Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Warning about Winsite.

9 views
Skip to first unread message

John Corliss

unread,
Dec 24, 2006, 9:57:20 AM12/24/06
to

First, I want to mention that in order to duplicate this, you need to
have cleaned out your browser's cache in case this has already happened
to you.

I just tried to download a file from Winsite from this page:

http://www.winsite.com/bin/Info?500000007345

where it says "Download Now" (more on why I was doing this in the first
place will be in another post.)

Notice that a mouseover on that link shows the following address
(WHATEVER YOU DO, DON'T CLICK ON THAT LINK OR OTHERWISE SURF TO IT!):

http://media.fastclick.net/w/get.media?sid=10599&m=5&url=http%3A//dl.winsite.com/bin/downl%3F500000007345

DON'T CLICK ON THE ABOVE ADDRESS!

However, examine it carefully. It breaks down into two sections:

1. http://media.fastclick.net/w/get.media?sid=10599&m=5
2. http%3A//dl.winsite.com/bin/downl%3F500000007345

What happens is that when you think you are getting the download, you
are instead redirected to the media.fastclick site and prompted to click
on a "Click here!" link in the middle of a white page.

At the top of that page is a narrow black bar that counts down the 10
second duration of the redirect and in small lettering, allows you to
click on a link that takes you immediately to the download you were
really after ("Skip.")

The problem is that most people, the first time you're presented with
this redirect, are going to click on the "Click here!" link and be
presented with a download window for a program named
"spamblockerutility.exe". Some newbies might actually see this as an
opportunity to acquire a free anti-malware program and actually download
the file. HOWEVER, "spamblockerutiity.exe" is really a wolf in sheep's
clothing! The program is described as follows:

"Protect your inbox from annoying junk email. In addition enjoy colorful
emails and wallpapers as well as a desktop weather tool and a search
tool. Any of these may be removed at any time. You can download the
FREE, ad-supported version and occasionally see contextually targeted
pop ads, which may be disabled through the preferences menu, or choose
our ad-free paid version."

It turns out to either be, or to contain, the notorious Hotbar adware
program: http://spamblockerutility.com/Legal/SpamBlockerUtility/tou.htm

Now here's where it really gets good. If you notice the redirect and
don't sucker for it, you might feel inclined to duplicate the
redirection from the Winsite page, so that you can send Winsite a
complaint or as info to do something else about it. However, if you go
back to the Winsite page where you started and click on the "Download
Now" link again, this time you will NOT be redirected temporarily and
will instead immediately be sent to the Winsite download page. This is
accomplished via a cookie that you get the first time around.

There is no doubt in my mind that Winsite is fully aware that this
happens, and in fact are getting paid by Hotbar to allow this duplicity.

As a result, I have to say that the Winsite page is a bad place to
download from. The webmasters have shown their colors by engaging in
this kind of activity.

If anybody has an idea for reporting them (say to Microsoft for
inclusion into their filter list for IE7) or whatever, I'm all ears.
I've seen this exact thing before somewhere else too, can't remember
where though.

--
Regards from John Corliss. I don't reply to trolls like Andy Mabbett.
I'm filtering out all Google Groups posts. No ad, cd, commercial,
cripple, demo, nag, share, spy, time-limited or trial wares or warez for
me, please.

John Corliss

unread,
Dec 24, 2006, 10:25:26 AM12/24/06
to

John Corliss wrote:
>
> First, I want to mention that in order to duplicate this, you need to
> have cleaned out your browser's cache in case this has already happened
> to you.

Eh, make that "your browser's cookies", not the cache.

jon

unread,
Dec 24, 2006, 10:44:05 AM12/24/06
to

John Corliss wrote:

>I've seen this exact thing before somewhere else too, can't remember
>where though.

Snow app I posted about recently:

http://www.computerpranks.com/software/default.cfm?ItemID=451

Is this a new trend developing? Anyways - this line:

127.0.0.1 media.fastclick.net

in yer HOSTS file takes care of it. With the above filter in place,
your link goes straight to the screensaver d/l, and my snow link goes
straight to the snow app.

John Corliss

unread,
Dec 24, 2006, 10:53:50 AM12/24/06
to

jon wrote:
> John Corliss wrote:
>
>> I've seen this exact thing before somewhere else too, can't remember
>> where though.
>
> Snow app I posted about recently:
>
> http://www.computerpranks.com/software/default.cfm?ItemID=451

That's the one. Thanks for helping me overcome my brain fart. 80)>

> Is this a new trend developing? Anyways - this line:

Egad... I hope not.

> 127.0.0.1 media.fastclick.net
>
> in yer HOSTS file takes care of it. With the above filter in place,
> your link goes straight to the screensaver d/l, and my snow link goes
> straight to the snow app.

Good advice, but I think I want to keep it clear so that I can turn in
other websites for doing the same thing via an arrangement with Hotbar
AKA Fastclick AKA "ValueClick Media":

http://www.valueclickmedia.com/

They seem to find it necessary to morph their name a lot, a sure
indication that they know what they're doing is operating on the dark side:

http://www.spywareremove.com/removeFastClick.html

Exposing them to the light of day will make them draw their cape around
them and crawl back into their coffin.

Richard Steinfeld

unread,
Dec 24, 2006, 5:52:30 PM12/24/06
to
Which brings up this question:
Is there some way to block sites that incorporate the string "click" in
their URL?

All the companies that I know of that use this string (DoubleClick, for
example), have proven histories of abusiveness.

After hassles, I don't like the idea of using large hosts files. The
older I get, the more I appreciate the virtues of keeping my system
lean. I like Giorgio Maone's nifty NoScript add-on for Firefox, which
blocks but allows easy over-riding. But it's still too easy to fall for
a ruse such as described by the OP. So, it would be nice to have a
second like of defense that'll allow partial matches with some sort of
global matching outside the string.

On many days, I miss the old DOS PC-Write word processor, which allowed
this sort of flexible string matching in its searches.

Richard

Frank Bohan

unread,
Dec 24, 2006, 7:48:15 PM12/24/06
to

"Richard Steinfeld" <rgsteinBUT...@sonicANDTHISTOO.net> wrote in
message news:12ou15d...@corp.supernews.com...

What hassles have you had with hosts files? Mine has over 25,000 entries and
has caused no problems used in conjunction with Hosts Toggle
http://www.accs-net.com/hosts/HostsToggle/

===

Frank Bohan
ś Why is bra singular and panties plural?


John Corliss

unread,
Dec 25, 2006, 8:00:59 AM12/25/06
to

Richard, maybe such a thing is possible by using Privoxy:

http://www.privoxy.org/

ellis_jay

unread,
Dec 25, 2006, 1:27:18 PM12/25/06
to

I had some problems with the site last year and just don't recall what, but
I made it a point not to download from there anymore.

--

Let the unseen day be. Today is more than enough.

___Sador the carpenter to Turin
Tolkien, The Unfinished Tales

Ellis_Jay

m...@tadyatam.invalid

unread,
Dec 25, 2006, 2:26:54 PM12/25/06
to
Richard Steinfeld <rgsteinBUT...@sonicANDTHISTOO.net>
wrote in news:12ou15d...@corp.supernews.com:

It's ppossible in Proxomitron.
Perhaps in Privoxy, too (I don't know).

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

John Corliss

unread,
Dec 30, 2006, 8:50:57 AM12/30/06
to

Just following up with this:

http://www.siteadvisor.com/sites/winsite.com

I think... Winsite is a good one to avoid!

Susan Bugher

unread,
Dec 30, 2006, 11:17:22 AM12/30/06
to
John Corliss wrote:

> Just following up with this:
>
> http://www.siteadvisor.com/sites/winsite.com
>
> I think... Winsite is a good one to avoid!

IMO McAfee SiteAdvisor is spreading a fair amount of FUD. I wonder how
they decide between green, yellow and red ratings - maybe they use a
dartboard. . . Compare:

http://www.siteadvisor.com/sites/winsite.com (rated red X)
"7 red downloads
In our tests, we found downloads on this site that some people consider
adware, spyware, or other unwanted programs.."
"56 total downloads."

56 total downloads? I wanted to see if Winsite flagged the "bad"
downloads as Adware/Spyware but they've all been removed.

http://www.siteadvisor.com/sites/softpedia.com (rated green checkmark)
"Many green downloads
In our tests, we found a small fraction of downloads on this site that
some people consider adware or other unwanted programs."
"5146 total downloads."

Initially they gave Softpedia a big red X. (See the comments.)

http://www.siteadvisor.com/sites/tucows.com (rated yellow !)
"Many green downloads
In our tests, we found a small fraction of downloads on this site that
some people consider adware or other unwanted programs."
"2126 total downloads."

and. . . just for giggles. . .

note that McAfee's boast is "We test the Web to help keep you safe from
spyware, spam, viruses and online scams."

Ebay is one of the "example" sites they link to on their front page. . .

http://www.siteadvisor.com/sites/ebay.com/ (rated green checkmark)
"We've tested this site and found it safe to use."

Safe from online scams? ROTFLMAO. . .

