ISearch\IDownload to Suzi & Castle Cops:

[TeMerc]

On the 16th of February, 2005, we received Certified Mail from the office of Savrick Schumann Johnson McGarr Kaminski & Shirley, attorneys and counselors at law, Mark D. Hopkins, Partner - Austin Office representing iDownload.com. The letter, dated February 10, 2005 begins:"Re: Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload"Rest of the letter in full quotation:

Dear Sir or Madam:        This firm represents iDownload.com with respect to your inaccurate classification ofiDownload's software product, iSearch toolbar, by referring to it as Spyware in its description.Specifically, a recent review of materials disseminated by your company, via the Internet,revealed that your company is falsely disparaging iDownload's product, iSearch, in that CastleCops f/k/a Computer Cops, L.L.C. classifies the product as Spyware and articulates that,                    iSearch is certified spyware/foistware, or other malware.        Castle Cops f/k/a Computer Cops, L.L.C.'s characterization of iSearch as Spyware isdamaging to the iDownload brand. As we all know, Spyware is a phrase within the publicconscience that has a specific meaning.  A classification of Spyware is usually reserved for thoseprograms that not only have the ability to scan an end- user's computer, but also seek to remainunnoticed or hidden, and also seek to gather personal information such as passwords, accountnumbers, etc. of the end-user. iSearch does not fit this profile.        iSearch does not qualify as Spyware.  iSearch is a toolbar that in no way attempts toremain hidden or evade detection.  Continuing, unlike Spyware, iSearch does not gather anypersonally identifiable information about end users, does not collect data about the user's webusage, does not collect any information entered into web forms, does not share information withthird parties, does not send or cause to be sent unsolicted e-mail, and does not install items suchas dialers on the end user's computer.        We would request that you correct your disseminated materials immediately to removeany reference to iSearch as Spyware, Foistware, or Malware.  To the extent you fail to remedyyour improper disparagement of the iDownload brand on or before February 15, 2005, we willtake all necessary action against your company to protect iDownload from your continuingtortuous conduct.  Should you have any questions regarding the foregoing, please feel free tocontact me.                                                                              Best Regards,                                                                              Mark D. Hopkins

We (CastleCops) have retained counsel and are currently evaluating our options. Please stay tuned for details as they develop. This article will also be updated at those times.

=====================================================================From Suzi's Spyware Warrior Blog:

Today I received a letter forwarded by Domains by Proxy, my domain registrar’s private registration partner – a letter from the law firm Savrick Schumann Johnson McGarr Kaminski & Shirley attorneys and counselors at law, Mark D. Hopkins, Partner – Austin Office representing iDownload.com. The letter, dated February 10, 2005, is quoted in full here:

Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownloadDear Sir or Madam:  This firm represents iDownload.com with respect to your inaccurate classification of iDownload’s software product, iSearch toolbar, as Malware on the following four websites:        (1) domain blacked out        (2) domain blacked out        (3) www.netrn.net        (4) domain blacked out  Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,      iSearch “Desktop Search†hijacker….      iSearch is unidentified malware…. Domains by Proxy, Inc.’s characterization of iSearch as Malware is damaging to the iDownload brand. As we all know, Malware is a phrase within the public conscience that has a specific meaning. A classification of Malware is usually reserved for those programs designed specifically to damage or disrupt a system, such as a virus or a Trojan horse, iSearch does not fit this profile.    iSearch does not qualify as Malware. iSearch is a toolbar that in no way attempts to remain hidden or evade detection, Continuing, unlike Malware, iSearch does not gather any personally identifiable information about end users, does not collect data about the user’s web usage, does not collect any information entered into web forms, does not share information with third parties, does not send or cause to be sent unsolicited e-mail, and does not install items such as dialers on the end user’s computer.    We would request that you correct your disseminated materials immediately to remove any reference to iSearch as Malware or Spyware. To the extent you fail to remedy your improper disparagement of the iDownload brand on or before February 15, 2005, we will take all necessary action against your company to protect iDownload from your continuing tortuous conduct. Should you have any questions regarding the foregoing, please feel free to contact me.                                                                                Regards        Mark D. Hopkins

As owner of this domain, netrn.net, the home of this blog, I am currently obtaining legal counsel and evaluating my options. I will post additional details as they develop. Interestingly enough, I’m not the only site in the anti-spyware community to receive such a letter from Mr. Hopkins. CastleCops.com published an article yesterday revealing they received a nearly identical letter.

[Marsden11]

All you have to do is state that your belief is your opinion and thus it falls under protected speech.Protected speech can not be used as grounds for torturous restraint of trade.I once had to register a domain name for ATTcablesucks.com. They had been jerking me along for over 6 months when I finally had had enough. I registered the domain and put up a simple web page that stated my opinion that Att Cable was the worst service on the planet and invited other pissed of ATT Cable users to post their complaints.I contacted a ATT Cable rep (Director of Communications) in Colorado by email on a Friday night. On Monday, there were 5 ATT Cable trucks stringing new cable on my street. Problem solved...

