Clif's first use of a VM - Malware at Download.com

Freeware Testing\Evaluation & Feedback. Open for discussions related to all freeware apps. All freeware should be 'wares free', meaning no adware, spyware or malware. Any 'bundled extras' must be included in posts.

Moderators: Admin Team, Moderators

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Clif's first use of a VM - Malware at Download.com

Postby clif_notes » Mon Nov 20, 2006 10:33 pm

Hi folks, the results here are not final. I've gotten false positives before, but this was kind of fun to try.

http://freewarewiki.com/KiwiAlpha

Thanks to Steven for the tip. Comments anyone?

Clif
Image
http://clifnotes.net
Devoted to promoting freeware and free information

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Tue Nov 21, 2006 12:21 am

Hey Clif, I'm curious, do any other anti-spyware apps find the Kiwi Alpha app as any sort of malware?

I found a reference by Sunbelt calling it a 'low risk' threat. Tho not one to uninstall. More or less just sort of a guilty by association type of thing, P2P=potential threat.

And I see SiteAdvisor says it installs WhenU also.

I guess it's no wonder that Ad-Aware didn't find anything, cause it does not consider it a threat.
Image

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Tue Nov 21, 2006 10:54 am

TeMerc wrote:Hey Clif, I'm curious, do any other anti-spyware apps find the Kiwi Alpha app as any sort of malware?

I found a reference by Sunbelt calling it a 'low risk' threat. Tho not one to uninstall. More or less just sort of a guilty by association type of thing, P2P=potential threat.

And I see SiteAdvisor says it installs WhenU also.

I guess it's no wonder that Ad-Aware didn't find anything, cause it does not consider it a threat.


When I set up that Win98 VM, it was running very slim with almost nothing installed. What would you recommend? I've still got a copy of it in a "frozen" state.

Thanks for the comments. I wasn't exactly sure what WhenU was. I guess running clean for so long keeps me ignorant of what's evil vs. what's just an annoyance.

Clif
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Tue Nov 21, 2006 8:29 pm

Update: I emailed our mutual friend, Johnincal, and he fired off a letter to CNET. I believe he's active in their forums.

He had sent them links to the spywarewarrior's forum thread and my article.

They sent this response back promising to investigate:
I'll forward your notes onto our processing team who will investigate your claim and take action as appropriate.


I'm guessing that they'll pull it if they have any doubts about it. I'm also curious about their testing methods. I wonder if they could be persuaded to discuss them in any detail.

Clif
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Wed Nov 22, 2006 11:54 pm

Hi folks,

I'm starting to believe that the file I downloaded at Download.com and the one that was reported at SpywareWarrior's were two different files.

After taking Tom's advice and scanning with two more scanners, I was not able to find any malware. I also went to the CWSandbox at Sunbelt and if I'm reading it correctly, it also found nothing interesting.

Details here: http://freewarewiki.pbwiki.com/KiwiAlpha

Tom or Jean, could you take a look at the Sunbelt results for me? They are in the page linked above. What do you think?

Thanks !

Clif
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Thu Nov 23, 2006 12:38 am

I just tried to DL the file from download.com but got page not found. I was gonna run it thru Jotti and or Virus Total and see which of those scanners find anything.

Maybe Clif you could try?
Image

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Thu Nov 23, 2006 8:21 am

Oh, I had already run it through Jotti. Nothing found. Did you check out the results from CWSandbox?

The download page is still there if you need it.
http://www.download.com/Kiwi-Alpha/3000 ... 01186.html

Thanks Tom.

Clif
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Postby MysteryFCM » Thu Nov 23, 2006 11:56 am

I just downloaded the new version and it seems they've removed the stuff I found ....

Both versions are included in the following archive.

http://mysteryfcm.co.uk/misc/kiwialpha/kiwialpha.zip

The version numbers are identical, but can be differentiated by the date of the folders.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Fri Nov 24, 2006 12:08 am

Thank you MysteryFCM. The fact that we scanned two different files explains a great deal.

It also points out a flaw at Download.com and one of the reasons I don't recommend it. They don't host all of the downloads. How can they be sure a program isn't changed by the third party? It happened this time.

The other reason I don't recommend Download.com is that they often show sponsored links to websites that host adware or other malware.

My article is pretty much finished now and it's ended up being mostly a rant about Download.com and their impossible slogan which states:

Safe, Trusted, and Spyware-Free

3 strikes and you're out! You aren't safe, I don't trust you, and you aren't always spyware-free.

Image

http://freewarewiki.com/KiwiAlpha
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
Mindblower
Countermeasures Agent
Countermeasures Agent
Posts: 271
Joined: Fri Sep 02, 2005 8:33 am
Area Of Expertise: More tinkering in hardware than software
experience: I know the functions, OS settings, registry tweaks and more
PC time: Alot more than I should
Location: Montreal, Canada
Contact:

Down with d dot c

Postby Mindblower » Fri Nov 24, 2006 9:09 am

I've been plagued with subscriptions (which I did once ask for) from them (which I've tried to cancel several times). Hopefully my email provider change will stop their SPAM. It is a shame since the services they provide (yes provide, not provided) are of help to many (just not me any more), Mindblower!