Susan
--
Posted to alt.comp.freeware
Search alt.comp.freeware (or read it online):
http://www.google.com/advanced_group_search?q=+group:alt.comp.freeware
Pricelessware & ACF: http://www.pricelesswarehome.org
Pricelessware: http://www.pricelessware.org (not maintained)


Bear Bottoms

unread,
Dec 30, 2006, 11:30:40 AM12/30/06
to
On Sat, 30 Dec 2006 10:17:22 -0600, Susan Bugher <sebu...@yahoo.com>
wrote:

So is McAfee good enough to use as a recommendation to stay away from
sites they flag?

--
Bear Bottoms
Freeware website: http://bearbottoms1.com

Walt Williams

unread,
Dec 30, 2006, 1:11:46 PM12/30/06
to
On Sat, 30 Dec 2006 10:30:40 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>So is McAfee good enough to use as a recommendation to stay away from
>sites they flag?

As the name implies, SiteAdvisor offers _advice_ that a user can use
to make his/her own decision. If a site with a poor rating is
important enough to you, you can either ignore the rating or research
the reason for the rating.

In this case <http://www.siteadvisor.com/sites/winsite.com/downloads/>
offers additional information that a user can use to make a more
educated decision.

IMO, a responsible site would research the problems SA reports and
either remove the offending files or set the record straight with
McAfee should the listed files be found to be false positives.

--
Walt Williams

Walt Williams

unread,
Dec 30, 2006, 1:13:10 PM12/30/06
to
On Sat, 30 Dec 2006 10:30:40 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>So is McAfee good enough to use as a recommendation to stay away from
>sites they flag?

As the name implies, SiteAdvisor offers _advice_ that a user can use

Bear Bottoms

unread,
Dec 30, 2006, 1:56:39 PM12/30/06
to
On Sat, 30 Dec 2006 12:11:46 -0600, Walt Williams <em...@noemail.here>
wrote:

I agree. The case involving pricelesswarehomes' warning appears to be
invalid. If true, all warnings from them are suspect and McAfee Site
Advisory is discredited beyond easy repair.

After a site removes the files, as Susan pointed out a site did, how long
does it take Site Advisor to (rethink) update their evaluation!!! From
what I have witnessed, a loong time if at all, and have almost decided the
site advisories have virtually worthless value. It is either trustworthy
or not.

If it is decided they are not trustworthy, their warnings should not be
used to decide anything about a website, visa versa.

I suppose on the surface, this seems to be a minor matter and the
information should be used only casually? Reputable persons in this NG
should not use this information strongly in any case until a concenus
resolves the issue. At the least, enough attention should be given to the
issue to enlighten casual readers that more should be considered.

Susan Bugher

unread,
Dec 30, 2006, 2:04:01 PM12/30/06
to
Walt Williams wrote:
> On Sat, 30 Dec 2006 10:30:40 -0600, "Bear Bottoms"
> <bearbo...@cox.net> wrote:

>>So is McAfee good enough to use as a recommendation to stay away from
>>sites they flag?
>
> As the name implies, SiteAdvisor offers _advice_ that a user can use
> to make his/her own decision. If a site with a poor rating is
> important enough to you, you can either ignore the rating or research
> the reason for the rating.

My point is that McAfee does a lot of scaremongering.

http://www.siteadvisor.com/studies/search_safety_dec2006
<q>
Discussion

. . . Still, we're alarmed that so many Google advertisers continue to
promote services that, to us, seem like outright scams -- promising
something is "free" when it's not, or charging for something that is
widely available elsewhere for free. More generally, search engines make
profits from scammers' sponsored results -- a factor that tends to
discourage search engines from aggressively removing unsafe sites from
their results.
</q>

erm. . .

McAfee makes profits from selling security. . . a factor that seems to
encourage them to label many sites as unsafe. . .

> IMO, a responsible site would research the problems SA reports and
> either remove the offending files or set the record straight with
> McAfee should the listed files be found to be false positives.

Guilty until proven innocent is okay with you? FYI McAfee does not make
it easy to "set the record straight". Some of us TRIED to leave an
owner's comment re PWH (check the ng archives if you want more info).
McAfee's rating is here:
http://www.siteadvisor.com/sites/pricelesswarehome.org

Susan Bugher

unread,
Dec 30, 2006, 3:25:12 PM12/30/06
to

I was curious. . . so I checked the ratings of a few more download
sites. . .

http://www.siteadvisor.com/sites/brothersoft.com (rated yellow !)


"Many green downloads
In our tests, we found a small fraction of downloads on this site that
some people consider adware or other unwanted programs"

"474 total downloads."

http://www.siteadvisor.com/sites/simtel.net (rated green checkmark)


"Many green downloads
In our tests, we found a small fraction of downloads on this site that
some people consider adware or other unwanted programs."

"497 total downloads"

http://www.siteadvisor.com/sites/filehippo.com (rated green checkmark)
"1 green download
In our tests, we found downloads on this site were free of adware,
spyware, and other unwanted programs."

*** 1 **** file?

That's what I (don't) call a real "in-depth analysis". ;)

Bear Bottoms

unread,
Dec 30, 2006, 3:39:43 PM12/30/06
to
On Sat, 30 Dec 2006 14:25:12 -0600, Susan Bugher <sebu...@yahoo.com>
wrote:

> Susan Bugher wrote:

I think it is time to put an end to credible association to their
input/output!

Walt Williams

unread,
Dec 30, 2006, 3:46:18 PM12/30/06
to
On Sat, 30 Dec 2006 14:04:01 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>My point is that McAfee does a lot of scaremongering.

I might agree with a statement like "SA is overly alarmist at times"
or "SA sometimes offers false positives".

>http://www.siteadvisor.com/studies/search_safety_dec2006
><q>
>Discussion
>
>. . . Still, we're alarmed that so many Google advertisers continue to
>promote services that, to us, seem like outright scams -- promising
>something is "free" when it's not, or charging for something that is
>widely available elsewhere for free. More generally, search engines make
>profits from scammers' sponsored results -- a factor that tends to
>discourage search engines from aggressively removing unsafe sites from
>their results.
></q>
>
>erm. . .

I'm not sure what point you're trying to make with the above snippet.
See <http://preview.tinyurl.com/y7c655>.

>McAfee makes profits from selling security. . . a factor that seems to
>encourage them to label many sites as unsafe. . .

I trust people involved with SA like Ben Edelman and Eric Howes but I
realize that SA returns some false positives.

>> IMO, a responsible site would research the problems SA reports and
>> either remove the offending files or set the record straight with
>> McAfee should the listed files be found to be false positives.
>
>Guilty until proven innocent is okay with you?

That's not a fair characterization. A site _has_ been "proven guilty"
by SA's mechanism, faulty though that mechanism may sometimes be.

> FYI McAfee does not make
>it easy to "set the record straight". Some of us TRIED to leave an
>owner's comment re PWH (check the ng archives if you want more info).
>McAfee's rating is here:
>http://www.siteadvisor.com/sites/pricelesswarehome.org

I'm sorry to hear that your site has a poor SA rating and it speaks
poorly of their service if they won't correct false positives.
According to
<http://www.siteadvisor.com/sites/pricelesswarehome.org/downloads/655439/>
they haven't reviewed that file in some time:

"# SiteAdvisor last tested this download: 2006 June
# SiteAdvisor last verified this link: 2006 May"

Still, I'd have to have a very good reason to ignore SA's warning
particularly since the file in question doesn't even have a web page:
<http://vip.dnsprotect.com/>.

--
Walt Williams

Walt Williams

unread,
Dec 30, 2006, 3:54:31 PM12/30/06
to
On Sat, 30 Dec 2006 15:25:12 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>I was curious. . . so I checked the ratings of a few more download
>sites. . .

[ ]

>That's what I (don't) call a real "in-depth analysis". ;)

What I'd consider to be an "in-depth analysis" of SA's rating of
winsite would be the results of your tests of each of the flagged
files proving that they're false positives.

--
Walt Williams

Susan Bugher

unread,
Dec 30, 2006, 3:59:18 PM12/30/06
to

> I think it is time to put an end to credible association to their
> input/output!

drat, this is like eating corn chips. . . just one more download site.
. . ;)

http://www.siteadvisor.com/sites/nonags.com (rated green checkmark)
"No downloads tested
We have not tested any downloads on this site."

*** 0 *** files tested. It'll be hard for them to top that. . .

Susan Bugher

unread,
Dec 30, 2006, 4:12:28 PM12/30/06
to

http://www.pricelesswarehome.org/2004/PL2004WEBDESIGN.php#0005-PW
"See this page for information about a false warning given by some
anti-virus programs:
http://www.spywareinfo.com/articles/av/six_buttons_from_hell.php "

Message has been deleted

Walt Williams

unread,
Dec 30, 2006, 4:26:25 PM12/30/06
to
On Sat, 30 Dec 2006 16:12:28 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>"See this page for information about a false warning given by some
>anti-virus programs:
>http://www.spywareinfo.com/articles/av/six_buttons_from_hell.php "

""Six buttons from hell" is a template file used only by 1st Page that
pastes six pre-made javascripts into a template of a web page. Those
javascripts are extremely annoying. One of them will launch an endless
loop of pop up windows that can't be stopped without logging out of
Windows. Any webmaster that actually uses these scripts on his or her
site without warning visitors what they'll do should be dragged
through the streets naked and beaten to death by an angry mob."