Edited February 23, 2005 by Marsden11

[TeMerc]

Recently we received a letter from a law firm titled "Incorrect Classification of iDownload's Product as Spyware & Related disparagement of iDownload". We retained counsel to evaluate our options and last night sent our reply which will be quoted in full below.There has been a public outcry over such a "cease and desist" letter as it has come to be known in the online communities. However, it appears that CastleCops is not the only recipient of such a letter.Suzi at SpywareWarrior Blog also received one.At DSLReports.com there is a thread, now 3 pages in length, titled Silencing the Critics: ISearch/IDownload. A news article was published there yesterday as well, Marketers Try to Silence Spyware Critic.Wayne Porter of ReveNews wrote about Deceptive Is as Deceptive Does, where he posted no less than 18 links to articles describing what he calls “savage behaviorâ€. Wilders Security Forum has a thread going as well, and one user (Key-U) posts the details of his installation of iSearch.com’s toolbar.And now onto the full text of our response...

Re: Settlement- Not Admissible for Any Purpose Pursuant to CA Evidence Code § 1152Our File No. CY757-515Dear Mr. Hopkins:I write you on behalf of my client ComputerCops, LLC regarding  the letter you sent onFebruary 10, 2005 in which you alleged that the castlecops.com website has disseminatedinformation improperly disparaging the iDownload/iSearch brand. I have spoken with officers of thecompany about the allegations made in your letter and they have stated clearly that they have notmade or published any statement which can be said to disparage the iDownload/iSearch brand.  Myclient has asked me to contact you in the hope that this matter can be resolved outside the courtroomthrough a dialogue between ComputerCops and iDownload/iSearch. Contrary to the assertion made in your February 10 letter that, “spyware has a well knownmeaning within the public conscience that has a specific meaning,†spyware is actually capable ofmany definitions.  In fact, there is no universal definition of spyware, nor is there a well knownmeaning within the public conscience. Nevertheless, it appears that software disseminated byiDownload/iSearch would likely be regulated as illegal in California under California Business AndProfessions Code Sections 22947-22947.6 otherwise known as the Consumer Protection AgainstComputer Spyware Act. A cursory search of the Internet reveals that the iDownload/iSearch brand has quite acontroversial image to be sure:http://abcnews.go.com/Technology/SiliconIn...id=99522&page=1 In addition, Symantec, Lavasoft, Computer Associates, Spyware Warrior, Spyware Blaster,and Doxdesk, to name a few, report that the iSearch toolbar, published by iDownload is spyware(see links below). This information is publicly available and was obtained in a manner of minutesusing the iDownload “brand†as a search term. It is clear that the issue of whether or not iDownload distributes spyware is a controversialone which is a matter of public interest and any discussion or publication of web page links referringto this controversy cannot be damaging to the iDownload brand. In short, ComputerCops categorically disagrees with your letter, but remains willing to listen toiDownload’s side of the story and offers further to allow iDownload a public forum on thecastlecops.com web site in which to respond to the questions raised in many circles about iDownloaddistributing spyware.  This is ComputerCops final good faith attempt to resolve an uncomfortable matter in anamicable manner. Should iDownload fail to respond to this letter before March 15, 2005,ComputerCops, LLC will take any and all legal measures necessary to protect its rights. Very truly yours BENJAMIN Z. RICE

Internet Resources on ISearch http://securityresponse.symantec.com/avcen...re.isearch.htmlType: SpywareBehavior: Spyware.ISearch is an Internet Explorer Browser Helper Object and functions as atoolbar. It is a search hijacker and also tracks user activity on a remote server at isearch.com.SymptomsOne or more files are detected as Spyware.Isearch.TransmissionThe ISearch toolbar can be manually installed through ActiveX installers, or it comes bundledwith other software.http://www.edbott.com/weblog/archives/000340.htmlhttp://www.tenebril.com/src/info.php?id=431726676http://www.spywareguide.com/product_show.php?id=732# Adds other software# Shows ads# Changes browserDanger Level: 6"http://netrn.net/spywareblog/archives/2004...blaster-update/http://www.doxdesk.com/parasite/Pugi.htmlhttp://doxdesk.com/parasite/ILookup.htmlhttp://www.doxdesk.com/parasite/rogues.htmlhttp://windowsxp.mvps.org/ie/lockedbars.htmIsearch is listed as "Rogue/Suspect Anti-Spyware Products" at Eric Howes list:http://www.spywarewarrior.com/rogue_anti-spyware.htm "SpywareAvenger spywareavenger.com idownload.com no trial version locatable; company is known adware distributor (1); "strict no-refund policy"; advertises through adware (1); "negative option" coupled w/ outrageous pricing [A: 9-22-04 / U: 12-28-04]" http://www.kephyr.com/spywarescanner/libra...rch/index.phtml http://www.sysinfo.org/startuplist.php?filter=isearch http://www.infopackets.com/gazette/20040420.htm Title: Remove / Uninstall iSearch toolbar? Excerpt: "Although many would disagree, the iSearch web site claims that their toolbar is not Spyware because it "in no way tracks you or the web sites that you visit." (Source: iSearch.com FAQ). Instead, iSearch intrudes on your browsing sessions by invoking ad-related activity and reportedly blocks access to certain web sites.â€

[Guest LilBambi]

Good one Marsden11!Thanks so much for posting the information TeMerc!I see this morning that CastleCops is not going to take this sitting down! CastleCops - Cease and Desist letter to CC and our response

Some of you may have noticed the front page news over the last few days has been more legal then technical. CastleCops has been served with a cease and desist by the counsel for iDownload. Last night we responded to them.CastleCops Link/article-5765-nested-0-0.htmlWe believe in what we do here, and we believe that you as consumers have the right to choose what is or isn't installed on your computer, we are not the only ones who have gotten this kind of letter recently. Since we do believe those things we are not going to delist iDownload or iSearch. We wanted to give the public an opportunity to talk about this.This is your chance to send a clear message to the creators of applications like this. Let your voices be heard!

