Jump to content


Photo

False Positive case - Very Urgent!

False positive

  • Please log in to reply
11 replies to this topic

#1 Adamc

Adamc

    New Member

  • Members
  • Pip
  • 4 posts

Posted 06 June 2012 - 11:50 AM

Dear team,

I am writing to you on behalf of my company, IronSource, developer of a world leading installation platform known as InstallCore which is being used by some of the largest product development and distribution companies in the world. Among our customers you will find CNET (download.com), foxtab.com, JDownloader.org, Alcohol-soft.com, ICQ and many more.

It has come to our attention that your Anti-Virus is detecting our installer as a "Adware.Downloader.01.Net". This is obviously a false-positive case which has dramatic negative consequences over our business and is hurting our users and business partners.

We are sure that this happened by mistake and we would appreciate if you could kindly remove our site from your Adware blacklist. We would also appreciate if you could provide us with more information regarding this situation and whether there is anything specific we need to modify in order to avoid such events in the future. We are more than willing to cooperate on this matter.

You can download the relevant marked file from here:


We look forward to hearing from you at your earliest convenience.

Best regards,


Adam Chakir, Advocate | Head of Compliance

Edited by Mainard, 07 June 2012 - 01:09 PM.
email and phone removed from report Removed attached file


#2 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,403 posts
  • Gender:Male

Posted 06 June 2012 - 12:38 PM

Hello Adam

Vendor name will be changed from Adware.Downloader.01Net to PUP.Downloader.01Net on next update.

Regards
S!Ri
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#3 Adamc

Adamc

    New Member

  • Members
  • Pip
  • 4 posts

Posted 06 June 2012 - 03:36 PM

Hello and thank you for your prompt response.

I would like to ask you to reconsider marking our download accelerator platform as PUP.Downloader.01Net (i.e. "potentially unwanted program") for the following reasons:
1. We provide a free quality service for product distribution. Our download manger encapsulate many advanced features, including download accelerator, download recovery and network error correction, we host all the files and make sure the download and services are free, easy to use and safe.
2. Our products are under strict internal and external compliance rule as we are distributing many high quality softwares with direct DLA agreements with well known companies such as Google.
3. Our company follows all relevant Privacy Protection regulatons and make sure that the products that are being distribute via our download accelerator platform comply with the same standarts.
4. Our support team is available 7 days a week to help users with any problem they might have encountered during or post the download process.

As you can see we are a respectful company which highly regards its customers and users' privacy and security. This situation is damging our business and users. Please remove this alert from our download accelerator platform. In any case I will be happy to provide any additional information you may need.

Best regards,
Adam Chakir, Advocate | Head of Compliance

#4 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,403 posts
  • Gender:Male

Posted 06 June 2012 - 03:57 PM

Please read this story (in french) about a developer who wasn't asked by 01Net for making a bundle with his tool:
http://tigzyrk.blogs...sur-le-dos.html

Take into consideration that the RogueKiller bundle (the 7Zip link you provide too) are not downloading files from 01Net servers but from the tools owner web pages. So PUP.Downloader.01Net will not bring something faster to the final user.

Regarding the EULA the package is not classified as adware anymore.

Regards
S!Ri
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#5 Adamc

Adamc

    New Member

  • Members
  • Pip
  • 4 posts

Posted 06 June 2012 - 04:43 PM

Thanks again for you response.