It's hard for me to understand why Evrsoft would include this in the
first place but even harder to understand why they'd continue to
include it in the face of getting flagged.

--
Walt Williams

Message has been deleted

HVS

unread,
Dec 30, 2006, 4:36:59 PM12/30/06
to
On 30 Dec 2006, Walt Williams wrote

> On Sat, 30 Dec 2006 16:12:28 -0500, Susan Bugher
> <sebu...@yahoo.com> wrote:

> ""Six buttons from hell" is a template file used only by 1st
> Page that pastes six pre-made javascripts into a template of a
> web page. Those javascripts are extremely annoying. One of them
> will launch an endless loop of pop up windows that can't be
> stopped without logging out of Windows. Any webmaster that
> actually uses these scripts on his or her site without warning
> visitors what they'll do should be dragged through the streets
> naked and beaten to death by an angry mob."
>
> It's hard for me to understand why Evrsoft would include this in
> the first place

Because it's part of a tutorial.

*Good* tutorials illustrate not only what you should do, but also
what you shouldn't do; and really good ones illustrate *why* you
shouldn't do what you shouldn't do.

> but even harder to understand why they'd
> continue to include it in the face of getting flagged.

Maybe because they know they've written a bloody good tutorial.

You appear to be suggesting that a good tutorial should be made
less good because some other program is either too stupid or
insufficientlyy sophisticated to deal with "don't-do-this-because"
examples.

In this instance, "site advisor" is being obstinately stupid.

--
Cheers,
Harvey

Susan Bugher

unread,
Dec 30, 2006, 4:42:54 PM12/30/06
to

SOP is to notify the anti-virus/spyware vendors when they are detecting
a false positive. Most anti-spyware companies remove false positives
from their databases after confirming the file is harmless. I think
McAfee may be the ONLY vendor that still alerts on this file.

HVS

unread,
Dec 30, 2006, 4:44:43 PM12/30/06
to
On 30 Dec 2006, Susan Bugher wrote
> Walt Williams wrote:

>> It's hard for me to understand why Evrsoft would include this
>> in the first place but even harder to understand why they'd
>> continue to include it in the face of getting flagged.
>
> SOP is to notify the anti-virus/spyware vendors when they are
> detecting a false positive. Most anti-spyware companies remove
> false positives from their databases after confirming the file
> is harmless. I think McAfee may be the ONLY vendor that still
> alerts on this file.

Alas,, AVG still does -- but it classes it in the "may be of
concern" category rather than the "bad" one.

--
Cheers,
Harvey

Susan Bugher

unread,
Dec 30, 2006, 5:00:39 PM12/30/06
to

Thanks for that additional information/correction. :)

Bear Bottoms

unread,
Dec 30, 2006, 5:33:46 PM12/30/06
to
On Sat, 30 Dec 2006 15:29:11 -0600, Aaron
<chessnntps....@spamgourmet.com> wrote:

> Walt Williams <em...@noemail.here> wrote in
> news:okidp2p0ho25ovjn1...@4ax.com:


>
>> I'm sorry to hear that your site has a poor SA rating and it speaks
>> poorly of their service if they won't correct false positives.
>> According to
>> <http://www.siteadvisor.com/sites/pricelesswarehome.org/downloads/65543
>> 9/> they haven't reviewed that file in some time:
>

> No reason to take it so personally though.

It is personal when you’re the target of false negative representation of
your website/software. It is harmful no matter how you perceive it. Such
presentation is irresponsible, unprofessional, dishonest, and
reprehensible. Much ado should be made about those that distribute it.

Bear Bottoms

unread,
Dec 30, 2006, 5:45:32 PM12/30/06
to
On Sat, 30 Dec 2006 14:54:31 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Sat, 30 Dec 2006 15:25:12 -0500, Susan Bugher <sebu...@yahoo.com>

Your defending McAfee it seems. I am unbiased as it comes to
Pricelessware and McAfee handling of that site. Defend/justify that, and
why a site with a bad review who removes the files from the site which
brought the bad review continues to have the bad review hang around for
months and months after? Is that a form of punishment or negligent follow
through on McAfee's part? Bad reviews they give out should at the least
be reviewed monthly to see if the issue was resolved.

I'm getting a bad taste from all of this.

Walt Williams

unread,
Dec 30, 2006, 6:11:15 PM12/30/06
to
On Sat, 30 Dec 2006 21:36:59 GMT, HVS <harve...@ntlworld.com>
wrote:

>Because it's part of a tutorial.
>
>*Good* tutorials illustrate not only what you should do, but also
>what you shouldn't do; and really good ones illustrate *why* you
>shouldn't do what you shouldn't do.

So including an actual virus or trojan would be OK for you as long as
it's for instructional purposes?

If the decision were mine to make, I'd have SA identify this as a
malicious file. YMMV.

--
Walt Williams

Walt Williams

unread,
Dec 30, 2006, 6:14:17 PM12/30/06
to
On Sat, 30 Dec 2006 16:45:32 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>Your defending McAfee it seems. I am unbiased as it comes to
>Pricelessware and McAfee handling of that site. Defend/justify that, and
>why a site with a bad review who removes the files from the site which
>brought the bad review continues to have the bad review hang around for
>months and months after?

Not correcting a false positive in a timely manner is irresponsible
IMO. That isn't the case regarding this file.

--
Walt Williams

Bear Bottoms

unread,
Dec 30, 2006, 6:46:07 PM12/30/06
to
On Sat, 30 Dec 2006 17:14:17 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Sat, 30 Dec 2006 16:45:32 -0600, "Bear Bottoms"

I'm not sure what you mean. If it is a false positive alerted on by
McAfee, they should correct it and never use it for a negative report.
What about the case of a site removing the files of issue and the negative
report from McAfee hanging around for months?


--
Bear Bottoms
Freeware Website: http://bearbottoms1.com

Susan Bugher

unread,
Dec 30, 2006, 7:35:56 PM12/30/06
to
Susan Bugher wrote:
> HVS wrote:
>> On 30 Dec 2006, Susan Bugher wrote

>>> SOP is to notify the anti-virus/spyware vendors when they are


>>> detecting a false positive. Most anti-spyware companies remove
>>> false positives from their databases after confirming the file
>>> is harmless. I think McAfee may be the ONLY vendor that still
>>> alerts on this file.
>>
>> Alas,, AVG still does -- but it classes it in the "may be of concern"
>> category rather than the "bad" one.
>
> Thanks for that additional information/correction. :)

Thought you might enjoy this. . .

http://www.siteadvisor.com/sites/pricelesswarehome.org/downloads/655439/

"Type (1stpage2.zip) installed the following programs on our PC:"
"JS/Winbomb trojan Search Threat Library"
<http://search.mcafee.com/search?q=JS/Winbomb%20trojan&site=Virus&num=10&sort=date:D:L:d1&output=xml_no_dtd&proxystylesheet=default_frontend&client=default_frontend&getFields=description&ie=UTF-8&oe=UTF-8&filter=0&>

I did the search. . .

"Your search - JS/Winbomb trojan - did not match any documents."
"No pages were found containing "JS/Winbomb trojan"."

but wait, there's more. Next I tried Google:

Results 1 - 8 of about 16 for "jS/Winbomb trojan"
The first link is to a McAfee forum:
<http://forums.mcafeehelp.com/viewtopic.php?t=100088&sid=d8245e584784818c40174791b9b842c8>

<q>
Hi, i get this pop up from Mcafee...
Trojan Found:
File C:Documents and settings\Serish\local setings temporary internet is
infected by JS/WINBOMB Trojan an cannot be cleaned...

How do i get rid of this.

Please help...
</q>

So far they haven't. . . read the whole page to get the full flavor. .
. ;)

The OP should have tried Google. This site had no problem dealing with
the question:
http://www.adslgr.com/forum/archive/index.php/t-6120.html

<q>
"Six Buttons From Hell"
The 1st Page software includes various JavaScript
examples, including one called Six Buttons From
Hell. Some virus scanning software will identify
this script as the js/winbomb trojan. You can
delete this file after you install 1st Page.
Deleting this file will not affect the operation
of the program. The file is typically installed as:
C:\Program Files\Evrsoft\1st Page 2000 IScripts\Buttons\Six buttons from
hell.izs
</q>

"Cannot be cleaned"? ;)

more scaremongering by McAfee. . .
http://www.siteadvisor.com/sites/evrsoft.com/summary/ (rated red X)

»Q«

unread,
Dec 30, 2006, 10:15:28 PM12/30/06
to
Walt Williams <em...@noemail.here> wrote in
<news:kcsdp25n4nv3riugq...@4ax.com>:

What would you say is malicious about it? Clearly, it's not a trojan,
since the tuturial it's part of tells the user exactly what it does.