Way to go Paul, Robin!!!Posted the info it on my blog too as well as mentioning about my email to just about anyone I thought could assist, understand, get the word out.

[TeMerc]

Suzi Responds to ISearch\IDownload:

In response to the Cease & Desist letter I received from iDownload/iSearch, I sent the following response.Re: Incorrect Classification of iDownload’s Product as Malware & Related disparagement of iDownloadDear Mr. Hopkins:This letter is in response to your letter to Domains by Proxy dated February 10, 2005 wherein you named several domains, including www.netrn.net, and requested that any reference to iSearch as malware or spyware be removed.I have done a thorough search of my site and found only the following references to iSearch:1. This link contains a list of updated definitions as published by Lavasoft, the makers of Ad-Aware. The original list is posted here:http://www.lavasoftsupport.com/index.php?s...=0entry2389292. Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:http://www.lavasoftsupport.com/index.php?s...=0entry2315613. http://netrn.net/spywareblog/archives/2004...-aware-updates/Again, this link contains a list of updated definitions as published by Lavasoft on their forum here:http://www.lavasoftsupport.com/index.php?showtopic=242784. http://netrn.net/spywareblog/archives/2004...blaster-update/This page contains a listing of newly added definitions to SpywareBlaster, which can be found here:http://www.javacoolsoftware.com/spywareblaster.htmlYou will note that I made no personal comments about iSearch or any of the other items in the lists. I merely copied information that was posted elsewhere If you have a complaint with your product being listed and targeted by Lavasoft and Javacool Software, you should contact them directly.You also stated:“Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s product, iSearch, in that Domains by Proxy, Inc. classifies the product as Malware and articulates that,“iSearch “Desktop Search†hijacker….â€â€œiSearch is unidentified malware….â€That is simply untrue; I made no such statements anywhere on the netrn.net domain. Moreover, even the program update notices described above that were reproduced on my web site include no such statements—they merely list the name of your company’s programs. If you will insist that such statements are included on my web site, please supply URLs for the pages you believe include those statements.Should you decide to pursue a complaint against my site, perhaps you should be aware of the California anti-SLAPP legislation:http://caselaw.lp.findlaw.com/cacodes/ccp/425.10-425.16.htmlhttp://www.thefirstamendment.org/antislapp...urcecenter.htmlThe Cease & Desist letter you sent to me as well as any further complaints to me will be submitted to ChillingEffects.org for review and publication:http://www.chillingeffects.org/In summary, after reviewing my site, I have concluded that your allegations and requests are based on inaccurate, false information and are thus completely unwarranted and utterly without merit.Yours truly,Suzi

[Guest Paracelsus]

Saw this at MuckShifter's Forum:Petition opposing ISearch/IDownload's Cease & Desist order

[TeMerc]

From Suzi at Spyware Warrior Blog:

This story continues to spread on the web. I’ve been meaning to update the links here, but life got in the way. Thanks to eveyone for the support, comments and trackbacks to the blog.Here’s some additional links:http://www.techweb.com/wire/security/60403277 Spyware Warrior and Castle Cops are mentioned in the lower portion of the article.http://www.dslreports.com/shownews/60722The Inquirer carried the story: http://www.theinquirer.net/?article=21415P2pnet.net has some good comments. http://p2pnet.net/story/4001Here’s a great write-up by Wayne Cunningham of Download.com.IDownload hires a lawyerWhile adware makers such as WhenU and 180Search try to play nice and reenter decent society, spyware vendor IDownload.com, which also operates under the name ISearch.com, tried to silence its critics. The company hired an, in my opinion, unscrupulous lawyer to send out cease and desist letters to Web sites such as Castle Cops and Spyware Warrior, telling them not to call the ISearch toolbar spyware. This lawyer, Mark D. Hopkins, doesn’t appear very competent, as Spyware Warrior points out that she did not actually refer to ISearch as spyware on her site. This attempt to silence critics of spyware is so ill-founded as to be laughable. It’s pretty easy to send out a cease and desist letter; all you have to do is type. Actually learning something about the law is a lot harder. iDownload’s itinerary by Zhen-Xjell.The Internet has been buzzing with the keywords iDownload and iSearch the past week. There exists a great deal of talk all over the web, and it is mind boggling trying to read it all. I’ll try to put everything into this article, sort of a encyclopedia of all the comments, or an itinerary of iDownload. The public has provided a lot of information and much of the links supplied were returned by querying search engines for ‘idownload’ or ‘isearch’. Lets begin.BlogCritics weighs in. Spyware: First, infect all the lawyers….Tales Of Horror: The iSearch Toolbar from The Abusive Hosts Block List.Kye-U started a website to track the tale of iDownload and iSearch, including an illustrated example and analysis of iSearch’s download and installation.JD asks Are you keeping up with the iDownload/iSearch spyware controversy? He also created a poll at VirusIntel.com; see the left side column. From Donna’s Security Flash: re: CastleCops.com and Spyware Warrior was asked to correct the what? Alex Eckelberry, president of Sunbelt Software, makers of CounterSpy, posts about receiving a Cease & Desist letter from iDownload as well, and says they responded with a 16 page letter detailing iDownload’s practices. The letter is not posted at this time, but Alex says it might be in the future.