I'm not sure I fully understand your comment. I will take this to the project manager in-charge on the Telecharger downloader and to our CTO and will post a response as soon as possible (it's now after midnight my time)

Regards,
Adam Chakir, Advocate | Head of Compliance

#6 Adamc

Adamc

    New Member

  • Members
  • Pip
  • 4 posts

Posted 07 June 2012 - 03:17 PM

Dear S!Ri,

After an intensive inquiry I have learned today that there is a technical deficiency in the "Regue Killer" software installation process. We are still investigating what cause this malfunction so that this problem will not repeat itself in the future. Please note that we, together with 01Net, have decided to disabled the download accelerator from the "Regue Killer" software and we are also in the process of verifying all other links.
It is important to understand that we provide a technological solution which enables millions of users to get the apps they desire. It is inevitable that technical problems like this will occur from time to time. Nevertheless, we do our best to repair such problems in order to maintain a high user experience when using our technology. On no account whatsoever did we, or our partners, have any prior knowledge regarding this problem and we thank you for bringing it to our attention. We work hard in order to maintain our good reputation, so you can be sure that we take this kind of problems very seriously. We also want to inform you that we posted a comment at http://tigzyrk.blogs...sur-le-dos.html in order to clarify this situation.

In regard to your comment concerning the speed of the installation process, please note that our download acceleration technology also works on links which are not hosted on our servers. It has been explained to me by our CTO that the download manager creates and manages several connections to the downloaded file and therefore utilizes almost 100% of the user bandwidth. This results in 30% -50% increase in the download speed compared to standard browser download.

I hope that this can help you remove the PUP.Downloader.01Net alert from our installation platform.
If you have any questions or further concerns, please contact me at any time.

Regards,
Adam Chakir, Advocate | Head of Compliance

#7 Tigzy

Tigzy

    Advanced Member

  • Moderators
  • PipPipPip
  • 190 posts
  • Gender:Male
  • Location:Nantes (france)

Posted 07 June 2012 - 11:08 PM

Dear Adamc,

You speak about customer's satisfaction (whatever satisfaction is, as a matter of fact they're only watching ads while waiting something that has nothing to do with your company, I mean third party software)

The satisfaction here is more the business of the 3rd party developer than those who have developed the downloader. This is my own mind.

But what about developers satisfaction? If they do not want to be associated with some "fully featured and free" third party downaloader, do they have the choice?
I'll answer: No.
Because indeed, your company doesn't even ask to them if they want to be redistributed, and your company doesn't even reply to their request emails.
This is not satisfying for them.

PS: You're downloader bugs are none of my business. My customers got satisfaction.
Julien Ascoet
Software Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,403 posts
  • Gender:Male

Posted 08 June 2012 - 01:44 AM

In regard to your comment concerning the speed of the installation process, please note that our download acceleration technology also works on links which are not hosted on our servers. It has been explained to me by our CTO that the download manager creates and manages several connections to the downloaded file and therefore utilizes almost 100% of the user bandwidth. This results in 30% -50% increase in the download speed compared to standard browser download.


Are you trying to convince us that downloading *.Downloader.01Net, who will ask for a third party installation, will download the desired software from the developer website, while displaying a streaming video, is faster than downloading the desired software, without bundle, directly from the developer website ? (The 7zip bundle you provide is downloading the final product at www.7zip.com/files/7z920.exe)
01Net.Telecharger.com didn't ask developers any authorisation (it's not the first time they don't have respect for their business http://notepad-plus-...fm-tv-tool.html ).



(01.Net.Telecharger.com forum has already a pinned topic http://forum.telecha...messages-1.html about another product).
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#9 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,673 posts
  • Gender:Female
  • Location:Belgium

Posted 08 June 2012 - 01:56 AM

Thanks for the reply, Adam.

We will remove our detection for now, since your CTO will look into this and fix where needed.
We will review this again at a later date and re-add detection if needed.

Some explanation as to why we were detecting:
(we aren't the only Vendor detection this though..)

As in above example with Tigzy. Since he is a developer, he decides where he hosts his software. Many developers prefer to only host it on a few mirrors, so in case of an update, they can manage it/deal with it immediately, so people always have the latest version.
He also decides if he wants his software wrapped with additional 3rd party software. If he would have wanted to do this, he could have included that in his main software already.
Many developers decide NOT to bundle additional 3rd party software in their software, so the user gets what he asks for, without additional bloatware.