--
»Q«

John Corliss

unread,
Dec 31, 2006, 9:42:42 AM12/31/06
to

Susan Bugher wrote:
> John Corliss wrote:
>
>> Just following up with this:
>>
>> http://www.siteadvisor.com/sites/winsite.com
>>
>> I think... Winsite is a good one to avoid!
>
> IMO McAfee SiteAdvisor is spreading a fair amount of FUD. I wonder how
> they decide between green, yellow and red ratings - maybe they use a
> dartboard. . . Compare:
> (big snip)
>
> Susan

Yes, I agree that they aren't always correct. However, in the case of
Winsite, they're spot on.

--
Regards from John Corliss. I don't reply to trolls like Andy Mabbett.
I'm filtering out all Google Groups posts. No ad, cd, commercial,
cripple, demo, nag, share, spy, time-limited or trial wares or warez for
me, please.

John Corliss

unread,
Dec 31, 2006, 9:44:27 AM12/31/06
to

John Corliss wrote:
>
> Just following up with this:
>
> http://www.siteadvisor.com/sites/winsite.com
>
> I think... Winsite is a good one to avoid!

Good God! If I were a troll, I'd make a careful note of the bait and
line used on this one. Didn't mean to stir up so much controversy. Just
trying to warn others about Winsite and their affiliation with Hotbar.

REM

unread,
Dec 31, 2006, 9:57:03 AM12/31/06
to

> Susan Bugher <sebu...@yahoo.com> wrote:

>SOP is to notify the anti-virus/spyware vendors when they are detecting
>a false positive. Most anti-spyware companies remove false positives
>from their databases after confirming the file is harmless. I think
>McAfee may be the ONLY vendor that still alerts on this file.

I have contacted them several times about this, "false positive," as
well as listing Power Archiver as malware I received a reply each
time. Nothing has been done. I gave up. <G>

The site has also been abused, I highly suspect a specific troll in
ACF, with a bunch of bogus comments. To the uninitiated, the site
appears to be dangerous, while it is one of the safest sites on the
internet.

If you respect the folks at McAfee, Walt, you might forward this
information, and see what your results are.


Susan Bugher

unread,
Dec 31, 2006, 11:12:56 AM12/31/06
to
John Corliss wrote:
> Susan Bugher wrote:
>> John Corliss wrote:

>>> Just following up with this:
>>>
>>> http://www.siteadvisor.com/sites/winsite.com
>>>
>>> I think... Winsite is a good one to avoid!

>> IMO McAfee SiteAdvisor is spreading a fair amount of FUD. I wonder how
>> they decide between green, yellow and red ratings - maybe they use a
>> dartboard. . . Compare:
>> (big snip)

> Yes, I agree that they aren't always correct. However, in the case of

> Winsite, they're spot on.

Apologies for kind of hijacking the thread. I appreciated your post with
the info about what Winsite is doing (ugh). I didn't think citing McAfee
bolstered your case though. ;)

Susan Bugher

unread,
Dec 31, 2006, 11:22:46 AM12/31/06
to
»Q« wrote:

I found McAfee's description:

http://vil.nai.com/vil/content/v_98753.htm

<q>
Method of Infection
Viewing a web page which contains this trojan javascript code creates
the barrage of windows.
</q>

???

Susan Bugher

unread,
Dec 31, 2006, 11:38:21 AM12/31/06
to
REM wrote:

> The site has also been abused, I highly suspect a specific troll in
> ACF, with a bunch of bogus comments. To the uninitiated, the site
> appears to be dangerous, while it is one of the safest sites on the
> internet.

dunno if you saw the most recent comment. . .
http://www.siteadvisor.com/sites/pricelesswarehome.org

<q>
This is an excellent freeware resource. The reviewer named "branded" is
exactly correct, just check his links.
And note ONLY green links to this site! I am a charter, beta-tester of
the original Site Advisor. McAfee has messed up a brilliant concept and
stinks for trying to charge for it. The ratings are now clearly biased
and all McAfee products are steaming heaps of impotent junkware.
</q>

Don't hold back, tell us what you really think. ;)

Bear Bottoms

unread,
Dec 31, 2006, 12:01:06 PM12/31/06
to
On Sun, 31 Dec 2006 10:38:21 -0600, Susan Bugher <sebu...@yahoo.com>
wrote:

> REM wrote:


>
>> The site has also been abused, I highly suspect a specific troll in
>> ACF, with a bunch of bogus comments. To the uninitiated, the site
>> appears to be dangerous, while it is one of the safest sites on the
>> internet.
>
> dunno if you saw the most recent comment. . .
> http://www.siteadvisor.com/sites/pricelesswarehome.org
>
> <q>
> This is an excellent freeware resource. The reviewer named "branded" is
> exactly correct, just check his links.
> And note ONLY green links to this site! I am a charter, beta-tester of
> the original Site Advisor. McAfee has messed up a brilliant concept and
> stinks for trying to charge for it. The ratings are now clearly biased
> and all McAfee products are steaming heaps of impotent junkware.
> </q>
>
> Don't hold back, tell us what you really think. ;)
>
> Susan

What distresses me most about this is it appears that McAfee has
re-reviewed your site and changed the yellow warning to encompass only
your hub site where before I believe it encompassed also a spoke. My
distress comes from McAfee's obvious oblivion to the file in question as
being exposable malware rather than an example given in a tutorial. To
me, this is obvious Internet malfeasance.

Am I wrong about this?

Susan Bugher

unread,
Dec 31, 2006, 12:21:12 PM12/31/06
to
Bear Bottoms wrote:
> On Sun, 31 Dec 2006 10:38:21 -0600, Susan Bugher <sebu...@yahoo.com>
> wrote:

>> dunno if you saw the most recent comment. . .
>> http://www.siteadvisor.com/sites/pricelesswarehome.org
>>
>> <q>
>> This is an excellent freeware resource. The reviewer named "branded"
>> is exactly correct, just check his links.
>> And note ONLY green links to this site! I am a charter, beta-tester
>> of the original Site Advisor. McAfee has messed up a brilliant
>> concept and stinks for trying to charge for it. The ratings are now
>> clearly biased and all McAfee products are steaming heaps of impotent
>> junkware.
>> </q>
>>
>> Don't hold back, tell us what you really think. ;)

> What distresses me most about this is it appears that McAfee has

> re-reviewed your site and changed the yellow warning to encompass only
> your hub site where before I believe it encompassed also a spoke. My
> distress comes from McAfee's obvious oblivion to the file in question
> as being exposable malware rather than an example given in a tutorial.
> To me, this is obvious Internet malfeasance.
>
> Am I wrong about this?

dunno - I can't tell what statement you're referring to (and I don't
understand all the statements you made).

IMO it doesn't make a great deal of difference how McAfee rates the PWH
site. The site is by and for ACF newsgroup participants and we already
know what's there.

Bear Bottoms

unread,
Dec 31, 2006, 1:27:11 PM12/31/06
to
On Sun, 31 Dec 2006 11:21:12 -0600, Susan Bugher <sebu...@yahoo.com>
wrote:
>

>> What distresses me most about this is it appears that McAfee has
>> re-reviewed your site and changed the yellow warning to encompass only
>> your hub site where before I believe it encompassed also a spoke. My
>> distress comes from McAfee's obvious oblivion to the file in question
>> as being exposable malware rather than an example given in a
>> tutorial. To me, this is obvious Internet malfeasance.
>> Am I wrong about this?
>
> dunno - I can't tell what statement you're referring to (and I don't
> understand all the statements you made).
>
> IMO it doesn't make a great deal of difference how McAfee rates the PWH
> site. The site is by and for ACF newsgroup participants and we already
> know what's there.
>
> Susan

I suppose it is a moot point for you then. My reference was to the little
graph they supply showing relationships to other sites. Right now, they
outline PWH in yellow (the hub) and the relationship links PWH has to
other sites are green. Initially, when you viewed the graph, PWH was
yellow and one of the relationships was yellow...this has changed thus my
assumption they re-reviewed the PHW site...and still reference the trojan.

To me, this is a serious matter for anyone as McAfee is a "big" name. If
they are erroneously flagging sites with malware, and it appears they are,
much ado should be made...and spread about it to help them along with
reform...or at least raise end-user awareness that their evaluations are
worthless.

The many examples you list of poor ratings by them show malfeasance
IMO...and should be everyone's concern to toot.

Susan Bugher

unread,
Dec 31, 2006, 2:15:18 PM12/31/06
to
Bear Bottoms wrote:
> On Sun, 31 Dec 2006 11:21:12 -0600, Susan Bugher <sebu...@yahoo.com>
> wrote:

>> IMO it doesn't make a great deal of difference how McAfee rates the
>> PWH site. The site is by and for ACF newsgroup participants and we
>> already know what's there.

> I suppose it is a moot point for you then. My reference was to the

> little graph they supply showing relationships to other sites. Right
> now, they outline PWH in yellow (the hub) and the relationship links
> PWH has to other sites are green.