[teacher]

ParacelseusJust how many times did you sign it? I count several.

[Guest Paracelsus]

I was trying to find the voting "options" that Bams mentioned Here, and accidentally ended up with additional signatures. (Hopefully, I haven't invalidated the Petition). Anyway...I think Bams must have been referring to some other petition, as I never did come across the things she mentioned...and didn't see her moniker anywhere :hmm:BTW - Julia... I notice that you didn't bother to sign the petition

Edited March 1, 2005 by Paracelsus

[teacher]

BTW - Julia... I notice that you didn't bother to sign the petition

<{POST_SNAPBACK}>

It got busy at school and I wanted more time to look at it. I did not like all the info they wanted from folks. By the way, I am there now. --J

[Guest Paracelsus]

I did not like all the info they wanted from folks.

<{POST_SNAPBACK}>

:huh:Just some kind of name and an e-mail addy.Doesn't have to be your real name (lots of signers are using Web monikers)...And a valid e-mail addy (most folks have at least one "disposable" account.That's it... nothing elseno street addressno phone numbersnothingDon't know what you saw that looked like asking for a lot of personal information

[teacher]

Yes. It is just that I tend to be an honest person by nature and I had to think how to sign it that would not give everyone here my "real name". I am sure you can figure out who I am just as I knew who you were. However, I don't necessarily want my full name associated with the forum. I like a little separation so someone doesn't start calling my house blaming me for all their computer troubles. I did, however, sign it. I see they send out an email to say I signed it and I assume that is just to verify it is a legitimate person. I did use a disposable address.

[Guest LilBambi]

You are right Paracelsus!That is not the same petition. I signed the other one the day before I posted here about the oddness of the petition having to choose yes or no.This petition has none of that. I signed this one too!

I was trying to find the voting "options" that Bams mentioned Here, and accidentally ended up with additional signatures.  (Hopefully, I haven't invalidated the Petition).  Anyway...I think Bams must have been referring to some other petition, as I never did come across the things she mentioned...and didn't see her moniker anywhere  :hmm:BTW - Julia... I notice that you didn't bother to sign the petition

[Guest LilBambi]

Spyware Warrior post today!

3/1/2005Software Company Responds to iDownloadLast night I mentioned the Sunbelt Software Blog and the post there about iDownload’s C&D letter to them. This morning Alex Eckelberry posted a link to Sunbelt’s response. Read Sunbelt’s response here.This will be available for a limited time only, so if you’re interested, read it now. The 16 page letter details the practices of iDownload.Update 10:30 PM:This story continues:CastleCops has a new article: More Responses to iDownloadhttp://news.independent.co.uk/world/scienc...sp?story=615884    The problem is a company called iDownload, which offers a product called iSearch, which quite a few companies have classified as spyware or adware.    That hasn’t stopped many people and organisations, from Mr Bott to CastleCops.com (a spyware-watching website) and Symantec, one of the biggest hitters in the antivirus world, from classifying iSearch as spyware. Symantec says it “is a search hijacker and also tracks user activity on a remote server”.iDownload at DSLReports.com.This * very * interesting link was posted in the now 7 page thread there, too.http://www.broadbandreports.com/speak/print/default;12774274    Arlo Gilbert, or at least someone who claims to be him, posts regularly as “Hooper” at justblowme.com, claims a 7 digit income, and talks about all his attempts to make money running sex sites including maninpink.com, which no longer exists. He also ran clickfeel.com, another add click revenue service which also no longer is active. He brags about making lots of money off of spyware removal software, which is pretty laughable. Anyway, if this guy really is Arlo, here’s his picture:    Another guy named “wiseman” claims to be the sales director for Arlo/Hooper and their various web enterprises including idownload.com Here’s some interesting reading (warning, it’s pretty porn heavy):    http://justblowmeresources.com/interviews/wiseman.html(note – SpywareAvenger is listed on the Rogue/Suspect Anti-Spyware Programs page.)And last but not least, the story has been Slashdotted again.Spyware Critics Respond to iDownload/iSearch

You can read this and Suzi's previous responses at Spyware WarriorThe pdf from Sunbelt is a must read, IMHO.

[teacher]

Interesting. The little bit I read told me this is someone I would want nothing to do with. I would not want to meet him or touch any of his "products!"

[Guest Paracelsus]

Yes.  It is just that I tend to be an honest person by nature and I had to think how to sign it that would not give everyone here my "real name".  I am sure you can figure out who I am just as I knew who you were.  However, I don't necessarily want my full name associated with the forum.  I like a little separation so someone doesn't start calling my house blaming me for all their computer troubles. I did, however, sign it.  I see they send out an email to say I signed it and I assume that is just to verify it is a legitimate person.  I did use a disposable address.

