
etc., by various security companies. As counsel for iDownload, our goal is singular in purpose,
that being to assist iDownload in correcting the current dissemination of incorrect information
surrounding iSearch.

We recognize that much scrutiny exists with respect to our actions, and that we may be
perceived by some in the internet community as being on the wrong side of the ongoing fight
against "internet malfeasance." This perception is contrary to reality. We are currently engaged
in an open dialogue with several large security firms, with the end goal being to reach a
consensus as to the proper characterization of iSearch. We trust that you will conform your
published materials, as we previously requested, once some of the industry leaders analyze
iSearch more thoroughly and release their classification of iSearch.

Please do not hesitate to contact me if you have any questions about the foregoing.

Best Regards,
Mark K.Hopkins

Intially we offered iDownload the opportunity to come into our forum and answer some questions from the public about their product iSearch, in order to be fair and eliminate any possible confusion about what the product does or does not do. To date they have not taken us up on that offer. Our position remains the same now as it always was concerning iSearch.

This was posted by Eric Howes tonite:


I should explain that that one PDF file actually contains two different documents:

1) a white paper titled "Alleged Improvements to 180solutions' Software" (pp. 1-28 ) -- this document includes screenshots and is based on the second document in the PDF;

2) a write-up on 180solutions (pp. 29-55) -- though it comes second in the PDF, this was actually written first; it is a bit more thorough than the white paper.

Given that the first document is based on the second, you'll find quite a bit of overlap. You'll also find that the second document contains quotes from 180 itself that aren't included in the first.

For those who are interested in jumping to the juicy bits, see these pages from the white paper:

pp. 9-10, 18-26

For the same material in the write-up (2nd document):

pp. 35-36, 45-50

And to see how 180 gets assessed under Sunbelt's listing criteria, see:

pp. 50-53

Note, pagination refers to the internal pagination of the document, not the pagination assigned by Adobe Acrobat Reader.


Best,

Eric L. Howes

There’s a lot in this writeup, but as Suzi of Spyware Warrior Blog pointed out, the areas that are probably most interesting to people are on pages 9-10 and and 18-26.

Here’s the quick and dirty:

As part of 180’s COAST certification, 180 agreed to a “CBC Force Prompt”. This feature is designed to alert users to the installation of 180’s software.

This prompt is shown when a certain registry key is set to “0”. If it’s set to “1”, there is no prompt.

This is a serious weakness in the 180 installer. It is trivially easy for a rogue affiliate to simply set the value to 1, and the 180 install sails through, with the end-user none the wiser.

However, it appears that 180solutions is itself electing to bypass the "CBC Force prompt" in order to avoid alerting users to the installation of 180's software, and the implications of this are serious.

Sunbelt observed several installations of older versions of the 180search Assistant in which that software was updated to the latest version. After older versions of the 180search Assistant were "stealth-installed" via a Windows Media Player file and via a Java applet at lyricsdomain.com, that software called out to 180's servers, and downloaded and installed the latest, COAST-certified version of the 180search Assistant.

This behavior is especially disturbing because many of the installations that 180solutions is silently updating through this method are the possible products of "force-installs" of 180's software of users' PCs, where those users received no notice or warning whatsoever of the 180search Assistant.

Instead of alerting users to the presence of 180's software on their systems, 180 is updating those older software installations and versions to the latest 180search Assistant, allowing 180 to continue deriving economic benefit from those installations, entirely contrary to its publicly stated intention to clean up its distribution channels.

Alex Eckelberry

iDownload, the company responsible for a toolbar known as iSearch, has resorted to threatening to file lawsuits against several web sites that categorize the software as spyware or malware. Claiming that their brand has been disparaged falsely, iDownload is demanding that these web sites remove any material which labels iSearch as malware, foistware or spyware.

Is iSearch malware? Yes, it is. And I can prove it.



Among the dozens of programs that could be installed by way of these trojans is the iSearch toolbar. If you run one of these trojans, it will pop up a license window which loads a page prepared by iDownload. That will load an ActiveX applet which attempts to install iSearch. If your security settings are configured properly, you will see a security warning asking your permission to install software. This security dialog claims to be a required update to "Media Player 9". In fact, it has nothing to do with Media Player but is really iSearch software from iDownload. You can see an example of this security warning pop-up at DSLReports.

The security pop-up is intentionally misleading. It is designed to trick the user into thinking they are installing some sort of update for Windows Media Player. Since the process that leads up to this security warning is the playing of a file in Windows Media Player, no doubt many people would be fooled into installing it. This behavior, on its own, is malicious.

If you are unfortunate enough to be fooled into installing iSearch, your computer undergoes one of the most serious hijacks I have ever witnessed. There are three different pieces of software from iDownload with which you may end up. A single piece of iDownload software might not exhibit all of the behaviors listed below, but between the three, these are the behaviors you may encounter.

1.) Your Internet Explorer home page is changed to isearch.com. You cannot change the home page to point it to any other web site while the software is installed.

2.) If you mistype the name of a web page and the web site's server returns an error, instead of seeing the error message, you are redirected to isearch.com. You cannot change this behavior while the software is installed.

3.) The software will begin launching a barrage of pop-up and pop-under ads.

4.) The software will store logs of your web surfing habits.

5.) The software will connect to iDownload servers to download and install updates to itself. It also may install completely unrelated software from other adware and/or spyware companies. Further, it may also scatter icons all over your desktop.

6.) The software may disable competing adware software. While that in itself is not such a bad thing, disabling some of those adware programs may render inoperable the programs they are "sponsoring". For instance, if Cydoor adware is disabled, KaZaa stops working.

7.) There have been numerous reports of antivirus and antispyware software being disabled by iSearch. I haven't seen this for myself but there are numerous reports of it.

8.) If you try to delete the files involved with iSearch, the software will reinstall itself. If you run the company's uninstaller, rather than uninstalling the software, it simply reinstalls anything you might have removed yourself (Sources [1][2]). This behavior is soon to be outlawed if the US House of Representatives passes the SPY ACT. So not only is it malicious, it also soon will be illegal.

iDownload knows that if they actually were to take an antispyware web site owner to court, they would lose the trial. It would be a simple matter to demonstrate the behavior of this software. I have no doubt that any judge and/or jury would agree that the software is malicious and deserves the label of "malware". This explains why all of the sites that have received these threats are independent sites run mainly by volunteers. Even when you are right, it still costs anywhere from $10,000 to $12,000 to prove it in court.

There is a difference between SpywareInfo and most other antispyware sites. The difference is that SpywareInfo makes money. Between the loyal readers of this newsletter who buy the products promoted here and the grateful former spyware victims who send donations through Paypal or by mailing checks, SpywareInfo has the resources to face any threat to its existence.

You may remember last year that a powerful denial of service attack was launched against SpywareInfo. For a brief period, the site was gone. Then, three weeks later, SpywareInfo came back to the web and it has stayed ever since. This was accomplished through the purchase or rental of nearly a dozen redundant web servers. The attackers tried for months to knock down the site. When they realized that I had more resources to fight them than they had to fight me, they finally gave up. There hasn't been a serious attack on the site for several months.

iSearch is malware. This is easily demonstrated. Any sane jury would agree once they see the demonstration. Simply put, I have more than enough resources to fight a frivolous lawsuit. I have more than enough evidence to win a lawsuit. If iDownload wants to challenge my statements in court, the mailing address is PO Box 2378, Reidsville, GA USA 30453.