<vbg> That "little graph" is a teeny tiny sample of the links to other
sites. The PWH site has links to about three thousand other sites.
McAfee shows *** 8 **** links.

See:
http://www.siteadvisor.com/sites/pricelesswarehome.org

Then compare that with this page:
http://www.pricelesswarehome.org/acf/P_AuthorIndex.php

Bear Bottoms

unread,
Dec 31, 2006, 3:51:16 PM12/31/06
to
On Sun, 31 Dec 2006 13:15:18 -0600, Susan Bugher <sebu...@yahoo.com>
wrote:

> Bear Bottoms wrote:
>> On Sun, 31 Dec 2006 11:21:12 -0600, Susan Bugher <sebu...@yahoo.com>
>> wrote:
>
>>> IMO it doesn't make a great deal of difference how McAfee rates the
>>> PWH site. The site is by and for ACF newsgroup participants and we
>>> already know what's there.
>
>> I suppose it is a moot point for you then. My reference was to the
>> little graph they supply showing relationships to other sites. Right
>> now, they outline PWH in yellow (the hub) and the relationship links
>> PWH has to other sites are green.
>
> <vbg> That "little graph" is a teeny tiny sample of the links to other
> sites. The PWH site has links to about three thousand other sites.
> McAfee shows *** 8 **** links.
>
> See:
> http://www.siteadvisor.com/sites/pricelesswarehome.org
>
> Then compare that with this page:
> http://www.pricelesswarehome.org/acf/P_AuthorIndex.php
>
> Susan

Well I know that. Never mind.

Walt Williams

unread,
Jan 1, 2007, 11:28:08 AM1/1/07
to
On Sat, 30 Dec 2006 17:46:07 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>> Not correcting a false positive in a timely manner is irresponsible
>> IMO. That isn't the case regarding this file.

>I'm not sure what you mean.

I mean that in my opinion the file in question _is_ malicious and
(again, IMO) SA is functioning properly regarding this file. I can
understand that this file may not meet some people's definition of
"malicious".

>If it is a false positive alerted on by
>McAfee, they should correct it and never use it for a negative report.
>What about the case of a site removing the files of issue and the negative
>report from McAfee hanging around for months?

I think we agree on this point. If SA is notified of a false positive
(by SA"s definition) it would be irresponsible for them to not correct
the incorrect rating in a timely manner.

--
Walt Williams

Walt Williams

unread,
Jan 1, 2007, 11:31:06 AM1/1/07
to
On Sat, 30 Dec 2006 15:59:18 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>drat, this is like eating corn chips. . . just one more download site.
>. . ;)
>
>http://www.siteadvisor.com/sites/nonags.com (rated green checkmark)
>"No downloads tested
>We have not tested any downloads on this site."
>
>*** 0 *** files tested. It'll be hard for them to top that. . .

Instead of campaigning against a service that gives your web site an
unfavorable rating, why not campaign for the software author to remove
the offending templates?

--
Walt Williams

Walt Williams

unread,
Jan 1, 2007, 11:41:19 AM1/1/07
to

I don't see anything productive coming from a debate about SA's
criteria for determining malicious files. The point is, the file in
question _is_ malicious by SA's standards so while you might find
their criteria to be overly alarmist, they are not remiss in
correcting a false positive.

I visit sites with unfavorable SA ratings every day. I still find the
ratings to be useful and if I'm going to download a file from a poorly
rated site I check to see if it's the file that caused the poor
rating.

IOW, I use SiteAdvisor for _advice_.

--
Walt Williams

Susan Bugher

unread,
Jan 1, 2007, 11:59:32 AM1/1/07
to
Walt Williams wrote:
> On Sat, 30 Dec 2006 21:15:28 -0600, »Q« <box...@gmx.net> wrote:
>>Walt Williams <em...@noemail.here> wrote in
>><news:kcsdp25n4nv3riugq...@4ax.com>:
>>>On Sat, 30 Dec 2006 21:36:59 GMT, HVS <harve...@ntlworld.com>
>>>wrote:

>>>>Because it's part of a tutorial.
>>>>
>>>>*Good* tutorials illustrate not only what you should do, but also
>>>>what you shouldn't do; and really good ones illustrate *why* you
>>>>shouldn't do what you shouldn't do.
>>>
>>>So including an actual virus or trojan would be OK for you as long as
>>>it's for instructional purposes?
>>>
>>>If the decision were mine to make, I'd have SA identify this as a
>>>malicious file. YMMV.
>>
>>What would you say is malicious about it? Clearly, it's not a trojan,
>>since the tuturial it's part of tells the user exactly what it does.
>
>
> I don't see anything productive coming from a debate about SA's
> criteria for determining malicious files. The point is, the file in
> question _is_ malicious by SA's standards so while you might find
> their criteria to be overly alarmist, they are not remiss in
> correcting a false positive.

I don't think it is a Trojan by THEIR criteria - let alone anyone
else's. . . It looks to me as if they erred and they've never
corrected the error.

http://vil.nai.com/vil/content/v_98753.htm

<q>
Overview
This is a trojan detection. Unlike viruses, trojans do not
self-replicate. They are spread manually, often under the premise that
they are beneficial or wanted. The most common installation methods
involve system or security exploitation, and unsuspecting users manually
executing unknown programs. Distribution channels include email,
malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer
networks, etc.

Method of Infection
Viewing a web page which contains this trojan javascript code creates
the barrage of windows.
</q>

sic. . . That is NOT a "Method of Infection".

Susan Bugher

unread,
Jan 1, 2007, 12:18:02 PM1/1/07
to

Such loaded language. . .

1. It is not my web site - it's alt.comp.freeware's web site
http://www.pricelesswarehome.org/acf/AboutWebsite.php

2. for several years the participants in this newsgroup selected 1st
Page 2000 for the Pricelessware List (PL2004 PL2003 PL2002 PL2001). IMO
it would be a mistake to revise archived Pricelessware web pages to suit
McAfee's notion of what is good and bad.

3. If you think those Pricelessware web pages should be revised post a
thread about that. I will revise them *IF* the consensus of the group is
that they should be revised.

Walt Williams

unread,
Jan 1, 2007, 12:27:39 PM1/1/07
to
On Mon, 01 Jan 2007 12:18:02 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>Such loaded language. . .


>
>1. It is not my web site - it's alt.comp.freeware's web site
>http://www.pricelesswarehome.org/acf/AboutWebsite.php
>
>2. for several years the participants in this newsgroup selected 1st
>Page 2000 for the Pricelessware List (PL2004 PL2003 PL2002 PL2001). IMO
>it would be a mistake to revise archived Pricelessware web pages to suit
>McAfee's notion of what is good and bad.
>
>3. If you think those Pricelessware web pages should be revised post a
>thread about that. I will revise them *IF* the consensus of the group is
>that they should be revised.

The approach that I would prefer would be trying to influence the
software's author to remove the offending templates.

I would _not_ support an attempt to get SA to stop flagging files with
this sort of behavior as malicious.

--
Walt Williams

Susan Bugher

unread,
Jan 1, 2007, 3:30:27 PM1/1/07
to
Walt Williams wrote:

> On Mon, 01 Jan 2007 11:31:43 -0800, Walt Williams <em...@noemail.here>
> wrote:
>
>>>Warnings by McAfee are good; warnings by others are bad? That seems to
>>>be your position - perhaps you should think again. . .
>>
>>On what do youi base that characterization of my position?
>>Specifically, which warnings by others do I think are bad?
>
> Oh, I see. You want to equate a warning by SA with a malicious file
> because the author says the purpose of the file is to act as a
> warning.
>
> Unbelievable!

I agree. AFAIK the only company that is ***making use*** of this file in
a malicious way is McAfee - with their big red X rating of the 1st Page
2000 author's site. ;)

Susan Bugher

unread,
Jan 1, 2007, 2:18:10 PM1/1/07
to
Walt Williams wrote:
> On Mon, 01 Jan 2007 12:18:02 -0500, Susan Bugher <sebu...@yahoo.com>
> wrote:

>>Such loaded language. . .
>>
>>1. It is not my web site - it's alt.comp.freeware's web site
>>http://www.pricelesswarehome.org/acf/AboutWebsite.php
>>
>>2. for several years the participants in this newsgroup selected 1st
>>Page 2000 for the Pricelessware List (PL2004 PL2003 PL2002 PL2001). IMO
>>it would be a mistake to revise archived Pricelessware web pages to suit
>>McAfee's notion of what is good and bad.
>>
>>3. If you think those Pricelessware web pages should be revised post a
>>thread about that. I will revise them *IF* the consensus of the group is
>>that they should be revised.

> The approach that I would prefer would be trying to influence the
> software's author to remove the offending templates.

The file is included with a warning and as a warning - it's part of a
tutorial.

> I would _not_ support an attempt to get SA to stop flagging files with


> this sort of behavior as malicious.

Warnings by McAfee are good; warnings by others are bad? That seems to

be your position - perhaps you should think again. . .