<{POST_SNAPBACK}>

My apologies for over reacting a bit, Julia.:">I just didn't want anyone who might have read your reply, to be put off from signing the petition because they might have felt it was going to ask for a lot of personal information.I don't usually get very passionate about PC and Internet issues... but this has the potential of setting a very dangerous precedent, should ISearch/IDownload succeed.Bams - What's the URL of the other petition? Doesn't hurt to sign more than one.

[TeMerc]

Picked up this from Suzi, about Castle Cops in regards to the wonderful people at ISearch\IDownload:

CastleCops recently received a letter from iDownload claiming that we incorrectly classified ISearch\IDownload as Spyware and demanding that we remove them. Interestingly enough we were given a 5 day window to comply with their demand, but we didn't actually receive it until the 6th day. Brian Livingston's published an article regarding the cease and desist letters being sent out by iDownload, indicating not only did CastleCops, Spywarewarrior, Spyware Guide and SunBelt Software all receive similar letters, but the CEO of iDownload is calling the campaign a "success"?

When iDownload's CEO, Arlo Gilbert, called me, I asked which companies had received a cease-and-desist letter from iDownload's attorney. "It would not be in our best interest to share that list," Gilbert said.He did assert that the letter was having the desired effect. "The majority of sites we've contacted have taken down or properly classified iSearch," Gilbert stated.When asked to name some of the sites that had complied, Gilbert answered, "I'm not going to share that information. It would be shooting a gift horse in the mouth."Gilbert added, "The people who are profiting off this information and have not reclassified the information will be sued." When asked for the names of some companies that iDownload has filed suits against, Gilbert said, "We're not going to reveal it," but added that the suits were a matter of public record that could be looked up.

CastleCops subsequently responded to iDownload but we were not the only ones. Suzi from Spywarewarrior also posted her reply publically in her blog and now Alex Eckelberry President of Sunbelt Software has also made their reply publicly available. I find myself asking the question what exactly does Mr. Gilbert consider success? Does it fall into a similar category of "acceptable loss" or "collateral damage"? Since the threat tactics of iDownload were made public, their practice and products and choice of attorney have been under scrutiny, by the security community and public at large. There have been a number of questionable things uncovered by individual sources, like the unauthorised use of ICSA Certification published at Edbott.com

The company claims the product is certified by ICSA Labs. This is a prestigious honor and not lightly awarded. ICSA Labs is a division of CyberTrust, which was formed recently by a merger of TruSecure Corporation and BeTrusted. Its staff and management number some of the world’s foremost authorities on computer security and information technology. To earn ICSA Labs certification, a product must pass a series of stringent tests, and it can be removed if it fails the testing at any time. When I reviewed the list of certified products at ICSA Labs’ Web site, I did not see any mention of Virus Hunter. So I fired off an e-mail to Larry Bridwell, Content Security Programs Manager for ICSA Labs. I received the following response within three minutes: VirusHunter is NOT certified by ICSA Labs nor has it ever been submitted for testing. We have sent a letter by post requesting that the certification claim be removed.

I don't understand how what they are doing or have been doing can be called a success. Perhaps that is because we at CastleCops measure our success in relation to Our Vision. Maybe it is because we value above all things integrity, or because we believe in doing the things we do and helping the people we do because it is the right thing to do. Our success and that of the Anti-Spyware/Security community is measured in the number of people who are freed from the applications they don't wish to be on their systems. It is measured by the people we help to educate on how to protect themselves, their systems and their families.

Castle Cops

[TeMerc]

I found this link on one of the bloggers sites at the DSLR thread. His name is Kyeu