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Tue Nov 28, 2006 11:03 pm

JohnInCal got another response back from CNET. They haven't looked into this issue yet. John gave them an update on how the malware at KiwiAlpha's website comes and goes to suit them.

Hopefully they'll at least kill this download and never let them back in. Too bad. There really wasn't anything wrong with the software itself other than the fact that it's a P2P program.

I never use P2P software. If I can't get something free and clear, I don't want it.
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Postby MysteryFCM » Wed Nov 29, 2006 5:12 am

I just downloaded a fresh copy of KiwiAlpha and guess what ....... the crap is back .....

http://mysteryfcm.co.uk/misc/kiwialpha/ ... hafree.zip
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
clif_notes
Freeware Research Specialist
Freeware Research Specialist
Posts: 562
Joined: Wed Feb 02, 2005 12:13 am
Location: OHIO, USA
Contact:

Postby clif_notes » Thu Nov 30, 2006 9:37 pm

MysteryFCM wrote:I just downloaded a fresh copy of KiwiAlpha and guess what ....... the crap is back .....

http://mysteryfcm.co.uk/misc/kiwialpha/ ... hafree.zip


Hi Mystery man, did you get it from Download.com?

The Kiwi Alpha page is history now.
I wonder why? :roll:

http://www.download.com/Kiwi-Alpha/3000 ... 00114.html
Image

http://clifnotes.net

Devoted to promoting freeware and free information

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Thu Nov 30, 2006 11:16 pm

Overall, download.com is pretty shady when it comes to apps of dubious reputation. Sometimes they remove 'em quickly, other times they don't.

Lots of 'astroturfing' going on there as well. Several of the guys\gals over at SWW have caught several vendors or vendor reps posting good reviews about their own products.
Image

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Postby MysteryFCM » Sat Dec 02, 2006 9:44 pm

clif_notes wrote:Hi Mystery man, did you get it from Download.com?


Nope, directly from kiwialpha.com .... and it's still coming with crap as of two mins ago .....

http://mysteryfcm.co.uk/misc/kiwialpha/ ... hafree.zip
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
Johnincal
Moderators
Moderators
Posts: 732
Joined: Fri Feb 18, 2005 2:53 am
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: Las Vegas, NV. USA

Postby Johnincal » Tue Jan 02, 2007 8:49 pm

Hey Guys...

I don't why I didn't catch this, but Kiwi Alpha also has some other software that is also offered at Download.com. It is called "Burnright CD:

http://www.download.com/3000-2646-10594282.html

Here is the SiteAdvisor link again and notice that Burnright is the first download SiteAdvisor tested on the list:

http://www.siteadvisor.com/sites/kiwial ... e&aff_id=0

Is on a list someplace or can somebody check it out?

It is very popular...

User avatar
JeanInMontana
Posts: 2570
Joined: Wed Feb 02, 2005 9:47 am
Gender: Female
experience: I know the functions, OS settings, registry tweaks and more
PC time: More than 4 hours a day
Location: South Central Montana USA
Contact:

Postby JeanInMontana » Wed Jan 03, 2007 9:23 am

What do you want checked out? You lost me. What kind of list??
Image Image

User avatar
Johnincal
Moderators
Moderators
Posts: 732
Joined: Fri Feb 18, 2005 2:53 am
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: Las Vegas, NV. USA

Postby Johnincal » Wed Jan 03, 2007 10:52 am

JeanInMontana wrote:What do you want checked out? You lost me. What kind of list??

Already confirmed someplace as adware...

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Postby MysteryFCM » Thu Jan 04, 2007 1:27 pm

KiwiAlpha comes with crap, but that program for some reason, is completely clean of it .....
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
Johnincal
Moderators
Moderators
Posts: 732
Joined: Fri Feb 18, 2005 2:53 am
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: Las Vegas, NV. USA

Postby Johnincal » Thu Jan 04, 2007 1:59 pm

I checked SiteAdvisor and at the time they tested it, it did have adware on it. I guess they are playing the old "now it has crap in it and now it doesn't" game maybe??

User avatar
JeanInMontana
Posts: 2570
Joined: Wed Feb 02, 2005 9:47 am
Gender: Female
experience: I know the functions, OS settings, registry tweaks and more
PC time: More than 4 hours a day
Location: South Central Montana USA
Contact:

Postby JeanInMontana » Thu Jan 04, 2007 2:19 pm

Johnincal wrote:I checked SiteAdvisor and at the time they tested it, it did have adware on it. I guess they are playing the old "now it has crap in it and now it doesn't" game maybe??


I think we have seen recently that SA is not a reliable source of site or software safety. Their rating system has serious flaws.
Image Image

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Postby MysteryFCM » Thu Jan 04, 2007 2:49 pm

I think they could be John (they've already done it with KiwiAlpha)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!


Return to “Freeware Research Center”

Who is online

Users browsing this forum: No registered users and 3 guests