Susan

Walt Williams

unread,
Jan 1, 2007, 2:31:43 PM1/1/07
to
On Mon, 01 Jan 2007 14:18:10 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>Walt Williams wrote:

>> The approach that I would prefer would be trying to influence the
>> software's author to remove the offending templates.
>
>The file is included with a warning and as a warning - it's part of a
>tutorial.

It's a malicious file by SA's criteria (with which I happen to agree)
regardless of the stated purpose for it's inclusion.

It would appear that you have an issue with SA's criteria (and I can
understand why you might) but that's a different matter than SA's
failure to act upon a report of a false positive.

>> I would _not_ support an attempt to get SA to stop flagging files with
>> this sort of behavior as malicious.
>
>Warnings by McAfee are good; warnings by others are bad? That seems to
>be your position - perhaps you should think again. . .

On what do youi base that characterization of my position?


Specifically, which warnings by others do I think are bad?

--
Walt Williams

Walt Williams

unread,
Jan 1, 2007, 2:40:09 PM1/1/07
to
On Mon, 01 Jan 2007 11:31:43 -0800, Walt Williams <em...@noemail.here>
wrote:

>>Warnings by McAfee are good; warnings by others are bad? That seems to

>>be your position - perhaps you should think again. . .
>
>On what do youi base that characterization of my position?
>Specifically, which warnings by others do I think are bad?

Oh, I see. You want to equate a warning by SA with a malicious file


because the author says the purpose of the file is to act as a
warning.

Unbelievable!

--
Walt Williams

Bear Bottoms

unread,
Jan 1, 2007, 3:55:19 PM1/1/07
to
On Mon, 01 Jan 2007 13:31:43 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Mon, 01 Jan 2007 14:18:10 -0500, Susan Bugher <sebu...@yahoo.com>


> wrote:
>
>> Walt Williams wrote:
>
>>> The approach that I would prefer would be trying to influence the
>>> software's author to remove the offending templates.
>>
>> The file is included with a warning and as a warning - it's part of a
>> tutorial.
>
> It's a malicious file by SA's criteria (with which I happen to agree)
> regardless of the stated purpose for it's inclusion.
>
> It would appear that you have an issue with SA's criteria (and I can
> understand why you might) but that's a different matter than SA's
> failure to act upon a report of a false positive.
>

You are well off base in this case. In no way, can this file be
considered malware secretely inserted into software to infiltrate
someone's machine upon execution. It is provided as an example within the
tutorial of a program. This appears to be a well known issue, and McAfee
is performing a disservice, not only in this case, but many cases I have
found myself, and cases listed here in this forum.

That is even beside the fact, that several sites have removed files listed
by McAfee only to have the intitial judgement hang around for months
without review. This is malfeasance on McAfee's part.

Walt Williams

unread,
Jan 1, 2007, 5:17:04 PM1/1/07
to
On Mon, 01 Jan 2007 14:55:19 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>On Mon, 01 Jan 2007 13:31:43 -0600, Walt Williams <em...@noemail.here>
>wrote:

>> It's a malicious file by SA's criteria (with which I happen to agree)


>> regardless of the stated purpose for it's inclusion.
>>
>> It would appear that you have an issue with SA's criteria (and I can
>> understand why you might) but that's a different matter than SA's
>> failure to act upon a report of a false positive.
>>
>You are well off base in this case. In no way, can this file be
>considered malware secretely inserted into software to infiltrate
>someone's machine upon execution.

It meets SA's definition with which I agree but since you think a free
offer == Freeware, it doesn't surprise me that your definition of a
malicious file is different too.

Let's see, who's definition should I choose, yours or a service
supported by mere novices like Ben Edelman and Eric Howes?

--
Walt Williams

Bear Bottoms

unread,
Jan 1, 2007, 5:27:07 PM1/1/07
to
On Mon, 01 Jan 2007 16:17:04 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Mon, 01 Jan 2007 14:55:19 -0600, "Bear Bottoms"
> <bearbo...@cox.net> wrote:
>
>> On Mon, 01 Jan 2007 13:31:43 -0600, Walt Williams <em...@noemail.here>
>> wrote:
>
>>> It's a malicious file by SA's criteria (with which I happen to agree)
>>> regardless of the stated purpose for it's inclusion.
>>>
>>> It would appear that you have an issue with SA's criteria (and I can
>>> understand why you might) but that's a different matter than SA's
>>> failure to act upon a report of a false positive.
>>>
>> You are well off base in this case. In no way, can this file be
>> considered malware secretely inserted into software to infiltrate
>> someone's machine upon execution.
>
> It meets SA's definition with which I agree but since you think a free
> offer == Freeware, it doesn't surprise me that your definition of a
> malicious file is different too.
>
> Let's see, who's definition should I choose, yours or a service
> supported by mere novices like Ben Edelman and Eric Howes?
>

Why don't you investigate and evaluate it yourself. If Ben Edelman and
Eric Howes are responsible for making this decision, I would look
elsewhere for mentors. If you have any personal skills, you will find
McAfee is making serious mistakes.

Walt Williams

unread,
Jan 1, 2007, 5:38:19 PM1/1/07
to
On Mon, 01 Jan 2007 16:27:07 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>Why don't you investigate and evaluate it yourself.

I prefer to be warned about sites that contain malicious files whether
the stated reason for such files is "educational" or not.

--
Walt Williams

Susan Bugher

unread,
Jan 1, 2007, 5:55:57 PM1/1/07
to
Walt Williams wrote:

> Let's see, who's definition should I choose, yours or a service
> supported by mere novices like Ben Edelman and Eric Howes?

Can you give me a cite/link that confirms their support of Site Advisor?
FWIW I tried Google - Results 1 - 43 of about 182 for "site advisor"
"Eric Howes" - this is the first result:

http://www.vitalsecurity.org/2006/08/siteadvisor-lists-tomcoyoteorg-as-bad.html

<q>
Thursday, August 31, 2006

In case you didn't know, Tomcoyote.org is an awesome security site that
has been in the "get this crap off my PC now!!!" game for a long time.
Sadly, because of some incorrect scores on the doors, they've had a bit
of a pasting where Site Advisor is concerned.

Whoops the first
Whoops the second

Bad marks all round - oh dear.

I've felt the sting from Site Advisor previously, and it's not a
particularly pleasant situation to be in. Of course, I got it sorted out
in the end but it's still a pain in the jacksie I'd rather not have to
deal with. Dknoppix, MalwareBytes, Cexx, Bluetack, Lavasoft Support and
Spamhuntress are currently listed as Red (unsafe) - meanwhile, perfectly
nasty sites such as Gromozon were listed as Green until recently. Will
we be seeing more security and support sites given a taste of the
beatdown stick?

I hope not.

/ Update - A Site Advisor guy just posted on the Bluetack and TomCoyote
pages:

We have analyzed this site and determined that the red downloads are not
directly sponsored by the site.

Expect to see this site turn green in the coming weeks.

Woot! Now, how about fixing the rest of the sites too guys?
</q>

Bear Bottoms

unread,
Jan 1, 2007, 6:08:05 PM1/1/07
to
On Mon, 01 Jan 2007 16:38:19 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Mon, 01 Jan 2007 16:27:07 -0600, "Bear Bottoms"

Do you understand the harm that can befall a website with a negative
evaluation from McAfee? Are you willing to agree that the purpose is to
warn against real threats to end-users and a false or inept evaluations
perform a disservice, as well as being harmful? Are you saying inaccurate
information and negative evaluations which are fixed and not re-evaluated
and the above behavior is acceptable? I'm really curious to see if you
are willing to put your views into perspective.


--
I Research Freeware http://bearbottoms1.com

»Q«

unread,
Jan 1, 2007, 6:47:20 PM1/1/07
to
Walt Williams <em...@noemail.here> wrote in
<news:2udip21jn4cttkmvk...@4ax.com>:

> On Sat, 30 Dec 2006 21:15:28 -0600, »Q« <box...@gmx.net> wrote:
>
>> Walt Williams <em...@noemail.here> wrote in
>> <news:kcsdp25n4nv3riugq...@4ax.com>:
>>

>>> If the decision were mine to make, I'd have SA identify this as
>>> a malicious file. YMMV.
>>
>> What would you say is malicious about it? Clearly, it's not a
>> trojan, since the tuturial it's part of tells the user exactly
>> what it does.
>
> I don't see anything productive coming from a debate about SA's
> criteria for determining malicious files. The point is, the file
> in question _is_ malicious by SA's standards so while you might
> find their criteria to be overly alarmist, they are not remiss in
> correcting a false positive.

SA misidentifies it as a trojan; they don't use the term "malicious
file" AFAICT. My guess is that they flag it as a trojan because their
McAfee AV product false alerts on it.

But my question wasn't about what SA's methods, it was about the
decision you said you would make. Why would you call 1st Page a
malicious file?

--
»Q«

Walt Williams

unread,
Jan 1, 2007, 9:52:21 PM1/1/07
to
On Mon, 01 Jan 2007 17:55:57 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>Walt Williams wrote:


>
>> Let's see, who's definition should I choose, yours or a service
>> supported by mere novices like Ben Edelman and Eric Howes?
>
>Can you give me a cite/link that confirms their support of Site Advisor?