Tales Of Horror: The iSearch ToolbarWith iDownload threatening various anti-spyware authors and security sites, we at the AHBL are in the mood to talk about our experiences with the iSearch toolbar and what it did to a machine owned by one of our users.Before we begin, let us point you to some great articles on just how malicious the iSearch toolbar is, from other people's experience (Links: ABCNews, Spyware Guide, DSLReports, Benjamin Edelman, Wilders Security Forums, ReveNews).  These sites give a great reading on the toolbar and what other people have gone through just to make this ******* of a program go away.Now, we fully expect iDownload to threaten us and send us a C&D for posting this article.  The AHBL takes abuse on the Internet very seriously, and will not let companies bully us into taking down the truth.  If iDownload wishes to dispute the fact that their product is spyware, they are welcome to dispute any of our findings here with solid evidence and not just threats of lawsuits.  We are not afraid, nor do we run and hide in the face of a challenge.It all started about a week ago with a call from one of our users, who was reporting that she was seeing an unusual toolbar on her screen.  Every attempt to remove it had failed, and none of her anti-spyware programs were functioning (except for Microsoft Antispyware) anymore.  Every time she attempted removal, the program would forcefully reinstall itself on reboot.Using our remote control toolkit (consisting of either VNC or TB2k from Netopia), we started doing remote cleaning (easier said then done). Scans with Ad-Aware showed no spyware installed, while Spybot S&D would crash one of the critical system processes and force a shutdown.  Microsoft Antispyware would attempt to remove iSearch, only to have it wedge itself in on reboot, undoing everything done previously.Using HijackThis, we managed to get a good idea of the way iSearch was doing its dirty deeds.  With help from this site, we tracked down the toolbar dll files and the misc droppings it leaves behind on the system.  We then used CWShredder, an excellent program that can wrestle allot of the most notorious toolbars out of the system.  All was looking good until reboot, and once again the toolbar was back, but this time, Microsoft Antispyware was able to block it from putting the toolbar back in.Step one complete! But, now we had another problem - how to fully remove it from the system so that it would quit trying to run itself on startup.  Checking the installed ActiveX controls showed nothing, as did checking the Startup registry keys (both user and system).On a whim, we tried the iSearch Toolbar's uninstaller (we refuse to put the link to it here, for which you'll understand in a moment).  Perhaps the worst mistake we made - the uninstaller seemed to 'remove' it, but instead, it tried to force the toolbar on the system yet again (Thankfully, Microsoft Antispyware stopped it).  Poof went the system, and it forcefully rebooted itself while we were busy documenting what had happened so far.  On reboot, the toolbar was back.Frustrated, we decided to reinstall all of our antispyware programs.  Once we had Ad-Aware installed, we discovered that doing a smart scan was pointless - it wasn't removing the startup program that was reinstalling the toolbar.  After the 45 minute full scan of the machine, Ad-Aware had located a group of files installed in various locations, including temp directories.  Once Ad-Aware had safely removed iSearch, we rebooted.For the first time that day, the machine started without the iSearch toolbar trying to install.  Success!  A full scan in all of our other free antispyware tools we had on hand showed no traces remaining.Unfortunately, the damage that was done to the machine because of the iSearch toolbar was severe - Norton Antivirus refused to work anymore, and we were having problems with various programs that relied on digital signatures to verify their program binaries.  This was mostly due to damage to the Windows certificate store (the machine is unable to verify legit signatures anymore, and occasionally has problems visiting SSL enabled websites).A review of the day produced the following overview:Time spent on cleaning the machine: 6 - 7 hours.Results of using the uninstaller: Nil - program forcefully reinstalled itself AFTER running the uninstallerPrograms needed to extract the toolbar:  Ad-Aware, Microsoft Antispyware, HijackThis, CWShredderHow this toolbar got installed: Unknown, though most likely cause is either using a driveby-download ActiveX control/exploit, or using the newly discovered Windows Media Player DRM exploit.Total damage done to machine: Severe, even after fully removed, certain parts of the system refuse to function correctly:1. Norton Antivirus refuses to function anymore due to inability to verify digital signatures on the main Norton Antivirus exe files.  Reinstall does _not_ help, as the problem appears to be with the Windows certificate store.2. Ad-Aware was crippled completely, changed to hide the results of the scans to prevent proper removal.  Reinstall fixes this.3. Spybot S&D was crippled completely, and would cause critical system processes to crash, forcing the machine to reboot.  Reinstall fixes this.4. Machine performance was severely degraded, Internet Explorer randomly crashing.  Problem went away once iSearch Toolbar was removed.5. Windows certificate store damaged, system is no longer capable of verifying digital certificates on binaries.  This directly affects Norton Antivirus.  Reinstall of Windows XP SP2 did not help, and system now has problems viewing some SSL sites.So yes, iSearch toolbar is one of the worst pieces of malware/spyware/adware we have ever seen.  After reviewing the iSearch toolbar agreement, we see these lovely lines which explain why all of our removal tools were crippled:2. Functionality - Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages. iSearch is able to provide you with Software free of charge as a result of your agreement to download and use Software, and accept the advertising and promotional messages it delivers.By installing the Software, you understand and agree that the Software may, without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to iSearch and/or it's partners, in the form of pop-up ads, pop-under ads, interstitials ads and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search clients and toolbars, conveniently without your input or interaction; install desktop icons and installation files; install software from iSearch affiliates; and install Third Party Software.In addition, you further understand and agree, by installing the Software, that iSearch and/or the Software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer, which, in turn, may disable or render inoperative, other software resident on your computer, including software bundled with such adware, or have other adverse impacts on your computer. Apparently, iDownload likes to give itself the right to make whatever changes it wants to your system to ensure that its program isn't disabled/removed. We at the AHBL have therefore, with the above information, make the following opinions about iSearch Toolbar:iSearch Toolbar is SpywareiSearch Toolbar is AdwareiSearch Toolbar is MalwareiSearch Toolbar does everything in its power to prevent removal, including crippling and damaging the system and other programs to accomplish this goal. Like we've said in the article previously, if iDownload wishes to dispute our findings, they are welcome to, and we actually would like them to clarify and point out to us exactly why we got the results we did while trying to remove the iSearch toolbar, that was installed without the knowledge of the person who owns the computer in question.The AHBL prides itself on being accurate, and will make any necessary corrections to this article to ensure that.

AHBL

[ross549]

Wow....... that is some stubborn software. :">

[Stonegiant]

I really hate that crap!

[Guest LilBambi]

Bams - What's the URL of the other petition?  Doesn't hurt to sign more than one.

Hey Paracelsus,I am not sure now. It was listed on the DSLR site forums when I clicked on it.And my history is gone from that far back.Hold on....It looks like this is the one. I signed it as no. 78 on this one:http://www.petitiononline.com/mod_perl/signed.cgi?mm23Feb4And on the newer one I was no. 109.(http://www.petitiononline.com/mm24Feb5/petition.html)

[Stonegiant]

the idownload ppl have got a lot of nerve saying they're not malware, etc.    "may the fleas of a thousand camels infest their arm pits", johnny carson, the tonight show.    "may idownload infest their car's computers causing them to function nery again", temmu, scotsnewsletter forums.   