Then it becomes misleading/incorrect practice if someone else takes his software, wraps a downloader around it which installs additional 3rd party software while they aren't actually hosting the software.
That's how people are misleaded, because they complain that they have downloaded "Roguekiller" and got extra toolbars on top. That makes it PUP (Potentially Unwanted Program), also, because this happens without the developers knowledge.
People blame the developer, because many do not understand it's actually only the downloader which is responsible for the 3rd party software and not the main software.
This can harm a company/developer's reputation.

Also, while the developer decides his software should be totally free (without 3rd party apps/affiliates), it is incorrect if someone else earns money on the developers' behalf, without notifying. If the software is actually hosted on the site, then I can see there's a need for this, after all, servers/domains/bandwith isn't for free either.
But in this case, the software was not hosted on 01net.

So, to resume:


* It is misleading/incorrect practice to:

1) Put software on your site, without actually hosting it, where it's being wrapped with a downloader (which actually downloads from the developers site instead of 01net. servers) with additional 3rd party software included WITHOUT notifying the developer.

Correct approach would be:

1) If you don't host on your own server, do not wrap a downloader around it with additional 3rd party software.
2) If you host it on your own server, inform the developer and make an agreement if it's ok to wrap it with a downloader with(or without) additional 3rd party software.

Basically, it's all a matter about agreements. :)

I hope this gives some clarity on the situation.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 Pierre (aka Terdef)

Pierre (aka Terdef)

    New Member

  • Experts
  • Pip
  • 9 posts
  • Gender:Male

Posted 01 September 2013 - 06:04 PM

Hi all,

 

It's been awhile.

 

The adamc promise did not changed anything. There is more than a year now.

 

Here is the page where I specifically mentione the problem of the use of a downloader on the website mentioned in this thread.

01Net.com

Same for Telecharger.com

We, implicated in IT security and privacy protection, reject the idea that a website can deliver something other than what is required. This is based on deception behavior.

The use of a downloader is done without the knowledge of the user. These are not small gray letters on a gray background or a micro question mark to click that clears the service website in question of its turpitudes.

The downloader is unsolicited, so this is a PUP, at least (without presuming the other activities that it can have after a successful connection).

The scandals incline us to totally boycott the sites using a downloader.

Whatever is the attitude of the site in question, it is a matter of principle.

After the scandal of C|Net (Download.com), major download sites give the finger to internet users and software developpers! They still use a downloader, under their big buttons "Download", clearly visible and where everyone rushes. They simply add, very quietly, very small, almost invisible and without explanation for its presence, a link called "Direct Link" or "Direct Download Link", etc.. ... when there is one, or a micro question mark, to click, in a location that does not holds the attention of anyone.

 

The downloader used by 01net.com is made by (signed by) NextRadioTV. NextRadioTV is the group with BFM TV, RMC and Tests Group (owner of the websites 01Net, 01Men and CadresOnline and magazines Micro Hebdo, L'Ordinateur Individuel and 01 Informatique). NextRadioTV is a major player in the Internet advertising and the first operator in the new media technologies.

 

The downloader delivers advertising. This is an adware, a class of software that we have been hunting down for over fifteen years as parasites, as well as viruses.

Any software installed without the knowledge of the user and without of his informed consent should be considered a cybercrime.

 

I do think MBAM should recognize this and eradicate it.

 

Regards


Pierre (aka Terdef)
ASAP Admin - SWI Ambassador - Assiste.com

#11 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,403 posts
  • Gender:Male

Posted 02 September 2013 - 01:43 AM

Hello Pierre,

01Net packages will be detected as PUP.Optional.InstallCore on next update.

 

Thanks for your help.


Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#12 Pierre (aka Terdef)

Pierre (aka Terdef)

    New Member

  • Experts
  • Pip
  • 9 posts
  • Gender:Male

Posted 02 September 2013 - 03:41 AM

Hi S!Ri

 

Good news and thanks for the very fast reaction.

 

Thanks


Pierre (aka Terdef)
ASAP Admin - SWI Ambassador - Assiste.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users