Are you serious? I thought I was engaging in a discussion with someone
who was well versed in anti-malware efforts. For starters take a look
at <http://www.benedelman.org/> and
<http://www.siteadvisor.com/about/team.html>.

--
Walt Williams

Walt Williams

unread,
Jan 1, 2007, 9:58:47 PM1/1/07
to
On Mon, 01 Jan 2007 17:08:05 -0600, "Bear Bottoms"
<bearbo...@gmai.com> wrote:

>On Mon, 01 Jan 2007 16:38:19 -0600, Walt Williams <em...@noemail.here>
>wrote:
>
>> On Mon, 01 Jan 2007 16:27:07 -0600, "Bear Bottoms"
>> <bearbo...@cox.net> wrote:
>>
>>> Why don't you investigate and evaluate it yourself.
>>
>> I prefer to be warned about sites that contain malicious files whether
>> the stated reason for such files is "educational" or not.
>>
>Do you understand the harm that can befall a website with a negative
>evaluation from McAfee?

I understand fully. Many people find SA's site evaluations to be
valuable hence the pressure to remove malicious files.

>Are you willing to agree that the purpose is to
>warn against real threats to end-users and a false or inept evaluations
>perform a disservice, as well as being harmful? Are you saying inaccurate
>information and negative evaluations which are fixed and not re-evaluated
>and the above behavior is acceptable? I'm really curious to see if you
>are willing to put your views into perspective.

What part of "the file in question is malicious by SA's criteria" are
you having trouble understanding?

--
Walt Williams

Bear Bottoms

unread,
Jan 1, 2007, 10:44:11 PM1/1/07
to
On Mon, 01 Jan 2007 20:58:47 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Mon, 01 Jan 2007 17:08:05 -0600, "Bear Bottoms"
> <bearbo...@gmai.com> wrote:
>
>> On Mon, 01 Jan 2007 16:38:19 -0600, Walt Williams <em...@noemail.here>
>> wrote:
>>
>>> On Mon, 01 Jan 2007 16:27:07 -0600, "Bear Bottoms"
>>> <bearbo...@cox.net> wrote:
>>>
>>>> Why don't you investigate and evaluate it yourself.
>>>
>>> I prefer to be warned about sites that contain malicious files whether
>>> the stated reason for such files is "educational" or not.
>>>
>> Do you understand the harm that can befall a website with a negative
>> evaluation from McAfee?
>
> I understand fully. Many people find SA's site evaluations to be
> valuable hence the pressure to remove malicious files.
>

You understand nothing. You are suspiciously evading the issue I present.

>> Are you willing to agree that the purpose is to
>> warn against real threats to end-users and a false or inept evaluations
>> perform a disservice, as well as being harmful? Are you saying
>> inaccurate
>> information and negative evaluations which are fixed and not
>> re-evaluated
>> and the above behavior is acceptable? I'm really curious to see if you
>> are willing to put your views into perspective.
>
> What part of "the file in question is malicious by SA's criteria" are
> you having trouble understanding?
>

What part of malfeasance don't you understand?

Walt Williams

unread,
Jan 1, 2007, 11:07:59 PM1/1/07
to
On Mon, 01 Jan 2007 17:47:20 -0600, »Q« <box...@gmx.net> wrote:

>But my question wasn't about what SA's methods, it was about the
>decision you said you would make. Why would you call 1st Page a
>malicious file?

There's nothing to be gained by debating the criteria here. If you
want to influence SA's ratings see
<http://www.siteadvisor.com/analysis/reviewercentral/> and
<http://blog.siteadvisor.com/>.

More weight is given to reviews by those who have been in the trenches
doing the work so don't expect your input to be given the same weight
if you just drop in with a single review concerning a pet site.

--
Walt Williams

Walt Williams

unread,
Jan 1, 2007, 11:12:09 PM1/1/07
to
On Mon, 01 Jan 2007 21:44:11 -0600, "Bear Bottoms"
<bearbo...@gmai.com> wrote:

>What part of malfeasance don't you understand?

I now understand why I should have read the "Bear Bottoms behavior:
He's a troll -- the content is irrelevant" thread before replying to
you.

Buh-bye!

--
Walt Williams

»Q«

unread,
Jan 1, 2007, 11:49:00 PM1/1/07
to
Walt Williams <em...@noemail.here> wrote in
<news:67mjp2ttja9tf96um...@4ax.com>:

> On Mon, 01 Jan 2007 17:47:20 -0600, »Q« <box...@gmx.net> wrote:
>
>> But my question wasn't about what SA's methods, it was about the
>> decision you said you would make. Why would you call 1st Page a
>> malicious file?
>
> There's nothing to be gained by debating the criteria here.

No sane definition of "trojan" includes files which do exactly what
they say they will. You've said that since 1st Page has a trojan by
SA's "criteria" or "standards", it's not a false positive, yet you
won't discuss trojans or standards or criteria. If the mere fact that
they use some standards or criteria precluded false positives, I guess
I'd agree with your that it can't be a false positive.

> If you want to influence SA's ratings

I don't. I'm content to point out that SA is an unreliable resource
for identifying dangerous sites and leave it to NAI to improve it if
they want to.

--
»Q«

Susan Bugher

unread,
Jan 2, 2007, 12:41:54 AM1/2/07
to
Walt Williams wrote:
> On Mon, 01 Jan 2007 17:55:57 -0500, Susan Bugher <sebu...@yahoo.com>
> wrote:
>>Walt Williams wrote:

>>>Let's see, who's definition should I choose, yours or a service
>>>supported by mere novices like Ben Edelman and Eric Howes?
>>
>>Can you give me a cite/link that confirms their support of Site Advisor?
>
> Are you serious? I thought I was engaging in a discussion with someone
> who was well versed in anti-malware efforts.

You leapt to an unwarranted conclusion. . . ;)

Okay, I now know that Ben Edelman supports Site Advisor and assume he's
being paid for his work as an Advisor and co-author of a report -
http://www.siteadvisor.com/studies/search_safety_may2006.html

I didn't notice his name when I read the report - you may recall I
posted that IMO the report is biased.

Now where do I find info that shows Eric Howes supports Site Advisor?

Walt Williams

unread,
Jan 2, 2007, 10:58:08 AM1/2/07
to
On Tue, 02 Jan 2007 00:41:54 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>Walt Williams wrote:
>> Are you serious? I thought I was engaging in a discussion with someone
>> who was well versed in anti-malware efforts.

I apologize for the above unnecessary remark.

>You leapt to an unwarranted conclusion. . . ;)
>
>For starters take a look
>> at <http://www.benedelman.org/> and
>> <http://www.siteadvisor.com/about/team.html>.
>
>Okay, I now know that Ben Edelman supports Site Advisor and assume he's
>being paid for his work as an Advisor and co-author of a report -
>http://www.siteadvisor.com/studies/search_safety_may2006.html
>
>I didn't notice his name when I read the report - you may recall I
>posted that IMO the report is biased.

You might want to look at what Howes has to say about Google
<http://www.spywarewarrior.com/rogue_anti-spyware.htm#google>

note: I use Google several times each day and I'm not saying "Google
is Evil".

>Now where do I find info that shows Eric Howes supports Site Advisor?

I don't have proof readily available other than the fact that he's
listed as one of the preview testers.
<http://www.siteadvisor.com/analysis/reviewers/previewtesters_6.html>.

You might contact him asking for his opinion of SA and post the
response here.

You seem to be bright and to have time, why not join in the effort to
make SA a better anti-malware tool
<http://www.siteadvisor.com/analysis/reviewercentral/> and
<http://blog.siteadvisor.com/>?

Your "SiteAdvisor is Evil" campaign reflects poorly on you in the view
of someone who finds it to offer useful _advice_.

--
Walt Williams

Susan Bugher

unread,
Jan 2, 2007, 3:10:03 PM1/2/07
to
Walt Williams wrote:
> On Tue, 02 Jan 2007 00:41:54 -0500, Susan Bugher <sebu...@yahoo.com>
> wrote:
>>Walt Williams wrote:

> You might want to look at what Howes has to say about Google
> <http://www.spywarewarrior.com/rogue_anti-spyware.htm#google>

What a nice surprise! On that page Eric Howes recommends ACF's
Pricelesssware site:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy
(scroll down to the end of the section)

"If you're looking for truly free software without any unwanted
surprises, see the following sites: . . . Pricelessware
http://www.pricelesswarehome.org/

:) :) :)

>>Now where do I find info that shows Eric Howes supports Site Advisor?

> I don't have proof readily available other than the fact that he's
> listed as one of the preview testers.
> <http://www.siteadvisor.com/analysis/reviewers/previewtesters_6.html>.

IOW you leapt to an unwarranted conclusion and stated it as a fact.