<{POST_SNAPBACK}>

Similar to a quote I read in Icewind Dale (by R. A. Salvatore):"May the fleas of a thousand reindeer nest in your genitals"

[TeMerc]

Since CastleCops publically shared with the community that we received a letter from iDownload demanding we reclassify their software, several other sites have also stepped forward indicating that they have been sent the same kind of letter including: Spywarewarrior, Spyware Guide, and Sunbelt Software. We believe in information sharing and ensuring the community is aware of the latest trends and threats in the world of Security/Anti-Spyware, which is why we decided to publish not only the iDownload letter to us, but our response to iDownload because we feel it is necessary to educate the public on the kind of tactics and pressures being used against the Anti-Spyware community. Yesterday we received a response via Fax from iDownload's attorney Mark D Hopkins, of Savrick Schumann Johnson McGarr Kaminski & Shirley.

March 7, 2005Benjamin Z. Rice                                                                                                        Via CMRRRLaw Offices of Benjamin Z. RiceP.O. Box 1206Pleasanton, CA 94566               Re:    ComputerCops, L.L.C's Improper Classification of iSearch Product                        File Number: CY757-515Dear Mr. Rice:      Thank you for your recent correspondence regarding iDownload and its software product,iSearch. As we are both aware, a lively internet debate currently exists over the functionality ofthe iSearch program, as well as the questionable classification of iSearch as malware, spyware, etc., by various security companies.  As counsel for iDownload, our goal is singular in purpose, that being to assist iDownload in correcting the current dissemination of incorrect information surrounding iSearch.          We recognize that much scrutiny exists with respect to our actions, and that we may be perceived by some in the internet community as being on the wrong side of the ongoing fight against "internet malfeasance." This perception is contrary to reality. We are currently engaged in an open dialogue with several large security firms, with the end goal being to reach a consensus as to the proper characterization of iSearch.  We trust that you will conform your published materials, as we previously requested, once some of the industry leaders analyze iSearch more thoroughly and release their classification of iSearch.          Please do not hesitate to contact me if you have any questions about the foregoing.Best Regards,Mark K.Hopkins

Intially we offered iDownload the opportunity to come into our forum and answer some questions from the public about their product iSearch, in order to be fair and eliminate any possible confusion about what the product does or does not do. To date they have not taken us up on that offer. Our position remains the same now as it always was concerning iSearch.

[TeMerc]

From Mar. 15, 2005

This was posted by Eric Howes tonite:

180 Solutions has been trying to become legitimate (see, for example, Wayne Cunningham's post on his blog). Their joining COAST (the antispyware consortium) was the ptimary reason COAST fell apart.As a result of 180 Solutions contacting us, we followed up with our usual extensive analysis of their practices. You can see our analysis here.(pdf)

I should explain that that one PDF file actually contains two different documents: 1) a white paper titled "Alleged Improvements to 180solutions' Software" (pp. 1-28 ) -- this document includes screenshots and is based on the second document in the PDF; 2) a write-up on 180solutions (pp. 29-55) -- though it comes second in the PDF, this was actually written first; it is a bit more thorough than the white paper. Given that the first document is based on the second, you'll find quite a bit of overlap. You'll also find that the second document contains quotes from 180 itself that aren't included in the first. For those who are interested in jumping to the juicy bits, see these pages from the white paper: pp. 9-10, 18-26 For the same material in the write-up (2nd document): pp. 35-36, 45-50 And to see how 180 gets assessed under Sunbelt's listing criteria, see: pp. 50-53 Note, pagination refers to the internal pagination of the document, not the pagination assigned by Adobe Acrobat Reader. Best, Eric L. Howes

===================================================================From Mar. 16, 2005

There’s a lot in this writeup, but as Suzi of Spyware Warrior Blog pointed out, the areas that are probably most interesting to people are on pages 9-10 and and 18-26.Here’s the quick and dirty:As part of 180’s COAST certification, 180 agreed to a “CBC Force Promptâ€. This feature is designed to alert users to the installation of 180’s software. This prompt is shown when a certain registry key is set to “0â€. If it’s set to “1â€, there is no prompt.This is a serious weakness in the 180 installer. It is trivially easy for a rogue affiliate to simply set the value to 1, and the 180 install sails through, with the end-user none the wiser.However, it appears that 180solutions is itself electing to bypass the "CBC Force prompt" in order to avoid alerting users to the installation of 180's software, and the implications of this are serious. Sunbelt observed several installations of older versions of the 180search Assistant in which that software was updated to the latest version. After older versions of the 180search Assistant were "stealth-installed" via a Windows Media Player file and via a Java applet at lyricsdomain.com, that software called out to 180's servers, and downloaded and installed the latest, COAST-certified version of the 180search Assistant.This behavior is especially disturbing because many of the installations that 180solutions is silently updating through this method are the possible products of "force-installs" of 180's software of users' PCs, where those users received no notice or warning whatsoever of the 180search Assistant. Instead of alerting users to the presence of 180's software on their systems, 180 is updating those older software installations and versions to the latest 180search Assistant, allowing 180 to continue deriving economic benefit from those installations, entirely contrary to its publicly stated intention to clean up its distribution channels.Alex Eckelberry

