SpywareInfo Home
Open letter to Anti-virus vendors

Mike Healan
http://www.spywareinfoforum.info/

I would like to make an open request to all anti-virus vendors.

Stick to detecting actual viruses.

I have an html editor made by Evrsoft called 1st Page. It's a very good editor that is very easy for a beginner to use, and it doesn't teach the bad habits you get from a WYSIWG editor. Included with the program are several pre-made javascripts, one of which has inexplicably become a target for a number of anti-virus products.

A few months ago, I updated my anti-virus program (AVG by Grisoft) with a new target database file. Ever morning since then, it has detected a "js/loop" virus in a file called "six buttons from hell.izs." And quite frankly, I'm sick of it.

I have AVG set to scan the computer while I'm asleep, and every single morning I wake up to find that it has detected js/loop in my html editor. Every morning I have to set my teeth against the loud, obnoxious warning sound that accompanies the warning box that appears whenever I tell it to ignore the "virus" it has detected.

Sadly, I can't make AVG place this file on the ignore list permanently. I guess that's only available in the paid version, which I don't have. Why would I want to ignore a virus? That's the thing. I wouldn't. If it were really a virus that might cause harm, I'd let it delete it and be done with the situation. However, "six buttons from hell.izs" is not a virus.

"Six buttons from hell" is a template file used only by 1st Page that pastes six pre-made javascripts into a template of a web page. Those javascripts are extremely annoying. One of them will launch an endless loop of pop up windows that can't be stopped without logging out of Windows. Any webmaster that actually uses these scripts on his or her site without warning visitors what they'll do should be dragged through the streets naked and beaten to death by an angry mob. However, this annoying prank is not caused by a virus.

If you use it exactly as intended, all it does is paste some very simple javascripts into a pre-made web page template. It even warns right there on the page it generates what it is going to do. "[Everything in here will KILL your browser]".

If you use this 1st Page program and your anti-virus tries to tell you that you are infected with a virus in "six buttons from hell.izs", it is lying. There is no infection in that file. It does not replicate itself. It does not travel from computer to computer. It sits in its folder doing absolutely nothing. I would urge you to write to your anti-virus maker and ask them to remove that file as a target, because it does not belong there.

I wrote to Grisoft and asked them to remove this file from their database, and they had the nerve to write back telling me that it is a trojan, and that I should be asking why a "serious" software would include a trojan. How is it a trojan? It is a simple text file that can't be executed. It's not even a proper javascript or vbscript.

A trojan is any software masquerading as benign software that will allow one user to control another user's computer across a network using a "client/server" arrangement. Text files do not operate as servers. Grisoft can't tell the difference between a trojan and a text file?

This whole situation is outrageous. This isn't even a false positive; those are done accidently. This is a deliberate decision to target a file that is 100% harmless. At worst, it might be used to create an annoying prank.

We can't get anti-virus companies to target advertising spyware and they only target a very few browser hijackers. Their argument is that because there is a click-through license agreement, what this garbage does is ok. At the same time, they deliberately seek out this harmless file included in a perfectly legitimate HTML editor. This makes sense to someone?

Last year, AV companies actually refused to target an email worm when it first appeared because it popped up a license before rifling through your address book to send itself to all of your contacts. Consumers were stuck with $50 worth of anti-virus software that sat useless as a virus sent itself to all of their friends and family. Thank goodness the anti-spyware companies stepped in to protect the consumers that the AV people left defenseless.

If these companies won't detect what common sense says is a legitimate target, why then do they target this file from Evrsoft? Is the 1st Page license not phrased to their liking? Perhaps Evrsoft should hire the people who wrote the license agreement for the friendsgreeting email worm to write their's since these very same companies ignored it for so long.

Perhaps they target it to prevent it being from used maliciously? If that's the case, then why not expand the scope of it? Visual Basic Studios, Delphi, and Borland are all used to create real viruses, so why not target them as well? For that matter, why not target Notepad since it can be used to write these javascripts? It would make exactly as much sense.

This content was originally going to be included in the April 17, 2003 Spyware Weekly Newsletter, but was cut from the final draft.

SUBSCRIBE
TO THE
SPYWARE WEEKLY!

Email Address

Site Search
Search this web site using Google.com

Site Navigation

About SpywareInfo
Contact us
Downloads Page
Latest Virus Alerts
Links Page
Privacy Policy
Support SpywareInfo
Support Forums
The Spyware Weekly


Spyware Search

Look up spyware in Spywareguide.com's spyware database
Search powered by SpywareGuide


Support SpywareInfo with PayPal - it 's fast, free and secure!
Support SpywareInfo

news.gif
Privacy News

Member of The Harvester Project

Stop Policeware

Anti-DMCA.org

Anti-TCPA



notetab

DogReader.com

XHTML

Advertising terms of use

All material on this web site is copyrighted
© 2001- 2017
by Mike Healan. ® All rights reserved.

SpywareInfo banner designed by mockie

For my bulk mailer visitors :)