Walt Williams

unread,
Jan 2, 2007, 6:07:58 PM1/2/07
to
On Tue, 02 Jan 2007 15:10:03 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>Walt Williams wrote:
>
>> I don't have proof readily available other than the fact that he's
>> listed as one of the preview testers.
>> <http://www.siteadvisor.com/analysis/reviewers/previewtesters_6.html>.
>
>IOW you leapt to an unwarranted conclusion and stated it as a fact.

Thanks for illustrating your lack of understanding of Logic.

--
Walt Williams

Bear Bottoms

unread,
Jan 2, 2007, 6:51:51 PM1/2/07
to
On Mon, 01 Jan 2007 22:12:09 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Mon, 01 Jan 2007 21:44:11 -0600, "Bear Bottoms"

Still evading...

Susan Bugher

unread,
Jan 2, 2007, 9:08:53 PM1/2/07
to

LOL

Your posts have been those of as a "true believer" (your central article
of faith being "Site Advisor is always right"). Someone who questions
that basic assumption is accused of mounting a "SiteAdvisor is Evil"
campaign. If that's your definition of logic it's one that is not widely
shared. . .

dunno if you really "believe" or if you're just trolling. . . either
way it's EOT time for me.

Walt Williams

unread,
Jan 3, 2007, 12:18:45 PM1/3/07
to
On Tue, 02 Jan 2007 21:08:53 -0500, Susan Bugher <sebu...@yahoo.com>
wrote:

>Your posts have been those of as a "true believer" (your central article

>of faith being "Site Advisor is always right").

Nonsense! I've clearly stated that I use SiteAdvisor for _advice_ only
and that I frequently visit sites flagged by SA. Sometimes I disagree
with SA ratings and sometimes I ignore them even though I understand
and agree with the reason for the poor rating.

In which post did I say "Site Advisor is always right"?

I believe our entire discussion stemmed from a post citing an SA
warning regarding Winsite. My position is that such a warning is not
conclusive proof that a site is "evil" but SA's rating of a site _is_
worth looking into.

Your response to the posting of the Winsite SA warning has essentially
been "SA improperly flagged my pet site therefore any SA warnings are
hogwash".

It appears to me that your agenda is not to invalidate SA's rating of
Winsite but rather to attack the entire SA effort. If your intention
was to exonerate Winsite, the proper course of action would be to
disprove the SA rating by showing that the flagged files are not
malicious.

> Someone who questions
>that basic assumption is accused of mounting a "SiteAdvisor is Evil"
>campaign.

Use whatever phrase you like to describe your crusade. Clearly your
agenda is a blanket dismissal of SA warnings due to a vendetta based
on the PWH rating by SA.

--
Walt Williams

Bear Bottoms

unread,
Jan 3, 2007, 7:19:30 PM1/3/07
to
On Wed, 03 Jan 2007 11:18:45 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Tue, 02 Jan 2007 21:08:53 -0500, Susan Bugher <sebu...@yahoo.com>

Hogwash. That is definitely a great example however. Tom Coyote was
another. There are many many examples of their disservice. The most
offensive is the length of time taken when a site does try to clean itself
of files objected to by SA and the time it takes for SA to re-review the
site much less the lack of communication allowed sites which are
"trashed." Bottomline is they are performing more of a disservice than a
service.

Walt Williams

unread,
Jan 6, 2007, 2:49:46 PM1/6/07
to
On Mon, 01 Jan 2007 17:08:05 -0600, "Bear Bottoms"
<bearbo...@gmai.com> wrote:

>On Mon, 01 Jan 2007 16:38:19 -0600, Walt Williams <em...@noemail.here>
>wrote:
>
>> On Mon, 01 Jan 2007 16:27:07 -0600, "Bear Bottoms"
>> <bearbo...@cox.net> wrote:
>>
>>> Why don't you investigate and evaluate it yourself.
>>
>> I prefer to be warned about sites that contain malicious files whether
>> the stated reason for such files is "educational" or not.

How does any of the following pertain to the fact that "I prefer to be


warned about sites that contain malicious files whether the stated

reason for such files is "educational" or not."? (that is what you
_claim_ to be responding to).

>Do you understand the harm that can befall a website with a negative
>evaluation from McAfee?

I shouldn't honor the obvious with a response but, the negative impact
is precisely where the leverage lies. A site can choose to come into
compliance or suffer the consequences.

SA is _not_ like a spam filtering service or HOSTS file that denies
access. SA does not block access to a site, it only offers _advice_.

Those who take issue with SA ratings can become involved and do the
work necessary to improve the validity of the _advice_ or they can
whine about SA's imperfections.

SA's credibility suffers not the least from criticism by Village
Idiots who neither understand the process nor invest the time and
effort to improve the validity of the ratings.

>Are you willing to agree that the purpose is to
>warn against real threats to end-users and a false or inept evaluations
>perform a disservice, as well as being harmful? Are you saying inaccurate
>information and negative evaluations which are fixed and not re-evaluated
>and the above behavior is acceptable? I'm really curious to see if you
>are willing to put your views into perspective.

I don't respond to "when are you going to stop beating your wife" type
questions, especially when the questions come from someone who doesn't
even understand how the mechanism functions.

Explain to us how the existing mechanism for correcting "false
positives" works and how you would change that mechanism if you were
in charge.

--
Walt Williams

Bear Bottoms

unread,
Jan 6, 2007, 3:43:18 PM1/6/07
to
On Sat, 06 Jan 2007 13:49:46 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Mon, 01 Jan 2007 17:08:05 -0600, "Bear Bottoms"
> <bearbo...@gmai.com> wrote:
>
>
>> Do you understand the harm that can befall a website with a negative
>> evaluation from McAfee?
>
> I shouldn't honor the obvious with a response but, the negative impact
> is precisely where the leverage lies. A site can choose to come into
> compliance or suffer the consequences.
>

So negative impact right or wrong is "good" leverage. This is where the
problem is with your argument. This is what you have been evading. The
issue is bad advice which is what SA is giving out. Bad advice is better
than no advice?...I think not.

Walt Williams

unread,
Jan 6, 2007, 4:41:08 PM1/6/07
to
On Sat, 06 Jan 2007 14:43:18 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>So negative impact right or wrong is "good" leverage. This is where the
>problem is with your argument. This is what you have been evading. The
>issue is bad advice which is what SA is giving out. Bad advice is better
>than no advice?...I think not.

You rephrase the same drivel and repeat it over and over while
snipping all pertinent points from my posts.

SA is less than perfect and there's a mechanism that can be used to
bring it closer to perfection. You obviously don't understand the
mechanism, won't take the time to learn it and won't do the work
involved with using it.

It's easier for you to crow about problems with the best site advising
facility I've found.

--
Walt Williams

iNcReDuLoUs

unread,
Jan 6, 2007, 4:49:38 PM1/6/07
to
Walt Williams <em...@noemail.here> wrote in
news:ma50q2l2hi5cvb2bq...@4ax.com:

> On Sat, 06 Jan 2007 14:43:18 -0600, "Bear Bottoms"
> <bearbo...@cox.net> wrote:
>
>>So negative impact right or wrong is "good" leverage. This is where
>>the problem is with your argument. This is what you have been
>>evading. The issue is bad advice which is what SA is giving out.
>>Bad advice is better than no advice?...I think not.
>
> You rephrase the same drivel and repeat it over and over while
> snipping all pertinent points from my posts.

You two remind me of a Three Stooges routine, "slap, slap, slap", back and
forth. If only you were as funny.

Bear Bottoms

unread,
Jan 6, 2007, 5:15:18 PM1/6/07
to
On Sat, 06 Jan 2007 15:41:08 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Sat, 06 Jan 2007 14:43:18 -0600, "Bear Bottoms"

As I have said, if this is the best...then none exist. Your the one
evading the issue. SA is putting bad information out there and failing to
re-review sites timely. This is a great disservice.

No one is snipping your context. You say very clearly that you think the
service SA is providing is worthwhile even though many examples exist of
flagrant disservice (download.com for another one) and your "SA is less
than perfect" escape clause is a HUGE understatement. Also, there
obviously isn't an effective "mechanism" to have a site re-reviewed when
their drivel is pointed out to them or files they still report as
intrusive which indeed are not go unheeded. SA is crap.

Try winning an argument through debate and points rather than stooping to
the trash talk you are using.

Walt Williams

unread,
Jan 6, 2007, 6:48:26 PM1/6/07
to
On Sat, 06 Jan 2007 16:15:18 -0600, "Bear Bottoms"
<bearbo...@cox.net> wrote:

>No one is snipping your context.

Back to the bozo-bin for you. Reprieve is over.

--
Walt Williams

Bear Bottoms

unread,
Jan 6, 2007, 7:07:18 PM1/6/07
to
On Sat, 06 Jan 2007 17:48:26 -0600, Walt Williams <em...@noemail.here>
wrote:

> On Sat, 06 Jan 2007 16:15:18 -0600, "Bear Bottoms"

LOL...you are showing a familiar trait...get cornered and either trash
talk, change the subject or both.

So you are saying you're now being taken out of context...OMG. So just
what is your position? Site Advisor is good or SA is bad! LOL.

0 new messages