Sunbeltblog

[Guest LilBambi]

Thanks for posting the links...downloading PDF now.I was also interested in the movie that Ben Edelman did from November 2004 on an exploit that was used on a particular site (doesn't work on XP SP2) .. but gives good reason to update to SP2!http://www.benedelman.org/news/111804-1.html

[TeMerc]

iDownload, the company responsible for a toolbar known as iSearch, has resorted to threatening to file lawsuits against several web sites that categorize the software as spyware or malware. Claiming that their brand has been disparaged falsely, iDownload is demanding that these web sites remove any material which labels iSearch as malware, foistware or spyware. Is iSearch malware? Yes, it is. And I can prove it.

You may remember that a few months ago, trojans began circulating file sharing networks disguised as protected media files. Windows Media Player (WiMP) has DRM features that allow music and video files to be restricted. The restriction may be that you can only listen to the file a certain number of times or for a certain period of time. To determine this, when the file is loaded into WiMP, it will contact an internet server to retrieve information about the license and any restrictions. If a license is not found, WiMP will load a license window using the Internet Explorer browser engine. An antipiracy company named Overpeer has been exploiting this behavior to infect unsuspecting computer users with spyware and adware. They have been flooding file sharing networks with fake music files with embedded DRM instructions. When played in WiMP, these files cause WiMP to open a license acquisition window in Internet Explorer. When that happens, the page loaded within the license window tries to install spyware using various security flaws.

Among the dozens of programs that could be installed by way of these trojans is the iSearch toolbar. If you run one of these trojans, it will pop up a license window which loads a page prepared by iDownload. That will load an ActiveX applet which attempts to install iSearch. If your security settings are configured properly, you will see a security warning asking your permission to install software. This security dialog claims to be a required update to "Media Player 9". In fact, it has nothing to do with Media Player but is really iSearch software from iDownload. You can see an example of this security warning pop-up at DSLReports. The security pop-up is intentionally misleading. It is designed to trick the user into thinking they are installing some sort of update for Windows Media Player. Since the process that leads up to this security warning is the playing of a file in Windows Media Player, no doubt many people would be fooled into installing it. This behavior, on its own, is malicious. If you are unfortunate enough to be fooled into installing iSearch, your computer undergoes one of the most serious hijacks I have ever witnessed. There are three different pieces of software from iDownload with which you may end up. A single piece of iDownload software might not exhibit all of the behaviors listed below, but between the three, these are the behaviors you may encounter. 1.) Your Internet Explorer home page is changed to isearch.com. You cannot change the home page to point it to any other web site while the software is installed. 2.) If you mistype the name of a web page and the web site's server returns an error, instead of seeing the error message, you are redirected to isearch.com. You cannot change this behavior while the software is installed. 3.) The software will begin launching a barrage of pop-up and pop-under ads. 4.) The software will store logs of your web surfing habits. 5.) The software will connect to iDownload servers to download and install updates to itself. It also may install completely unrelated software from other adware and/or spyware companies. Further, it may also scatter icons all over your desktop. 6.) The software may disable competing adware software. While that in itself is not such a bad thing, disabling some of those adware programs may render inoperable the programs they are "sponsoring". For instance, if Cydoor adware is disabled, KaZaa stops working. 7.) There have been numerous reports of antivirus and antispyware software being disabled by iSearch. I haven't seen this for myself but there are numerous reports of it. 8.) If you try to delete the files involved with iSearch, the software will reinstall itself. If you run the company's uninstaller, rather than uninstalling the software, it simply reinstalls anything you might have removed yourself (Sources [1][2]). This behavior is soon to be outlawed if the US House of Representatives passes the SPY ACT. So not only is it malicious, it also soon will be illegal. iDownload knows that if they actually were to take an antispyware web site owner to court, they would lose the trial. It would be a simple matter to demonstrate the behavior of this software. I have no doubt that any judge and/or jury would agree that the software is malicious and deserves the label of "malware". This explains why all of the sites that have received these threats are independent sites run mainly by volunteers. Even when you are right, it still costs anywhere from $10,000 to $12,000 to prove it in court. There is a difference between SpywareInfo and most other antispyware sites. The difference is that SpywareInfo makes money. Between the loyal readers of this newsletter who buy the products promoted here and the grateful former spyware victims who send donations through Paypal or by mailing checks, SpywareInfo has the resources to face any threat to its existence. You may remember last year that a powerful denial of service attack was launched against SpywareInfo. For a brief period, the site was gone. Then, three weeks later, SpywareInfo came back to the web and it has stayed ever since. This was accomplished through the purchase or rental of nearly a dozen redundant web servers. The attackers tried for months to knock down the site. When they realized that I had more resources to fight them than they had to fight me, they finally gave up. There hasn't been a serious attack on the site for several months. iSearch is malware. This is easily demonstrated. Any sane jury would agree once they see the demonstration. Simply put, I have more than enough resources to fight a frivolous lawsuit. I have more than enough evidence to win a lawsuit. If iDownload wants to challenge my statements in court, the mailing address is PO Box 2378, Reidsville, GA USA 30453.

Full Read @Spyware Info Newletter